Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Links redirect to other sites. Advertisments when hovering [Solved]

Started by spra , Feb 16 2013 05:41 PM

  • This topic is locked This topic is locked

#1
spra
Posted 16 February 2013 - 05:41 PM

spra

    Member

  • Member
  • PipPip
  • 78 posts
Hello.

Two days ago I noticed that when I hovered over a link an advertisement box appeared. I do not remember which link that was. I was not concerned because I thought the problem was site-related.
But today I noticed the same problem again when I went to download "numba" to work with python. The site's address is
http://numba.pydata.org/
When I hover my mouse over the download link an "iPhona 5....etc." adv. appears. And if I click on the link (I did try that...) I am re-directed elsewhere.

Also a few minutes ago, in my attempt to reset password and sign in with you, as I clicked on the "proceed" button (if I recall) -I was trying to go to the page where I would change my old password-, instead of going to that page, a new quite suspicious page (copy of my yahoo mail) opened, beside the one that was already open. I closed it immediately of course.

Before contacting you, I tried to solve the problem with Malwarebytes, TDSSKiller and Microsoft Security Essentials. After conducting quick scans, the first two of them found something and deleted it. But the problem persists.

Thank you in advance for any help.

The OTL report is this:


OTL logfile created on: 17/2/2013 12:59:03 πμ - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SR\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

11,99 Gb Total Physical Memory | 9,83 Gb Available Physical Memory | 81,99% Memory free
23,98 Gb Paging File | 21,60 Gb Available in Paging File | 90,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 414,70 Gb Free Space | 44,52% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 370,91 Gb Free Space | 39,82% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 856,75 Gb Free Space | 91,97% Space Free | Partition Type: NTFS

Computer Name: SR-PC | User Name: SR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/17 00:58:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SR\Downloads\OTL.exe
PRC - [2013/02/10 13:24:26 | 001,808,240 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
PRC - [2013/02/06 15:44:30 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/08/17 16:22:06 | 000,207,163 | ---- | M] () -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE expression.exe
PRC - [2012/08/17 16:21:27 | 000,207,163 | ---- | M] () -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE smart.exe
PRC - [2012/08/14 18:28:22 | 000,207,127 | ---- | M] () -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE down arrow.exe
PRC - [2012/08/14 18:28:13 | 000,207,125 | ---- | M] () -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE up arrow.exe
PRC - [2012/08/14 18:28:03 | 000,207,127 | ---- | M] () -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE left arrow.exe
PRC - [2012/08/14 18:27:54 | 000,207,129 | ---- | M] () -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE right arrow.exe
PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/06/22 10:17:14 | 000,395,392 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/06/22 10:15:44 | 002,637,824 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/01/11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/09/08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009/09/08 09:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
PRC - [2008/05/02 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2008/04/29 13:25:50 | 000,671,863 | ---- | M] (E-MU Systems) -- C:\Program Files (x86)\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
PRC - [2008/03/20 15:35:04 | 000,023,040 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTHELPER.EXE
PRC - [2008/01/07 10:04:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\AstSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/10 13:24:26 | 014,586,736 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2013/02/06 15:44:14 | 003,023,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/08/17 16:22:06 | 000,207,163 | ---- | M] () -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE expression.exe
MOD - [2012/08/17 16:21:27 | 000,207,163 | ---- | M] () -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE smart.exe
MOD - [2012/08/14 18:28:22 | 000,207,127 | ---- | M] () -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE down arrow.exe
MOD - [2012/08/14 18:28:13 | 000,207,125 | ---- | M] () -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE up arrow.exe
MOD - [2012/08/14 18:28:03 | 000,207,127 | ---- | M] () -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE left arrow.exe
MOD - [2012/08/14 18:27:54 | 000,207,129 | ---- | M] () -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE right arrow.exe
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008/05/02 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/04 11:55:10 | 000,089,600 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe -- (postgresql-x64-9.2)
SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/09/18 21:17:16 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2008/05/02 02:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2013/02/06 15:44:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/06/22 10:18:40 | 001,191,656 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/10 20:27:37 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/09/08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/07 10:04:10 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Windows\SysWow64\\AstSrv.exe -- (Ast Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/29 11:50:06 | 000,073,552 | ---- | M] (Dataram, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2011/11/03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/10/18 12:07:39 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/10/18 12:07:23 | 000,210,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2011/10/18 12:07:20 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
DRV:64bit: - [2011/10/18 12:07:18 | 000,275,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/04/27 15:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 15:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 13:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 13:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x64\sandra.sys -- (SANDRA)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/03/26 15:55:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/03/26 15:55:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/03/26 15:55:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/03/20 18:03:20 | 001,020,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HA10KX2K.SYS -- (ha10kx2k)
DRV:64bit: - [2008/03/20 18:02:50 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EMUPIA2K.SYS -- (emupia)
DRV:64bit: - [2008/03/20 18:01:52 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV:64bit: - [2008/03/20 18:01:14 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV:64bit: - [2008/03/20 18:00:48 | 000,178,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTOSS2K.SYS -- (ossrv)
DRV:64bit: - [2008/03/20 17:59:14 | 000,684,440 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTAUD2K.SYS -- (ctaud2k)
DRV:64bit: - [2008/03/20 17:58:32 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAC32K.SYS -- (ctac32k)
DRV:64bit: - [2008/03/20 17:47:52 | 001,417,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2008/03/20 17:47:52 | 001,417,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:64bit: - [2008/03/20 17:46:40 | 000,158,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEDSPIO.SYS -- (CTEDSPIO.SYS)
DRV:64bit: - [2008/03/20 17:46:40 | 000,158,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEDSPIO.SYS -- (CTEDSPIO)
DRV:64bit: - [2008/03/20 17:46:14 | 000,338,456 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEDSPSY.SYS -- (CTEDSPSY.SYS)
DRV:64bit: - [2008/03/20 17:46:14 | 000,338,456 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEDSPSY.SYS -- (CTEDSPSY)
DRV:64bit: - [2008/03/20 17:45:48 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2008/03/20 17:45:48 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:64bit: - [2008/03/20 17:45:24 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2008/03/20 17:45:24 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:64bit: - [2008/03/20 17:44:44 | 000,116,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV:64bit: - [2008/03/20 17:44:44 | 000,116,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.SYS -- (CTERFXFX)
DRV:64bit: - [2008/03/20 17:44:12 | 000,287,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEDSPFX.SYS -- (CTEDSPFX.SYS)
DRV:64bit: - [2008/03/20 17:44:12 | 000,287,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEDSPFX.SYS -- (CTEDSPFX)
DRV:64bit: - [2008/03/20 17:43:44 | 000,187,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEAPSFX.SYS -- (CTEAPSFX.SYS)
DRV:64bit: - [2008/03/20 17:43:44 | 000,187,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEAPSFX.SYS -- (CTEAPSFX)
DRV:64bit: - [2008/03/20 17:42:34 | 000,589,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV:64bit: - [2008/03/20 17:42:34 | 000,589,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.SYS -- (CTSBLFX)
DRV:64bit: - [2008/03/20 17:42:04 | 000,588,824 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV:64bit: - [2008/03/20 17:42:04 | 000,588,824 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.SYS -- (CTAUDFX)
DRV:64bit: - [2008/03/20 17:41:06 | 000,123,928 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV:64bit: - [2008/03/20 17:41:06 | 000,123,928 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.SYS -- (COMMONFX)
DRV:64bit: - [2008/02/29 03:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008/02/29 03:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/01/26 10:04:36 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\whfltr2k.sys -- (whfltr2k)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comoestamos.com/search/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.comoestamos.com/search/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.comoestamos.com/search/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comoestamos.com/search/
IE - HKLM\..\SearchScopes,DefaultScope = {76434FE2-B79A-4DFE-A374-D716B8B03CF7}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = http://www.qemit.com...q={searchTerms}
IE - HKLM\..\SearchScopes\{76434FE2-B79A-4DFE-A374-D716B8B03CF7}: "URL" = http://www.comoestam...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2269050

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.comoestamos.com/search/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.comoestamos.com/search/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = el
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 32 7B 94 1A A7 CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = http://www.qemit.com...q={searchTerms}
IE - HKCU\..\SearchScopes\{76434FE2-B79A-4DFE-A374-D716B8B03CF7}: "URL" = http://www.comoestam...q={searchTerms}
IE - HKCU\..\SearchScopes\{8A5A76FE-6433-46AD-8367-F875F4D51E63}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: el-en%40dictionaries.addons.mozilla.org:0.5.5
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: addon%40freecorder.com:7.0.0.12
FF - prefs.js..extensions.enabledAddons: %7B317B5128-0B0B-49b2-B2DB-1E7560E16C74%7D:2.8.7
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0039-ABCDEFFEDCBA%7D:6.0.39
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.5
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/10/11 20:51:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 15:44:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/06 15:44:10 | 000,000,000 | ---D | M]

[2010/02/06 12:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SR\AppData\Roaming\Mozilla\Extensions
[2013/02/17 00:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions
[2013/01/27 02:30:01 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2013/01/26 00:13:40 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected]
[2011/01/22 14:50:35 | 000,000,000 | ---D | M] (Greek-English Spelling dictionary) -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected]
[2012/05/21 00:15:26 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/12/19 01:10:02 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected]
[2012/12/12 13:47:00 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/02/17 00:17:23 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010/02/21 13:25:00 | 000,000,873 | ---- | M] () -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\searchplugins\conduit.xml
[2012/01/13 18:22:34 | 000,002,057 | ---- | M] () -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\searchplugins\youtube-video-search.xml
[2013/02/06 15:44:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/06 15:44:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/06 15:44:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/02/06 15:44:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/02/06 15:44:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/02/06 15:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Adobe_Photoshop_CS5_Portable_YeNiCeRi\Adobe Photoshop CS5\Plug-ins\Extensions
[2013/02/06 15:44:30 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/22 22:50:51 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2012/09/13 23:29:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 19:27:54 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\SR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Skype Click to Call = C:\Users\SR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
CHR - Extension: Poppit = C:\Users\SR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/08/28 21:15:57 | 000,004,534 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 ci-main.loginregistration.eadm.ea.com
O1 - Hosts: 127.0.0.1 motd.dm.origin.com
O1 - Hosts: 127.0.0.1 store.origin.com
O1 - Hosts: 127.0.0.1 drh.img.digitalriver.com
O1 - Hosts: 86 more lines...
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Freecorder extension) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll (Applian Technologies Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WheelMouse] C:\Advanced Wheel Mouse\wh_exec.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE down arrow.exe ()
O4 - Startup: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE expression.exe ()
O4 - Startup: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE left arrow.exe ()
O4 - Startup: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE right arrow.exe ()
O4 - Startup: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE smart.exe ()
O4 - Startup: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE up arrow.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\SR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\SR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{668CA91D-EF0A-4635-B961-6FDCD15D3205}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{913617FE-775B-4717-A72D-0EB92080F057}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fdb5269d-1349-11df-a3b6-90e6ba888201}\Shell - "" = AutoRun
O33 - MountPoints2\{fdb5269d-1349-11df-a3b6-90e6ba888201}\Shell\AutoRun\command - "" = F:\Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/16 23:20:02 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Roaming\Malwarebytes
[2013/02/16 23:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/16 23:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/16 23:19:39 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/02/16 23:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/07 03:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureSync
[2013/02/06 15:44:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/06 02:19:56 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Roaming\Resolver One
[2013/02/06 02:14:00 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Resolver One
[2013/02/06 02:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Resolver One
[2013/02/05 19:06:09 | 000,000,000 | ---D | C] -- C:\msysgit
[2013/01/31 16:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/01/31 16:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/27 14:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
[2013/01/27 14:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital Corporation
[2013/01/26 00:28:07 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Local\Freecorder 7 Audio
[2013/01/26 00:17:32 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Roaming\Freecorder 7 Audio
[2013/01/26 00:17:32 | 000,000,000 | ---D | C] -- C:\Users\SR\Documents\Freecorder
[2013/01/26 00:17:31 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Local\Jaksta_Technologies_Pty_L
[2013/01/25 23:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Abyssmedia
[2013/01/25 23:24:43 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Roaming\GetRightToGo
[2013/01/25 23:16:34 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Roaming\Abyssmedia
[2013/01/25 15:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Technologies
[2013/01/25 15:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freecorder extension
[2013/01/24 23:15:18 | 000,000,000 | -H-D | C] -- C:\SGLDABC2C75F16E9F97
[2013/01/24 23:15:18 | 000,000,000 | -H-D | C] -- C:\BU82807267DABC2C75F16E9F97
[2013/01/24 23:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hokfelt ComputerWorks
[2013/01/24 22:54:43 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Local\Equilab
[2013/01/24 22:52:05 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Local\Downloaded Installations
[2013/01/24 21:49:57 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Local\PokerSleuth
[2013/01/24 21:49:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerSleuth
[2013/01/24 19:07:05 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Roaming\RealNetworks
[2013/01/24 19:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/01/24 19:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/01/24 19:05:19 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Roaming\Real
[2013/01/24 19:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/01/23 01:57:10 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/01/18 15:49:41 | 000,000,000 | ---D | C] -- C:\Users\SR\Documents\FIFA 13
[2013/01/18 15:47:51 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013/01/18 15:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FIFA 13
[6 C:\Users\SR\Desktop\*.tmp files -> C:\Users\SR\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/17 00:44:00 | 000,001,176 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/17 00:44:00 | 000,001,172 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/17 00:03:34 | 000,020,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/17 00:03:34 | 000,020,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/16 23:55:56 | 000,000,194 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/02/16 23:55:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/16 23:55:37 | 1066,749,950 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/16 23:54:50 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000001-00001102-00000008-40041102}.rfx
[2013/02/16 23:54:50 | 000,001,284 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000008-00000000-00000001-00001102-00000008-40041102}.rfx
[2013/02/16 23:54:50 | 000,001,284 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000008-00000000-00000001-00001102-00000008-40041102}.rfx
[2013/02/16 23:54:50 | 000,000,072 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000001-00001102-00000008-40041102}.rfx
[2013/02/16 23:54:50 | 000,000,072 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000001-00001102-00000008-40041102}.rfx
[2013/02/16 23:19:44 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/16 16:29:49 | 000,577,536 | ---- | M] () -- C:\Users\SR\Documents\SR Home Budgets.fp7
[2013/02/09 23:19:31 | 000,135,680 | ---- | M] () -- C:\Users\SR\Desktop\EnumeratedHands7.csv
[2013/02/08 22:55:15 | 000,288,937 | ---- | M] () -- C:\Users\SR\Desktop\EnumeratedHands6.csv
[2013/02/07 19:24:08 | 000,483,287 | ---- | M] () -- C:\Users\SR\Desktop\EnumeratedHands5.csv
[2013/02/07 14:36:06 | 000,002,044 | ---- | M] () -- C:\Users\SR\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/02/07 03:22:44 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\PureSync.lnk
[2013/02/07 03:19:19 | 000,311,504 | ---- | M] () -- C:\Users\SR\Desktop\EnumeratedHands4.csv
[2013/02/02 23:30:01 | 000,322,567 | ---- | M] () -- C:\Users\SR\Desktop\EnumeratedHands3.csv
[2013/02/01 13:31:05 | 005,084,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/31 16:36:21 | 000,227,664 | ---- | M] () -- C:\Users\SR\Documents\cc_20130131_163452.reg
[2013/01/31 03:36:41 | 000,363,451 | ---- | M] () -- C:\Users\SR\Desktop\EnumeratedHands2.csv
[2013/01/29 03:02:47 | 000,457,901 | ---- | M] () -- C:\Users\SR\Desktop\EnumeratedHands1.csv
[2013/01/29 00:07:54 | 000,124,927 | ---- | M] () -- C:\Users\SR\Desktop\Experimental.csv
[2013/01/27 22:10:23 | 000,800,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/27 22:10:23 | 000,665,950 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/27 22:10:23 | 000,126,980 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/27 14:24:56 | 000,001,308 | ---- | M] () -- C:\Users\SR\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Lifeguard Diagnostic for Windows.lnk
[2013/01/25 22:26:28 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\REAPER (x64).lnk
[2013/01/24 18:58:15 | 008,612,981 | ---- | M] () -- C:\Users\SR\Documents\_Just Friends_ Charlie Parker.flv
[2013/01/24 01:00:31 | 000,001,325 | ---- | M] () -- C:\Users\SR\AppData\Local\recently-used.xbel
[2013/01/20 22:59:43 | 000,195,481 | ---- | M] () -- C:\Users\SR\Documents\install.air
[2013/01/18 13:05:12 | 2602,448,895 | ---- | M] () -- C:\Users\SR\Desktop\rld-fifa13.iso
[2013/01/18 12:07:02 | 000,005,482 | ---- | M] () -- C:\Users\SR\Desktop\reloaded.nfo
[6 C:\Users\SR\Desktop\*.tmp files -> C:\Users\SR\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/16 23:19:44 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/09 23:19:31 | 000,135,680 | ---- | C] () -- C:\Users\SR\Desktop\EnumeratedHands7.csv
[2013/02/07 19:18:59 | 000,288,937 | ---- | C] () -- C:\Users\SR\Desktop\EnumeratedHands6.csv
[2013/02/07 03:22:44 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\PureSync.lnk
[2013/02/05 03:47:21 | 000,483,287 | ---- | C] () -- C:\Users\SR\Desktop\EnumeratedHands5.csv
[2013/02/02 23:58:19 | 000,311,504 | ---- | C] () -- C:\Users\SR\Desktop\EnumeratedHands4.csv
[2013/02/01 22:13:49 | 000,322,567 | ---- | C] () -- C:\Users\SR\Desktop\EnumeratedHands3.csv
[2013/01/31 16:35:08 | 000,227,664 | ---- | C] () -- C:\Users\SR\Documents\cc_20130131_163452.reg
[2013/01/29 23:41:26 | 000,363,451 | ---- | C] () -- C:\Users\SR\Desktop\EnumeratedHands2.csv
[2013/01/29 02:59:11 | 000,457,901 | ---- | C] () -- C:\Users\SR\Desktop\EnumeratedHands1.csv
[2013/01/29 00:06:06 | 000,124,927 | ---- | C] () -- C:\Users\SR\Desktop\Experimental.csv
[2013/01/27 14:24:56 | 000,001,308 | ---- | C] () -- C:\Users\SR\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Lifeguard Diagnostic for Windows.lnk
[2013/01/24 23:14:46 | 000,001,318 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QED Poker Simulator.lnk
[2013/01/24 18:55:28 | 008,612,981 | ---- | C] () -- C:\Users\SR\Documents\_Just Friends_ Charlie Parker.flv
[2013/01/24 01:00:31 | 000,001,325 | ---- | C] () -- C:\Users\SR\AppData\Local\recently-used.xbel
[2013/01/20 23:00:22 | 000,195,481 | ---- | C] () -- C:\Users\SR\Documents\install.air
[2013/01/18 15:30:38 | 2602,448,895 | ---- | C] () -- C:\Users\SR\Desktop\rld-fifa13.iso
[2012/12/26 15:15:55 | 000,004,877 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2012/12/16 03:47:33 | 000,000,045 | ---- | C] () -- C:\Users\SR\AppData\Local\machpro.dat
[2012/12/16 03:41:51 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2012/10/11 19:17:32 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/09/28 23:22:17 | 000,014,368 | ---- | C] () -- C:\Windows\skype.dat
[2012/09/28 21:36:39 | 000,032,854 | ---- | C] () -- C:\Windows\iniLS.dat
[2012/07/23 08:31:38 | 004,428,800 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012/07/02 19:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/06/09 18:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/05/21 17:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll
[2012/01/28 18:07:57 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/12/07 22:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/10/28 23:37:37 | 000,744,286 | ---- | C] () -- C:\Windows\unins000.exe
[2011/10/28 23:37:37 | 000,001,048 | ---- | C] () -- C:\Windows\unins000.dat
[2011/10/24 17:52:02 | 000,006,966 | ---- | C] () -- C:\ProgramData\DYNAMiCS.nfo
[2011/10/24 17:46:52 | 000,006,966 | ---- | C] () -- C:\Program Files\DYNAMiCS.nfo
[2011/10/12 21:50:34 | 011,165,696 | ---- | C] () -- C:\Users\SR\AppData\Roaming\Sandra.mdb
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/18 16:20:30 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\DBCDBF32.DLL
[2011/08/18 16:20:30 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\dbcmdb32.dll
[2011/08/18 16:20:30 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\dbcjpg32.dll
[2011/08/18 16:20:30 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\DBCMEM32.DLL
[2011/08/18 16:20:30 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dbcgeo32.dll
[2011/08/14 11:11:41 | 000,000,000 | ---- | C] () -- C:\Users\SR\AppData\Local\{5A7DAA57-5D0C-4C90-9F84-33323514FEB0}
[2011/07/19 18:14:36 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\patchw32.dll
[2011/07/19 18:14:36 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\MSWTHK32.DLL
[2011/07/19 18:14:36 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\IMPLODE.DLL
[2011/07/19 18:14:36 | 000,003,360 | ---- | C] () -- C:\Windows\SysWow64\MSWTHK16.DLL
[2011/07/19 18:14:35 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\LFCMP61N.DLL
[2011/07/19 18:14:35 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\Lfpng61n.dll
[2011/07/19 18:14:35 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\LTFIL61N.DLL
[2011/06/17 17:03:06 | 000,000,309 | ---- | C] () -- C:\Users\SR\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/04/21 11:19:20 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/21 11:19:20 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/13 19:21:08 | 000,000,008 | RH-- | C] () -- C:\Users\SR\hwid
[2011/03/10 20:38:21 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/08/31 17:33:41 | 000,000,008 | ---- | C] () -- C:\ProgramData\VYAAUFMZPWSP.SYS
[2010/05/17 17:13:06 | 000,000,132 | ---- | C] () -- C:\Users\SR\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/16 14:37:07 | 000,001,456 | ---- | C] () -- C:\Users\SR\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/04/05 13:25:29 | 000,001,074 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/04/05 13:24:59 | 000,000,034 | ---- | C] () -- C:\Users\SR\AppData\Roaming\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/04/05 13:24:57 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/02/19 11:13:09 | 000,000,760 | ---- | C] () -- C:\Users\SR\AppData\Roaming\setup_ldm.iss
[2010/02/10 20:12:34 | 000,007,654 | ---- | C] () -- C:\Users\SR\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 16:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/25 23:16:34 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Abyssmedia
[2011/10/18 12:09:15 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Acronis
[2013/01/03 23:06:50 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\ActiveState
[2010/09/05 20:35:18 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\AnvSoft
[2013/01/24 18:35:22 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Audacity
[2013/01/31 16:31:13 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\BitTorrent
[2010/02/07 13:38:20 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Cakewalk
[2010/05/16 14:43:32 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/17 20:54:14 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Conversations Network
[2013/01/25 15:59:45 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Cool Record Edit Pro
[2013/01/31 16:31:15 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\DAEMON Tools Lite
[2011/01/13 17:38:37 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/03/03 00:37:44 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\EmuPatchMixDSP
[2010/02/21 13:24:18 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\eMusic
[2012/08/06 23:28:40 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\ExpressFiles
[2012/12/17 01:53:30 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\FMRTE13
[2012/08/06 23:14:10 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\FMRTEv5
[2013/01/18 01:16:19 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\fpdb
[2012/01/18 18:04:32 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Free Sound Recorder
[2013/01/26 00:17:32 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Freecorder 7 Audio
[2013/01/25 23:25:06 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\GetRightToGo
[2010/09/06 21:31:57 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\HamsterSoft
[2012/12/17 00:10:31 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\HEM Data
[2012/12/26 15:14:24 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\HoldemManager
[2011/11/02 01:24:21 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Hoyle
[2011/09/29 19:42:39 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Hoyle FaceCreator
[2013/02/07 03:22:50 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Jumping Bytes
[2010/02/10 20:28:04 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Leadertech
[2010/02/19 11:44:16 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\LG Electronics
[2012/04/10 22:18:13 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Lite
[2011/10/24 17:47:33 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\MakeMusic
[2012/09/30 17:31:51 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\MusE
[2010/08/31 16:26:51 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\NCH Swift Sound
[2012/10/06 19:21:15 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\NeatImage PS 64
[2013/01/13 21:27:26 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Notepad++
[2012/10/11 19:17:31 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\PACE Anti-Piracy
[2012/10/11 19:13:43 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\PDAppFlex
[2012/10/26 14:36:11 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\pdfforge
[2013/01/25 22:31:54 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\REAPER
[2013/02/06 02:19:56 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Resolver One
[2011/07/20 22:32:35 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Simple Sudoku
[2012/12/16 04:07:55 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Sports Interactive
[2012/08/28 21:19:53 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/02/12 16:44:44 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Steinberg
[2010/02/24 20:55:34 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Sync App Settings
[2010/07/16 18:43:11 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\ubi.com
[2013/01/31 16:31:13 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\uTorrent
[2012/08/13 15:45:00 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Win7codecs
[2012/04/08 00:23:26 | 000,000,000 | ---D | M] -- C:\Users\SR\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:2784C21E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 1242 bytes -> C:\Users\SR\AppData\Local\Temp:nCBUdN93C1bBsrroDSCkWm8z
@Alternate Data Stream - 1085 bytes -> C:\ProgramData\Microsoft:Zhu5pMeIjZBETGlrtvMKRBEHWnz6
@Alternate Data Stream - 1075 bytes -> C:\ProgramData\Microsoft:VGpm8FHaLLYnYnrKjrhD9zG

< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 16 February 2013 - 08:23 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
spra
Posted 17 February 2013 - 08:19 AM

spra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Thank you for your help.

I did what you said. The reports are below.

Note: RogueKiller "killed" during the "processes" checking phase 6 of my macros for the program "Finale" (which is a music notation program I use). I made those very simple macros long time ago using a program named "AutoHotKey". I do not believe that the problem has to do with those 6 macros, so in the "registry" checking phase I unchecked the corresponding 6 buttons of RogueKiller before clicking on "Delete". So RogueKiller killed the rest registry items it found (in red color). If you think that I should let the killing be applied to those 6 macros as well, I can live without them. So please let me know.

Of course I checked those hacked links again today by hovering my mouse over them. The problem is not solved yet.


Checkup.txt

Results of screen317's Security Check version 0.99.57
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 39
Java version out of Date!
Adobe Flash Player 11.5.502.149
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (18.0.2)
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

------------------------------------------------------------------------------------------

AdwCleaner:

# AdwCleaner v2.112 - Logfile created 02/17/2013 at 15:37:53
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Ultimate (64 bits)
# User : SR - SR-PC
# Boot Mode : Normal
# Running from : C:\Users\SR\Desktop\adwcleaner0.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\Plasmoo
Deleted on reboot : C:\ProgramData\FreeRIP
Deleted on reboot : C:\ProgramData\InstallMate
Deleted on reboot : C:\ProgramData\Premium
Deleted on reboot : C:\Users\SR\AppData\Roaming\pdfforge
File Deleted : C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\searchplugins\Conduit.xml

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{081230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{081230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{081230F8-EA50-42A9-983C-D22ABC2EED3B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16671

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\prefs.js

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Deleted : user_pref("[email protected]", "[{\"name\":\"Freecorder Menu Header\",\[...]

-\\ Google Chrome v24.0.1312.57

File : C:\Users\SR\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Chromium vnstall: 18258

File : C:\Users\SR\AppData\Local\Chromium\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3994 octets] - [17/02/2013 15:37:53]

########## EOF - C:\AdwCleaner[S1].txt - [4054 octets] #######

-------------------------------------------------------------------------------------------------------------------

RogueKiller:

RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : SR [Admin rights]
Mode : Remove -- Date : 02/17/2013 15:55:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 6 ¤¤¤
[SUSP PATH] FINALE down arrow.exe -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE down arrow.exe [-] -> KILLED [TermProc]
[SUSP PATH] FINALE expression.exe -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE expression.exe [-] -> KILLED [TermProc]
[SUSP PATH] FINALE left arrow.exe -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE left arrow.exe [-] -> KILLED [TermProc]
[SUSP PATH] FINALE right arrow.exe -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE right arrow.exe [-] -> KILLED [TermProc]
[SUSP PATH] FINALE smart.exe -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE smart.exe [-] -> KILLED [TermProc]
[SUSP PATH] FINALE up arrow.exe -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE up arrow.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 11 ¤¤¤
[STARTUP][RESIDUE] FINALE down arrow.exe @SR : C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE down arrow.exe [-] -> NOT SELECTED
[STARTUP][RESIDUE] FINALE expression.exe @SR : C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE expression.exe [-] -> NOT SELECTED
[STARTUP][RESIDUE] FINALE left arrow.exe @SR : C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE left arrow.exe [-] -> NOT SELECTED
[STARTUP][RESIDUE] FINALE right arrow.exe @SR : C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE right arrow.exe [-] -> NOT SELECTED
[STARTUP][RESIDUE] FINALE smart.exe @SR : C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE smart.exe [-] -> NOT SELECTED
[STARTUP][RESIDUE] FINALE up arrow.exe @SR : C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE up arrow.exe [-] -> NOT SELECTED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EVDS-63U8B0 ATA Device +++++
--- User ---
[MBR] 02e5167befb4137009a460c31d994c6d
[BSP] c2f2222bd3c450b4b6be27db6de5dfc6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD10EZRX-00A8LB0 ATA Device +++++
--- User ---
[MBR] af2895ddb741896384434b5c1312f970
[BSP] 38e453486f829a965a39179859194a78 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD10EARX-00N0YB0 ATA Device +++++
--- User ---
[MBR] 5b64dc938bdf4170999247dff3388426
[BSP] 9ee2974e01eaf316cbde296c599e3b49 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_02172013_02d1555.txt >>
RKreport[1]_S_02172013_02d1549.txt ; RKreport[2]_D_02172013_02d1555.txt
  • 0

#4
gringo_pr
Posted 17 February 2013 - 11:52 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello spra

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
spra
Posted 17 February 2013 - 12:59 PM

spra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Hi Gringo.

No problems during the Combofix job.
Still infected though. Various links with words like "free", "software", "download" etc. display windows saying "click here to... (various)"

Here is the log from Combofix:

ComboFix 13-02-15.01 - SR 17/02/2013 20:35:36.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1253.30.1033.18.12279.10268 [GMT 2:00]
Running from: c:\users\SR\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Freecorder extension\ScRIpthost.dll
c:\windows\7Loader.TAG
c:\windows\SysWow64\DBCDBF32.DLL
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-17 to 2013-02-17 )))))))))))))))))))))))))))))))
.
.
2013-02-17 18:44 . 2013-02-17 18:44 -------- d-----w- c:\users\postgres\AppData\Local\temp
2013-02-17 18:44 . 2013-02-17 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-17 13:53 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADE539B8-10CF-4DA7-BE73-608691726680}\mpengine.dll
2013-02-16 23:56 . 2013-02-16 23:56 -------- d-----w- c:\users\SR\AppData\Roaming\Continuum
2013-02-16 23:56 . 2013-02-16 23:56 -------- d-----w- c:\users\SR\.continuum
2013-02-16 23:45 . 2013-02-16 23:56 -------- d-----w- C:\Anaconda
2013-02-16 21:20 . 2013-02-16 21:20 -------- d-----w- c:\users\SR\AppData\Roaming\Malwarebytes
2013-02-16 21:19 . 2013-02-16 21:19 -------- d-----w- c:\programdata\Malwarebytes
2013-02-16 21:19 . 2013-02-16 21:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-16 21:19 . 2012-12-14 14:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-06 00:19 . 2013-02-06 00:19 -------- d-----w- c:\users\SR\AppData\Roaming\Resolver One
2013-02-06 00:13 . 2013-02-06 00:13 -------- d-----w- c:\program files (x86)\Resolver One
2013-02-05 17:06 . 2013-02-05 17:24 -------- d-----w- C:\msysgit
2013-01-31 14:20 . 2013-01-31 14:20 -------- d-----w- c:\program files\CCleaner
2013-01-27 12:24 . 2013-01-27 12:24 -------- d-----w- c:\program files (x86)\Western Digital Corporation
2013-01-25 22:28 . 2013-01-25 22:28 -------- d-----w- c:\users\SR\AppData\Local\Freecorder 7 Audio
2013-01-25 22:17 . 2013-01-25 22:17 -------- d-----w- c:\users\SR\AppData\Roaming\Freecorder 7 Audio
2013-01-25 22:17 . 2013-01-25 22:17 -------- d-----w- c:\users\SR\AppData\Local\Jaksta_Technologies_Pty_L
2013-01-25 21:35 . 2013-01-25 21:35 -------- d-----w- c:\program files (x86)\Abyssmedia
2013-01-25 21:24 . 2013-01-25 21:25 -------- d-----w- c:\users\SR\AppData\Roaming\GetRightToGo
2013-01-25 21:16 . 2013-01-25 21:16 -------- d-----w- c:\users\SR\AppData\Roaming\Abyssmedia
2013-01-25 13:53 . 2013-01-25 13:53 -------- d-----w- c:\program files (x86)\Applian Technologies
2013-01-25 13:52 . 2013-02-17 18:43 -------- d-----w- c:\program files (x86)\Freecorder extension
2013-01-24 21:15 . 2013-01-24 21:15 -------- d-----w- C:\SGLDABC2C75F16E9F97
2013-01-24 21:15 . 2013-01-24 21:15 -------- d-----w- C:\BU82807267DABC2C75F16E9F97
2013-01-24 21:14 . 2013-01-24 21:14 -------- d-----w- c:\program files (x86)\Hokfelt ComputerWorks
2013-01-24 20:54 . 2013-01-24 20:59 -------- d-----w- c:\users\SR\AppData\Local\Equilab
2013-01-24 20:52 . 2013-01-24 20:52 -------- d-----w- c:\users\SR\AppData\Local\Downloaded Installations
2013-01-24 19:49 . 2013-01-24 21:02 -------- d-----w- c:\users\SR\AppData\Local\PokerSleuth
2013-01-24 19:49 . 2013-01-24 21:02 -------- d-----w- c:\program files (x86)\PokerSleuth
2013-01-24 17:05 . 2013-01-24 17:25 -------- d-----w- c:\program files (x86)\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 11:24 . 2012-04-03 08:41 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-10 11:24 . 2011-10-27 09:12 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2010-02-06 10:48 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-15 14:56 . 2012-09-16 16:19 477616 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-01-15 14:56 . 2010-06-07 10:22 473520 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-08 05:32 . 2010-02-12 08:44 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-29 09:50 . 2012-11-29 09:50 73552 ----a-w- c:\windows\system32\drivers\RAMDiskVE.sys
2012-11-28 14:16 . 2012-11-28 14:19 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2CD63647-F398-4336-9FB8-1EB7C5919EBC}\gapaengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AsioThk32Reg"="CTASIO.DLL" [2008-03-20 51712]
"CTHelper"="CTHELPER.EXE" [2008-03-20 23040]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2007-03-11 86016]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-03-20 23552]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-22 2637824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FINALE down arrow.exe [2012-8-14 207127]
FINALE expression.exe [2012-8-17 207163]
FINALE left arrow.exe [2012-8-14 207127]
FINALE right arrow.exe [2012-8-14 207129]
FINALE smart.exe [2012-8-17 207163]
FINALE up arrow.exe [2012-8-14 207125]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-19 1196048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-03-20 123928]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2008-03-20 202776]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2008-03-20 202776]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2008-03-20 588824]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-03-20 588824]
R3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\System32\drivers\CTEAPSFX.SYS [2008-03-20 187416]
R3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS [2008-03-20 187416]
R3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\System32\drivers\CTEDSPFX.SYS [2008-03-20 287256]
R3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS [2008-03-20 287256]
R3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS [2008-03-20 158232]
R3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS [2008-03-20 338456]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2008-03-20 116248]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-03-20 116248]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2008-03-20 1417752]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-03-20 1417752]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2008-03-20 94744]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2008-03-20 94744]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2008-03-20 589848]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-03-20 589848]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys [2012-11-29 73552]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [2008-09-18 93848]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-26 9600]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2011-10-18 210016]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2011-10-18 141920]
S2 Ast Service;Ast Service;c:\windows\system32\\AstSrv.exe [x]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 postgresql-x64-9.2;postgresql-x64-9.2 - PostgreSQL Server 9.2;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2008-03-20 123928]
S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\System32\drivers\CTEDSPIO.SYS [2008-03-20 158232]
S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\System32\drivers\CTEDSPSY.SYS [2008-03-20 338456]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 21:39 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2010-02-24 c:\windows\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job
- c:\program files (x86)\Allway Sync\Bin\syncappw.exe [2010-02-24 11:11]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 18:01]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 18:01]
.
2012-09-17 c:\windows\Tasks\One-Click Tweak.job
- c:\program files (x86)\Advanced PC Tweaker\OneClick.exe [2012-08-27 07:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-22 395392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.comoestamos.com/search/
mDefault_Page_URL = hxxp://www.comoestamos.com/search/
mStart Page = hxxp://www.comoestamos.com/search/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.comoestamos.com/search/
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\SR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: 2012-12-19 01:10; [email protected]; c:\users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected]
FF - ExtSQL: 2013-01-26 00:13; [email protected]; c:\users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected]
FF - ExtSQL: 2013-02-06 15:44; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - c:\program files (x86)\Freecorder extension\ScriptHost.dll
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-55197101.sys
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.2]
"ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.2]
"ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-20\Software\classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@Allowed: (Read) (RestrictedCode)
@=hex:cd,72,10,7f,ae,f2,cb,01
.
[HKEY_USERS\S-1-5-21-3036664217-593706541-706021291-1001\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Users\\SR\\Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"="c:\\Users\\SR\\Documents\\Sports Interactive\\Football Manager 2010\\shortlists"
"ScreenshotsDir"="c:\\Users\\SR\\Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Users\\SR\\Documents\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Users\\SR\\Desktop\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files (x86)\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009dfb
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000074
"UniqueID"="45-ACB0-E7AF"
"Currency"=dword:0000001c
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_USERS\S-1-5-21-3036664217-593706541-706021291-1001\Software\G*e*n*i*e*"!\FM Genie Scout 11]
@Allowed: (Read) (RestrictedCode)
"Currency"=dword:0000001c
"GameDir"="c:\\Users\\SR\\Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"=""
"FMPath"="c:\\Program Files (x86)\\Sports Interactive\\Football Manager 2011\\"
"ScreenshotsDir"="c:\\Users\\SR\\Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="c:\\Users\\SR\\Documents\\Sports Interactive\\Football Manager 2011\\"
"HistoryDir"="c:\\FM Genie Scout 11\\History Points"
"LangDB"="c:\\Program Files (x86)\\Sports Interactive\\Football Manager 2011\\data\\updates\\update-1120\\db\\1120\\lang_db.dat"
"LastSaveGame"="c:\\Users\\SR\\Documents\\Sports Interactive\\Football Manager 2012\\games\\Man Utd 2.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000032
"GraphStep"=dword:00000000
"SkinName"="FM 2011"
"LastUpdateCheck"=dword:00009fec
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000081
"UniqueID"="45-ACB0-E7AF"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000014
"StaffSearchFeatureNum"=dword:00000004
"ClubSearchFeatureNum"=dword:00000003
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000003
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000017
"HintsFeatureNum"=dword:00000003
"GenieReportFeatureNum"=dword:00000010
"TopFormationFeatureNum"=dword:00000002
"ScreenshotFeatureNum"=dword:00000000
"VersionOf"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3036664217-593706541-706021291-1001\Software\G*e*n*i*e*"!\FM Genie Scout 11g]
@Allowed: (Read) (RestrictedCode)
"PicturesNumber"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3036664217-593706541-706021291-1001_Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
@Allowed: (Read) (RestrictedCode)
@=hex:ae,c9,6d,cb,60,de,cb,01
.
[HKEY_USERS\S-1-5-21-3036664217-593706541-706021291-1001_Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@Allowed: (Read) (RestrictedCode)
@=hex:2d,64,1c,43,37,eb,cb,01
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:0f,0d,e1,44,2d,89,e3,6a,d9,82,09,2a,52,d8,f0,d4,05,c0,d5,3b,37,
30,7f,51,d2,94,4c,2b,6a,f7,56,31,c8,ee,c9,9f,48,23,0e,76,08,5b,30,42,e2,64,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
@=hex:35,7d,8f,9c,9d,dd,cb,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:60,91,21,63,9d,dd,cb,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:97,6d,45,63,9d,dd,cb,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:fe,9a,42,5f,9d,dd,cb,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@=hex:5b,bd,57,63,9d,dd,cb,01
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:0f,0d,e1,44,2d,89,e3,6a,d9,82,09,2a,52,d8,f0,d4,05,c0,d5,3b,37,
30,7f,51,d2,94,4c,2b,6a,f7,56,31,c8,ee,c9,9f,48,23,0e,76,08,5b,30,42,e2,64,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-17 20:46:14
ComboFix-quarantined-files.txt 2013-02-17 18:46
.
Pre-Run: 443.343.405.056 bytes free
Post-Run: 442.909.896.704 bytes free
.
- - End Of File - - DC78CB2FD57DA24268B8BC90DE014AF2
  • 0

#6
gringo_pr
Posted 17 February 2013 - 01:27 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
  • 0

#7
spra
Posted 17 February 2013 - 02:18 PM

spra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Here is what you asked:

OTL logfile created on: 17/2/2013 10:08:28 μμ - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SR\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

11,99 Gb Total Physical Memory | 8,98 Gb Available Physical Memory | 74,88% Memory free
23,98 Gb Paging File | 21,03 Gb Available in Paging File | 87,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 412,52 Gb Free Space | 44,29% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 370,91 Gb Free Space | 39,82% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 856,75 Gb Free Space | 91,97% Space Free | Partition Type: NTFS

Computer Name: SR-PC | User Name: SR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\SR\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe (E-MU Systems)
PRC - C:\Windows\SysWOW64\AstSrv.exe (Nalpeiron Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()


========== Services (SafeList) ==========

SRV:64bit: - (postgresql-x64-9.2) -- C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe (SiSoftware)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (postgresql-8.4) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Ast Service) -- C:\Windows\SysWow64\\AstSrv.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (RAMDiskVE) -- C:\Windows\SysNative\drivers\RAMDiskVE.sys (Dataram, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis)
DRV:64bit: - (vidsflt53) -- C:\Windows\SysNative\drivers\vsflt53.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x64\sandra.sys (SiSoftware)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (ha10kx2k) -- C:\Windows\SysNative\drivers\HA10KX2K.SYS (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\EMUPIA2K.SYS (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\CTPRXY2K.SYS (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\CTOSS2K.SYS (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\CTAUD2K.SYS (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\CTAC32K.SYS (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV:64bit: - (CTEDSPIO.SYS) -- C:\Windows\SysNative\drivers\CTEDSPIO.SYS (Creative Technology Ltd)
DRV:64bit: - (CTEDSPIO) -- C:\Windows\SysNative\drivers\CTEDSPIO.SYS (Creative Technology Ltd)
DRV:64bit: - (CTEDSPSY.SYS) -- C:\Windows\SysNative\drivers\CTEDSPSY.SYS (Creative Technology Ltd)
DRV:64bit: - (CTEDSPSY) -- C:\Windows\SysNative\drivers\CTEDSPSY.SYS (Creative Technology Ltd)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV:64bit: - (CTERFXFX.SYS) -- C:\Windows\SysNative\drivers\CTERFXFX.SYS (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX) -- C:\Windows\SysNative\drivers\CTERFXFX.SYS (Creative Technology Ltd)
DRV:64bit: - (CTEDSPFX.SYS) -- C:\Windows\SysNative\drivers\CTEDSPFX.SYS (Creative Technology Ltd)
DRV:64bit: - (CTEDSPFX) -- C:\Windows\SysNative\drivers\CTEDSPFX.SYS (Creative Technology Ltd)
DRV:64bit: - (CTEAPSFX.SYS) -- C:\Windows\SysNative\drivers\CTEAPSFX.SYS (Creative Technology Ltd)
DRV:64bit: - (CTEAPSFX) -- C:\Windows\SysNative\drivers\CTEAPSFX.SYS (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX.SYS) -- C:\Windows\SysNative\drivers\CTSBLFX.SYS (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX) -- C:\Windows\SysNative\drivers\CTSBLFX.SYS (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX.SYS) -- C:\Windows\SysNative\drivers\CTAUDFX.SYS (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX) -- C:\Windows\SysNative\drivers\CTAUDFX.SYS (Creative Technology Ltd)
DRV:64bit: - (COMMONFX.SYS) -- C:\Windows\SysNative\drivers\COMMONFX.SYS (Creative Technology Ltd)
DRV:64bit: - (COMMONFX) -- C:\Windows\SysNative\drivers\COMMONFX.SYS (Creative Technology Ltd)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (whfltr2k) -- C:\Windows\SysNative\drivers\whfltr2k.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comoestamos.com/search/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.comoestamos.com/search/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.comoestamos.com/search/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comoestamos.com/search/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{76434FE2-B79A-4DFE-A374-D716B8B03CF7}: "URL" = http://www.comoestam...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3036664217-593706541-706021291-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3036664217-593706541-706021291-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = el
IE - HKU\S-1-5-21-3036664217-593706541-706021291-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 32 7B 94 1A A7 CA 01 [binary data]
IE - HKU\S-1-5-21-3036664217-593706541-706021291-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3036664217-593706541-706021291-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3036664217-593706541-706021291-1001\..\SearchScopes\{76434FE2-B79A-4DFE-A374-D716B8B03CF7}: "URL" = http://www.comoestam...q={searchTerms}
IE - HKU\S-1-5-21-3036664217-593706541-706021291-1001\..\SearchScopes\{8A5A76FE-6433-46AD-8367-F875F4D51E63}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-3036664217-593706541-706021291-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3036664217-593706541-706021291-1009\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: el-en%40dictionaries.addons.mozilla.org:0.5.5
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: addon%40freecorder.com:7.0.0.12
FF - prefs.js..extensions.enabledAddons: %7B317B5128-0B0B-49b2-B2DB-1E7560E16C74%7D:2.8.7
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0039-ABCDEFFEDCBA%7D:6.0.39
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.5
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/10/11 20:51:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 15:44:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/06 15:44:10 | 000,000,000 | ---D | M]

[2010/02/06 12:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SR\AppData\Roaming\Mozilla\Extensions
[2013/02/17 00:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions
[2013/01/27 02:30:01 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2013/01/26 00:13:40 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected]
[2011/01/22 14:50:35 | 000,000,000 | ---D | M] (Greek-English Spelling dictionary) -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected]
[2012/05/21 00:15:26 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/12/19 01:10:02 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected]
[2012/12/12 13:47:00 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/02/17 00:17:23 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/13 18:22:34 | 000,002,057 | ---- | M] () -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\searchplugins\youtube-video-search.xml
[2013/02/06 15:44:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/06 15:44:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/06 15:44:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/02/06 15:44:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/02/06 15:44:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/02/06 15:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Adobe_Photoshop_CS5_Portable_YeNiCeRi\Adobe Photoshop CS5\Plug-ins\Extensions
[2013/02/06 15:44:30 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/22 22:50:51 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2012/09/13 23:29:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 19:27:54 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\SR\AppData\Local\Chromium\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\SR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Skype Click to Call = C:\Users\SR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
CHR - Extension: Poppit = C:\Users\SR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2013/02/17 20:44:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Freecorder extension) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-3036664217-593706541-706021291-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WheelMouse] C:\Advanced Wheel Mouse\wh_exec.exe ()
O4 - HKU\S-1-5-21-3036664217-593706541-706021291-1009..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3036664217-593706541-706021291-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE down arrow.exe ()
O4 - Startup: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE expression.exe ()
O4 - Startup: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE left arrow.exe ()
O4 - Startup: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE right arrow.exe ()
O4 - Startup: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE smart.exe ()
O4 - Startup: C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FINALE up arrow.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3036664217-593706541-706021291-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3036664217-593706541-706021291-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3036664217-593706541-706021291-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3036664217-593706541-706021291-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\SR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\SR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{668CA91D-EF0A-4635-B961-6FDCD15D3205}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{913617FE-775B-4717-A72D-0EB92080F057}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/17 20:46:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/17 20:33:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/17 20:33:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/17 20:33:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/17 20:33:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/17 20:33:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/17 20:31:38 | 005,033,715 | R--- | C] (Swearware) -- C:\Users\SR\Desktop\ComboFix.exe
[2013/02/17 15:44:56 | 000,000,000 | ---D | C] -- C:\Users\SR\Desktop\RK_Quarantine
[2013/02/17 01:56:29 | 000,000,000 | ---D | C] -- C:\Users\SR\Documents\Python Scripts
[2013/02/17 01:56:29 | 000,000,000 | ---D | C] -- C:\Users\SR\Documents\IPython Notebooks
[2013/02/17 01:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnacondaCE 1.3.1 (64-bit)
[2013/02/17 01:56:28 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Roaming\Continuum
[2013/02/17 01:56:28 | 000,000,000 | ---D | C] -- C:\Users\SR\.continuum
[2013/02/17 01:45:34 | 000,000,000 | ---D | C] -- C:\Anaconda
[2013/02/17 00:58:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\SR\Desktop\OTL.exe
[2013/02/16 23:20:02 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Roaming\Malwarebytes
[2013/02/16 23:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/16 23:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/16 23:19:39 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/02/16 23:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/07 03:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureSync
[2013/02/06 15:44:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/06 14:35:03 | 000,158,128 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2013/02/06 14:35:02 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2013/02/06 14:35:02 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2013/02/06 02:19:56 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Roaming\Resolver One
[2013/02/06 02:14:00 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Resolver One
[2013/02/06 02:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Resolver One
[2013/02/05 19:06:09 | 000,000,000 | ---D | C] -- C:\msysgit
[2013/01/31 16:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/01/31 16:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/27 14:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
[2013/01/27 14:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital Corporation
[2013/01/26 00:28:07 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Local\Freecorder 7 Audio
[2013/01/26 00:17:32 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Roaming\Freecorder 7 Audio
[2013/01/26 00:17:32 | 000,000,000 | ---D | C] -- C:\Users\SR\Documents\Freecorder
[2013/01/26 00:17:31 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Local\Jaksta_Technologies_Pty_L
[2013/01/25 23:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Abyssmedia
[2013/01/25 23:24:43 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Roaming\GetRightToGo
[2013/01/25 23:16:34 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Roaming\Abyssmedia
[2013/01/25 15:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Technologies
[2013/01/25 15:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freecorder extension
[2013/01/24 23:15:18 | 000,000,000 | ---D | C] -- C:\SGLDABC2C75F16E9F97
[2013/01/24 23:15:18 | 000,000,000 | ---D | C] -- C:\BU82807267DABC2C75F16E9F97
[2013/01/24 23:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hokfelt ComputerWorks
[2013/01/24 22:54:43 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Local\Equilab
[2013/01/24 22:52:05 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Local\Downloaded Installations
[2013/01/24 21:49:57 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Local\PokerSleuth
[2013/01/24 21:49:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerSleuth
[2013/01/24 19:07:05 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Roaming\RealNetworks
[2013/01/24 19:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/01/24 19:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/01/24 19:05:19 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Roaming\Real
[2013/01/24 19:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/01/23 01:57:10 | 000,000,000 | ---D | C] -- C:\Windows\pss
[6 C:\Users\SR\Desktop\*.tmp files -> C:\Users\SR\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/17 21:44:00 | 000,001,176 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/17 20:44:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/17 20:32:05 | 005,033,715 | R--- | M] (Swearware) -- C:\Users\SR\Desktop\ComboFix.exe
[2013/02/17 15:48:59 | 000,020,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/17 15:48:59 | 000,020,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/17 15:41:39 | 000,001,172 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/17 15:41:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/17 15:41:15 | 1066,749,950 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/17 15:40:28 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000001-00001102-00000008-40041102}.rfx
[2013/02/17 15:40:28 | 000,009,116 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000001-00001102-00000008-40041102}.rfx
[2013/02/17 15:40:28 | 000,009,116 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000001-00001102-00000008-40041102}.rfx
[2013/02/17 15:40:28 | 000,001,524 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000008-00000000-00000001-00001102-00000008-40041102}.rfx
[2013/02/17 15:40:28 | 000,001,524 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000008-00000000-00000001-00001102-00000008-40041102}.rfx
[2013/02/17 15:21:30 | 000,798,208 | ---- | M] () -- C:\Users\SR\Desktop\RogueKiller.exe
[2013/02/17 15:20:40 | 000,587,671 | ---- | M] () -- C:\Users\SR\Desktop\adwcleaner0.exe
[2013/02/17 15:19:21 | 000,881,914 | ---- | M] () -- C:\Users\SR\Desktop\SecurityCheck.exe
[2013/02/17 00:58:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SR\Desktop\OTL.exe
[2013/02/16 23:19:44 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/16 16:29:49 | 000,577,536 | ---- | M] () -- C:\Users\SR\Documents\SR Home Budgets.fp7
[2013/02/10 13:24:26 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/10 13:24:26 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/09 23:19:31 | 000,135,680 | ---- | M] () -- C:\Users\SR\Desktop\EnumeratedHands7.csv
[2013/02/08 22:55:15 | 000,288,937 | ---- | M] () -- C:\Users\SR\Desktop\EnumeratedHands6.csv
[2013/02/07 19:24:08 | 000,483,287 | ---- | M] () -- C:\Users\SR\Desktop\EnumeratedHands5.csv
[2013/02/07 14:36:06 | 000,002,044 | ---- | M] () -- C:\Users\SR\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/02/07 03:22:44 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\PureSync.lnk
[2013/02/07 03:19:19 | 000,311,504 | ---- | M] () -- C:\Users\SR\Desktop\EnumeratedHands4.csv
[2013/02/02 23:30:01 | 000,322,567 | ---- | M] () -- C:\Users\SR\Desktop\EnumeratedHands3.csv
[2013/02/01 13:31:05 | 005,084,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/31 16:36:21 | 000,227,664 | ---- | M] () -- C:\Users\SR\Documents\cc_20130131_163452.reg
[2013/01/31 03:36:41 | 000,363,451 | ---- | M] () -- C:\Users\SR\Desktop\EnumeratedHands2.csv
[2013/01/29 03:02:47 | 000,457,901 | ---- | M] () -- C:\Users\SR\Desktop\EnumeratedHands1.csv
[2013/01/29 00:07:54 | 000,124,927 | ---- | M] () -- C:\Users\SR\Desktop\Experimental.csv
[2013/01/27 22:10:23 | 000,800,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/27 22:10:23 | 000,665,950 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/27 22:10:23 | 000,126,980 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/27 14:24:56 | 000,001,308 | ---- | M] () -- C:\Users\SR\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Lifeguard Diagnostic for Windows.lnk
[2013/01/25 22:26:28 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\REAPER (x64).lnk
[2013/01/24 18:58:15 | 008,612,981 | ---- | M] () -- C:\Users\SR\Documents\_Just Friends_ Charlie Parker.flv
[2013/01/24 01:00:31 | 000,001,325 | ---- | M] () -- C:\Users\SR\AppData\Local\recently-used.xbel
[2013/01/20 22:59:43 | 000,195,481 | ---- | M] () -- C:\Users\SR\Documents\install.air
[6 C:\Users\SR\Desktop\*.tmp files -> C:\Users\SR\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/17 20:33:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/17 20:33:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/17 20:33:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/17 20:33:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/17 20:33:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/17 15:21:20 | 000,798,208 | ---- | C] () -- C:\Users\SR\Desktop\RogueKiller.exe
[2013/02/17 15:20:32 | 000,587,671 | ---- | C] () -- C:\Users\SR\Desktop\adwcleaner0.exe
[2013/02/17 15:19:03 | 000,881,914 | ---- | C] () -- C:\Users\SR\Desktop\SecurityCheck.exe
[2013/02/16 23:19:44 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/09 23:19:31 | 000,135,680 | ---- | C] () -- C:\Users\SR\Desktop\EnumeratedHands7.csv
[2013/02/07 19:18:59 | 000,288,937 | ---- | C] () -- C:\Users\SR\Desktop\EnumeratedHands6.csv
[2013/02/07 03:22:44 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\PureSync.lnk
[2013/02/05 03:47:21 | 000,483,287 | ---- | C] () -- C:\Users\SR\Desktop\EnumeratedHands5.csv
[2013/02/02 23:58:19 | 000,311,504 | ---- | C] () -- C:\Users\SR\Desktop\EnumeratedHands4.csv
[2013/02/01 22:13:49 | 000,322,567 | ---- | C] () -- C:\Users\SR\Desktop\EnumeratedHands3.csv
[2013/01/31 16:35:08 | 000,227,664 | ---- | C] () -- C:\Users\SR\Documents\cc_20130131_163452.reg
[2013/01/29 23:41:26 | 000,363,451 | ---- | C] () -- C:\Users\SR\Desktop\EnumeratedHands2.csv
[2013/01/29 02:59:11 | 000,457,901 | ---- | C] () -- C:\Users\SR\Desktop\EnumeratedHands1.csv
[2013/01/29 00:06:06 | 000,124,927 | ---- | C] () -- C:\Users\SR\Desktop\Experimental.csv
[2013/01/27 14:24:56 | 000,001,308 | ---- | C] () -- C:\Users\SR\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Lifeguard Diagnostic for Windows.lnk
[2013/01/24 23:14:46 | 000,001,318 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QED Poker Simulator.lnk
[2013/01/24 18:55:28 | 008,612,981 | ---- | C] () -- C:\Users\SR\Documents\_Just Friends_ Charlie Parker.flv
[2013/01/24 01:00:31 | 000,001,325 | ---- | C] () -- C:\Users\SR\AppData\Local\recently-used.xbel
[2013/01/20 23:00:22 | 000,195,481 | ---- | C] () -- C:\Users\SR\Documents\install.air
[2012/12/26 15:15:55 | 000,004,877 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2012/12/16 03:47:33 | 000,000,045 | ---- | C] () -- C:\Users\SR\AppData\Local\machpro.dat
[2012/12/16 03:41:51 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2012/10/11 19:17:32 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/09/28 23:22:17 | 000,014,368 | ---- | C] () -- C:\Windows\skype.dat
[2012/09/28 21:36:39 | 000,032,854 | ---- | C] () -- C:\Windows\iniLS.dat
[2012/07/23 08:31:38 | 004,428,800 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012/07/02 19:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/06/09 18:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/05/21 17:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll
[2012/01/28 18:07:57 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/12/07 22:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/10/28 23:37:37 | 000,744,286 | ---- | C] () -- C:\Windows\unins000.exe
[2011/10/28 23:37:37 | 000,001,048 | ---- | C] () -- C:\Windows\unins000.dat
[2011/10/24 17:52:02 | 000,006,966 | ---- | C] () -- C:\ProgramData\DYNAMiCS.nfo
[2011/10/24 17:46:52 | 000,006,966 | ---- | C] () -- C:\Program Files\DYNAMiCS.nfo
[2011/10/12 21:50:34 | 011,165,696 | ---- | C] () -- C:\Users\SR\AppData\Roaming\Sandra.mdb
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/18 16:20:30 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\dbcmdb32.dll
[2011/08/18 16:20:30 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\dbcjpg32.dll
[2011/08/18 16:20:30 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\DBCMEM32.DLL
[2011/08/18 16:20:30 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dbcgeo32.dll
[2011/08/14 11:11:41 | 000,000,000 | ---- | C] () -- C:\Users\SR\AppData\Local\{5A7DAA57-5D0C-4C90-9F84-33323514FEB0}
[2011/07/19 18:14:36 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\patchw32.dll
[2011/07/19 18:14:36 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\MSWTHK32.DLL
[2011/07/19 18:14:36 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\IMPLODE.DLL
[2011/07/19 18:14:36 | 000,003,360 | ---- | C] () -- C:\Windows\SysWow64\MSWTHK16.DLL
[2011/07/19 18:14:35 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\LFCMP61N.DLL
[2011/07/19 18:14:35 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\Lfpng61n.dll
[2011/07/19 18:14:35 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\LTFIL61N.DLL
[2011/06/17 17:03:06 | 000,000,309 | ---- | C] () -- C:\Users\SR\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/04/21 11:19:20 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/21 11:19:20 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/13 19:21:08 | 000,000,008 | RH-- | C] () -- C:\Users\SR\hwid
[2011/03/10 20:38:21 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/08/31 17:33:41 | 000,000,008 | ---- | C] () -- C:\ProgramData\VYAAUFMZPWSP.SYS
[2010/05/17 17:13:06 | 000,000,132 | ---- | C] () -- C:\Users\SR\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/16 14:37:07 | 000,001,456 | ---- | C] () -- C:\Users\SR\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/04/05 13:25:29 | 000,001,074 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/04/05 13:24:59 | 000,000,034 | ---- | C] () -- C:\Users\SR\AppData\Roaming\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/04/05 13:24:57 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/02/19 11:13:09 | 000,000,760 | ---- | C] () -- C:\Users\SR\AppData\Roaming\setup_ldm.iss
[2010/02/10 20:12:34 | 000,007,654 | ---- | C] () -- C:\Users\SR\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 16:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:2784C21E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 1242 bytes -> C:\Users\SR\AppData\Local\Temp:nCBUdN93C1bBsrroDSCkWm8z
@Alternate Data Stream - 1085 bytes -> C:\ProgramData\Microsoft:Zhu5pMeIjZBETGlrtvMKRBEHWnz6
@Alternate Data Stream - 1075 bytes -> C:\ProgramData\Microsoft:VGpm8FHaLLYnYnrKjrhD9zG

< End of report >
  • 0

#8
gringo_pr
Posted 18 February 2013 - 12:50 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello spra

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image text box.
    :OTL
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
O2 - BHO: (Freecorder extension) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-3036664217-593706541-706021291-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:64bit: - Extra context menu item: E&?a???? st? Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&?a???? st? Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:2784C21E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 1242 bytes -> C:\Users\SR\AppData\Local\Temp:nCBUdN93C1bBsrroDSCkWm8z
@Alternate Data Stream - 1085 bytes -> C:\ProgramData\Microsoft:Zhu5pMeIjZBETGlrtvMKRBEHWnz6
@Alternate Data Stream - 1075 bytes -> C:\ProgramData\Microsoft:VGpm8FHaLLYnYnrKjrhD9zG    
FF - prefs.js..extensions.enabledAddons: addon%40freecorder.com:7.0.0.12
[2013/01/26 00:13:40 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected]
[2012/12/19 01:10:02 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected]
[2013/01/26 00:28:07 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Local\Freecorder 7 Audio
[2013/01/26 00:17:32 | 000,000,000 | ---D | C] -- C:\Users\SR\AppData\Roaming\Freecorder 7 Audio
[2013/01/26 00:17:32 | 000,000,000 | ---D | C] -- C:\Users\SR\Documents\Freecorder
[2013/01/25 15:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freecorder extension
:Files
ipconfig /flushdns /c

:Commands
[PURITY]
[emptyjava]
[EMPTYFLASH]
[reboot]
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

    It will be named - mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Let me know How things are doing

Gringo
  • 0

#9
spra
Posted 18 February 2013 - 03:43 PM

spra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Hi Gringo.

The problem seems to be solved. The fraudulent "download" and similar links have disappeared from the pages they used to exist on.
Great work!
Thank you very much for your precious help!

Had the problem to do with "freecorder" (a live-stream recorder add-on for firefox)?
More causes maybe?

Anyway, here is the OTL log text:

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3036664217-593706541-706021291-1009\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&?a???? st? Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&?a???? st? Microsoft Excel\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\TEMP:2784C21E deleted successfully.
ADS C:\ProgramData\TEMP:8CE646EE deleted successfully.
ADS C:\Users\SR\AppData\Local\Temp:nCBUdN93C1bBsrroDSCkWm8z deleted successfully.
ADS C:\ProgramData\Microsoft:Zhu5pMeIjZBETGlrtvMKRBEHWnz6 deleted successfully.
ADS C:\ProgramData\Microsoft:VGpm8FHaLLYnYnrKjrhD9zG deleted successfully.
Prefs.js: addon%40freecorder.com:7.0.0.12 removed from extensions.enabledAddons
C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected]\plugins folder moved successfully.
C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected]\chrome\skin folder moved successfully.
C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected]\chrome\content\popup\images folder moved successfully.
C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected]\chrome\content\popup folder moved successfully.
C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected]\chrome\content\js folder moved successfully.
C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected]\chrome\content\img folder moved successfully.
C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected] folder moved successfully.
C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\extensions\[email protected] moved successfully.
C:\Users\SR\AppData\Local\Freecorder 7 Audio\UrlCache folder moved successfully.
C:\Users\SR\AppData\Local\Freecorder 7 Audio folder moved successfully.
C:\Users\SR\AppData\Roaming\Freecorder 7 Audio\Library\logs folder moved successfully.
C:\Users\SR\AppData\Roaming\Freecorder 7 Audio\Library\db folder moved successfully.
C:\Users\SR\AppData\Roaming\Freecorder 7 Audio\Library\art folder moved successfully.
C:\Users\SR\AppData\Roaming\Freecorder 7 Audio\Library folder moved successfully.
C:\Users\SR\AppData\Roaming\Freecorder 7 Audio folder moved successfully.
C:\Users\SR\Documents\Freecorder\Audio folder moved successfully.
C:\Users\SR\Documents\Freecorder folder moved successfully.
C:\Program Files (x86)\Freecorder extension\popup\images folder moved successfully.
C:\Program Files (x86)\Freecorder extension\popup folder moved successfully.
C:\Program Files (x86)\Freecorder extension\js folder moved successfully.
C:\Program Files (x86)\Freecorder extension\img folder moved successfully.
C:\Program Files (x86)\Freecorder extension folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\SR\Desktop\cmd.bat deleted successfully.
C:\Users\SR\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: AppData

User: Default

User: Default User

User: postgres

User: Public

User: SR
->Java cache emptied: 45893224 bytes

Total Java Files Cleaned = 44,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: AppData

User: Default
->Flash cache emptied: 56504 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: postgres
->Flash cache emptied: 56504 bytes

User: Public

User: SR
->Flash cache emptied: 85448 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02182013_230835
  • 0

#10
gringo_pr
Posted 18 February 2013 - 03:54 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello spra

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

Advertisements

#11
spra
Posted 18 February 2013 - 04:43 PM

spra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Gringo

- There were no problems during the script run.

- The computer seems to be clean. No problems with fraudulent links or strange behaviors, except that on various pages I got a message saying
"Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?"
I don' t see it all the time though.

- What should I do with the User Account Control? What state should I put it to?

- The log you requested is below.

ComboFix 13-02-15.01 - SR 19/02/2013 0:09.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1253.30.1033.18.12279.10256 [GMT 2:00]
Running from: c:\users\SR\Desktop\ComboFix.exe
Command switches used :: c:\users\SR\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-01-18 to 2013-02-18 )))))))))))))))))))))))))))))))
.
.
2013-02-18 22:19 . 2013-02-18 22:19 -------- d-----w- c:\users\postgres\AppData\Local\temp
2013-02-18 22:19 . 2013-02-18 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-18 22:19 . 2013-02-18 22:19 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-02-18 21:08 . 2013-02-18 21:08 -------- d-----w- C:\_OTL
2013-02-18 20:43 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66ECBF1C-A0ED-400A-A4E3-C406D2C564DF}\mpengine.dll
2013-02-17 21:44 . 2013-02-17 21:46 -------- d-----w- c:\program files (x86)\Git
2013-02-16 23:56 . 2013-02-16 23:56 -------- d-----w- c:\users\SR\AppData\Roaming\Continuum
2013-02-16 23:56 . 2013-02-16 23:56 -------- d-----w- c:\users\SR\.continuum
2013-02-16 23:45 . 2013-02-16 23:56 -------- d-----w- C:\Anaconda
2013-02-16 21:20 . 2013-02-16 21:20 -------- d-----w- c:\users\SR\AppData\Roaming\Malwarebytes
2013-02-16 21:19 . 2013-02-16 21:19 -------- d-----w- c:\programdata\Malwarebytes
2013-02-16 21:19 . 2013-02-16 21:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-16 21:19 . 2012-12-14 14:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-06 00:19 . 2013-02-06 00:19 -------- d-----w- c:\users\SR\AppData\Roaming\Resolver One
2013-02-06 00:13 . 2013-02-06 00:13 -------- d-----w- c:\program files (x86)\Resolver One
2013-02-05 17:06 . 2013-02-05 17:24 -------- d-----w- C:\msysgit
2013-01-31 14:20 . 2013-01-31 14:20 -------- d-----w- c:\program files\CCleaner
2013-01-27 12:24 . 2013-01-27 12:24 -------- d-----w- c:\program files (x86)\Western Digital Corporation
2013-01-25 22:17 . 2013-01-25 22:17 -------- d-----w- c:\users\SR\AppData\Local\Jaksta_Technologies_Pty_L
2013-01-25 21:35 . 2013-01-25 21:35 -------- d-----w- c:\program files (x86)\Abyssmedia
2013-01-25 21:24 . 2013-01-25 21:25 -------- d-----w- c:\users\SR\AppData\Roaming\GetRightToGo
2013-01-25 21:16 . 2013-01-25 21:16 -------- d-----w- c:\users\SR\AppData\Roaming\Abyssmedia
2013-01-25 13:53 . 2013-01-25 13:53 -------- d-----w- c:\program files (x86)\Applian Technologies
2013-01-24 21:15 . 2013-01-24 21:15 -------- d-----w- C:\SGLDABC2C75F16E9F97
2013-01-24 21:15 . 2013-01-24 21:15 -------- d-----w- C:\BU82807267DABC2C75F16E9F97
2013-01-24 21:14 . 2013-01-24 21:14 -------- d-----w- c:\program files (x86)\Hokfelt ComputerWorks
2013-01-24 20:54 . 2013-01-24 20:59 -------- d-----w- c:\users\SR\AppData\Local\Equilab
2013-01-24 20:52 . 2013-01-24 20:52 -------- d-----w- c:\users\SR\AppData\Local\Downloaded Installations
2013-01-24 19:49 . 2013-01-24 21:02 -------- d-----w- c:\users\SR\AppData\Local\PokerSleuth
2013-01-24 19:49 . 2013-01-24 21:02 -------- d-----w- c:\program files (x86)\PokerSleuth
2013-01-24 17:05 . 2013-01-24 17:25 -------- d-----w- c:\program files (x86)\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 11:24 . 2012-04-03 08:41 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-10 11:24 . 2011-10-27 09:12 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2010-02-06 10:48 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-15 14:56 . 2012-09-16 16:19 477616 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-01-15 14:56 . 2010-06-07 10:22 473520 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-08 05:32 . 2010-02-12 08:44 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-29 09:50 . 2012-11-29 09:50 73552 ----a-w- c:\windows\system32\drivers\RAMDiskVE.sys
2012-11-28 14:16 . 2012-11-28 14:19 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2CD63647-F398-4336-9FB8-1EB7C5919EBC}\gapaengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AsioThk32Reg"="CTASIO.DLL" [2008-03-20 51712]
"CTHelper"="CTHELPER.EXE" [2008-03-20 23040]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2007-03-11 86016]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-03-20 23552]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-22 2637824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FINALE down arrow.exe [2012-8-14 207127]
FINALE expression.exe [2012-8-17 207163]
FINALE left arrow.exe [2012-8-14 207127]
FINALE right arrow.exe [2012-8-14 207129]
FINALE smart.exe [2012-8-17 207163]
FINALE up arrow.exe [2012-8-14 207125]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-19 1196048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 postgresql-x64-9.2;postgresql-x64-9.2 - PostgreSQL Server 9.2;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-03-20 123928]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2008-03-20 202776]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2008-03-20 202776]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2008-03-20 588824]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-03-20 588824]
R3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\System32\drivers\CTEAPSFX.SYS [2008-03-20 187416]
R3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS [2008-03-20 187416]
R3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\System32\drivers\CTEDSPFX.SYS [2008-03-20 287256]
R3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS [2008-03-20 287256]
R3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS [2008-03-20 158232]
R3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS [2008-03-20 338456]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2008-03-20 116248]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-03-20 116248]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2008-03-20 1417752]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-03-20 1417752]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2008-03-20 94744]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2008-03-20 94744]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2008-03-20 589848]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-03-20 589848]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys [2012-11-29 73552]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [2008-09-18 93848]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-26 9600]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2011-10-18 210016]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2011-10-18 141920]
S2 Ast Service;Ast Service;c:\windows\system32\\AstSrv.exe [x]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2008-03-20 123928]
S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\System32\drivers\CTEDSPIO.SYS [2008-03-20 158232]
S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\System32\drivers\CTEDSPSY.SYS [2008-03-20 338456]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 21:39 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2010-02-24 c:\windows\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job
- c:\program files (x86)\Allway Sync\Bin\syncappw.exe [2010-02-24 11:11]
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 18:01]
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 18:01]
.
2012-09-17 c:\windows\Tasks\One-Click Tweak.job
- c:\program files (x86)\Advanced PC Tweaker\OneClick.exe [2012-08-27 07:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-22 395392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.comoestamos.com/search/
mDefault_Page_URL = hxxp://www.comoestamos.com/search/
mStart Page = hxxp://www.comoestamos.com/search/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.comoestamos.com/search/
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\SR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\y4rlmwp7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2013-02-06 15:44; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Freecorder extension - c:\program files (x86)\Freecorder extension\uninstall.exe
AddRemove-Freecorder extension for Chrome - c:\program files (x86)\Freecorder extension\UninstallChromeToolbar.exe
AddRemove-Freecorder extension for Firefox - c:\program files (x86)\Freecorder extension\UninstallFirefoxToolbar.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.2]
"ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.2]
"ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-20\Software\classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@Allowed: (Read) (RestrictedCode)
@=hex:cd,72,10,7f,ae,f2,cb,01
.
[HKEY_USERS\S-1-5-21-3036664217-593706541-706021291-1001\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Users\\SR\\Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"="c:\\Users\\SR\\Documents\\Sports Interactive\\Football Manager 2010\\shortlists"
"ScreenshotsDir"="c:\\Users\\SR\\Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Users\\SR\\Documents\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Users\\SR\\Desktop\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files (x86)\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009dfb
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000074
"UniqueID"="45-ACB0-E7AF"
"Currency"=dword:0000001c
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_USERS\S-1-5-21-3036664217-593706541-706021291-1001\Software\G*e*n*i*e*"!\FM Genie Scout 11]
@Allowed: (Read) (RestrictedCode)
"Currency"=dword:0000001c
"GameDir"="c:\\Users\\SR\\Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"=""
"FMPath"="c:\\Program Files (x86)\\Sports Interactive\\Football Manager 2011\\"
"ScreenshotsDir"="c:\\Users\\SR\\Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="c:\\Users\\SR\\Documents\\Sports Interactive\\Football Manager 2011\\"
"HistoryDir"="c:\\FM Genie Scout 11\\History Points"
"LangDB"="c:\\Program Files (x86)\\Sports Interactive\\Football Manager 2011\\data\\updates\\update-1120\\db\\1120\\lang_db.dat"
"LastSaveGame"="c:\\Users\\SR\\Documents\\Sports Interactive\\Football Manager 2012\\games\\Man Utd 2.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000032
"GraphStep"=dword:00000000
"SkinName"="FM 2011"
"LastUpdateCheck"=dword:00009fec
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000081
"UniqueID"="45-ACB0-E7AF"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000014
"StaffSearchFeatureNum"=dword:00000004
"ClubSearchFeatureNum"=dword:00000003
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000003
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000017
"HintsFeatureNum"=dword:00000003
"GenieReportFeatureNum"=dword:00000010
"TopFormationFeatureNum"=dword:00000002
"ScreenshotFeatureNum"=dword:00000000
"VersionOf"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3036664217-593706541-706021291-1001\Software\G*e*n*i*e*"!\FM Genie Scout 11g]
@Allowed: (Read) (RestrictedCode)
"PicturesNumber"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3036664217-593706541-706021291-1001_Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
@Allowed: (Read) (RestrictedCode)
@=hex:ae,c9,6d,cb,60,de,cb,01
.
[HKEY_USERS\S-1-5-21-3036664217-593706541-706021291-1001_Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@Allowed: (Read) (RestrictedCode)
@=hex:2d,64,1c,43,37,eb,cb,01
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:0f,0d,e1,44,2d,89,e3,6a,d9,82,09,2a,52,d8,f0,d4,05,c0,d5,3b,37,
30,7f,51,d2,94,4c,2b,6a,f7,56,31,c8,ee,c9,9f,48,23,0e,76,08,5b,30,42,e2,64,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
@=hex:35,7d,8f,9c,9d,dd,cb,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:60,91,21,63,9d,dd,cb,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:97,6d,45,63,9d,dd,cb,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:fe,9a,42,5f,9d,dd,cb,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@=hex:5b,bd,57,63,9d,dd,cb,01
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:0f,0d,e1,44,2d,89,e3,6a,d9,82,09,2a,52,d8,f0,d4,05,c0,d5,3b,37,
30,7f,51,d2,94,4c,2b,6a,f7,56,31,c8,ee,c9,9f,48,23,0e,76,08,5b,30,42,e2,64,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-19 00:21:37
ComboFix-quarantined-files.txt 2013-02-18 22:21
ComboFix2.txt 2013-02-17 18:46
.
Pre-Run: 443.402.633.216 bytes free
Post-Run: 443.330.854.912 bytes free
.
- - End Of File - - 5501A0FDE0E8FC4AA3A5ABA51A128D47
  • 0

#12
gringo_pr
Posted 18 February 2013 - 09:03 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello spra


"Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?"

there is a checkbox that says do not show me this again


I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#13
spra
Posted 19 February 2013 - 09:18 AM

spra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Hi Gringo

The report:


µTorrent
Acronis True Image WD Edition
ActiveState Komodo IDE 7.1.3
Ad-Aware Browsing Protection
Adobe Acrobat X Pro - English, Franηais, Deutsch
Adobe AIR
Adobe Creative Suite 6 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Media Player
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.5
Adobe Widget Browser
Advanced PC Tweaker v4.2
Advanced Wheel Mouse 6.0.0.000
Airbus Series Vol.2 (FS X)
Alarm
Allway Sync version 10.1.1
Any Video Converter 3.0.7
AoA Audio Extractor
Apple Application Support
Apple Software Update
ASIO4ALL
AutoHotkey 1.0.48.05
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Editor 6
AVS Video Recorder 2.4
AVS4YOU Software Navigator 1.4
BackgammonMasters Client
BitTorrent
bl
Cakewalk VST Adapter 4
Cheat Engine 6.1
Chess Assistant 7 Light
Chessmaster 10th Edition
Chessmaster 9000
D3DX10
Data Lifeguard Diagnostic for Windows 1.24
DirectVobSub 2.40.4227
DreamStation DXi2
E-MU Audio Drivers
E-muPatchMix DSP
erLT
FIFA 12 © EA version 1
FIFA 13
FileMaker Pro 9 Advanced
Finale 2010
FM Genie Scout 11 version 1.00
FMRTE
Free Audio CD Burner version 1.4.8
Free NaturalReader
Free Sound Recorder v9.3.1
Free YouTube to MP3 Converter version 3.9.37.426
Freecorder 7 Applications (7.0.0.48)
Freecorder extension
Freecorder extension for Chrome
Freecorder extension for Firefox
FSBuild 2
Git version 1.8.1.2-preview20130201
Google Chrome
Google Earth
Google Update Helper
Hamster Free Video Converter
HamsterFreeVideoConverter
Holdem Indicator 2.1.0
Hoyle Casino Games 2011 (remove only)
IE Comoestamos Search Provider version 7.0.7
Java Auto Updater
Java™ 6 Update 39
LAME v3.98.3 for Audacity
LG PC Suite II
LG USB Modem driver
Live 4.1.5
Logitech SetPoint
Malwarebytes Anti-Malware version 1.70.0.1100
MetaStock Professional 11.0
Microsoft .NET Framework 1.1
Microsoft Flight
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (Greek) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (Greek) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove MUI (Greek) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office InfoPath MUI (Greek) 2010
Microsoft Office Language Pack 2010 - Greek/Ελληνικά
Microsoft Office O MUI (Greek) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (Greek) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (Greek) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (Greek) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Greek) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (Greek) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (Greek) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (Greek) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (Greek) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (Greek) 2010
Microsoft Office X MUI (Greek) 2010
Microsoft PowerPoint Viewer
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MIDI-OX
MLDownloader
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Native Instruments Kontakt 2
Native Instruments Kontakt 4
Native Instruments Kontakt 5
Native Instruments Service Center
NSIS Example2
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PDF Settings CS6
PDFCreator
ph
PMDG 747-400/400F for FSX
PokerStars
PokerStove version 1.24
PostgreSQL 8.4
PureSync
PureSync 3.7.2
QED Poker Simulator
QuickTime
Resolver One
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Simple Sudoku 4.1
Skype Click to Call
Skype™ 5.10
SnagIt 7
Switch Sound File Converter
TagsRevisited
TeamViewer 7
thinkorswim
TWS Demo
ubi.com
Uninstall 1.0.0.1
USB Vibration Joystick
Veetle TV 0.9.18
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx
WIDI Recognition System Standard 3.0 (remove only)
Win7codecs
WinDjView 1.0.3
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
  • 0

#14
gringo_pr
Posted 19 February 2013 - 01:23 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld



These logs are looking allot better. But we still have some work to do.


uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove


µTorrent
Adobe Reader X (10.1.4)
BitTorrent
Freecorder 7 Applications (7.0.0.48)
Freecorder extension
Freecorder extension for Chrome
Freecorder extension for Firefox
Java™ 6 Update 39
NSIS Example2
[/list]

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Update Adobe reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

I see you have MBAM installed - I think this is a great program and would like you to run a quick scan at this time

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic



"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#15
spra
Posted 19 February 2013 - 03:32 PM

spra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I uninstalled all those programs you suggested using Revo Uninstaller.

At this point I have to admit that I was not particularly happy to uninstall the two P2P applications for various reasons.
I do realize that there are certain safety and copyright issues associated with such exchanges but I guess there are also issues with the centralized control of information exchanging, marketing over the web and so on, but mentioning all this would bring us to an irrelevant and rather political discussion.
Since you have been kind enough to help me and offer your expertise I am taking your suggestions very seriously, and I did what you said, but I would really prefer if there was a safer way of P2P exchanging, rather than no P2P at all!

Anyway, I don't see any problems with the computer anymore.
Could you please tell me what was the main source of the problem?

I uninstalled the Freecorder Application first. OK.
Then, while uninstalling Freecorder extension I received the message
"Running the application's installation failed!
Possible invalid uninstall command!"
I clicked Ok, next and went on and deleted the registry item found.

The same with Freecorder extension for Chrome and Firefox.
------------------------------------------------------------------------------

MalwareBytes did not find anything. Here is the report:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.19.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
SR :: SR-PC [administrator]

19/2/2013 10:53:31 μμ
mbam-log-2013-02-19 (22-53-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253772
Time elapsed: 2 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)
--------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:01:29 μμ, on 19/2/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Finale 2012\Finale.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\SR\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comoestamos.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.comoestamos.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.comoestamos.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comoestamos.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-21-3036664217-593706541-706021291-1009\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - Startup: FINALE down arrow.exe
O4 - Startup: FINALE expression.exe
O4 - Startup: FINALE left arrow.exe
O4 - Startup: FINALE right arrow.exe
O4 - Startup: FINALE smart.exe
O4 - Startup: FINALE up arrow.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\SR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ast Service - Nalpeiron Ltd. - C:\Windows\system32\\AstSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Υπηρεσία Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Υπηρεσία Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: postgresql-x64-9.2 - PostgreSQL Server 9.2 (postgresql-x64-9.2) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12751 bytes


(end)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP