Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Running Slow, General Malware Check (Extras.txt by OTL not created) [

Started by demie , Sep 13 2012 04:13 PM

  • This topic is locked This topic is locked

#16
demie
Posted 22 September 2012 - 05:15 AM

demie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ΠΡΟΚΥΡΗΞΕΙΣ is a folder I have created which contains documents for announcements about jobs. I'm not sure how it translates, maybe "notices"

Υπολογιστης - Συντόμευση, means Computer - Shortcut (targets the "Computer" I have on my desktop.

I don't know why FSS showed Windows Update Service not started.

Edit: I have the free version of avast anti-virus (it has 8 shields, I don't think I have the avast firewall)

Should I install the Windows Service Pack now?

Results of screen317's Security Check version 0.99.51
Windows Vista Service Pack 1 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft VM for Java
Java™ 6 Update 35
Java 7 Update 7
Adobe Flash Player 11.4.402.278
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Edited by demie, 22 September 2012 - 05:18 AM.

  • 0

Advertisements

#17
godawgs
Posted 22 September 2012 - 06:56 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
As long as you know what the folder and link are we're :thumbsup:

Edit: I have the free version of avast anti-virus (it has 8 shields, I don't think I have the avast firewall)

I think you have to have the paid version to get the firewall. One of the registry keys shows the Windows firewall ON and a different key shows the firewall OFF so I want you to check and make sure it is on. To do that:

Click the Start Orb and click Control Panel
On the Control Panel window click the Security icon. The Security window will open.
Under the Windows Firewall heading, click Turn Windows firewall on or off. The firewall settings page will open.
Make sure there is a blue dot in the radio button beside On(Recommended)
Click OK to close the settings page and close the Control Panel.

I don't know why FSS showed Windows Update Service not started.

Me either. But I wanted to make sure it is working because I knew we needed to install SP2. Yes, update the service pack.

While you're at it, Microsoft just recently found a critical vulnerability in IE 6 through 9. See the technet document: http://technet.micro...dvisory/2757760
They have just pushed out a security update for it.
And your IE is out of date. IE9 has been out for some time. You should update IE8 to IE9. And then install the security update for IE. But do the service pack first.

One of the scans shows the Symantic(Norton) antivirus and firewall still being monitored so I want to get a look at those registry keys. I have changed the settings for this OTL scan, so read the directions carefully.
This scan will be very brief and will basically just have the contents of the two registry keys I want to look at along with the usual header info.


Posted Image OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the code box, right click the mouse and click Copy.
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall

2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
    Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the greyed out None button at the top of the console.<--Very Important
  • Make sure the Output box at the top is set to Minimal Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.


Things For Your Next Post:
1. Let me know how the Windows and IE updates went.
2. The new OTL.txt log
3. Any other issues you are having with the computer.
  • 0

#18
demie
Posted 23 September 2012 - 12:58 PM

demie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello again godawgs,

SP, Windows and IE updates went very good.

Here's the new OTL file

OTL logfile created on: 23/9/2012 9:13:16 μμ - Run 2
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 47,28% Memory free
4,23 Gb Paging File | 2,86 Gb Available in Paging File | 67,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 14,23 Gb Free Space | 12,74% Space Free | Partition Type: NTFS
Drive D: | 108,19 Gb Total Space | 71,06 Gb Free Space | 65,68% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus >
"DisableMonitoring" = 1

< HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall >
"DisableMonitoring" = 1

< End of report >

I don't have at the time other issues with my laptop and I wish I don't have at the future.
Thank you for your help and your fast replies!
  • 0

#19
godawgs
Posted 23 September 2012 - 01:50 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi demie,

Thank you for your help and your fast replies!

You're welcome.

One last OTL fix to remove some unneeded registry values and check for malware remnants and we'll be readt to wrap this puppy up.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:COMMANDS
[CREATERESTOREPOINT]

:REG
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

:COMMANDS
[EMPTYTEMP]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Posted ImageMalwarebytes' Anti-Malware

Close all programs and browsers on your computer.

Right click the Posted ImageMalwarebytes' Anti-Malware icon and click Run As Administrator to run the program.
  • The main program console will open, as shown below.

    Posted Image
  • Click the Update tab and update the program if necessary.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.<---Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-3.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
  • When completed Do Not select Uninstall application on close
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. For 64 bit systems the log will be at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

After these scans we will remove malware remnants, if any are found, and clean up the tools we've used.


Step-4.

Things For Your Next Post:
1. The OTL fixes log
2. The Malwarebytes log
3. The ESET scan log
  • 0

#20
demie
Posted 24 September 2012 - 05:12 PM

demie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello godawgs!

It seems I still have a problem running OTL fix.

The same error occured when running the fix...

Below is the windows error I received.

Files for the description of the problem:
C:\Users\user\AppData\Local\temp\WERA7B6.tmp.version.txt
C:\Users\user\AppData\Local\temp\WERBE43.tmp.appcompat.txt
C:\Users\user\AppData\Local\temp\WERC4B9.tmp.mdmp

I tried to find those files after the reboot (I had to reboot using CTRL+ALT+DEL because my desktop had disappeared) but they weren't there.

Read our privacy statement:
http://go.microsoft....63&clcid=0x0408

It seems like my browsing problems are back (or not gone completely in the first place?)

Below is a screenshot with slow loading of ESET online scanner website

Loading_slow.jpg

OTL fix log:


Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


MBAM log

Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.24.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [administrator]

Protection: Enabled

24/9/2012 8:46:15 μμ
mbam-log-2012-09-24 (20-46-15).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM
Scan options disabled: Heuristics/Shuriken | P2P
Objects scanned: 394516
Time elapsed: 1 hour(s), 55 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\user\AppData\LocalLow\myWebFace_2uEI\Installr\Cache\005E4413.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\user\Documents\EXE\Macromedia Flash Professional 8\CRACK\keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
C:\Users\Amoudis\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Amoudis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.

(end)


ESET Online Scanner log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=81aea7080333f5418db768e144ef9fae
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-24 10:07:23
# local_time=2012-09-25 01:07:23 )
# country="Greece"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 142206985 142206985 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776638 100 100 439 186051324 0 0
# compatibility_mode=8192 67108863 100 0 572 572 0 0
# scanned=206609
# found=0
# cleaned=0
# scan_time=5847
  • 0

#21
godawgs
Posted 24 September 2012 - 10:52 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

It looks like the fix hung on the [emptytemp] command.

What was this for?

Read our privacy statement:
http://go.microsoft....63&clcid=0x0408

Why did you include this? And it's Greek(I think) so I couldn't read it anyway.

Are you having the browser problems on all sites or was it just the ESET site?

Please get me a fresh OTL scan.

Posted Image OTL Scan

Please re-open OTL
  • Double click the Posted Image on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console.
  • Do Not click the box beside Include 64 bit Scans
  • Make sure the Output box at the top is set to Minimal Output.
  • Click the Posted Image button.
  • Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is saved in the same location as OTL.
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste.This will paste the contents of the .txt file in the in the post window.

Post the OTL.txt log and the answer to my questions.
  • 0

#22
demie
Posted 25 September 2012 - 01:07 AM

demie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello,

Thank you for your reply.

I included the privacy statement link because that was in the error window (the whole "Read our privacy statement: link)

It looks like the browsing problem is only on ESET website after all.

Below is the OTL log.

OTL logfile created on: 25/9/2012 9:46:59 πμ - Run 3
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

2,00 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 58,07% Memory free
4,23 Gb Paging File | 3,28 Gb Available in Paging File | 77,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 12,01 Gb Free Space | 10,76% Space Free | Partition Type: NTFS
Drive D: | 108,19 Gb Total Space | 71,06 Gb Free Space | 65,68% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Notepad++\NppShell_04.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()


========== Services (SafeList) ==========

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe File not found
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe File not found
SRV - (M4-Service) -- C:\Users\user\Downloads\M4-Service.exe File not found
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (TeamViewer) -- C:\Program Files\TeamViewer3\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMSvc) -- C:\Windows\System32\inetsrv\WMSvc.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)
SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (SNP2UVC) -- system32\DRIVERS\snp2uvc.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IKANLOADER2) -- System32\Drivers\e4ldr.sys File not found
DRV - (e4usbaw) -- system32\DRIVERS\e4usbaw.sys File not found
DRV - (catchme) -- C:\Users\user\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (adiusbaw) -- system32\DRIVERS\adiusbaw.sys File not found
DRV - (ADILOADER) -- System32\Drivers\adildr.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (DefragFS) -- C:\Windows\System32\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-379806682-1138693872-2795221623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page =
IE - HKU\S-1-5-21-379806682-1138693872-2795221623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page =
IE - HKU\S-1-5-21-379806682-1138693872-2795221623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-379806682-1138693872-2795221623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-379806682-1138693872-2795221623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-379806682-1138693872-2795221623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://gr.msn.com/?m...el-gr&ocid=iehp
IE - HKU\S-1-5-21-379806682-1138693872-2795221623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = el
IE - HKU\S-1-5-21-379806682-1138693872-2795221623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 A6 EA E7 90 9A CD 01 [binary data]
IE - HKU\S-1-5-21-379806682-1138693872-2795221623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-379806682-1138693872-2795221623-1000\..\SearchScopes,Backup.Old.DefaultScope = {3481F2AF-045A-48E4-B91C-354C09662702}
IE - HKU\S-1-5-21-379806682-1138693872-2795221623-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-379806682-1138693872-2795221623-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-379806682-1138693872-2795221623-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-379806682-1138693872-2795221623-1000\..\SearchScopes\{0B0100B9-2269-2138-003A-5CB21267E86F}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKU\S-1-5-21-379806682-1138693872-2795221623-1000\..\SearchScopes\{F9CF90C5-60BB-44F5-8EBA-7B9E51420009}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-379806682-1138693872-2795221623-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..backup.old.browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1466
FF - prefs.js..extensions.enabledItems: {eb226349-2b1b-4682-b300-b694600b5684}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\user\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/28 23:00:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/20 06:46:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/20 06:46:38 | 000,000,000 | ---D | M]

[2009/07/09 16:13:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2009/07/09 16:13:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/09/20 06:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\6a87htz0.default\extensions
[2012/09/07 16:45:18 | 000,002,337 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\6a87htz0.default\searchplugins\Search.xml
[2012/09/07 19:08:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/09/07 19:08:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/08/28 23:00:37 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/07 19:09:14 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/01 19:40:44 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/30 19:41:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/01 19:40:44 | 000,000,760 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/06/01 19:40:44 | 000,001,219 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-el.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Imagine Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npImagine.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Fast save = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\enlpplopgndbcgdlcbcgbpfngjjkgpbl\1.1_0\
CHR - Extension: avast! WebRep = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/21 21:35:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKU\S-1-5-21-379806682-1138693872-2795221623-1000..\Run: [Facebook Update] C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-379806682-1138693872-2795221623-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-379806682-1138693872-2795221623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{302196A2-40AA-4C3D-A453-0F533E3DBA11}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51622D60-15C7-4B37-ACF3-F19C8766CB14}: DhcpNameServer = 192.168.10.2 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63B1146E-26F9-48F3-B9DA-647E0AF3C37B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Ταπετσαρία της Συλλογής φωτογραφιών των Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Ταπετσαρία της Συλλογής φωτογραφιών των Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 00:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/24 23:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/23 19:00:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012/09/23 19:00:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012/09/23 19:00:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012/09/23 17:27:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/09/21 22:03:46 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/09/21 21:40:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/21 21:40:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/21 21:40:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp
[2012/09/21 21:16:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/20 06:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/09/20 06:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/09/20 06:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/09/20 06:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/09/20 00:13:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/20 00:13:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/20 00:13:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/20 00:10:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/20 00:09:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/20 00:08:06 | 004,754,290 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/09/18 08:24:56 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\G2G
[2012/09/17 18:40:09 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\ΠΡΟΚΗΡΥΞΕΙΣ
[2012/09/17 16:55:23 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\user\Desktop\FSS.exe
[2012/09/15 07:06:50 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2012/09/15 06:38:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/07 19:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2012/09/07 19:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012/09/07 19:45:29 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Conv videos
[2012/09/07 19:45:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2012/09/07 19:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2012/09/07 19:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\K-5 Video Reversal tool
[2012/09/07 19:30:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Alex Inc
[2012/09/07 19:27:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\All Alex Inc
[2012/09/07 19:19:35 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\ReverseIt
[2012/09/07 19:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Magic Music Workshop
[2012/09/07 19:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/07 16:55:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\K-5 Video Reversal tool
[2012/09/07 16:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2012/09/07 16:39:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012/09/07 15:46:49 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Wondershare DVD Slideshow Builder Deluxe
[2012/09/07 15:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare
[2012/09/07 15:46:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Wondershare
[2012/09/07 15:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
[2012/09/07 15:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2012/09/07 15:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012/09/07 15:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2012/09/07 15:07:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\NCH Software
[2012/09/04 21:21:37 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\WinMips64
[2012/09/02 23:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/02 22:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/09/02 21:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/08/29 22:06:04 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\cv
[2012/08/28 22:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

========== Files - Modified Within 30 Days ==========

[2012/09/25 09:40:54 | 000,027,240 | ---- | M] () -- C:\Users\user\AppData\Roaming\nvModes.001
[2012/09/25 09:40:05 | 000,001,164 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/25 09:39:58 | 000,000,432 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/09/25 09:39:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/25 09:39:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/25 09:39:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/25 02:20:00 | 000,001,190 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-379806682-1138693872-2795221623-1000UA.job
[2012/09/25 01:36:00 | 000,001,168 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/25 01:26:59 | 000,001,202 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-379806682-1138693872-2795221623-1008UA.job
[2012/09/25 01:17:01 | 000,001,224 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-379806682-1138693872-2795221623-1000UA.job
[2012/09/24 22:53:50 | 000,027,240 | ---- | M] () -- C:\Users\user\AppData\Roaming\nvModes.dat
[2012/09/24 18:11:05 | 000,679,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/24 18:11:05 | 000,671,430 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2012/09/24 18:11:05 | 000,136,832 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2012/09/24 18:11:05 | 000,134,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/24 06:20:30 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-379806682-1138693872-2795221623-1000Core.job
[2012/09/24 03:01:38 | 000,016,896 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/24 02:47:33 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-379806682-1138693872-2795221623-1008Core.job
[2012/09/23 19:54:28 | 000,000,947 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/23 19:45:15 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/09/23 19:45:15 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/09/23 19:44:53 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/09/23 19:05:45 | 000,305,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/23 16:17:05 | 000,001,202 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-379806682-1138693872-2795221623-1000Core.job
[2012/09/22 13:36:00 | 000,881,724 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2012/09/21 22:04:01 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/09/21 21:35:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/21 21:14:47 | 004,754,290 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/09/20 06:46:17 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/09/17 16:55:25 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\user\Desktop\FSS.exe
[2012/09/17 16:49:02 | 000,512,737 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner.exe
[2012/09/15 07:07:17 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2012/09/15 06:19:29 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/14 04:46:21 | 000,020,233 | ---- | M] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2012/09/07 19:46:33 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\Prism Video File Converter.lnk
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/05 01:20:49 | 000,002,041 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2012/08/28 23:00:47 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/08/28 22:52:02 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

========== Files Created - No Company Name ==========

[2012/09/23 19:54:28 | 000,000,953 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/09/23 19:54:28 | 000,000,947 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/23 19:44:53 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/09/22 13:35:40 | 000,881,724 | ---- | C] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2012/09/20 06:46:17 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/09/20 06:43:20 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/09/20 00:13:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/20 00:13:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/20 00:13:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/20 00:13:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/20 00:13:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/17 16:48:59 | 000,512,737 | ---- | C] () -- C:\Users\user\Desktop\adwcleaner.exe
[2012/09/14 04:46:21 | 000,020,233 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2012/09/07 19:46:33 | 000,000,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
[2012/09/07 19:46:33 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\Prism Video File Converter.lnk
[2012/09/03 01:17:41 | 000,001,202 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-379806682-1138693872-2795221623-1008UA.job
[2012/09/03 01:17:38 | 000,001,150 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-379806682-1138693872-2795221623-1008Core.job
[2012/08/28 22:52:02 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/25 19:50:42 | 000,000,859 | ---- | C] () -- C:\Users\user\AppData\Local\recently-used.xbel
[2012/03/05 17:23:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/03/05 15:38:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/03/05 15:38:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/10/13 14:44:22 | 000,000,479 | ---- | C] () -- C:\Windows\rsagent.ini
[2011/03/01 17:50:16 | 000,005,095 | ---- | C] () -- C:\ProgramData\xpbthzbm.qqq
[2011/02/10 17:51:58 | 003,075,072 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2010/12/29 02:23:14 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/12/09 04:48:21 | 000,099,912 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/12/04 23:14:37 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/02/02 18:35:19 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\prvlcl.dat
[2009/02/21 23:20:42 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2008/05/15 18:58:00 | 000,000,104 | ---- | C] () -- C:\Users\user\Υπολογιστής - Συντόμευση.lnk
[2008/03/01 04:58:37 | 000,016,896 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/27 16:25:37 | 000,027,240 | ---- | C] () -- C:\Users\user\AppData\Roaming\nvModes.001
[2008/02/27 16:25:33 | 000,027,240 | ---- | C] () -- C:\Users\user\AppData\Roaming\nvModes.dat

========== ZeroAccess Check ==========

[2012/09/02 22:40:20 | 000,000,000 | ---D | M] -- C:\Users\Amoudis\AppData\LocalLow\Microsoft\Silverlight\is\vhajlahk.kbf\shmyvkic.oie\1\l
[2010/02/24 19:21:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\LocalLow\Microsoft\Silverlight\is\u2fdeavq.0wh\4khb2p5u.wz4\1\l
[2006/11/02 15:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

[2008/02/27 15:40:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Acer
[2012/09/07 19:30:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Alex Inc
[2012/09/07 19:27:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\All Alex Inc
[2010/11/26 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG10
[2011/10/13 14:59:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/03/15 20:30:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Crayon Physics Deluxe
[2011/07/08 10:21:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2009/01/17 00:44:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EleFun Games
[2011/11/04 15:47:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EPSON
[2012/05/07 15:32:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Free Download Manager
[2009/02/01 21:02:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MAXON
[2011/01/12 22:14:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\muvee Technologies
[2012/09/14 01:17:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MySQL
[2012/01/11 20:47:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Notepad++
[2009/10/15 15:38:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera
[2012/05/19 17:28:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SecondLife
[2011/11/24 00:38:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SmartDraw
[2010/09/03 21:43:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Smilebox
[2008/09/27 03:41:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SQLyog
[2010/02/15 00:15:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2011/07/08 10:11:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thinstall
[2011/03/01 18:41:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\VistaCodecs
[2009/01/22 00:44:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\zweitgeist

========== Purity Check ==========



< End of report >
  • 0

#23
godawgs
Posted 25 September 2012 - 06:42 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello demie,

It looks like the browsing problem is only on ESET website after all.

Yeah, some computers have a problem with ESET for some reason. But you got the scan and it looks :thumbsup: The new OTL log is clean.

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Post the contents of the Checkup.txt log please
  • 0

#24
demie
Posted 25 September 2012 - 07:50 AM

demie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello,

Below is the checkup.txt

Results of screen317's Security Check version 0.99.51
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft VM for Java
Java™ 6 Update 35
Java 7 Update 7
Adobe Flash Player 11.4.402.278
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
  • 0

#25
godawgs
Posted 25 September 2012 - 10:34 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi demie,

OK! Well done. :thumbsup: Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please proceed with the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

Step-1.

Uninstall Program(s)

1. Please click the Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

ESET online scanner

3. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\ESET

2. Close Windows Explorer.

Step-2.

Uninstall ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box .
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen.
  • A message should appear confirming that ComboFix was uninstalled

Step-3.

1. Please re-open Posted Image on your desktop.
  • Be sure all other programs are closed as this step will require a reboot.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
The above process will remove most/all of the tools used and logs created during the cleanup process. After it is finished, OTL will remove itself. This is so that if you are ever infected again you will download the most current copy of the tool.

Step-4

Uninstall AdwCleaner

Re-open AdwCleaner
  • Click the Uninstall button
  • Confirm with yes
Posted Image

Step-5.

Delete the following files fron the Desktop:

aswMBR.dat
Securitycheck.exe
checkup.txt
update.txt

Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.

Step-6.

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

For Vista and Windows 7:
  • Click the Start Orb. Click Control Panel. Click System and Maintenance
  • Click System
  • In the left column under Tasks, click Advance System Settings and accept the warning if you get one
  • Click the System Protection Tab
  • In the Available Disks box put a ckeck mark in the box next to OS (?:) (System). Your drive letter will be shown in place of the ?

    Note: It may take some time for the system to populate the Available Disks box, so be patient.
  • Click the Create button at the bottom
  • Type in a name fo the restore point, i.e: Clean
  • Click Create
  • A small System Protection window will come up telling you a Restore Point is being created.
  • Another System Protection window will come up telling you the Restore Point has been created, click OK
  • Click OK again.
  • Close the Control Panel
Now we can purge the old Restore Points
  • Click Start(Windows 7 Orb), click Run (or press the Windows key and R together) to bring up the Run box.
  • Copy and Paste the following in the Run box:
    cleanmgr
  • Click OK
    A Disk Cleanup Options popup will open
    Posted Image
  • Click Files from all users on this computer

    A Drive Selection popup will open
    NOTE: You will not see this window unless you have more than one drive or partition on your computer.
    Posted Image
    If you chose Files from all users on this computer above, then click on Continue for UAC prompt.
  • Select the system drive, C:\ and click OK.
  • For a few moments the system will make some calculations
    Posted Image
  • The Disk Cleanup Window will open:
    Posted Image
  • Click the More Options tab.
  • Click the Clean up button under the Programs and Features section. (See screenshot below)
    Posted Image

Step-8.

Reset Hidden Files and Folders

For Vista and Windows 7
1. Click Start,click Control Panel.
2. Click Folder Options.... NOTE: If you are in the Category view, click Appearance, then Folder Options
3. On the Folder Options window click the View tab.
4. In the Advanced settings: box, Under Hidden files and folders, click the Do not show hidden files and folders button.
5. Click the Hide protected operating system files (Recommended) box.
6. Click Apply and then OK

Now let's see if Windows can delete the TEMP files

Turn the UAC ON before you begin. To do that:
  • Open User Accounts by clicking the Start Orb, clicking Control Panel, clicking User Accounts and Family Safety (or clicking User Accounts, if you are connected to a network domain), and then clicking User Accounts.
  • Click Turn User Account Control on or off. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Select the Use User Account Control (UAC) to help protect your computer check box to turn on UAC, and then click OK.

Delete the TEMP files

  • Click the Start Orb
  • Click Run. In the Open box type cleanmgr and press the Enter key.
  • Choose if you want to clean files from just your user account or from all user accounts on the computer. (See screenshot below)
    Posted Image
  • Click Files from all users on this computer
  • Select which drive you want to use Disk Cleanup on and click on OK. (See screenshot below)
    NOTE: You will not see this window unless you have more than one drive or partition on your computer.

    Posted Image
    If you chose Files from all users on this computer above, then click on Continue for UAC prompt.
  • Windows will spend some time calculating during which you will see this screenshot below.
    Posted Image
  • The Disk Cleanup Window will open:
    Posted Image
  • Click the box beside:
    • Temporary Internet Files
    • Recycle Bin (If there is anything in it)
    • Temporary Files
  • Click the Delete Files button on the confirmation prompt. (See screenshot below)
    Posted Image
  • Disk Cleanup will delete the files and close.
You can now turn UAC off again if you wish to.




Preventing Re-Infection


Below, I have included a number of recommendations for how to protect your computer against future malware infections.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

Vista and Windows 7 Users:
1. Click Start> All Programs, from the list find Windows Update and click it.

:Turn On Automatic Updates:

Vista and Windows 7
1. Click Start> Control Panel. Click Security. Under Windows Update, Click Turn automatic on or off.
2. On the next page, under Important Updates, Click the Drop down arrow on the right side of the box and Click Install Updates Automatically(recommended).
If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your task bar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

: Keep Java Updated :
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
: Keep Adobe Reader Updated :
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed
NOTE: Whether you use Adobe Reader, Acrobat or Foxit Reader to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Click Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. Click OK Close program. It's the same for Foxit Reader except Preferences is under the Tools menu, and you uncheck Enable Javascript Actions.

:Web Browsers:

:Make your Internet Explorer more secure:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to "Prompt"
6. Change the Download unsigned ActiveX controls to "Disable"
7. Change the Initialise and script ActiveX controls not marked as safe to "Disable"
8. Change the Installation of desktop items to "Prompt"
9. Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.

:Alternate Browsers:

If you choose use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  • NoScript - for blocking ads and other potential website attacks
  • WebOfTrust - a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
:Install the MVPs Hosts File:
  • MVPS Hosts file- Install this only if you ues Firefox. Replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.

========Anti Spyware========
  • Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
  • SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
  • SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard-to catch and block spyware before it can execute. A tutorial can be found here.
  • WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.


It's a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

========TEMP File Cleaners========
  • TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
  • CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.
:BACKUPS:
  • Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT-(Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

:Keep Installed Programs Up to Date:

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
A couple of programs that will do this are listed below. Only download and install one of the programs and run it monthly:
Secunia Software Inspector
Filehippo Update Checker

Finally, please read How did I Get Infected in the First Place(by Mr. Tony Klein and dvk01)


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For 24 hours or so. If Anything Comes Up - Just Come Back And Let Me Know

Stay Safe :wave:
godawgs
  • 0

Advertisements

#26
demie
Posted 25 September 2012 - 12:57 PM

demie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello godawgs!

Thank you very much for your help.

Everything done as said on your last post.

If I need any assistance in the future geeks to go is where I'll come!

Cheers,
demie
  • 0

#27
godawgs
Posted 25 September 2012 - 05:13 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
You are very welcome. Just give us a shout if you need us :prop:
  • 0

#28
godawgs
Posted 29 September 2012 - 10:29 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP