Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware Removal [Closed]


  • This topic is locked This topic is locked

#1
Georgekopa

Georgekopa

    Member

  • Member
  • PipPip
  • 26 posts
Hello.My problem is that when I open my pc, a blue icon appear which tell me that maybe windows have problem. However, after a little windows begin normally.I am afraid that a kind of virus attacked to my pc.Can I do something to check if my hypothesis is true and if yes what can I do to defect my pc?
  • 0

Advertisements


#2
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello Georgekopa :welcome:

My name is Nutloaf, and I will be helping you with Malware Removal.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

Please read all instructions and fixes thoroughly.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode and access to the GeeksToGo website will be unavailable.
  • Any fixes provided by myself are for this log file only and cannot be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened if you still require assitance.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.

Finally before we start:

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders.



With the above digested, let's get cracking. :)

Blue Icon

  • What does the error\message say?
  • Apart from a slow startup are there other any other issues?


Complete the following 3 scans. You will have 4 log files to post, a reminder of which is at the end of this post.


1. DOWNLOAD OTL

  • Using this link Download OTL and save it to your Desktop
  • If saved to another location, right click the OTL icon and Select Cut then right click on Desktop and select Paste
  • Right click the OTL icon and select Run as Administrator. )
  • Make sure the following boxes are checked:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Purity Check
  • In the Extra Registry box select Use Safe List
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C

  • Now Click Run Scan
  • OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
  • Post both in your next reply


2. ASWmbr

  • Using this link download aswMBR.exe to your desktop.
  • Right click aswMBR.exe and Run as Administrator (XP users double click aswMBR icon)
  • Select No for AVAST virus definitions.
  • Click the Scan button to start.
  • When the scan ends click Save Log and save it to your desktop
  • Post this log in your next reply


3. Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I want to see in your next post.

  • Answers to Blue Icon questions
  • OTL.txt
  • Extras.txt
  • ASWmbr log
  • checkup.txt

  • 0

#3
Georgekopa

Georgekopa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Firstly, I cannot remember what the message said.However, this blue icon appeared only once and after that my pc is starting without problem now.The delay of the startup and of the exploring is the only problems in my pc.

OTL.txt

OTL logfile created on: 9/23/2013 2:05:35 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kopas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

5.94 Gb Total Physical Memory | 3.98 Gb Available Physical Memory | 67.06% Memory free
11.87 Gb Paging File | 9.08 Gb Available in Paging File | 76.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.57 Gb Total Space | 316.79 Gb Free Space | 54.57% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: KOPAS93 | User Name: Kopas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/23 02:03:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kopas\Downloads\OTL.exe
PRC - [2013/09/18 22:21:33 | 030,938,112 | R--- | M] (Konami Digital Entertainment Co., Ltd.) -- C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2014\PES2014.exe
PRC - [2013/05/25 03:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kopas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2011/12/29 23:29:04 | 000,497,496 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/08/02 10:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/03/25 08:55:00 | 000,020,549 | ---- | M] (Apache Software Foundation) -- C:\OrangeHRM\2.6.12.1\apache\bin\httpd.exe
PRC - [2011/03/25 08:54:42 | 008,133,120 | ---- | M] () -- C:\OrangeHRM\2.6.12.1\mysql\bin\mysqld.exe
PRC - [2009/10/29 14:47:34 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/10/23 06:34:56 | 000,200,488 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/10/22 05:53:42 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/10/07 10:49:50 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/09/30 15:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 15:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/24 05:37:56 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/09/24 05:37:44 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/09/23 17:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/09/10 16:42:46 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/09/10 16:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/09/05 11:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
PRC - [2009/09/05 11:17:52 | 003,567,616 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
PRC - [2009/09/05 11:17:50 | 004,191,232 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
PRC - [2009/09/05 11:17:40 | 003,358,720 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009/08/28 12:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/07 16:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 16:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/08/04 08:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/11 02:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/07/10 13:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009/07/04 05:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2008/07/30 06:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007/04/20 16:55:58 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\TMMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/18 22:21:18 | 000,453,120 | R--- | M] () -- C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2014\rld.dll
MOD - [2013/09/17 06:21:27 | 000,410,576 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
MOD - [2013/09/17 06:21:25 | 004,053,456 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
MOD - [2013/09/17 06:20:34 | 000,709,584 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
MOD - [2013/09/17 06:20:33 | 000,099,792 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\29.0.1547.76\libegl.dll
MOD - [2013/09/17 06:20:31 | 001,604,560 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
MOD - [2013/03/13 23:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Kopas\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/14 02:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Kopas\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office14\1033\GrooveIntlResource.dll
MOD - [2009/07/14 04:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/02/03 04:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2008/07/30 06:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2006/01/06 15:51:00 | 000,266,303 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\magengin.dll
MOD - [2005/08/05 17:24:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\uPiApi.dll
MOD - [2004/12/14 13:00:00 | 000,430,080 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\fpxlib.dll
MOD - [2004/12/01 18:21:22 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\kgl.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/12/26 16:33:26 | 000,289,792 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2011/12/01 10:48:54 | 000,018,944 | ---- | M] (Hercules) [Auto | Running] -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
SRV:64bit: - [2009/11/11 17:33:44 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/02 23:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/10/30 03:54:02 | 000,788,000 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/10/03 05:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/04 05:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2005/09/23 04:26:42 | 004,476,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon80)
SRV - [2013/02/04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/09/12 14:21:54 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/12/29 23:29:04 | 000,497,496 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/03/25 08:55:00 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\OrangeHRM\2.6.12.1\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2011/03/25 08:54:42 | 008,133,120 | ---- | M] () [Auto | Running] -- C:\OrangeHRM\2.6.12.1\mysql\bin\mysqld.exe -- (mysql)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 15:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 15:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/09/24 05:37:56 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/09/10 16:42:46 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/09/05 11:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009/08/28 12:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/07 16:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009/07/10 13:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/02 15:20:17 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/09/02 15:20:17 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012/03/14 08:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2012/03/14 08:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2012/03/14 08:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2012/03/14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/03/10 17:03:53 | 000,507,392 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA)
DRV:64bit: - [2012/03/01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/01 10:49:28 | 000,220,672 | ---- | M] ( Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJBulk.sys -- (Bulk)
DRV:64bit: - [2011/12/01 10:49:24 | 000,289,280 | ---- | M] ( Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJAsioK.sys -- (HDJAsioK)
DRV:64bit: - [2011/09/06 16:04:47 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/08/17 11:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 16:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/12/31 15:36:14 | 000,036,400 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)
DRV:64bit: - [2009/11/11 19:31:44 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/02 23:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/02 03:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/23 05:25:22 | 000,144,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/09/21 05:20:48 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/03 13:15:26 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/28 14:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/08/28 14:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/08/21 12:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/08/07 16:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/05 15:15:00 | 000,694,272 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ltn_stk7770P.sys -- (Ltn_stk7770P)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 07:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/06/29 05:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/24 13:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/07 11:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/02 14:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 14:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 14:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/19 16:59:00 | 000,014,848 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\enecirhid.sys -- (enecirhid)
DRV:64bit: - [2009/05/05 11:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 11:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/07 10:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/04/24 13:16:00 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\enecirhidma.sys -- (enecirhidma)
DRV - [2009/10/22 05:54:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/12/31 04:38:25] [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/26 06:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...14z195t4992d35n
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...14z195t4992d35n
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...14z195t4992d35n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...14z195t4992d35n
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...14z195t4992d35n
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_elGR447
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: [email protected]:2.3
FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.9
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kopas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kopas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kopas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/12 14:22:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/20 19:30:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/09/05 14:25:01 | 000,000,000 | ---D | M]

[2011/09/04 16:07:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\Extensions
[2012/12/13 18:43:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\Firefox\Profiles\ecdm1b3x.default\extensions
[2012/08/30 03:24:04 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Kopas\AppData\Roaming\mozilla\Firefox\Profiles\ecdm1b3x.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/08/30 03:24:05 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Kopas\AppData\Roaming\mozilla\Firefox\Profiles\ecdm1b3x.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/09/05 13:30:13 | 000,040,827 | ---- | M] () (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\firefox\profiles\ecdm1b3x.default\extensions\[email protected]
[2012/09/03 05:27:34 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\firefox\profiles\ecdm1b3x.default\extensions\[email protected]
[2012/12/13 18:43:21 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\firefox\profiles\ecdm1b3x.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/09/12 14:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/09/12 14:22:02 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/25 06:02:51 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/25 06:02:51 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/25 06:02:51 | 000,000,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/25 06:02:51 | 000,001,219 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-el.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kopas\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kopas\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kopas\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Kopas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0\
CHR - Extension: Google Drive = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: \u0391\u03BD\u03B1\u03B6\u03AE\u03C4\u03B7\u03C3\u03B7 Google = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Tasks (by Google) = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.0_0\
CHR - Extension: AdBlock = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0\
CHR - Extension: Google Calendar (by Google) = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich\1.3.3_0\
CHR - Extension: Google Bookmarks Browser = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkffhdnihongjlhmapddfemaklefeila\0.8_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: uTorrentControl2 = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.5.0.1_0\
CHR - Extension: Gmail = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: RSS Feed Reader = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.2.0_0\

O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Kopas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kopas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
F3:64bit: - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000 WinNT: Load - (C:\Users\Kopas\LOCALS~1\Temp\ccioobqon.pif) - File not found
F3 - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000 WinNT: Load - (C:\Users\Kopas\LOCALS~1\Temp\ccioobqon.pif) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Kopas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kopas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Αποστολή εικόνας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Αποστολή σελίδας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Kopas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kopas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Αποστολή εικόνας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Αποστολή σελίδας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31F62657-EF00-48AD-A936-418738277246}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6069D03B-B280-4EA7-9F51-523C68079A24}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/08/22 06:20:01 | 000,356,208 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2013/08/22 06:20:01 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{1d5f2252-ec85-11e1-a33c-00235a765294}\Shell - "" = AutoRun
O33 - MountPoints2\{1d5f2252-ec85-11e1-a33c-00235a765294}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{2891363f-d871-11e0-8d8b-00235a765294}\Shell - "" = AutoRun
O33 - MountPoints2\{2891363f-d871-11e0-8d8b-00235a765294}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2013/08/22 06:20:01 | 000,356,208 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
O33 - MountPoints2\{416f2e17-38db-11e1-8ee0-00235a765294}\Shell - "" = AutoRun
O33 - MountPoints2\{416f2e17-38db-11e1-8ee0-00235a765294}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/21 14:51:18 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Roaming\dll-files.com
[2013/09/21 14:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2013/09/21 14:51:10 | 000,019,392 | ---- | C] (Dll-Files.com) -- C:\Windows\SysNative\roboot64.exe
[2013/09/21 14:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
[2013/09/21 14:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dll-Files.com Fixer
[2013/09/21 13:58:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/09/21 13:18:15 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Roaming\ParetoLogic
[2013/09/21 13:18:15 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Roaming\DriverCure
[2013/09/21 13:18:10 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2013/09/21 13:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2013/09/21 13:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/09/21 13:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2009/11/26 23:08:52 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 30 Days ==========

[2013/09/23 01:22:00 | 000,001,194 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720886877-3019773777-2494609800-1000UA.job
[2013/09/23 01:22:00 | 000,001,184 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/23 00:34:56 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/23 00:34:56 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/23 00:33:44 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1720886877-3019773777-2494609800-1000UA.job
[2013/09/22 23:46:45 | 000,001,180 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/22 23:46:44 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/09/22 23:46:30 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2013/09/22 23:46:30 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013/09/22 23:46:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/22 23:46:21 | 485,572,607 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/22 23:16:48 | 001,643,040 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/22 23:16:48 | 000,703,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/22 23:16:48 | 000,664,688 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2013/09/22 23:16:48 | 000,143,654 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/22 23:16:48 | 000,132,752 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2013/09/22 21:22:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720886877-3019773777-2494609800-1000Core.job
[2013/09/22 21:09:03 | 000,080,437 | ---- | M] () -- C:\Users\Kopas\Desktop\pistepseto.eu (3).jpg
[2013/09/22 18:36:37 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1720886877-3019773777-2494609800-1000Core.job
[2013/09/22 18:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/09/22 04:27:05 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\RegCure Pro.job
[2013/09/21 14:25:30 | 000,001,198 | ---- | M] () -- C:\Users\Kopas\Desktop\RegCure Pro.lnk
[2013/09/21 13:58:20 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013/09/21 13:54:03 | 000,000,590 | ---- | M] () -- C:\0.bak
[2013/09/20 05:35:34 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/09/20 05:24:53 | 000,002,371 | ---- | M] () -- C:\Users\Kopas\Desktop\Google Chrome.lnk
[2013/09/20 03:13:15 | 000,001,281 | ---- | M] () -- C:\0
[2013/09/11 23:50:25 | 000,026,177 | ---- | M] () -- C:\Users\Kopas\Desktop\rld-pes2013.lnk

========== Files Created - No Company Name ==========

[2013/09/22 21:09:02 | 000,080,437 | ---- | C] () -- C:\Users\Kopas\Desktop\pistepseto.eu (3).jpg
[2013/09/21 14:51:27 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2013/09/21 14:51:27 | 000,000,276 | ---- | C] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013/09/21 13:54:02 | 000,000,590 | ---- | C] () -- C:\0.bak
[2013/09/21 13:18:27 | 000,000,468 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/09/21 13:18:09 | 000,001,198 | ---- | C] () -- C:\Users\Kopas\Desktop\RegCure Pro.lnk
[2013/09/21 13:18:05 | 000,000,494 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/09/21 13:18:04 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013/09/21 13:18:03 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\RegCure Pro.job
[2013/09/11 23:50:25 | 000,026,177 | ---- | C] () -- C:\Users\Kopas\Desktop\rld-pes2013.lnk
[2013/03/31 18:11:51 | 000,000,654 | ---- | C] () -- C:\Windows\wininit.ini
[2013/02/28 22:55:12 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/02/09 14:54:30 | 000,000,004 | ---- | C] () -- C:\Users\Kopas\crt101
[2012/10/06 16:32:43 | 001,616,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/27 19:27:44 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012/01/07 06:08:10 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/01/07 06:08:10 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini

========== ZeroAccess Check ==========

[2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 08:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 07:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/09/20 16:52:59 | 000,000,000 | --SD | M] -- C:\Users\Kopas\AppData\Roaming\.#
[2011/10/20 22:43:23 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\AnvSoft
[2013/06/28 15:52:56 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\BSplayer
[2011/11/25 18:56:57 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\BSplayer PRO
[2012/03/10 17:24:38 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\BSW
[2012/09/25 01:14:03 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\DAEMON Tools Lite
[2013/09/21 14:51:18 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\dll-files.com
[2013/09/21 13:18:15 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\DriverCure
[2013/09/22 23:47:55 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\Dropbox
[2013/06/26 21:02:00 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\DVDVideoSoft
[2011/10/20 22:50:49 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/09/01 11:07:31 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\EgisTec
[2012/09/05 14:29:27 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\ESET
[2011/09/20 17:48:47 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\GameConsole
[2012/10/06 16:44:37 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\IDoser
[2012/01/07 06:37:41 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\IObit
[2012/01/07 06:48:20 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\LG Electronics
[2011/09/04 20:21:13 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\LolClient
[2012/01/07 06:49:08 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\ooVoo Details
[2013/09/21 13:18:15 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\ParetoLogic
[2011/09/04 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\PowerCinema
[2011/09/04 16:16:56 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\SoftDMA
[2012/12/11 08:29:58 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\SPSSInc
[2013/09/21 13:50:36 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\uTorrent
[2011/09/01 10:37:47 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\ViquaSoft
[2011/09/20 17:17:32 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\xm1

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 09:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 08:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 04:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 08:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 08:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 08:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 09:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 09:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 09:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 15:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 09:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 09:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 08:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 16:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 09:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 08:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 04:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 09:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 09:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 09:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 16:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 04:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 04:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 04:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 16:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 16:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 16:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 16:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 16:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 04:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 10:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 09:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir C:\ /S /A:L /C >
Ž ζ ž α˜ ε΅ C œε˜ Acer
Ž ˜Ÿζ œα ζ œε˜ ECE6-DD7E
˜αΆš C:\
14/07/2009 08:08 <JUNCTION> Documents and Settings [C:\Users]
0 œε˜ 0 byte
˜αΆš C:\OEM\Preload\OEM\Recovery
31/12/2009 03:46 <JUNCTION> HPartition [\??\Volume{a61bf42b-f606-11de-a293-806e6f6e6963}\]
0 œε˜ 0 byte
˜αΆš C:\ProgramData
14/07/2009 08:08 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 08:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 08:08 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 08:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 08:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 08:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 œε˜ 0 byte
˜αΆš C:\Users
14/07/2009 08:08 <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 08:08 <JUNCTION> Default User [C:\Users\Default]
0 œε˜ 0 byte
˜αΆš C:\Users\All Users
14/07/2009 08:08 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 08:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 08:08 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 08:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 08:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 08:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 œε˜ 0 byte
˜αΆš C:\Users\Default
14/07/2009 08:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 08:08 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 08:08 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 08:08 <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 08:08 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 08:08 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 08:08 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 08:08 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 08:08 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 08:08 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 œε˜ 0 byte
˜αΆš C:\Users\Default\AppData\Local
14/07/2009 08:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 08:08 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 08:08 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 œε˜ 0 byte
˜αΆš C:\Users\Default\Documents
14/07/2009 08:08 <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 08:08 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 08:08 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 œε˜ 0 byte
˜αΆš C:\Users\Kopas
01/09/2011 10:26 <JUNCTION> Application Data [C:\Users\Kopas\AppData\Roaming]
01/09/2011 10:26 <JUNCTION> Cookies [C:\Users\Kopas\AppData\Roaming\Microsoft\Windows\Cookies]
01/09/2011 10:26 <JUNCTION> Local Settings [C:\Users\Kopas\AppData\Local]
01/09/2011 10:26 <JUNCTION> NetHood [C:\Users\Kopas\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/09/2011 10:26 <JUNCTION> PrintHood [C:\Users\Kopas\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/09/2011 10:26 <JUNCTION> Recent [C:\Users\Kopas\AppData\Roaming\Microsoft\Windows\Recent]
01/09/2011 10:26 <JUNCTION> SendTo [C:\Users\Kopas\AppData\Roaming\Microsoft\Windows\SendTo]
01/09/2011 10:26 <JUNCTION> Start Menu [C:\Users\Kopas\AppData\Roaming\Microsoft\Windows\Start Menu]
01/09/2011 10:26 <JUNCTION> Templates [C:\Users\Kopas\AppData\Roaming\Microsoft\Windows\Templates]
01/09/2011 10:26 <JUNCTION> ˜ βšš˜α [C:\Users\Kopas\Documents]
0 œε˜ 0 byte
˜αΆš C:\Users\Kopas\AppData\Local
01/09/2011 10:26 <JUNCTION> Application Data [C:\Users\Kopas\AppData\Local]
01/09/2011 10:26 <JUNCTION> History [C:\Users\Kopas\AppData\Local\Microsoft\Windows\History]
01/09/2011 10:26 <JUNCTION> Temporary Internet Files [C:\Users\Kopas\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 œε˜ 0 byte
˜αΆš C:\Users\Kopas\AppData\Roaming\Microsoft\Windows\Start Menu
01/09/2011 10:26 <JUNCTION> šα˜˜ [C:\Users\Kopas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 œε˜ 0 byte
˜αΆš C:\Users\Kopas\Documents
01/09/2011 10:26 <JUNCTION> ΅γ [C:\Users\Kopas\Music]
01/09/2011 10:26 <JUNCTION> Ž œ΅ζœ [C:\Users\Kopas\Pictures]
01/09/2011 10:26 <JUNCTION> ˜ εœζ [C:\Users\Kopas\Videos]
0 œε˜ 0 byte
˜αΆš C:\Users\Public\Documents
14/07/2009 08:08 <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 08:08 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 08:08 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 œε˜ 0 byte
ηΆ ˜œεΰ ž Άε˜:
0 œε˜ 0 byte
52 ˜αΆš 340.145.537.024 ˜Ÿβ˜ byte

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA

< End of report >



Extras.txt

OTL Extras logfile created on: 9/23/2013 2:05:35 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kopas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

5.94 Gb Total Physical Memory | 3.98 Gb Available Physical Memory | 67.06% Memory free
11.87 Gb Paging File | 9.08 Gb Available in Paging File | 76.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.57 Gb Total Space | 316.79 Gb Free Space | 54.57% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: KOPAS93 | User Name: Kopas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0482B4B8-AECB-4E13-BDB1-E7713AD33297}" = lport=445 | protocol=6 | dir=in | app=system |
"{0ADC4ECA-4438-437A-8547-7C35932A963B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{0B1342C0-8D15-41D5-8D32-256DC5FC747B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27BB7AD2-7EC3-4DBA-9CA6-611C22CAABAB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D2344B2-45CF-4D06-882B-1E79AA1C41C8}" = rport=445 | protocol=6 | dir=out | app=system |
"{3D491E47-ADDF-42AB-8ADA-A06EB3BABDDA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{46BBB009-D5C5-4EF2-85C6-0CA852387620}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4815D169-D389-413B-954A-04481833DFD0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F36E355-6104-4AED-8FB2-4E8F04E3216D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{657BE64A-EB3B-486D-843B-B33190A1A2AE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{6E39198C-5901-420C-A2EF-0987EEF160E9}" = lport=138 | protocol=17 | dir=in | app=system |
"{7C5ED6E2-4BE6-423D-BCEF-D8638E4290DA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{81E121B0-85F0-469E-A64B-5AD1BF4E80B2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96A03EFC-535A-4F06-9013-545E65AA6C5A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{98F6D862-B000-4716-A88C-83D1CF5D1F02}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A076925A-D624-4C21-BB3F-2C06A3CB1298}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A07B40B6-75D5-4D18-A2F3-1DBD24B3B494}" = lport=139 | protocol=6 | dir=in | app=system |
"{A94EC469-B660-4294-97D8-07C8BA82B616}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{BBE534AD-63B0-4864-AD92-546DF12B0AF1}" = rport=138 | protocol=17 | dir=out | app=system |
"{BEE46403-7E4D-46B5-B90D-6907F5EE6D58}" = rport=137 | protocol=17 | dir=out | app=system |
"{BF9AEB7E-CD70-4689-A67C-7571BD094627}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C54CC374-8A4F-47BB-85FB-E17AF8DE900C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{CFECCEBC-DA3F-4531-8D50-F82FB585060A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D082E847-52C9-4B47-AC3C-E248077EFD4D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4633FDF-6731-4A2A-8253-465AA1FE916A}" = lport=137 | protocol=17 | dir=in | app=system |
"{D90E650E-C463-495B-868B-CC14BD22E1E6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E1EDC2FC-8465-4AFC-B4AE-84E864DBC5B2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E36EA24D-014D-49F0-ADD9-1EBC7CC60754}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EA6146B0-56D5-4018-8A5E-410738F8DA3B}" = rport=139 | protocol=6 | dir=out | app=system |
"{EC250F54-9583-467C-ADCC-FACC5DB03F16}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F634C414-743F-4B12-889A-B3DB0611C4CC}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009E5F7B-32CE-4ED0-8FD5-61E605F47BD0}" = dir=in | app=c:\users\kopas\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{01B6B3CE-0376-469B-89C3-1060394162BA}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{08E55248-134F-4BD9-9337-5CB0D0E67F60}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BA01163-C0B8-4A1E-AB59-4692B2FD23B1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{0E5DF793-F8CE-4950-83CB-2D8360A829DF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{18A62D78-1899-4920-954A-3B0C31DA1741}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1A6D0008-A0B9-4129-8841-F1C6BB63898F}" = protocol=58 | dir=out | [email protected],-28546 |
"{29E05C87-46C2-488B-860A-5B9D4868399A}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3\totalmedia.exe |
"{2AC6E4D0-21FA-4DCA-99FF-426E9E3C1651}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{37CC6C2A-94F7-4DDC-A078-3FF570FE44E3}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3C3F46FC-1BA4-489A-8504-E41CBA6DFCF4}" = protocol=17 | dir=in | app=c:\users\kopas\appdata\roaming\dropbox\bin\dropbox.exe |
"{3DA7F06D-764A-41F3-9C64-F7BCE3B5C697}" = protocol=1 | dir=in | [email protected],-28543 |
"{481BF786-2059-46EF-8EB4-4D5EE778A915}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4BE8447E-B84A-4D7D-8790-579DA0FD9E7C}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3\totalmedia.exe |
"{4DB07CEF-3E67-4AA7-A958-D7CAE7C1C042}" = protocol=6 | dir=out | app=system |
"{5116BA87-ABF5-4018-9E65-EFD0AB274E34}" = protocol=6 | dir=in | app=c:\users\kopas\appdata\roaming\dropbox\bin\dropbox.exe |
"{564FC6B1-B4EA-46B6-8F60-9A2C4505F342}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{5760840E-7FB9-4117-B368-DBAB0CBD6B30}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{578FADF6-1735-4334-9D08-1AF3AAD88F90}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{5811081D-C3A9-471E-8677-E62D740741BB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{61992494-EA5C-4FDF-9E51-3CD0D644BD25}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{65BEB900-68E1-4173-BF5B-6E0F1B8532E4}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{6891960D-A94E-4F6F-B890-15CD06A9A00C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69CA23D4-7FE0-43CD-8F0A-854B6651E45D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6F30EC48-E46A-406E-BB71-2A27C837B535}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{712C2404-B750-47A6-91A9-83BDD6DC1143}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{78CDC374-B150-4E4D-8451-615118DFADA4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8056FF7D-2E66-42BB-AA6B-2FF46D380F72}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{80D2E908-5DAF-4259-8CE8-BB9C781987AF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8250081E-3C47-4A41-8C35-2C51A6AB8AF8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8344C0A3-6334-4A09-B2B5-58F848EE2E0E}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{853CB654-9F5D-434D-AA4A-96FBF48A018E}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{892DCE69-E9B6-4B13-B5BE-9BA52E8FBC36}" = dir=out | app=%programfiles% (x86)\virtualdj\virtualdj_pro.exe |
"{89514DBA-F72A-4EDF-B28B-F8DB4FE8B893}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{929561F8-9A9D-42C0-A28F-C9AE6C2C6CA2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9814EAE7-0E88-4DB7-97F8-72F41C6B3C0F}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{98C73DD6-EA56-474A-B375-98C08653D03B}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{A4B20D0E-5FB7-44C2-BAFD-E548422E9CE2}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{A4E15B7B-CF39-4226-AD57-AEFC7DA18C98}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A5062E07-1484-4ABF-9E09-EA2E43CAE76A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A687CB23-FA17-46F1-8C76-EE0F20CC5F47}" = protocol=58 | dir=in | [email protected],-28545 |
"{B22442FC-2E1E-46D6-AC03-FB3ABCECDBD5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B2477316-1602-47D7-B9CC-7179E801E508}" = protocol=1 | dir=out | [email protected],-28544 |
"{BA5F7D31-A162-4B75-8FD6-6FE5617B6165}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BF3309CE-78BB-475D-9942-D6016A4735C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB77C9A9-5D42-4288-99DC-234564A73158}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{CC500F0F-8C86-4F2F-A590-7363C104BCE5}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{D452D3D9-86FE-4997-88F4-8894C5A3AB3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D5DDC4ED-E22A-4FEC-BDDB-1BCA3D7BAA77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D6BA3D93-388B-46FA-83FB-892F48C34D83}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D7AD141F-E075-4F07-8EE2-B957F101FFAA}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{DA073B5D-6C76-495E-BD9D-FC32DCC4B50B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{E037F191-C776-4348-9A8F-242CB1C26F41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E0866427-96A5-458E-9FED-5623E153FAC7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E6553208-B9B4-4198-AFFC-742B318482F5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E6822C9A-67B6-43C6-953F-8F36FDF4A5FD}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{F2360C7D-4E47-46FC-A322-DF9222D96718}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA78CE87-0B20-4A86-892B-92C6CC6AD8F6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FAA49673-0ED0-472E-AC10-E863646FD044}" = dir=in | app=%programfiles% (x86)\virtualdj\virtualdj_pro.exe |
"TCP Query User{0A3A3137-62B3-4696-87FC-5DD3999E45D5}C:\orangehrm\2.6.12.1\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\orangehrm\2.6.12.1\apache\bin\httpd.exe |
"TCP Query User{0D352C00-BDCA-45CB-9073-771718D5F529}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{2AF245C3-685E-4DEB-8C90-3DEF7E3D7B8F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{796C4C0D-5E4B-472D-AF75-485E75B22A97}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{D1F335E2-2E65-4C10-B14B-009D79AFF3B7}C:\users\kopas\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\kopas\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{50ED173E-D74B-4FF5-8361-7617AEE6D5EC}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{5C9C7046-142C-48C5-AF2D-82E5C636771A}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{93E1D569-0C4B-4F50-820E-50D34889ABFA}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{ACE9F8CB-BA0D-44CE-91ED-C5F949E06B80}C:\users\kopas\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\kopas\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{BB60D9EF-4A1E-40EC-9B45-DB281B9BC0F7}C:\orangehrm\2.6.12.1\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\orangehrm\2.6.12.1\apache\bin\httpd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23EA8626-1A8A-453A-ACC4-77CED745849A}" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{46DBD179-D24A-A447-6645-62493CC11138}" = ATI Catalyst Install Manager
"{603A40C0-110D-3C5A-81CD-638DC1716B8D}" = Microsoft .NET Framework 4 Extended ELL Language Pack
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{751EE164-9F12-4E57-ADB0-02D8F34A10AD}" = Microsoft SQL Server Native Client
"{75F299F3-8234-47CD-BB40-2994C1B1105E}" = Microsoft Visual Studio 2005 64bit Prerequisites (x64) - ENU
"{8947C7C8-9D0D-DEE2-731D-89BA0A644A47}" = ATI AVIVO64 Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{97B94038-CA0C-E7B4-AE88-B546981FEAA5}" = ccc-utility64
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9EC10607-4F0B-336D-80FE-B869F4D55ABC}" = Microsoft .NET Framework 4 Client Profile ELL Language Pack
"{AA0AA91C-2C23-452C-B62F-70054E856AB8}" = Microsoft SQL Server VSS Writer
"{AB33D723-6E62-4D9B-8364-87A3161A3335}" = Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7274D82-C857-4C20-AB1A-D701D64BFD90}" = ESET Smart Security
"2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042" = ENE CIR Receiver Driver
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Microsoft .NET Framework 2.0 SDK (x64) - ENU" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ELL Language Pack" = Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended ELL Language Pack" = Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU
"MiKTeX 2.9" = MiKTeX 2.9
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TNod" = TNod User & Password Finder
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Οι Παράδες μου"_is1" = Οι Παράδες μου
"{002BE8E6-E6D0-6132-D5A7-64B658F1A71A}" = CCC Help Italian
"{006A0A2F-B99E-424E-85B1-165FFE70D183}" = Windows Live Writer
"{00BE2030-4991-43DF-80ED-358431E39B7C}" = Windows Live Essentials
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17C28D62-7955-4D8D-922B-7EA16FA9B7C5}" = Fingerprint Solution
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A08F24B-CA66-4BA9-9933-A9D20A66E8D8}" = Βοηθός εισόδου του Windows Live
"{1BE0813F-4110-4B1C-B96D-EB7278199DDC}" = DJUCED
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Εργαλείο αποστολής του Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24C4BB38-F45D-4247-90B9-7E6CAA877FF3}" = TotalMedia Setup
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{268CF0B8-CA38-4E20-9E99-514A07F7C1F1}" = ArcSoft TotalMedia 3
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{27996809-446F-7261-6C69-6B654C656F6E}" =
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A3429CF-6DD6-586E-0D0B-9ED221EB5E17}" = CCC Help English
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{452181AA-2603-8DD4-8D9D-A72FDAB36F57}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B53E9EE-83BA-8140-A557-A4237F393437}" = CCC Help Danish
"{4C89179D-2777-5988-E302-49118D39DE88}" = CCC Help Polish
"{4D9C300B-F96A-4618-4392-33161F46A1CF}" = CCC Help Thai
"{503A899B-81B6-82E1-924A-C6FE58FDE83A}" = CCC Help Finnish
"{51962132-EF73-4015-A69E-1538CDDFB835}" = Windows Live Mail
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{55B0389E-75F5-4494-874B-5F733C93E865}" = Windows Live Movie Maker
"{57ED6B51-443C-C6B5-CE1B-0412C4C7113D}" = Catalyst Control Center Localization All
"{5DE6F8A4-953C-30C7-2F5E-F486CE51DD1B}" = CCC Help Portuguese
"{5EFD3544-2371-4900-8ACA-F157BA80FB0C}" = Pro Evolution Soccer 2014
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{625DACC6-B0FA-5BD7-1233-722F25FA4C9F}" = CCC Help Czech
"{62848FBF-E78D-59E1-C073-D508788102C8}" = CCC Help Chinese Standard
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{664D7CF2-36A0-3FAA-6C5C-EF22BE573AFD}" = CCC Help Hungarian
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{70578F65-5F92-DEED-DAC8-87632A1F455C}" = Catalyst Control Center Core Implementation
"{730F81C7-F639-885E-E5DE-CD2603A2F30B}" = CCC Help Dutch
"{7355CD58-2668-FD9C-677D-AC1F504D4C6E}" = CCC Help Turkish
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{79E699D5-AEC9-FD43-5473-1C4A5FA1EDE3}" = ccc-core-static
"{7E1357FE-43E9-4904-1225-27F97CB8AD18}" = CCC Help Korean
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BD-0408-0000-0000000FF1CE}" = Γλώσσα συμβουλών οθόνης του Microsoft Office 2010 - Ελληνικά
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{94F70511-C8A8-413C-AC8D-65313D8D3082}" = Windows Live Messenger
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9FEECBDA-8378-4874-AD65-D9E232BE2D11}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33395A7-51B0-9943-F6B7-760CA5E91D93}" = CCC Help French
"{A511F4E3-F03C-42FC-9F78-392E21FCBE0B}" = Acer Arcade Instant On
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD06DD3-6E99-FC67-8ABE-CD209C390712}" = CCC Help German
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI
"{ADB51AB1-8838-1A26-3950-8F054143FBBE}" = Catalyst Control Center InstallProxy
"{B8BA5929-B0C9-BFA9-35F5-69B19A9F447B}" = Catalyst Control Center Graphics Light
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BB49EE1D-49D9-4195-8761-0195012AF68D}" = Catalyst Control Center Graphics Previews Vista
"{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013
"{C270BC04-1540-4673-960F-A546B2C860CD}" = Commandos 3 - Destination Berlin
"{C305418B-308D-7E56-2034-F05725257D6A}" = CCC Help Spanish
"{C5219CF1-0B5F-9BA5-0685-286B91207700}" = CCC Help Russian
"{C547F361-5750-4CD1-9FB6-BC93827CB6C1}" = RegCure Pro
"{C5848384-07A0-2707-E3FC-CF32F3EE3226}" = CCC Help Swedish
"{C5D1A05C-92EA-8987-88EC-9EFB4A04D166}" = CCC Help Japanese
"{CF59E394-B243-8A9C-0687-E7B711D3BAE7}" = Catalyst Control Center Graphics Full New
"{D87B8C91-4659-4C3B-A894-A4D670AE95E2}" = Συλλογή φωτογραφιών του Windows Live
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E2962129-715A-4EA7-4AF1-60BAD25EFA22}" = CCC Help Greek
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{EA480C11-DB60-4BCE-BDC8-055CC0812787}_is1" = Guitar Tuner u1v2
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.174
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype 5.5
"{F656F23B-0293-5ABB-D5B9-54344C72EA92}" = Catalyst Control Center Graphics Full Existing
"{F7F85A7C-CD0D-B40F-FCB6-821D4101C45E}" = CCC Help Norwegian
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"BSPlayerf" = BS.Player FREE
"BSPlayerp" = BS.Player PRO
"BSW" = BrettspielWelt
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dll-Files Fixer_is1" = Dll-Files Fixer
"ESET Online Scanner" = ESET Online Scanner v3
"Free Studio_is1" = Free Studio version 5.2.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.4.622
"Freemake Video Converter_is1" = Freemake Video Converter έκδοση 3.2.1
"GridVista" = Acer GridVista
"Guitarpad_is1" = Guitarpad 2.0
"Identity Card" = Identity Card
"I-Doser" = I-Doser Free
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{17C28D62-7955-4D8D-922B-7EA16FA9B7C5}" = Fingerprint Solution
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware έκδοση 1.61.0.1400
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Mozilla Firefox 15.0.1 (x86 el)" = Mozilla Firefox 15.0.1 (x86 el)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"OrangeHRM" = OrangeHRM - Opensource HR management
"Picasa 3" = Picasa 3
"PitchPerfect" = PitchPerfect Musical Instrument Tuner
"RocketDock_is1" = RocketDock 1.3.5
"Texmaker" = Texmaker
"Tunatic" = Tunatic
"Update Engine" = Sony Ericsson Update Engine
"uTorrent" = Torrent
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1720886877-3019773777-2494609800-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/21/2013 6:59:18 AM | Computer Name = Kopas93 | Source = Windows Search Service | ID = 7042
Description =

Error - 9/21/2013 6:59:18 AM | Computer Name = Kopas93 | Source = Windows Search Service | ID = 9002
Description =

Error - 9/21/2013 6:59:18 AM | Computer Name = Kopas93 | Source = Windows Search Service | ID = 3029
Description =

Error - 9/21/2013 6:59:31 AM | Computer Name = Kopas93 | Source = Windows Search Service | ID = 3029
Description =

Error - 9/21/2013 6:59:31 AM | Computer Name = Kopas93 | Source = Windows Search Service | ID = 3028
Description =

Error - 9/21/2013 6:59:31 AM | Computer Name = Kopas93 | Source = Windows Search Service | ID = 3058
Description =

Error - 9/21/2013 6:59:31 AM | Computer Name = Kopas93 | Source = Windows Search Service | ID = 7010
Description =

Error - 9/21/2013 11:30:38 AM | Computer Name = Kopas93 | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής PES2014.exe, έκδοση 1.0.0.0, χρονική
σήμανση 0x52159fb4 Όνομα ελαττωματικής λειτουργικής μονάδας PES2014.exe, έκδοση
1.0.0.0, χρονική σήμανση 0x52159fb4 Κωδικός εξαίρεσης: 0xc0000005 Μετατόπιση σφάλματος:
0x00a2da06 Αναγνωριστικό ελαττωματικής διεργασίας: 0x1750 Χρόνος έναρξης ελαττωματικής
εφαρμογής: 0x01ceb6df40a1e307 Διαδρομή ελαττωματικής εφαρμογής: C:\Program Files
(x86)\KONAMI\Pro Evolution Soccer 2014\PES2014.exe Διαδρομή ελλατωματικής λειτουργικής
μονάδας:C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2014\PES2014.exe Αναγνωριστικό
αναφοράς:c3914c91-22d2-11e3-8ee9-00235a765294

Error - 9/21/2013 11:51:47 AM | Computer Name = Kopas93 | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής PES2014.exe, έκδοση 1.0.0.0, χρονική
σήμανση 0x52159fb4 Όνομα ελαττωματικής λειτουργικής μονάδας PES2014.exe, έκδοση
1.0.0.0, χρονική σήμανση 0x52159fb4 Κωδικός εξαίρεσης: 0xc0000005 Μετατόπιση σφάλματος:
0x00a2da06 Αναγνωριστικό ελαττωματικής διεργασίας: 0x680 Χρόνος έναρξης ελαττωματικής
εφαρμογής: 0x01ceb6dfb2631e11 Διαδρομή ελαττωματικής εφαρμογής: C:\Program Files
(x86)\KONAMI\Pro Evolution Soccer 2014\PES2014.exe Διαδρομή ελλατωματικής λειτουργικής
μονάδας:C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2014\PES2014.exe Αναγνωριστικό
αναφοράς:b87e21ac-22d5-11e3-8ee9-00235a765294

Error - 9/21/2013 12:12:31 PM | Computer Name = Kopas93 | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής pes2014.exe, έκδοση 1.0.0.0, χρονική
σήμανση 0x52159fb4 Όνομα ελαττωματικής λειτουργικής μονάδας pes2014.exe, έκδοση
1.0.0.0, χρονική σήμανση 0x52159fb4 Κωδικός εξαίρεσης: 0xc0000005 Μετατόπιση σφάλματος:
0x00a2da06 Αναγνωριστικό ελαττωματικής διεργασίας: 0x1c40 Χρόνος έναρξης ελαττωματικής
εφαρμογής: 0x01ceb6e29ec2cc7e Διαδρομή ελαττωματικής εφαρμογής: C:\Program Files
(x86)\KONAMI\Pro Evolution Soccer 2014\pes2014.exe Διαδρομή ελλατωματικής λειτουργικής
μονάδας:C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2014\pes2014.exe Αναγνωριστικό
αναφοράς:9df314ec-22d8-11e3-8ee9-00235a765294

[ System Events ]
Error - 9/22/2013 12:11:30 PM | Computer Name = Kopas93 | Source = Ntfs | ID = 262199
Description = Η δομή του συστήματος αρχείων στον δίσκο είναι κατεστραμμένη και δεν
είναι δυνατό να χρησιμοποιηθεί. Εκτελέστε το βοηθητικό πρόγραμμα chkdsk στον τόμο
"F:".

Error - 9/22/2013 1:01:21 PM | Computer Name = Kopas93 | Source = Schannel | ID = 36870
Description = Παρουσιάστηκε ανεπανόρθωτο σφάλμα κατά την προσπάθεια πρόσβασης του
ιδιωτικού κλειδιού διαπιστευτηρίου διακομιστή SSL. Ο κωδικός σφάλματος που επέστρεψε
η μονάδα κρυπτογράφησης είναι 0x8009030d. Η κατάσταση εσωτερικού σφάλματος είναι
10001.

Error - 9/22/2013 1:26:42 PM | Computer Name = Kopas93 | Source = Schannel | ID = 36870
Description = Παρουσιάστηκε ανεπανόρθωτο σφάλμα κατά την προσπάθεια πρόσβασης του
ιδιωτικού κλειδιού διαπιστευτηρίου διακομιστή SSL. Ο κωδικός σφάλματος που επέστρεψε
η μονάδα κρυπτογράφησης είναι 0x8009030d. Η κατάσταση εσωτερικού σφάλματος είναι
10001.

Error - 9/22/2013 1:40:28 PM | Computer Name = Kopas93 | Source = Schannel | ID = 36870
Description = Παρουσιάστηκε ανεπανόρθωτο σφάλμα κατά την προσπάθεια πρόσβασης του
ιδιωτικού κλειδιού διαπιστευτηρίου διακομιστή SSL. Ο κωδικός σφάλματος που επέστρεψε
η μονάδα κρυπτογράφησης είναι 0x8009030d. Η κατάσταση εσωτερικού σφάλματος είναι
10001.

Error - 9/22/2013 2:23:35 PM | Computer Name = Kopas93 | Source = Schannel | ID = 36870
Description = Παρουσιάστηκε ανεπανόρθωτο σφάλμα κατά την προσπάθεια πρόσβασης του
ιδιωτικού κλειδιού διαπιστευτηρίου διακομιστή SSL. Ο κωδικός σφάλματος που επέστρεψε
η μονάδα κρυπτογράφησης είναι 0x8009030d. Η κατάσταση εσωτερικού σφάλματος είναι
10001.

Error - 9/22/2013 2:29:55 PM | Computer Name = Kopas93 | Source = Schannel | ID = 36870
Description = Παρουσιάστηκε ανεπανόρθωτο σφάλμα κατά την προσπάθεια πρόσβασης του
ιδιωτικού κλειδιού διαπιστευτηρίου διακομιστή SSL. Ο κωδικός σφάλματος που επέστρεψε
η μονάδα κρυπτογράφησης είναι 0x8009030d. Η κατάσταση εσωτερικού σφάλματος είναι
10001.

Error - 9/22/2013 6:08:15 PM | Computer Name = Kopas93 | Source = Schannel | ID = 36870
Description = Παρουσιάστηκε ανεπανόρθωτο σφάλμα κατά την προσπάθεια πρόσβασης του
ιδιωτικού κλειδιού διαπιστευτηρίου διακομιστή SSL. Ο κωδικός σφάλματος που επέστρεψε
η μονάδα κρυπτογράφησης είναι 0x8009030d. Η κατάσταση εσωτερικού σφάλματος είναι
10001.

Error - 9/22/2013 7:19:35 PM | Computer Name = Kopas93 | Source = Schannel | ID = 36870
Description = Παρουσιάστηκε ανεπανόρθωτο σφάλμα κατά την προσπάθεια πρόσβασης του
ιδιωτικού κλειδιού διαπιστευτηρίου διακομιστή SSL. Ο κωδικός σφάλματος που επέστρεψε
η μονάδα κρυπτογράφησης είναι 0x8009030d. Η κατάσταση εσωτερικού σφάλματος είναι
10001.

Error - 9/22/2013 7:19:35 PM | Computer Name = Kopas93 | Source = Schannel | ID = 36870
Description = Παρουσιάστηκε ανεπανόρθωτο σφάλμα κατά την προσπάθεια πρόσβασης του
ιδιωτικού κλειδιού διαπιστευτηρίου διακομιστή SSL. Ο κωδικός σφάλματος που επέστρεψε
η μονάδα κρυπτογράφησης είναι 0x8009030d. Η κατάσταση εσωτερικού σφάλματος είναι
10001.

Error - 9/22/2013 7:19:35 PM | Computer Name = Kopas93 | Source = Schannel | ID = 36870
Description = Παρουσιάστηκε ανεπανόρθωτο σφάλμα κατά την προσπάθεια πρόσβασης του
ιδιωτικού κλειδιού διαπιστευτηρίου διακομιστή SSL. Ο κωδικός σφάλματος που επέστρεψε
η μονάδα κρυπτογράφησης είναι 0x8009030d. Η κατάσταση εσωτερικού σφάλματος είναι
10001.


< End of report >


aswMBR log

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-23 02:38:56
-----------------------------
02:38:56.170 OS Version: Windows x64 6.1.7601 Service Pack 1
02:38:56.171 Number of processors: 8 586 0x1E05
02:38:56.171 ComputerName: KOPAS93 UserName: Kopas
02:38:58.041 Initialize success
02:39:04.143 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:39:04.146 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
02:39:04.252 Disk 0 MBR read successfully
02:39:04.254 Disk 0 MBR scan
02:39:04.258 Disk 0 unknown MBR code
02:39:04.261 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
02:39:04.283 Disk 0 Partition 2 00 12 Compaq diag NTFS 3584 MB offset 25173855
02:39:04.302 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 32515560
02:39:04.306 Disk 0 Partition - 00 0F Extended LBA 594499 MB offset 32724405
02:39:04.318 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 594499 MB offset 32724468
02:39:04.420 Disk 0 scanning C:\Windows\system32\drivers
02:39:13.294 Service scanning
02:39:50.435 Modules scanning
02:39:50.447 Disk 0 trace - called modules:
02:39:50.462 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
02:39:50.469 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800731b060]
02:39:50.474 3 CLASSPNP.SYS[fffff88001bb743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80064fa050]
02:39:50.479 Scan finished successfully
04:40:11.283 Disk 0 MBR has been saved successfully to "C:\Users\Kopas\Desktop\MBR.dat"
04:40:11.291 The log file has been saved successfully to "C:\Users\Kopas\Desktop\aswMBR.txt"

checkup.txt

Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
ESET Smart Security 5.2
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 32
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 15.0.1 Firefox out of Date!
Google Chrome 29.0.1547.66
Google Chrome 29.0.1547.76
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
  • 0

#4
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Georgekopa, I need you to read the following carefully.

I see the following programs installed on your machine:

  • TNod User & Password Finder
  • ESET Smart Security
  • uTorrent



It seems you are using an illegal licence for ESET. This puts me in a difficult position regarding the cleaning of your machine. I won't be able to carry on unless those programs are uninstalled. With regards to uTorrent please read the following:

P2P WARNING

Programs like uTorrent are legal, however the majority of files downloaded are not, and infringe copyright laws. Many of the torrent files contain spyware and viruses which can have a detromental effect on your system, web browser even Windows itself. We strongly advise that you uninstall all P2P programs.

Put those 3 programs together and you can see my problem. If you would like your system cleaned then proceed with the following:

1. Uninstall

  • Click Start then select Control Panel
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:
  • TNod User & Password Finder
  • ESET Smart Security
  • uTorrent - Optional uninstall

2. CKScanner

  • Using this link Download CKScanner and Save it to your desktop.
  • Please run the program once only.
  • Right click the CKScanner icon and "Run as administrator" (XP users - Doubleclick the icon)
  • Click Search For Files.
  • When the circle cursor (hourglass) disappears, click Save List To File.
  • The file will be saved to your Desktop.
  • Copy and paste CKFiles.txt in your next reply.

3. MGADiag

  • Using this link Download MGADiag and save to your Desktop
  • Right Click the MGADiag icon and select Run as Administrator
  • Click Continue to begin diagnosis. The Blue Circle Cursor will disappear when complete.
  • Now click Copy now open Notepad Right click in Notepad and Paste the log there.
  • Copy and paste the log in your next reply.

4. Scan with WVCheck:

Please download WVCheck and save it to the desktop.

  • Double click on WVCheck.exe and follow the prompts.
  • The scan may take some time depending on the Hard-Drive size.
  • Please post the contents of the notepad file WVCheck_nnnn_dd-mm-yyyy that can be located on the desktop.


Things I want to see in your next post.
  • CKFiles.txt
  • MGADiag log
  • WVCheck log

  • 0

#5
Georgekopa

Georgekopa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi! I did as you said. I unistalled these programms and I post the followings:


CKFiles.txt

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\users\kopas\appdata\roaming\utorrent\eset.smart.security.5.&.eset.nod32.antivirus.5.incl.crack(32.and.64.bit).1.torrent
c:\users\kopas\appdata\roaming\utorrent\eset.smart.security.5.&.eset.nod32.antivirus.5.incl.crack(32.and.64.bit).torrent
c:\users\kopas\downloads\efarmoges\eset.smart.security.5.&.eset.nod32.antivirus.5.incl.crack(32.and.64.bit)\read me.txt
c:\users\kopas\downloads\efarmoges\eset.smart.security.5.&.eset.nod32.antivirus.5.incl.crack(32.and.64.bit)\eset.nod32.anitvirus.5(32.and.64.bit)\eav_nt32_enu.msi
c:\users\kopas\downloads\efarmoges\eset.smart.security.5.&.eset.nod32.antivirus.5.incl.crack(32.and.64.bit)\eset.nod32.anitvirus.5(32.and.64.bit)\eav_nt64_enu.msi
c:\users\kopas\downloads\efarmoges\eset.smart.security.5.&.eset.nod32.antivirus.5.incl.crack(32.and.64.bit)\eset.nod32.smart.security.5(x32.and.x64.bit)\ess_nt32_enu.msi
c:\users\kopas\downloads\efarmoges\eset.smart.security.5.&.eset.nod32.antivirus.5.incl.crack(32.and.64.bit)\eset.nod32.smart.security.5(x32.and.x64.bit)\ess_nt64_enu.msi
c:\users\kopas\downloads\paretologic regcure pro 3.1.0.0 [h33t.com] full\crack\regcurepro.exe
scanner sequence 3.DD.11.ACAPRZ
----- EOF -----


MGADiag log

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
Windows Product ID: 00359-OEM-8992687-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {493A574A-625C-4910-A5BF-35B464D55528}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120503-2030
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002


WVCheck log

Windows Validation Check
Version: 1.9.12.5
Log Created On: 0528_25-09-2013
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2012-09-19 12:42:03
Last Success Time for Update Download: 2013-02-28 22:20:50
Last Success Time for Update Installation: 2013-03-01 12:33:00


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 28/2/2013 23:12:34
Modification; 20/11/2010 14:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 28/2/2013 23:12:34
Modification; 20/11/2010 14:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_5b467ba9bd0679bb\slwga.dll
Size: 14848 bytes
Creation; 14/7/2009 2:52:11
Modification; 14/7/2009 4:41:54
MD5; cc03cf9f24946dcbd70acb3e1b2f05bf
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_5b856235bcd79403\slwga.dll
Size: 15360 bytes
Creation; 1/9/2011 10:47:42
Modification; 21/12/2010 8:15:31
MD5; b7213e92b270761b88b313b62ba0e13b
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_5be2bf06d6168a3a\slwga.dll
Size: 15360 bytes
Creation; 1/9/2011 10:47:42
Modification; 21/12/2010 8:9:5
MD5; 86b7d4d7a87ecb9e6bded44c52c8d5d9
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 28/2/2013 23:12:46
Modification; 20/11/2010 15:27:26
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 14/7/2009 2:36:22
Modification; 14/7/2009 4:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_ff66c6b2047a22cd\slwga.dll
Size: 14336 bytes
Creation; 1/9/2011 10:47:42
Modification; 21/12/2010 7:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_ffc423831db91904\slwga.dll
Size: 14336 bytes
Creation; 1/9/2011 10:47:42
Modification; 21/12/2010 7:29:6
MD5; 2332de32759ebcc691850e092b2564a6
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 28/2/2013 23:12:34
Modification; 20/11/2010 14:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.
  • 0

#6
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there, thanks for the results.

Very pleased to know you removed the Cracked ESET. This is a sure way to get infected, downloading crack files make Malware removal forums an inevitability, especially with cracked AV's. Avast and Windows Firewall will offer you great protection.

Let's get cleaning then :)

Please follow in the order given


1. Uninstall

The following programs are considered Malware or have dubious reputations.
  • Click Start then select Control Panel
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:
  • RegCure Pro
  • Dll-Files Fixer
  • Advanced SystemCare 5
  • Pando Media Booster

2. OTL Fix

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :COMMANDS
    [CREATERESTOREPOINT]

    :OTL
    SRV - [2011/12/29 23:29:04 | 000,497,496 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
    SRV:64bit: - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)

    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
    IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
    IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
    FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.15.1.0
    FF - prefs.js..extensions.enabledAddons: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.15.1.0
    FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/09/05 14:25:01 | 000,000,000 | ---D | M]
    [2012/08/30 03:24:04 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Kopas\AppData\Roaming\mozilla\Firefox\Profiles\ecdm1b3x.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2012/08/30 03:24:05 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Kopas\AppData\Roaming\mozilla\Firefox\Profiles\ecdm1b3x.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

    O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    F3:64bit: - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000 WinNT: Load - (C:\Users\Kopas\LOCALS~1\Temp\ccioobqon.pif) - File not found
    F3 - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000 WinNT: Load - (C:\Users\Kopas\LOCALS~1\Temp\ccioobqon.pif) - File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
    O33 - MountPoints2\{1d5f2252-ec85-11e1-a33c-00235a765294}\Shell - "" = AutoRun
    O33 - MountPoints2\{1d5f2252-ec85-11e1-a33c-00235a765294}\Shell\AutoRun\command - "" = F:\Startme.exe
    O33 - MountPoints2\{416f2e17-38db-11e1-8ee0-00235a765294}\Shell - "" = AutoRun
    O33 - MountPoints2\{416f2e17-38db-11e1-8ee0-00235a765294}\Shell\AutoRun\command - "" = F:\Startme.exe

    [2009/11/26 23:08:52 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
    [2013/09/21 14:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
    [2013/09/21 14:51:10 | 000,019,392 | ---- | C] (Dll-Files.com) -- C:\Windows\SysNative\roboot64.exe
    [2013/09/21 14:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
    [2013/09/21 14:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dll-Files.com Fixer
    [2013/09/21 13:18:15 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Roaming\ParetoLogic
    [2013/09/21 13:18:10 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
    [2013/09/21 13:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
    [2013/09/21 13:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
    [2013/09/21 13:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
    [2012/08/27 19:27:44 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
    [2013/09/22 23:46:30 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
    [2013/09/22 23:46:30 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
    [2013/09/22 23:46:44 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
    [2013/09/22 18:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2013/09/21 13:58:20 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
    [2013/09/21 13:54:03 | 000,000,590 | ---- | M] () -- C:\0.bak
    [2013/09/20 03:13:15 | 000,001,281 | ---- | M] () -- C:\0
    [2013/09/22 04:27:05 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\RegCure Pro.job
    [2013/09/21 14:25:30 | 000,001,198 | ---- | M] () -- C:\Users\Kopas\Desktop\RegCure Pro.lnk
    [2011/09/20 16:52:59 | 000,000,000 | --SD | M] -- C:\Users\Kopas\AppData\Roaming\.#
    [2013/09/21 13:50:36 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\uTorrent
    [2012/01/07 06:37:41 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\IObit
    [2012/09/05 14:29:27 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\ESET
    [2013/09/21 14:51:18 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\dll-files.com
    [2013/09/21 13:18:15 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Roaming\DriverCure

    @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4D066AD2
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:E3C56885
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E1F04E8D
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA

    :FILES
    C:\Program Files\ESET
    C:\Program Files (x86)\IObit
    c:\users\kopas\downloads\efarmoges
    c:\users\kopas\downloads\paretologic regcure pro 3.1.0.0 [h33t.com] full
    ipconfig /flushdns /c

    :COMMANDS
    [EMPTYTEMP]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.

3. OPEN CHROME BROWSER

  • In the Chrome Search Bar (top of the page with a star at the end) Copy and Paste the following: chrome://plugins/ and press Enter
  • Disable Pando Web Plugin
  • Same again, Copy and Paste the following in th Search bar: chrome://extensions/ and press Enter
  • Remove uTorrentControl2 by clicking the bin icon
  • Close Chrome


4. Reset Windows Firewall

  • Click Start select Control Panel select Security then Windows Firewall
  • Click Change Settings select the Advanced tab and click Restore Defaults click Yes at the warning prompt

5. Run ADWcleaner

  • Using this link Download ADWcleaner and save to Desktop.
  • Right click ADWcleaner and Run as Administrator then select Scan
  • When the search is complete click Report. Please post this report in your next reply.

Things I want to see in your next post.

  • OTL fix.txt
  • ADWcleaner log

  • 0

#7
Georgekopa

Georgekopa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hello! Firstly, I did as you said with the unistall! So now about OTL.I did the "Run Fix". However, I saw in the text in the quote box these commands:
:FILES
C:\Program Files\ESET
C:\Program Files (x86)\IObit
c:\users\kopas\downloads\efarmoges
c:\users\kopas\downloads\paretologic regcure pro 3.1.0.0 [h33t.com] full
ipconfig /flushdns /c


As I understood these commands and espesially this one:
c:\users\kopas\downloads\efarmoges
deleted the place in where I had saved the otl.exe . This is my mistake because now I see in your fisrt reply that you told me to save the otl.exe at desktop.
So after doing the "Run Fix" a message appeared telling me that the otl fix log could not be saved. So I saved the otl.exe at desktop and then I did the "Run Fix" again. These are the results:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named AdvancedSystemCareService5 was found to stop!
Service\Driver key AdvancedSystemCareService5 not found.
File C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe not found.
Error: No service named ekrn was found to stop!
Service\Driver key ekrn not found.
File C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_USERS\S-1-5-21-1720886877-3019773777-2494609800-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Registry value HKEY_USERS\S-1-5-21-1720886877-3019773777-2494609800-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry key HKEY_USERS\S-1-5-21-1720886877-3019773777-2494609800-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Prefs.js: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.15.1.0 removed from extensions.enabledAddons
Prefs.js: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.15.1.0 removed from extensions.enabledAddons
Prefs.js: "http://search.condui...rchSource=2&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ not found.
File C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin\ not found.
File C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected] not found.
File C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird not found.
Folder C:\Users\Kopas\AppData\Roaming\mozilla\Firefox\Profiles\ecdm1b3x.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Folder C:\Users\Kopas\AppData\Roaming\mozilla\Firefox\Profiles\ecdm1b3x.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\egui not found.
File C:\Program Files\ESET\ESET Smart Security\egui.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
64bit-Registry value HKEY_USERS\S-1-5-21-1720886877-3019773777-2494609800-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Kopas\LOCALS~1\Temp\ccioobqon.pif deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1720886877-3019773777-2494609800-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Kopas\LOCALS~1\Temp\ccioobqon.pif deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d5f2252-ec85-11e1-a33c-00235a765294}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d5f2252-ec85-11e1-a33c-00235a765294}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d5f2252-ec85-11e1-a33c-00235a765294}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d5f2252-ec85-11e1-a33c-00235a765294}\ not found.
File F:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{416f2e17-38db-11e1-8ee0-00235a765294}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{416f2e17-38db-11e1-8ee0-00235a765294}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{416f2e17-38db-11e1-8ee0-00235a765294}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{416f2e17-38db-11e1-8ee0-00235a765294}\ not found.
File F:\Startme.exe not found.
File C:\ProgramData\FullRemove.exe not found.
Folder C:\ProgramData\Logs\ not found.
File C:\Windows\SysNative\roboot64.exe not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer\ not found.
Folder C:\Program Files (x86)\Dll-Files.com Fixer\ not found.
Folder C:\Users\Kopas\AppData\Roaming\ParetoLogic\ not found.
Folder C:\Users\Kopas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic\ not found.
Folder C:\Program Files (x86)\Common Files\ParetoLogic\ not found.
Folder C:\ProgramData\ParetoLogic\ not found.
Folder C:\Program Files (x86)\ParetoLogic\ not found.
File C:\ProgramData\ism_0_llatsni.pad not found.
File C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job not found.
File C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job not found.
File C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job not found.
File C:\Windows\tasks\ParetoLogic Registration3.job not found.
File C:\Windows\tasks\ParetoLogic Update Version3.job not found.
File C:\0.bak not found.
File C:\0 not found.
File C:\Windows\tasks\RegCure Pro.job not found.
File C:\Users\Kopas\Desktop\RegCure Pro.lnk not found.
Folder C:\Users\Kopas\AppData\Roaming\.#\ not found.
Folder C:\Users\Kopas\AppData\Roaming\uTorrent\ not found.
Folder C:\Users\Kopas\AppData\Roaming\IObit\ not found.
Folder C:\Users\Kopas\AppData\Roaming\ESET\ not found.
Folder C:\Users\Kopas\AppData\Roaming\dll-files.com\ not found.
Folder C:\Users\Kopas\AppData\Roaming\DriverCure\ not found.
Unable to delete ADS C:\ProgramData\Temp:AB689DEA .
Unable to delete ADS C:\ProgramData\Temp:4D066AD2 .
Unable to delete ADS C:\ProgramData\Temp:93DE1838 .
Unable to delete ADS C:\ProgramData\Temp:E3C56885 .
Unable to delete ADS C:\ProgramData\Temp:E1F04E8D .
Unable to delete ADS C:\ProgramData\Temp:0B9176C0 .
Unable to delete ADS C:\ProgramData\Temp:ABE89FFE .
Unable to delete ADS C:\ProgramData\Temp:444C53BA .
========== FILES ==========
File\Folder C:\Program Files\ESET not found.
File\Folder C:\Program Files (x86)\IObit not found.
File\Folder c:\users\kopas\downloads\efarmoges not found.
File\Folder c:\users\kopas\downloads\paretologic regcure pro 3.1.0.0 [h33t.com] full not found.
< ipconfig /flushdns /c >
ηŸž ˜˜βΰ IP ΰ Windows
βœ ž œ΅΅˜Ÿαž ž γž cache εΆž DNS.
C:\Users\Kopas\Desktop\cmd.bat deleted successfully.
C:\Users\Kopas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57257 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kopas
->Temp folder emptied: 298723 bytes
->Temporary Internet Files folder emptied: 42603 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 364186381 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 275269216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43245002 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 651.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09272013_161356

Files\Folders moved on Reboot...
C:\Users\Kopas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Kopas\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Now about the chrome browser. I found the uTorrentControl2 and I deleted but the Pando Web Plugin could not be found at plugins.
The reset of windows firewall is done.
Lastly the results of ADWcleaner are written below:
Windows Validation Check
Version: 1.9.12.5
Log Created On: 0528_25-09-2013
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2012-09-19 12:42:03
Last Success Time for Update Download: 2013-02-28 22:20:50
Last Success Time for Update Installation: 2013-03-01 12:33:00


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 28/2/2013 23:12:34
Modification; 20/11/2010 14:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 28/2/2013 23:12:34
Modification; 20/11/2010 14:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_5b467ba9bd0679bb\slwga.dll
Size: 14848 bytes
Creation; 14/7/2009 2:52:11
Modification; 14/7/2009 4:41:54
MD5; cc03cf9f24946dcbd70acb3e1b2f05bf
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_5b856235bcd79403\slwga.dll
Size: 15360 bytes
Creation; 1/9/2011 10:47:42
Modification; 21/12/2010 8:15:31
MD5; b7213e92b270761b88b313b62ba0e13b
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_5be2bf06d6168a3a\slwga.dll
Size: 15360 bytes
Creation; 1/9/2011 10:47:42
Modification; 21/12/2010 8:9:5
MD5; 86b7d4d7a87ecb9e6bded44c52c8d5d9
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 28/2/2013 23:12:46
Modification; 20/11/2010 15:27:26
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 14/7/2009 2:36:22
Modification; 14/7/2009 4:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_ff66c6b2047a22cd\slwga.dll
Size: 14336 bytes
Creation; 1/9/2011 10:47:42
Modification; 21/12/2010 7:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_ffc423831db91904\slwga.dll
Size: 14336 bytes
Creation; 1/9/2011 10:47:42
Modification; 21/12/2010 7:29:6
MD5; 2332de32759ebcc691850e092b2564a6
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 28/2/2013 23:12:34
Modification; 20/11/2010 14:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3


-------- End of File, program close at 0607_25-09-2013 --------
  • 0

#8
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
O.K thanks for the info, I will inform my instructor about this and get back to you later on. Everything looks O.K though. :thumbsup:
  • 0

#9
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there, There is one line in that fix results that is bothering me, I'd like another OTL scan. Also you posted the WVcheck results not ADWcleaner results so....

1. Click Start - Computer - double click Local Disk (C:) and open the ADWcleaner folder Now look for ADWcleaner[R0] and post this log :thumbsup:

2. OTL Custom Scan

  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows

  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file. OTL.txt
  • Post in your next reply


Things I want to see in your next post.

  • ADWcleaner[R0]
  • OTL.txt

  • 0

#10
Georgekopa

Georgekopa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
These are the results of ADWcleaner:
# AdwCleaner v3.005 - Report created 25/09/2013 at 19:19:00
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kopas - KOPAS93
# Running from : C:\Users\Kopas\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
Folder Found C:\Program Files (x86)\Babylon
Folder Found C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files\Babylon
Folder Found C:\ProgramData\Partner
Folder Found C:\Users\Kopas\AppData\Local\apn
Folder Found C:\Users\Kopas\AppData\Local\Conduit
Folder Found C:\Users\Kopas\AppData\Local\cre
Folder Found C:\Users\Kopas\AppData\LocalLow\Conduit
Folder Found C:\Users\Kopas\AppData\Roaming\dvdvideosoftiehelpers
Folder Found C:\Users\Kopas\AppData\Roaming\Mozilla\Firefox\Profiles\ecdm1b3x.default\ConduitCommon

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Babylon
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\Babylon
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\Software\ParetoLogic
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16448


-\\ Mozilla Firefox v15.0.1 (el)

[ File : C:\Users\Kopas\AppData\Roaming\Mozilla\Firefox\Profiles\ecdm1b3x.default\prefs.js ]

Line Found : user_pref("CT2786678..clientLogIsEnabled", false);
Line Found : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Found : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Line Found : user_pref("CT2786678.BrowserCompStateIsOpen_130067977588633691", true);
Line Found : user_pref("CT2786678.BrowserCompStateIsOpen_1359634298000", true);
Line Found : user_pref("CT2786678.CTID", "CT2786678");
Line Found : user_pref("CT2786678.CurrentServerDate", "20-9-2013");
Line Found : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2786678.DialogsGetterLastCheckTime", "Fri Sep 20 2013 13:40:28 GMT+0300");
Line Found : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Found : user_pref("CT2786678.EMailNotifierPollDate", "Thu Sep 08 2011 17:40:32 GMT+0300");
Line Found : user_pref("CT2786678.FeedLastCount5690698542593514850", 138);
Line Found : user_pref("CT2786678.FeedPollDate2429156812186649977", "Thu Sep 08 2011 17:25:49 GMT+0300");
Line Found : user_pref("CT2786678.FeedPollDate2429156813040823546", "Thu Sep 08 2011 17:25:48 GMT+0300");
Line Found : user_pref("CT2786678.FeedPollDate2429156813130095866", "Thu Sep 08 2011 17:25:48 GMT+0300");
Line Found : user_pref("CT2786678.FeedPollDate2429156813224203613", "Thu Sep 08 2011 17:25:48 GMT+0300");
Line Found : user_pref("CT2786678.FeedPollDate2429156813230837251", "Thu Sep 08 2011 17:25:48 GMT+0300");
Line Found : user_pref("CT2786678.FeedPollDate2429156813454291735", "Thu Sep 08 2011 17:25:48 GMT+0300");
Line Found : user_pref("CT2786678.FeedPollDate2429156813729834876", "Thu Sep 08 2011 17:25:48 GMT+0300");
Line Found : user_pref("CT2786678.FeedPollDate2429156813860870021", "Thu Sep 08 2011 17:25:49 GMT+0300");
Line Found : user_pref("CT2786678.FeedPollDate2429156814264681793", "Thu Sep 08 2011 17:25:49 GMT+0300");
Line Found : user_pref("CT2786678.FeedPollDate2429156814863075366", "Thu Sep 08 2011 17:25:48 GMT+0300");
Line Found : user_pref("CT2786678.FeedPollDate2429156815257761081", "Thu Sep 08 2011 17:25:48 GMT+0300");
Line Found : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Line Found : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Line Found : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Line Found : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Line Found : user_pref("CT2786678.FirstServerDate", "8-9-2011");
Line Found : user_pref("CT2786678.FirstTime", true);
Line Found : user_pref("CT2786678.FirstTimeFF3", true);
Line Found : user_pref("CT2786678.FixPageNotFoundErrors", true);
Line Found : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Found : user_pref("CT2786678.HomePageProtectorEnabled", false);
Line Found : user_pref("CT2786678.Initialize", true);
Line Found : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Found : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT2786678.InstallationType", "Unknown");
Line Found : user_pref("CT2786678.InstalledDate", "Thu Sep 08 2011 17:25:49 GMT+0300");
Line Found : user_pref("CT2786678.IsAlertDBUpdated", true);
Line Found : user_pref("CT2786678.IsGrouping", false);
Line Found : user_pref("CT2786678.IsInitSetupIni", true);
Line Found : user_pref("CT2786678.IsMulticommunity", false);
Line Found : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Found : user_pref("CT2786678.IsOpenUninstallPage", true);
Line Found : user_pref("CT2786678.IsProtectorsInit", true);
Line Found : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Found : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2786678.LastLogin_3.12.0.7", "Wed May 09 2012 18:23:01 GMT+0200");
Line Found : user_pref("CT2786678.LastLogin_3.13.0.6", "Thu Aug 02 2012 15:56:54 GMT+0300");
Line Found : user_pref("CT2786678.LastLogin_3.14.1.0", "Wed Aug 29 2012 04:49:47 GMT+0300");
Line Found : user_pref("CT2786678.LastLogin_3.15.1.0", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Found : user_pref("CT2786678.LastLogin_3.6.0.10", "Thu Sep 08 2011 17:25:49 GMT+0300");
Line Found : user_pref("CT2786678.LatestVersion", "3.20.0.4");
Line Found : user_pref("CT2786678.Locale", "en");
Line Found : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Line Found : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT2786678.OriginalFirstVersion", "3.6.0.10");
Line Found : user_pref("CT2786678.SearchEngineBeforeUnload", " ");
Line Found : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Line Found : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Found : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Found : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2786678.SearchProtectorEnabled", true);
Line Found : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Line Found : user_pref("CT2786678.ServiceMapLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Found : user_pref("CT2786678.SettingsLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Found : user_pref("CT2786678.SettingsLastUpdate", "1379664787");
Line Found : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Thu Sep 08 2011 17:25:46 GMT+0300");
Line Found : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Line Found : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Line Found : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT2786678.UserID", "UN92338301507936982");
Line Found : user_pref("CT2786678.WeatherNetwork", "");
Line Found : user_pref("CT2786678.WeatherPollDate", "Thu Sep 08 2011 17:25:49 GMT+0300");
Line Found : user_pref("CT2786678.WeatherUnit", "C");
Line Found : user_pref("CT2786678.alertChannelId", "1178763");
Line Found : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Thu Sep 08 2011 17:25:49 GMT+0300");
Line Found : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT2786678.initDone", true);
Line Found : user_pref("CT2786678.isAppTrackingManagerOn", true);
Line Found : user_pref("CT2786678.myStuffEnabled", true);
Line Found : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2786678.revertSettingsEnabled", true);
Line Found : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT2786678.testingCtid", "");
Line Found : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Found : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Thu Sep 08 2011 17:25:49 GMT+0300");
Line Found : user_pref("CT2786678.usagesFlag", 2);
Line Found : user_pref("CT3072253..clientLogIsEnabled", false);
Line Found : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Found : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT3072253.AppTrackingLastCheckTime", "Mon Nov 26 2012 12:59:23 GMT+0200");
Line Found : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Line Found : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Line Found : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Line Found : user_pref("CT3072253.BrowserCompStateIsOpen_130067979083742856", true);
Line Found : user_pref("CT3072253.BrowserCompStateIsOpen_1359634299000", true);
Line Found : user_pref("CT3072253.CTID", "CT3072253");
Line Found : user_pref("CT3072253.CurrentServerDate", "20-9-2013");
Line Found : user_pref("CT3072253.DSInstall", false);
Line Found : user_pref("CT3072253.DialogsAlignMode", "LTR");
Line Found : user_pref("CT3072253.DialogsGetterLastCheckTime", "Fri Sep 20 2013 13:40:27 GMT+0300");
Line Found : user_pref("CT3072253.DownloadReferralCookieData", "");
Line Found : user_pref("CT3072253.FirstServerDate", "18-6-2012");
Line Found : user_pref("CT3072253.FirstTime", true);
Line Found : user_pref("CT3072253.FirstTimeFF3", true);
Line Found : user_pref("CT3072253.FirstTimeHiddenVer", true);
Line Found : user_pref("CT3072253.FixPageNotFoundErrors", true);
Line Found : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT3072253.HPInstall", false);
Line Found : user_pref("CT3072253.HasUserGlobalKeys", true);
Line Found : user_pref("CT3072253.HomePageProtectorEnabled", false);
Line Found : user_pref("CT3072253.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Line Found : user_pref("CT3072253.Initialize", true);
Line Found : user_pref("CT3072253.InitializeCommonPrefs", true);
Line Found : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT3072253.InstallationId", "fft6C75.tmp.exe");
Line Found : user_pref("CT3072253.InstallationType", "XPE");
Line Found : user_pref("CT3072253.InstalledDate", "Mon Jun 18 2012 17:29:03 GMT+0300");
Line Found : user_pref("CT3072253.IsAlertDBUpdated", true);
Line Found : user_pref("CT3072253.IsGrouping", false);
Line Found : user_pref("CT3072253.IsInitSetupIni", true);
Line Found : user_pref("CT3072253.IsMulticommunity", false);
Line Found : user_pref("CT3072253.IsOpenThankYouPage", true);
Line Found : user_pref("CT3072253.IsOpenUninstallPage", false);
Line Found : user_pref("CT3072253.LanguagePackLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Found : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT3072253.LastLogin_3.13.0.6", "Thu Aug 02 2012 15:56:54 GMT+0300");
Line Found : user_pref("CT3072253.LastLogin_3.14.1.0", "Wed Aug 29 2012 04:49:47 GMT+0300");
Line Found : user_pref("CT3072253.LastLogin_3.15.1.0", "Fri Sep 20 2013 13:40:26 GMT+0300");
Line Found : user_pref("CT3072253.LatestVersion", "3.20.0.4");
Line Found : user_pref("CT3072253.Locale", "en");
Line Found : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT3072253.MCDetectTooltipShow", false);
Line Found : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Line Found : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT3072253.OriginalFirstVersion", "3.13.0.6");
Line Found : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Line Found : user_pref("CT3072253.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=");
Line Found : user_pref("CT3072253.SearchInNewTabEnabled", true);
Line Found : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Found : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Found : user_pref("CT3072253.SearchProtectorEnabled", false);
Line Found : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Line Found : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Line Found : user_pref("CT3072253.ServiceMapLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Found : user_pref("CT3072253.SettingsLastCheckTime", "Tue Sep 24 2013 17:08:07 GMT+0300");
Line Found : user_pref("CT3072253.SettingsLastUpdate", "1380010374");
Line Found : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Line Found : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Fri Sep 20 2013 13:40:25 GMT+0300");
Line Found : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Line Found : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Line Found : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT3072253.UserID", "UN91403519500158115");
Line Found : user_pref("CT3072253.ValidationData_Search", 2);
Line Found : user_pref("CT3072253.ValidationData_Toolbar", 2);
Line Found : user_pref("CT3072253.alertChannelId", "1463702");
Line Found : user_pref("CT3072253.approveUntrustedApps", true);
Line Found : user_pref("CT3072253.autoDisableScopes", -1);
Line Found : user_pref("CT3072253.backendstorage./9b+7e+x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e,x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e-x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e.:2z527", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e.x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e/x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e06cg5el8:", "6E6D6B706F72716D7273");
Line Found : user_pref("CT3072253.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737176757877737879242F4B49474F42357D5D5C3D");
Line Found : user_pref("CT3072253.backendstorage./9b+7e0x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e1x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e2x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e3x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e4x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e5x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e6x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e7x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e8x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e9x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e:x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e;x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e<x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e=x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e>x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7e?x305", "2423");
Line Found : user_pref("CT3072253.backendstorage./[email protected]", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7eax305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D337D56545138505C");
Line Found : user_pref("CT3072253.backendstorage./9b+7ebx305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7ecx305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7edx305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b+7etx305", "2423");
Line Found : user_pref("CT3072253.backendstorage./9b-0?3g>d", "693A6A716C6C44737A78734648204A4A497C254D2450262A562321582A262E2F275D315C");
Line Found : user_pref("CT3072253.backendstorage./[email protected]:5;", "");
Line Found : user_pref("CT3072253.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Line Found : user_pref("CT3072253.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
Line Found : user_pref("CT3072253.backendstorage./9b/>01=9a6k6<im;[email protected]", "6E6A68707374757677");
Line Found : user_pref("CT3072253.backendstorage./9b3=>@44i48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Found : user_pref("CT3072253.backendstorage./9b5ba==9cjag", "3D673E3C3E436D747A717879497C7A4A78214B227E");
Line Found : user_pref("CT3072253.backendstorage./9b6b11g4c56b>f;p;[email protected]", "6E6D6A696D6D7270747175777A");
Line Found : user_pref("CT3072253.backendstorage./[email protected];7b=?ofb>>rhiqs", "393F352F3E");
Line Found : user_pref("CT3072253.backendstorage./9b9643g3/9e", "6A");
Line Found : user_pref("CT3072253.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Line Found : user_pref("CT3072253.backendstorage./9b<:222h64<", "393F352F3E");
Line Found : user_pref("CT3072253.backendstorage./9b<:222h64<l8daj", "6D70706F7674727977742A7972727B7C757D7C");
Line Found : user_pref("CT3072253.backendstorage./9b=+03eh8h8j?:", "4443");
Line Found : user_pref("CT3072253.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Found : user_pref("CT3072253.backendstorage./9b?b0d:8aj62<h", "6D");
Line Found : user_pref("CT3072253.backendstorage./[email protected]0<0bi6a7gn:[email protected]?", "6C");
Line Found : user_pref("CT3072253.backendstorage.bt_stats", "7B226C6173745F6C6F67223A313337393031303230312C2275756964223A3631383537373237343134303336322C227365715F6964223A37302C22737362223A313335333432383336327D")[...]
Line Found : user_pref("CT3072253.backendstorage.bt_usage", "7B2275756964223A3631383537373237343134303336322C227365715F6964223A317D");
Line Found : user_pref("CT3072253.backendstorage.cb_experience_000", "36");
Line Found : user_pref("CT3072253.backendstorage.cb_firstuse0100", "31");
Line Found : user_pref("CT3072253.backendstorage.cb_user_id_000", "43423136303839313031343936335F46697265666F78");
Line Found : user_pref("CT3072253.backendstorage.cbcountry_001", "4752");
Line Found : user_pref("CT3072253.backendstorage.cbfirsttime", "4D6F6E204A756E20313820323031322031373A32393A303720474D542B30333030");
Line Found : user_pref("CT3072253.backendstorage.cbopenmamsettings", "30");
Line Found : user_pref("CT3072253.backendstorage.facebook_mode", "32");
Line Found : user_pref("CT3072253.backendstorage.facebook_user_locale", "656E");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A22687474703A2F2F7072696365676F6E672E636F6E64756974617070732E636F6D2F4D414D2F763[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_appstatereporttime", "31333739363733363335373337");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_calledsetupservice", "31");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A2245617379746F626F6F6B5F7461726765746564222C22637269746572696173223A5B7B22637269746572696149[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_currentversion", "312E31302E342E30");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_existingusersrecoverydone", "31");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_first_time", "31");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_lastlogintime", "31333739363733363332313135");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22CEA0CEBFCEBBCEB9CF84CEB9CEBACEAE20CEA0CEB5CF81CEB9CEB5CF87CEBFCEBCCEADCEBDCEB[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_mamenabled", "66616C7365");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_settings1.10.4.0", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2238345F30222C22697354657374223[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_settings1.4.3.1", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2236315F2D31222C2269735465737422[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_settings1.4.3.2", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2236315F2D31222C2269735465737422[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_settings1.4.4.6", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A223231355F2D31222C22697354657374[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_settings1.6.0.1", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A223231355F2D31222C22697354657374[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_settings1.8.0.4", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2235345F30222C22697354657374223A[...]
Line Found : user_pref("CT3072253.backendstorage.mam_gk_showclosebutton", "74727565");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_user_approval_interacted", "31");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_userid", "36633865653062362D376437352D343035662D383863632D386230643037623539376336");
Line Found : user_pref("CT3072253.backendstorage.mam_gk_welcomedialogmode", "31");
Line Found : user_pref("CT3072253.backendstorage.pg_enable", "74727565");
Line Found : user_pref("CT3072253.backendstorage.searchappstate", "33");
Line Found : user_pref("CT3072253.backendstorage.searchapptracking", "73656E74");
Line Found : user_pref("CT3072253.backendstorage.sf_just_installed", "46414C5345");
Line Found : user_pref("CT3072253.backendstorage.sf_status", "454E41424C4544");
Line Found : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F7777772E78766964656F732E636F6D2F626573742F7765656B2F342F3A3A3A636C69636B68616E646C65723A3A3A313336333232373035343934372C2C2C6874747[...]
Line Found : user_pref("CT3072253.components.1000080", true);
Line Found : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Found : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT3072253.initDone", true);
Line Found : user_pref("CT3072253.isAppTrackingManagerOn", false);
Line Found : user_pref("CT3072253.myStuffEnabled", true);
Line Found : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT3072253.navigateToUrlOnSearch", false);
Line Found : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129805375651312503,129749445881800338,129573915102477663,1000080,1000515,1000,1001,1002,1003,1004,1005,[...]
Line Found : user_pref("CT3072253.revertSettingsEnabled", true);
Line Found : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT3072253.testingCtid", "");
Line Found : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Found : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Fri Sep 20 2013 13:40:27 GMT+0300");
Line Found : user_pref("CT3072253.usagesFlag", 2);
Line Found : user_pref("CommunityToolbar.ConduitSearchList", " ");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"57ed859bc80c879b30b995bafdbddc903\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253", "\"08e80611cc7dd35bf49059329bd2c92f3\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/GR", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/GR", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1362324159\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", "\"1362324308\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcduu0A==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT3072253", "GNmdGrr6syWWiO5HPrW6Kg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT3072253", "inm6N6Ad2DrQKGUsOGzkLg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "UgzXjW7BIkfdx+x39Ruv3w==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT3072253", "6nU8AIjBECdJeC23UVuipQ==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT3072253", "Y3Dtc1pIAMMkuUpvgoTeaw==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"ea2cd4d5b586ce1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"80b45d28468cd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"97e416bb586ce1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=CT2786678", "\"1314985690\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"a0d9ddc6cde9509f52b61de15d7e1e40\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"761a1065c089bba4e6032a22fdf81948\"");
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Kopas\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\ecdm1b3x.default\\conduitCommon\\modules\\3.15.1.0");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,CT3072253");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678,CT3072253");
Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678,CT3072253");
Line Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Sep 08 2011 17:25:49 GMT+0300");
Line Found : user_pref("CommunityToolbar.globalUserId", "21ae34f9-5ffc-48da-9426-f70f97caced9");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Sep 20 2013 13:40:28 GMT+0300");
Line Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jun 18 2012 18:29:09 GMT+0300");
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.locale", "");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "0a45a0e5-39fd-465d-99b1-1739f223b164");
Line Found : user_pref("CommunityToolbar.originalHomepage", "");
Line Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

-\\ Google Chrome v

[ File : C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [36839 octets] - [25/09/2013 19:19:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [36900 octets] ##########

And these the results of OTL:

OTL logfile created on: 9/29/2013 2:10:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kopas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

5.94 Gb Total Physical Memory | 3.64 Gb Available Physical Memory | 61.32% Memory free
11.87 Gb Paging File | 9.12 Gb Available in Paging File | 76.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.57 Gb Total Space | 307.19 Gb Free Space | 52.91% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: KOPAS93 | User Name: Kopas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/25 18:52:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kopas\Desktop\OTL.exe
PRC - [2013/05/25 03:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kopas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/08/02 10:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/03/25 08:55:00 | 000,020,549 | ---- | M] (Apache Software Foundation) -- C:\OrangeHRM\2.6.12.1\apache\bin\httpd.exe
PRC - [2011/03/25 08:54:42 | 008,133,120 | ---- | M] () -- C:\OrangeHRM\2.6.12.1\mysql\bin\mysqld.exe
PRC - [2009/10/29 14:47:34 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/10/23 06:34:56 | 000,200,488 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/10/22 05:53:42 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/10/07 10:49:50 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/09/30 15:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 15:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/24 05:37:56 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/09/24 05:37:44 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/09/23 17:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/09/10 16:42:46 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/09/10 16:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/09/05 11:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
PRC - [2009/09/05 11:17:52 | 003,567,616 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
PRC - [2009/09/05 11:17:50 | 004,191,232 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
PRC - [2009/09/05 11:17:40 | 003,358,720 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009/08/28 12:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/07 16:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 16:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/08/04 08:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/11 02:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/07/10 13:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009/07/04 05:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2008/07/30 06:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007/04/20 16:55:58 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\TMMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/17 06:21:27 | 000,410,576 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
MOD - [2013/09/17 06:21:26 | 013,611,984 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
MOD - [2013/09/17 06:21:25 | 004,053,456 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
MOD - [2013/09/17 06:20:34 | 000,709,584 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
MOD - [2013/09/17 06:20:33 | 000,099,792 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\29.0.1547.76\libegl.dll
MOD - [2013/09/17 06:20:31 | 001,604,560 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
MOD - [2013/03/13 23:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Kopas\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/14 02:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Kopas\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office14\1033\GrooveIntlResource.dll
MOD - [2009/07/14 04:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/02/03 04:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2008/07/30 06:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2006/01/06 15:51:00 | 000,266,303 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\magengin.dll
MOD - [2005/08/05 17:24:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\uPiApi.dll
MOD - [2004/12/14 13:00:00 | 000,430,080 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\fpxlib.dll
MOD - [2004/12/01 18:21:22 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\kgl.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 08:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2011/12/26 16:33:26 | 000,289,792 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2011/12/01 10:48:54 | 000,018,944 | ---- | M] (Hercules) [Auto | Running] -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
SRV:64bit: - [2009/11/11 17:33:44 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/02 23:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/10/30 03:54:02 | 000,788,000 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/10/03 05:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/04 05:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2005/09/23 04:26:42 | 004,476,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon80)
SRV - [2013/09/24 17:22:25 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/09/12 14:21:54 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/03/25 08:55:00 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\OrangeHRM\2.6.12.1\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2011/03/25 08:54:42 | 008,133,120 | ---- | M] () [Auto | Running] -- C:\OrangeHRM\2.6.12.1\mysql\bin\mysqld.exe -- (mysql)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 15:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 15:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/09/24 05:37:56 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/09/10 16:42:46 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/09/05 11:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009/08/28 12:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/07 16:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009/07/10 13:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/02 15:20:17 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/09/02 15:20:17 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012/03/10 17:03:53 | 000,507,392 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA)
DRV:64bit: - [2012/03/01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/01 10:49:28 | 000,220,672 | ---- | M] ( Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJBulk.sys -- (Bulk)
DRV:64bit: - [2011/12/01 10:49:24 | 000,289,280 | ---- | M] ( Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJAsioK.sys -- (HDJAsioK)
DRV:64bit: - [2011/09/06 16:04:47 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/08/17 11:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 16:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/12/31 15:36:14 | 000,036,400 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)
DRV:64bit: - [2009/11/11 19:31:44 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/02 23:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/02 03:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/23 05:25:22 | 000,144,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/09/21 05:20:48 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/03 13:15:26 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/28 14:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/08/28 14:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/08/21 12:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/08/07 16:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/05 15:15:00 | 000,694,272 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ltn_stk7770P.sys -- (Ltn_stk7770P)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 07:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/06/29 05:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/24 13:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/07 11:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/02 14:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 14:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 14:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/19 16:59:00 | 000,014,848 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\enecirhid.sys -- (enecirhid)
DRV:64bit: - [2009/05/05 11:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 11:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/07 10:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/04/24 13:16:00 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\enecirhidma.sys -- (enecirhidma)
DRV - [2009/10/22 05:54:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/12/31 04:38:25] [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/26 06:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...14z195t4992d35n
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_elGR447
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: [email protected]:2.3
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.9
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kopas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kopas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kopas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/12 14:22:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/20 19:30:44 | 000,000,000 | ---D | M]

[2011/09/04 16:07:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\Extensions
[2013/09/25 18:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\Firefox\Profiles\ecdm1b3x.default\extensions
[2012/09/05 13:30:13 | 000,040,827 | ---- | M] () (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\firefox\profiles\ecdm1b3x.default\extensions\[email protected]
[2012/09/03 05:27:34 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\firefox\profiles\ecdm1b3x.default\extensions\[email protected]
[2012/12/13 18:43:21 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\firefox\profiles\ecdm1b3x.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/09/12 14:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\KOPAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ECDM1B3X.DEFAULT\EXTENSIONS\{687578B9-7132-4A7A-80E4-30EE31099E03}
File not found (No name found) -- C:\USERS\KOPAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ECDM1B3X.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
[2012/09/12 14:22:02 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/25 06:02:51 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/25 06:02:51 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/25 06:02:51 | 000,000,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/25 06:02:51 | 000,001,219 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-el.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kopas\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kopas\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kopas\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Kopas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0\
CHR - Extension: Google Drive = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: \u0391\u03BD\u03B1\u03B6\u03AE\u03C4\u03B7\u03C3\u03B7 Google = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Tasks (by Google) = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.0_0\
CHR - Extension: AdBlock = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0\
CHR - Extension: Google Calendar (by Google) = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich\1.3.3_0\
CHR - Extension: Google Bookmarks Browser = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkffhdnihongjlhmapddfemaklefeila\0.8_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: RSS Feed Reader = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.2.0_0\

O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Kopas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kopas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Kopas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kopas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Αποστολή εικόνας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Αποστολή σελίδας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Kopas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kopas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Αποστολή εικόνας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Αποστολή σελίδας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31F62657-EF00-48AD-A936-418738277246}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/08/22 06:20:01 | 000,356,208 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2013/08/22 06:20:01 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{1d5f2252-ec85-11e1-a33c-00235a765294}\Shell - "" = AutoRun
O33 - MountPoints2\{1d5f2252-ec85-11e1-a33c-00235a765294}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{2891363f-d871-11e0-8d8b-00235a765294}\Shell - "" = AutoRun
O33 - MountPoints2\{2891363f-d871-11e0-8d8b-00235a765294}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2013/08/22 06:20:01 | 000,356,208 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/27 23:21:05 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Roaming\uTorrent
[2013/09/27 19:08:09 | 000,000,000 | ---D | C] -- C:\Users\Kopas\Sony Arxeia
[2013/09/27 03:33:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2013/09/26 15:06:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/09/26 05:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2013/09/25 19:18:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/25 18:52:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kopas\Desktop\OTL.exe
[2013/09/25 18:47:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/25 05:25:59 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/09/25 05:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/09/24 17:24:37 | 000,000,000 | ---D | C] -- C:\Users\Kopas\Podcasts
[2013/09/24 17:24:37 | 000,000,000 | ---D | C] -- C:\Users\Kopas\Documents\Media Go
[2013/09/24 17:23:50 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Local\Sony
[2013/09/24 17:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2013/09/24 17:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2013/09/24 17:22:57 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Local\Downloaded Installations
[2013/09/24 17:22:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/09/24 17:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install
[2013/09/24 17:20:18 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Roaming\Sony
[2013/09/21 13:58:10 | 000,000,000 | ---D | C] -- C:\Windows\temp

========== Files - Modified Within 30 Days ==========

[2013/09/29 14:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/29 13:57:02 | 000,001,194 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720886877-3019773777-2494609800-1000UA.job
[2013/09/29 13:57:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1720886877-3019773777-2494609800-1000UA.job
[2013/09/29 13:57:01 | 000,001,184 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/28 22:57:38 | 000,001,180 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/28 22:57:38 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720886877-3019773777-2494609800-1000Core.job
[2013/09/28 19:23:32 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/28 19:23:32 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/28 19:15:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/28 19:15:33 | 485,572,607 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/28 18:25:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1720886877-3019773777-2494609800-1000Core.job
[2013/09/27 21:55:33 | 000,049,332 | ---- | M] () -- C:\Users\Kopas\Desktop\1017675_10151683023287435_916947480_n.jpg
[2013/09/27 15:24:41 | 001,643,040 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/27 15:24:41 | 000,703,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/27 15:24:41 | 000,664,688 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2013/09/27 15:24:41 | 000,143,654 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/27 15:24:41 | 000,132,752 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2013/09/27 03:04:42 | 000,425,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/26 15:16:34 | 001,616,730 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/26 05:15:22 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/09/26 05:15:22 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/09/25 19:18:39 | 001,042,066 | ---- | M] () -- C:\Users\Kopas\Desktop\AdwCleaner.exe
[2013/09/25 18:52:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kopas\Desktop\OTL.exe
[2013/09/24 17:24:06 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Media Go.lnk
[2013/09/24 17:17:51 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/09/23 04:40:11 | 000,000,512 | ---- | M] () -- C:\Users\Kopas\Desktop\MBR.dat
[2013/09/22 21:09:03 | 000,080,437 | ---- | M] () -- C:\Users\Kopas\Desktop\pistepseto.eu (3).jpg
[2013/09/20 05:24:53 | 000,002,371 | ---- | M] () -- C:\Users\Kopas\Desktop\Google Chrome.lnk
[2013/09/11 23:50:25 | 000,026,177 | ---- | M] () -- C:\Users\Kopas\Desktop\rld-pes2013.lnk

========== Files Created - No Company Name ==========

[2013/09/27 21:55:26 | 000,049,332 | ---- | C] () -- C:\Users\Kopas\Desktop\1017675_10151683023287435_916947480_n.jpg
[2013/09/26 14:29:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/09/26 05:15:22 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/09/26 05:15:22 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/09/26 04:49:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/09/25 19:18:41 | 001,042,066 | ---- | C] () -- C:\Users\Kopas\Desktop\AdwCleaner.exe
[2013/09/24 17:24:06 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Media Go.lnk
[2013/09/24 17:22:25 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/23 04:40:11 | 000,000,512 | ---- | C] () -- C:\Users\Kopas\Desktop\MBR.dat
[2013/09/22 21:09:02 | 000,080,437 | ---- | C] () -- C:\Users\Kopas\Desktop\pistepseto.eu (3).jpg
[2013/09/11 23:50:25 | 000,026,177 | ---- | C] () -- C:\Users\Kopas\Desktop\rld-pes2013.lnk
[2013/03/31 18:11:51 | 000,000,654 | ---- | C] () -- C:\Windows\wininit.ini
[2013/02/28 22:55:12 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/02/09 14:54:30 | 000,000,004 | ---- | C] () -- C:\Users\Kopas\crt101
[2012/10/06 16:32:43 | 001,616,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/07 06:08:10 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/01/07 06:08:10 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini

========== ZeroAccess Check ==========

[2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 05:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 04:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/10/20 22:43:23 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\AnvSoft
[2013/06/28 15:52:56 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\BSplayer
[2011/11/25 18:56:57 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\BSplayer PRO
[2012/03/10 17:24:38 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\BSW
[2012/09/25 01:14:03 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\DAEMON Tools Lite
[2013/09/28 19:16:49 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\Dropbox
[2013/06/26 21:02:00 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\DVDVideoSoft
[2011/10/20 22:50:49 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/09/01 11:07:31 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\EgisTec
[2011/09/20 17:48:47 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\GameConsole
[2012/10/06 16:44:37 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\IDoser
[2012/01/07 06:48:20 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\LG Electronics
[2011/09/04 20:21:13 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\LolClient
[2012/01/07 06:49:08 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\ooVoo Details
[2011/09/04 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\PowerCinema
[2011/09/04 16:16:56 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\SoftDMA
[2013/09/24 17:25:55 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\Sony
[2012/12/11 08:29:58 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\SPSSInc
[2013/09/28 03:11:39 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\uTorrent
[2011/09/01 10:37:47 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\ViquaSoft
[2011/09/20 17:17:32 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\xm1

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini >

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot]

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini >
"Intl" = #USR:Control Panel\International
"Fonts" = #SYS:Microsoft\Windows NT\CurrentVersion\Fonts
"FontSubstitutes" = #SYS:Microsoft\Windows NT\CurrentVersion\FontSubstitutes
"AeDebug" = SYS:Microsoft\Windows NT\CurrentVersion\AeDebug
"MODULECOMPATIBILITY" = SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\MODULECOMPATIBILITY
"TRUETYPE" = #USR:SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\TRUETYPE
"NWCS" = SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\NWCS
"EXTENSIONS" = #USR:SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\EXTENSIONS
"TWAIN" = #USR:SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\TWAIN
"MSCHARMAP" = #USR:SOFTWARE\\MICROSOFT\\CHARMAP
"CONSOLE" = USR:CONSOLE
"CURSORS" = #USR:CONTROL PANEL\\CURSORS
"NET_FILES" = USR:SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\NETWORK\\PERSISTENT CONNECTIONS
"EMBEDDING" = !#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\EMBEDDING
"WINDOWS HELP" = USR:SOFTWARE\\MICROSOFT\\WINDOWS HELP
"IOPROCS" = #USR:CONTROL PANEL\\IOPROCS
"COLORS" = #USR:CONTROL PANEL\\COLORS
"GRE_INITIALIZE" = SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\GRE_INITIALIZE
"DESKTOP" = #USR:CONTROL PANEL\\DESKTOP
"SOUNDS" = #USR:CONTROL PANEL\\SOUNDS
"MCI EXTENSIONS" = SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\MCI EXTENSIONS
"CLOCK" = #USR:SOFTWARE\\MICROSOFT\\CLOCK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\NETWORK]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]

< HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows >
"UserSelectedDefault" = 1
"Load" =
"Device" = Send To OneNote 2010,winspool,nul:

< End of report >
  • 0

Advertisements


#11
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello, I'm awaiting clearance for my next post :thumbsup:
  • 0

#12
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello there.

OTL on the Desktop :thumbsup:

O.K the line I was bothered about is no longer present so I'm a happy man. Let's carry on with the clean, we need to delete what ADWcleaner found and run a few more tools to make sure all is clear :)

Follow in the order given

1. Run ADWcleaner

  • Right click ADWcleaner and Run as Administrator then select Scan
  • Once the scan is complete click Clean
  • A reboot will be asked for click O.K
  • On reboot a log will be produced, please post in your next reply.


2. Junkware Removal Tool

Posted Image 1. Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Right-mouse click JRT.exe and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

3. UPDATE AND RUN MALWAREBYTES

You have this installed so please update and run a scan

  • Open Malwarebytes select the Updates Tab - Select Check for Updates and click O.K
  • Once complete click the Scanner Tab and select Perform quick scan
  • The scan will take a few minutes. Once complete click O.K and Show Results
  • Make sure anything found is checked and click Remove Selected
  • A reboot may be needed please proceed if asked.
  • If a reboot was needed the log is automatically saved by MBAM and can be viewed by clicking the Logs Tab then Open Log I need to see this.

4. ESET SCAN ONLY

You will need to disable your currently installed Anti-Virus, how to do so can be read here.


IMPORTANT - Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu, Quick Launch Bar or the Taskbar and select Run as Administrator. For Taskbar right click IE then right click the IE icon that appears.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Now use this link to run an online scan with the ESET Online Scanner

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Uncheck the Remove Found Threats box. I want to check the results first as ESET may remove a false positive :)
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you copy the logfile
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste the log in your next reply.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Things I want to see in your next post.

  • ADWcleaner results
  • JRT.txt
  • Malwarebytes results
  • ESET results
  • How are things running now? Browsers behaving themselves?

  • 0

#13
Georgekopa

Georgekopa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
ADWcleaner results:

# AdwCleaner v3.005 - Report created 29/09/2013 at 19:40:31
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kopas - KOPAS93
# Running from : C:\Users\Kopas\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\Babylon
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Users\Kopas\AppData\Local\apn
Folder Deleted : C:\Users\Kopas\AppData\Local\Conduit
Folder Deleted : C:\Users\Kopas\AppData\Local\cre
Folder Deleted : C:\Users\Kopas\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kopas\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Kopas\AppData\Roaming\Mozilla\Firefox\Profiles\ecdm1b3x.default\ConduitCommon
File Deleted : C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v15.0.1 (el)

[ File : C:\Users\Kopas\AppData\Roaming\Mozilla\Firefox\Profiles\ecdm1b3x.default\prefs.js ]

Line Deleted : user_pref("CT2786678..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Line Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_130067977588633691", true);
Line Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_1359634298000", true);
Line Deleted : user_pref("CT2786678.CTID", "CT2786678");
Line Deleted : user_pref("CT2786678.CurrentServerDate", "20-9-2013");
Line Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Fri Sep 20 2013 13:40:28 GMT+0300");
Line Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Thu Sep 08 2011 17:40:32 GMT+0300");
Line Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 138);
Line Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Thu Sep 08 2011 17:25:49 GMT+0300");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Thu Sep 08 2011 17:25:48 GMT+0300");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Thu Sep 08 2011 17:25:48 GMT+0300");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Thu Sep 08 2011 17:25:48 GMT+0300");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Thu Sep 08 2011 17:25:48 GMT+0300");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Thu Sep 08 2011 17:25:48 GMT+0300");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Thu Sep 08 2011 17:25:48 GMT+0300");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Thu Sep 08 2011 17:25:49 GMT+0300");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Thu Sep 08 2011 17:25:49 GMT+0300");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Thu Sep 08 2011 17:25:48 GMT+0300");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Thu Sep 08 2011 17:25:48 GMT+0300");
Line Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Line Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Line Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Line Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Line Deleted : user_pref("CT2786678.FirstServerDate", "8-9-2011");
Line Deleted : user_pref("CT2786678.FirstTime", true);
Line Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Line Deleted : user_pref("CT2786678.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT2786678.Initialize", true);
Line Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2786678.InstallationType", "Unknown");
Line Deleted : user_pref("CT2786678.InstalledDate", "Thu Sep 08 2011 17:25:49 GMT+0300");
Line Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2786678.IsGrouping", false);
Line Deleted : user_pref("CT2786678.IsInitSetupIni", true);
Line Deleted : user_pref("CT2786678.IsMulticommunity", false);
Line Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2786678.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2786678.IsProtectorsInit", true);
Line Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2786678.LastLogin_3.12.0.7", "Wed May 09 2012 18:23:01 GMT+0200");
Line Deleted : user_pref("CT2786678.LastLogin_3.13.0.6", "Thu Aug 02 2012 15:56:54 GMT+0300");
Line Deleted : user_pref("CT2786678.LastLogin_3.14.1.0", "Wed Aug 29 2012 04:49:47 GMT+0300");
Line Deleted : user_pref("CT2786678.LastLogin_3.15.1.0", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Deleted : user_pref("CT2786678.LastLogin_3.6.0.10", "Thu Sep 08 2011 17:25:49 GMT+0300");
Line Deleted : user_pref("CT2786678.LatestVersion", "3.20.0.4");
Line Deleted : user_pref("CT2786678.Locale", "en");
Line Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.6.0.10");
Line Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", " ");
Line Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Line Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.SearchProtectorEnabled", true);
Line Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Deleted : user_pref("CT2786678.SettingsLastUpdate", "1379664787");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Thu Sep 08 2011 17:25:46 GMT+0300");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Line Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Line Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2786678.UserID", "UN92338301507936982");
Line Deleted : user_pref("CT2786678.WeatherNetwork", "");
Line Deleted : user_pref("CT2786678.WeatherPollDate", "Thu Sep 08 2011 17:25:49 GMT+0300");
Line Deleted : user_pref("CT2786678.WeatherUnit", "C");
Line Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Line Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Thu Sep 08 2011 17:25:49 GMT+0300");
Line Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2786678.initDone", true);
Line Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2786678.myStuffEnabled", true);
Line Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2786678.revertSettingsEnabled", true);
Line Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2786678.testingCtid", "");
Line Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Thu Sep 08 2011 17:25:49 GMT+0300");
Line Deleted : user_pref("CT2786678.usagesFlag", 2);
Line Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Line Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT3072253.AppTrackingLastCheckTime", "Mon Nov 26 2012 12:59:23 GMT+0200");
Line Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Line Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Line Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Line Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_130067979083742856", true);
Line Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_1359634299000", true);
Line Deleted : user_pref("CT3072253.CTID", "CT3072253");
Line Deleted : user_pref("CT3072253.CurrentServerDate", "20-9-2013");
Line Deleted : user_pref("CT3072253.DSInstall", false);
Line Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Fri Sep 20 2013 13:40:27 GMT+0300");
Line Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT3072253.FirstServerDate", "18-6-2012");
Line Deleted : user_pref("CT3072253.FirstTime", true);
Line Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Line Deleted : user_pref("CT3072253.FirstTimeHiddenVer", true);
Line Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT3072253.HPInstall", false);
Line Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT3072253.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Line Deleted : user_pref("CT3072253.Initialize", true);
Line Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT3072253.InstallationId", "fft6C75.tmp.exe");
Line Deleted : user_pref("CT3072253.InstallationType", "XPE");
Line Deleted : user_pref("CT3072253.InstalledDate", "Mon Jun 18 2012 17:29:03 GMT+0300");
Line Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT3072253.IsGrouping", false);
Line Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Line Deleted : user_pref("CT3072253.IsMulticommunity", false);
Line Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Thu Aug 02 2012 15:56:54 GMT+0300");
Line Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Wed Aug 29 2012 04:49:47 GMT+0300");
Line Deleted : user_pref("CT3072253.LastLogin_3.15.1.0", "Fri Sep 20 2013 13:40:26 GMT+0300");
Line Deleted : user_pref("CT3072253.LatestVersion", "3.20.0.4");
Line Deleted : user_pref("CT3072253.Locale", "en");
Line Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT3072253.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Line Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.13.0.6");
Line Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Line Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=");
Line Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Tue Sep 24 2013 17:08:07 GMT+0300");
Line Deleted : user_pref("CT3072253.SettingsLastUpdate", "1380010374");
Line Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Line Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Fri Sep 20 2013 13:40:25 GMT+0300");
Line Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Line Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT3072253.UserID", "UN91403519500158115");
Line Deleted : user_pref("CT3072253.ValidationData_Search", 2);
Line Deleted : user_pref("CT3072253.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Line Deleted : user_pref("CT3072253.approveUntrustedApps", true);
Line Deleted : user_pref("CT3072253.autoDisableScopes", -1);
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e+x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e,x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e-x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e.:2z527", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e.x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e/x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e06cg5el8:", "6E6D6B706F72716D7273");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737176757877737879242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e0x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e1x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e2x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e3x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e4x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e5x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e6x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e7x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e8x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e9x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e:x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e;x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e<x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e=x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e>x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e?x305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./[email protected]", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7eax305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D337D56545138505C");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7ebx305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7ecx305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7edx305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7etx305", "2423");
Line Deleted : user_pref("CT3072253.backendstorage./9b-0?3g>d", "693A6A716C6C44737A78734648204A4A497C254D2450262A562321582A262E2F275D315C");
Line Deleted : user_pref("CT3072253.backendstorage./[email protected]:5;", "");
Line Deleted : user_pref("CT3072253.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Line Deleted : user_pref("CT3072253.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
Line Deleted : user_pref("CT3072253.backendstorage./9b/>01=9a6k6<im;[email protected]", "6E6A68707374757677");
Line Deleted : user_pref("CT3072253.backendstorage./9b3=>@44i48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Deleted : user_pref("CT3072253.backendstorage./9b5ba==9cjag", "3D673E3C3E436D747A717879497C7A4A78214B227E");
Line Deleted : user_pref("CT3072253.backendstorage./9b6b11g4c56b>f;p;[email protected]", "6E6D6A696D6D7270747175777A");
Line Deleted : user_pref("CT3072253.backendstorage./[email protected];7b=?ofb>>rhiqs", "393F352F3E");
Line Deleted : user_pref("CT3072253.backendstorage./9b9643g3/9e", "6A");
Line Deleted : user_pref("CT3072253.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Line Deleted : user_pref("CT3072253.backendstorage./9b<:222h64<", "393F352F3E");
Line Deleted : user_pref("CT3072253.backendstorage./9b<:222h64<l8daj", "6D70706F7674727977742A7972727B7C757D7C");
Line Deleted : user_pref("CT3072253.backendstorage./9b=+03eh8h8j?:", "4443");
Line Deleted : user_pref("CT3072253.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("CT3072253.backendstorage./9b?b0d:8aj62<h", "6D");
Line Deleted : user_pref("CT3072253.backendstorage./[email protected]<0bi6a7gn:[email protected]?", "6C");
Line Deleted : user_pref("CT3072253.backendstorage.bt_stats", "7B226C6173745F6C6F67223A313337393031303230312C2275756964223A3631383537373237343134303336322C227365715F6964223A37302C22737362223A313335333432383336327D")[...]
Line Deleted : user_pref("CT3072253.backendstorage.bt_usage", "7B2275756964223A3631383537373237343134303336322C227365715F6964223A317D");
Line Deleted : user_pref("CT3072253.backendstorage.cb_experience_000", "36");
Line Deleted : user_pref("CT3072253.backendstorage.cb_firstuse0100", "31");
Line Deleted : user_pref("CT3072253.backendstorage.cb_user_id_000", "43423136303839313031343936335F46697265666F78");
Line Deleted : user_pref("CT3072253.backendstorage.cbcountry_001", "4752");
Line Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "4D6F6E204A756E20313820323031322031373A32393A303720474D542B30333030");
Line Deleted : user_pref("CT3072253.backendstorage.cbopenmamsettings", "30");
Line Deleted : user_pref("CT3072253.backendstorage.facebook_mode", "32");
Line Deleted : user_pref("CT3072253.backendstorage.facebook_user_locale", "656E");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A22687474703A2F2F7072696365676F6E672E636F6E64756974617070732E636F6D2F4D414D2F763[...]
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstatereporttime", "31333739363733363335373337");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_calledsetupservice", "31");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A2245617379746F626F6F6B5F7461726765746564222C22637269746572696173223A5B7B22637269746572696149[...]
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_currentversion", "312E31302E342E30");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_existingusersrecoverydone", "31");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_first_time", "31");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_lastlogintime", "31333739363733363332313135");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22CEA0CEBFCEBBCEB9CF84CEB9CEBACEAE20CEA0CEB5CF81CEB9CEB5CF87CEBFCEBCCEADCEBDCEB[...]
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_mamenabled", "66616C7365");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_settings1.10.4.0", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2238345F30222C22697354657374223[...]
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_settings1.4.3.1", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2236315F2D31222C2269735465737422[...]
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_settings1.4.3.2", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2236315F2D31222C2269735465737422[...]
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_settings1.4.4.6", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A223231355F2D31222C22697354657374[...]
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_settings1.6.0.1", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A223231355F2D31222C22697354657374[...]
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_settings1.8.0.4", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2235345F30222C22697354657374223A[...]
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_showclosebutton", "74727565");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_user_approval_interacted", "31");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_userid", "36633865653062362D376437352D343035662D383863632D386230643037623539376336");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_welcomedialogmode", "31");
Line Deleted : user_pref("CT3072253.backendstorage.pg_enable", "74727565");
Line Deleted : user_pref("CT3072253.backendstorage.searchappstate", "33");
Line Deleted : user_pref("CT3072253.backendstorage.searchapptracking", "73656E74");
Line Deleted : user_pref("CT3072253.backendstorage.sf_just_installed", "46414C5345");
Line Deleted : user_pref("CT3072253.backendstorage.sf_status", "454E41424C4544");
Line Deleted : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F7777772E78766964656F732E636F6D2F626573742F7765656B2F342F3A3A3A636C69636B68616E646C65723A3A3A313336333232373035343934372C2C2C6874747[...]
Line Deleted : user_pref("CT3072253.components.1000080", true);
Line Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3072253.initDone", true);
Line Deleted : user_pref("CT3072253.isAppTrackingManagerOn", false);
Line Deleted : user_pref("CT3072253.myStuffEnabled", true);
Line Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);
Line Deleted : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129805375651312503,129749445881800338,129573915102477663,1000080,1000515,1000,1001,1002,1003,1004,1005,[...]
Line Deleted : user_pref("CT3072253.revertSettingsEnabled", true);
Line Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3072253.testingCtid", "");
Line Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Fri Sep 20 2013 13:40:27 GMT+0300");
Line Deleted : user_pref("CT3072253.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", " ");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"57ed859bc80c879b30b995bafdbddc903\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253", "\"08e80611cc7dd35bf49059329bd2c92f3\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/GR", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/GR", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1362324159\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", "\"1362324308\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcduu0A==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT3072253", "GNmdGrr6syWWiO5HPrW6Kg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT3072253", "inm6N6Ad2DrQKGUsOGzkLg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "UgzXjW7BIkfdx+x39Ruv3w==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT3072253", "6nU8AIjBECdJeC23UVuipQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT3072253", "Y3Dtc1pIAMMkuUpvgoTeaw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"ea2cd4d5b586ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"80b45d28468cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"97e416bb586ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=CT2786678", "\"1314985690\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"a0d9ddc6cde9509f52b61de15d7e1e40\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"761a1065c089bba4e6032a22fdf81948\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Kopas\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\ecdm1b3x.default\\conduitCommon\\modules\\3.15.1.0");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,CT3072253");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678,CT3072253");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678,CT3072253");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Sep 08 2011 17:25:49 GMT+0300");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "21ae34f9-5ffc-48da-9426-f70f97caced9");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Sep 20 2013 13:40:28 GMT+0300");
Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jun 18 2012 18:29:09 GMT+0300");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Sep 24 2013 17:08:08 GMT+0300");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "0a45a0e5-39fd-465d-99b1-1739f223b164");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

-\\ Google Chrome v

[ File : C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [36997 octets] - [25/09/2013 19:19:00]
AdwCleaner[R1].txt - [37059 octets] - [29/09/2013 19:38:00]
AdwCleaner[S0].txt - [37650 octets] - [29/09/2013 19:40:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [37711 octets] ##########

JRT.txt:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by Kopas on 29/09/2013 at 19:46:46,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/09/2013 at 19:53:27,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes results:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Έκδοση βάσης δεδομένων: v2013.09.29.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Kopas :: KOPAS93 [διαχειριστής]

29/9/2013 11:55:55 μμ
mbam-log-2013-09-29 (23-55-55).txt

Τύπος σάρωσης: Γρήγορη σάρωση
Ενεργοποιημένες επιλογές σάρωσης: Μνήμη | Εκκίνηση | Μητρώο | Σύστημα αρχείων | Ευρετική μέθοδος/Extra | Ευρετική μέθοδος/Shuriken | PUP | PUM
Απενεργοποιημένες επιλογές σάρωσης: P2P
Αντικείμενα που σαρώθηκαν: 204876
Χρόνος που έχει διανυθεί: 4 λεπτό(ά), 55 δευτερόλεπτο(α)

Εντοπίστηκαν διεργασίες στη μνήμη: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν στοιχεία στη μνήμη: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν κλειδιά στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν τιμές στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν αντικείμενα δεδομένων στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν φάκελοι: 2
C:\Users\Kopas\AppData\Local\Temp\CT3289075 (PUP.Optional.Conduit.A) -> Απομονώθηκε και διαγράφτηκε επιτυχώς.
C:\Users\Kopas\AppData\Local\Temp\CT3289075\plugins (PUP.Optional.Conduit.A) -> Απομονώθηκε και διαγράφτηκε επιτυχώς.

Εντοπίστηκαν αρχεία: 5
C:\Users\Kopas\Downloads\bsplayer265.1074.exe (PUP.Optional.Conduit.A) -> Απομονώθηκε και διαγράφτηκε επιτυχώς.
C:\Users\Kopas\AppData\Local\Temp\CT3289075\CT3289075.txt (PUP.Optional.Conduit.A) -> Απομονώθηκε και διαγράφτηκε επιτυχώς.
C:\Users\Kopas\AppData\Local\Temp\CT3289075\initData.json (PUP.Optional.Conduit.A) -> Απομονώθηκε και διαγράφτηκε επιτυχώς.
C:\Users\Kopas\AppData\Local\Temp\CT3289075\manifest.json (PUP.Optional.Conduit.A) -> Απομονώθηκε και διαγράφτηκε επιτυχώς.
C:\Users\Kopas\AppData\Local\Temp\CT3289075\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Απομονώθηκε και διαγράφτηκε επιτυχώς.

(τέλος)

ESET results:

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dd67c022ef5e4f42aaac2577bb89512c
# engine=15302
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-09-30 03:40:30
# local_time=2013-09-30 06:40:30 )
# country="Greece"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 132142280 0 0
# scanned=100620
# found=2
# cleaned=0
# scan_time=22722
sh=E364ECE6E6ECB3090CB55C72CA3B17889BECA341 ft=1 fh=9f2083bc9af4e747 vn="a variant of Win32/Injector.AIHW trojan" ac=I fn="C:\MSI\TrustedInstaller.exe"
sh=DFA2D94780339523D9B6A9745DDFA9F9BEC2137F ft=1 fh=933b1092124112c9 vn="Win32/HackTool.Crack.BB application" ac=I fn="C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\rld.dll"
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dd67c022ef5e4f42aaac2577bb89512c
# engine=15320
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-10-01 05:55:32
# local_time=2013-10-01 08:55:32 )
# country="Greece"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 132279982 0 0
# scanned=1123656
# found=6
# cleaned=0
# scan_time=23253
sh=E364ECE6E6ECB3090CB55C72CA3B17889BECA341 ft=1 fh=9f2083bc9af4e747 vn="a variant of Win32/Injector.AIHW trojan" ac=I fn="C:\MSI\TrustedInstaller.exe"
sh=DFA2D94780339523D9B6A9745DDFA9F9BEC2137F ft=1 fh=933b1092124112c9 vn="Win32/HackTool.Crack.BB application" ac=I fn="C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\rld.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/HackTool.Crack.BB application" ac=I fn="C:\Users\Kopas\Downloads\Games\Pro.Evolution.Soccer.2013.Proper-RELOADED\rld-pes2013.iso"
sh=AB01DF83F3E294AB679038FF086A302F540FF755 ft=1 fh=310156a22f800899 vn="a variant of Win32/Toolbar.Babylon.C application" ac=I fn="C:\_OTL\MovedFiles\09252013_184706\C_Users\Kopas\downloads\Efarmoges\Geekstogo\PuranDefragFreeSetup.exe"
sh=56E4531E58A508B45C43A813DC4DA578DB231886 ft=1 fh=fe40d461b3d99c4c vn="a variant of MSIL/HackKMS.A application" ac=I fn="C:\_OTL\MovedFiles\09252013_184706\C_Users\Kopas\downloads\Efarmoges\Microsoft Office Pro 2010 With Toolkit and EZ-Activator 2.01 [h33t.com] Full\Office 2010 Toolkit.exe"
sh=19796AC04A61707B547E9436682CF0B2D6DF082B ft=0 fh=0000000000000000 vn="a variant of MSIL/HackKMS.A application" ac=I fn="C:\_OTL\MovedFiles\09252013_184706\C_Users\Kopas\downloads\Efarmoges\Microsoft Office Pro 2010 With Toolkit and EZ-Activator 2.01 [h33t.com] Full\Office 2010 Toolkit and EZ-Activator 2.01\OTK2010V201.zip"
  • 0

#14
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Thanks for the scans. It does show that Pro Evolution Soccer 2013 has been cracked, this is illegal and leaves you wide open security wise. We cannot offer support to users with illegal software installed.

Crack files are rubbish, yes they can work but are so corrupt and full of security holes. It's not worth wrecking an operating system, personnel files, personnel data etc.

To sum up - Pro Evolution Soccer 2013, buy a licence or get rid.

I will get my next post ready for you this evening, in the meantime, behave yourself :)
  • 0

#15
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello there :)

We need to clear up the leftovers found in the ESET scan and get you secured.

Follow in the order given.


1. Uninstall

The following programs have been flagged as corrupt or Illegal. Adobe Reader 9 we will remove as we are updating that.

  • Click Start then select Control Panel
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:
  • Puran Defrag Free Edition 7.3
  • BS.Player FREE
  • BS.Player PRO
  • Microsoft Office Professional Plus 2010
  • Pro Evolution Soccer 2013
  • Adobe Reader 9


2. OTL Fix

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :OTL
    SRV:64bit: - [2011/12/26 16:33:26 | 000,289,792 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
    [2013/06/28 15:52:56 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\BSplayer
    [2011/11/25 18:56:57 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\BSplayer PRO
    [2013/09/28 03:11:39 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\uTorrent

    :FILES
    C:\MSI\TrustedInstaller.exe
    C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013
    C:\Users\Kopas\Downloads\Games\Pro.Evolution.Soccer.2013.Proper-RELOADED
    C:\Program Files (x86)\Pando Networks

    :COMMANDS
    [EMPTYTEMP]

  • Then click Run Fix
  • Click O.K to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.


3. UPDATE ADOBE

Adobe is bundled with Chrome, Google toolbar and or McAfee Security Scan. Uncheck the boxes before downloading Reader.



4. Do You Need Java? Please read:

  • Java is one of the most exploited software at this time and the majority of home users can do without it. Installing the latest updates is also important
  • The easiest way to find out if Java is needed is to disable Java in your web browser. (see link below)
  • If a trusted program or webpage asks for Java then enable it, otherwise Uninstall completely using JavaRa

    Update or Remove Java

  • Use this link to download JavaRa
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • Follow the next steps only if you want to keep Java install the latest version
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa


5. INSTALL ANTIVIRUS

You do not have one installed it is vital to do so:

Install one of these programs and run a quick scan. Let me know if anything was found.



Things I want to see in your next post.

  • OTL fix.txt
  • Did AVAST or MSE find anything? If so What?

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP