Solved Firefox and TrojanDownloader.FraudLoad.NAC Trojan

1

1wraith1

Posts: 21   +0
Hello, when using Firefox ESET and Malwarebytes Anti-Malware stops an outgoing site:

ESET Smart Security 5:
24/2/2012 12:17:14 πμ HTTP filter archive http://www2.bestptholder.net.tf/xty...W1NDN05dmdJtdmJnt59DJmKe03c+UnprS25dVnXyXlLGS HTML/TrojanDownloader.FraudLoad.NAC trojan connection terminated - quarantined psygeio\Θεωρητικώς Φυσικός Threat was detected upon access to web by the application: C:\Program Files (x86)\Aurora\firefox.exe.


Malwarebytes Anti-Malware:
2012/02/24 23:37:11 +0200 PSYGEIO Θεωρητικώς Φυσικός IP-BLOCK 79.133.196.104 (Type: outgoing, Port: 52222, Process: firefox.exe)

Following are the logs from the steps:

P.S. Due to national holiday I will be away untill Monday 27/2 evening local time Greece, so I may not be able to answer untill then.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.23.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Θεωρητικώς Φυσικός :: PSYGEIO [administrator]

Protection: Enabled

24/2/2012 11:32:35 μμ
mbam-log-2012-02-24 (23-32-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271119
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-24 23:13:20
Windows 6.1.7601 Service Pack 1
Running: tgoy3uqh.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167716dcb
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167716dcb@30694b2f2717 0x5D 0xC4 0x22 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0x93 0x95 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167716dcb (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167716dcb@30694b2f2717 0x5D 0xC4 0x22 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0x93 0x95 0xA6 ...

---- EOF - GMER 1.0.15 ----


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Θεωρητικώς Φυσικός at 23:23:19 on 2012-02-24
Microsoft Windows 7 Professional 6.1.7601.1.1253.30.1033.18.4087.1585 [GMT 2:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Program Files\Mediafour\XPlay 3\XPlay.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Θεωρητικώς Φυσικός\Desktop\dds.scr
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.gr/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
uRun: [WLSync] C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe /background
uRun: [011004DFE4DB614BF6A0C2585926100B3190CE98._service_run] "C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [<NO NAME>]
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\8F72~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\8F72~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\8F72~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AVERHI~1.LNK - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AVERQU~1.LNK - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ξαγωγή στο Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Απ&οστολή στο OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4513784B-B413-4714-B369-6457A8383590} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C5155F9F-E308-4F85-96FB-5115D7378BBB} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Users\‡œΰ¨ž«*΅ι ”¬©*΅ζ\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Mozilla\Firefox\Profiles\2zowhpek.default\
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R0 MDFSYSNT;MacDrive file system driver;C:\Windows\system32\drivers\MDFSYSNT.sys --> C:\Windows\system32\drivers\MDFSYSNT.sys [?]
R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\system32\DRIVERS\MDPMGRNT.SYS --> C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 CBDisk;CBDisk;\??\C:\Windows\system32\drivers\CBDisk.sys --> C:\Windows\system32\drivers\CBDisk.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R2 AVerRemote;AVerRemote;C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2011-3-9 344064]
R2 AVerScheduleService;AVerScheduleService;C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2011-3-9 405504]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2010-11-21 72304]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 M4iPodWPDService;M4iPodWPDService;C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe [2010-11-15 211968]
R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312]
R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-5-4 218112]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-24 652360]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-8 5009920]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-21 846448]
R3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;C:\Windows\system32\DRIVERS\AVerBDA716x_x64.sys --> C:\Windows\system32\DRIVERS\AVerBDA716x_x64.sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech QuickCam E3500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RSUSBCCID;Realtek Smartcard Reader Driver;C:\Windows\System32\drivers\RtsUCcid.sys [2010-12-19 50176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-12-19 222720]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 EauthSrv;ESET Zone Authentication Service;C:\Program Files (x86)\ESET\ESET Authentication Server\EHttpSrv.exe [2010-4-1 33560]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 136176]
S2 MySQL2;MySQL2;"C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.1\my.ini" MySQL2 --> C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-8-22 11837440]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-5-11 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-5-11 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 gupdatem;Υπηρεσία Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-24 21:23:23 -------- d-----w- C:\Users\?ί?±ύΪώΆ?? ?Ϋ?ώΆ??\AppData\Local\Microsoft
2012-02-24 19:47:19 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD8CDE5C-7250-4DA0-AA61-0AE13C39DE1F}\offreg.dll
2012-02-24 19:35:39 -------- d-----w- C:\Program Files (x86)\Bigasoft
2012-02-24 19:10:33 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD8CDE5C-7250-4DA0-AA61-0AE13C39DE1F}\mpengine.dll
2012-02-23 22:18:00 -------- d-----w- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Malwarebytes
2012-02-23 22:17:55 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-23 22:17:54 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-23 22:17:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-14 20:29:55 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-14 20:29:55 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-14 20:29:41 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-14 20:29:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-14 20:29:29 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-14 20:29:28 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-14 20:28:54 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-14 20:28:50 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-01-26 15:09:12 -------- d-----w- C:\Program Files\iPod
2012-01-26 15:09:11 -------- d-----w- C:\Program Files\iTunes
2012-01-26 15:09:11 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-02-21 17:37:09 101680 ----a-w- C:\Windows\System32\stkMonitor.dll
2012-02-19 09:49:47 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 03:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-17 18:19:26 1002728 ----a-w- C:\Windows\System32\WinUSBCoInstaller2.dll
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-02 20:27:19 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-01-21 21:12:34 8192 --sha-w- C:\Windows\SysWOW64\srvany.exe
.
============= FINISH: 23:24:24,24 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume8
Install Date: 11/5/2010 4:30:15 πμ
System Uptime: 24/2/2012 9:00:52 μμ (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | P55-UD3L
Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz | Socket 1156 | 2394/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 368 GiB total, 64,189 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 12,71 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: pcouffin device ...
Device ID: ROOT\PCOUFFIN\0000
Manufacturer:
Name: pcouffin device ...
PNP Device ID: ROOT\PCOUFFIN\0000
Service:
.
==== System Restore Points ===================
.
RP428: 23/2/2012 - Scheduled Checkpoint
RP429: 23/2/2012 2:30:33 πμ - Windows Update
.
==== Installed Programs ======================
.
@BIOS
µTorrent
abgx360 v1.0.4
Adobe Acrobat X Pro - English, Franηais, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Master Collection
Adobe Download Assistant
Adobe Media Player
Adobe Shockwave Player 11.6
Adobe Story
Adobe Widget Browser
Advanced PDF Password Recovery
Amazon Kindle For PC
Amazon Send to Kindle
Android SDK Tools
Apple Application Support
Apple Software Update
AVer Media Center
AVS Document Converter 2.1.2
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Bigasoft Audio Converter 3.6.7.4419
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone
BlackBerry Theme Studio 6.0
Blogg-X
calibre
Canon My Printer
cGPSmapper Free 0100d
Command & Conquer Tiberian Sun
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7
D3DX10
Dropbox
Dual-Core Optimizer
DVDFab 8.0.0.5 (25/08/2010)
eReg
ESET Authentication Server
EVEREST Ultimate Edition v5.50
Evernote v. 4.5.3
Facebook Plug-In
FBReader for Windows
Feedback Tool
FileZilla Client 3.4.0
Garmin HomePort
Garmin MapSource
Garmin USB Drivers
Gigabyte Raid Configurer
GmapTool 0.4.8
GMATPrep(TM)
Google Books Downloader version 1.6
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
GSAK 7.7.3.53 (Final)
GTK2-Runtime
Guitar Pro 6
ImgBurn
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 22
Java(TM) 6 Update 29
LibreOffice 3.3
LibreOffice 3.3 Help Pack (Greek)
LimeWire 5.5.14
Lizardtech DjVu Control
Lunascape6 (All Users)
Malwarebytes Anti-Malware version 1.60.1.1000
Media Go
Media Go Video Playback Engine 1.32.107.05130
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Office Live Add-in 1.5
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC100_CRT_SP1_x86
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 11.0 (x86 en-US)
Mozilla Thunderbird (3.1.4)
Mp3tag v2.49b
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MySQL Workbench 5.2 CE
Native Instruments Controller Editor
Native Instruments Service Center
Native Instruments Traktor
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nokia Connectivity Cable Driver
Nokia Suite
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
ON_OFF Charge B11.0110.1
OpenAL
OpenOffice.org 3.3
OpenVPN 2.1.4
Opera 11.52
Outlook Setup Tool
OziExplorer 3.95
PC Connectivity Solution
PDF Settings CS5
PE Builder 3.1.10a
Pidgin
PlayStation(R)Network Downloader
PlayStation(R)Store
Plex Media Server
PxMergeModule
QuickTime
RAR Password Recovery Magic v6.1.1.393
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Safari
ScummVM 1.2.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype™ 5.8
SoundFont Bank Manager
StarCraft II
Stellarium 0.10.6.1
swMSM
SyncMate 2
System Requirements Lab for Intel
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Total Commander (Remove or Repair)
Ubuntu
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Urban Terror 4.1
VLC media player 2.0.0
VMware Workstation
WebM Media Foundation Components
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Wolfram Notebook Indexer 2.0
X3 Terran Conflict v2.1
XBMC
.
==== Event Viewer Messages From Past Week ========
.
24/2/2012 9:08:43 μμ, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
24/2/2012 9:01:29 μμ, Error: Service Control Manager [7034] - The MySQL2 service terminated unexpectedly. It has done this 1 time(s).
24/2/2012 9:01:29 μμ, Error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
24/2/2012 9:01:21 μμ, Error: Service Control Manager [7024] - The VMware Workstation Server service terminated with service-specific error %%-1.
24/2/2012 8:01:56 πμ, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
24/2/2012 8:00:21 πμ, Error: Service Control Manager [7034] - The MySQL2 service terminated unexpectedly. It has done this 1 time(s).
24/2/2012 8:00:21 πμ, Error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
24/2/2012 8:00:14 πμ, Error: Service Control Manager [7024] - The VMware Workstation Server service terminated with service-specific error %%-1.
24/2/2012 11:14:06 μμ, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
23/2/2012 4:08:28 μμ, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
23/2/2012 4:06:58 μμ, Error: Service Control Manager [7034] - The MySQL2 service terminated unexpectedly. It has done this 1 time(s).
23/2/2012 4:06:58 μμ, Error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
23/2/2012 4:06:48 μμ, Error: Service Control Manager [7024] - The VMware Workstation Server service terminated with service-specific error %%-1.
22/2/2012 4:52:14 μμ, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
22/2/2012 2:31:13 πμ, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.121.61.0).
22/2/2012 10:43:05 μμ, Error: Disk [11] - The driver detected a controller error on \...\DR3.
21/2/2012 7:33:27 μμ, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.121.61.0).
20/2/2012 7:31:11 μμ, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
20/2/2012 7:29:42 μμ, Error: Service Control Manager [7034] - The MySQL2 service terminated unexpectedly. It has done this 1 time(s).
20/2/2012 7:29:42 μμ, Error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
20/2/2012 7:29:39 μμ, Error: Service Control Manager [7024] - The VMware Workstation Server service terminated with service-specific error %%-1.
20/2/2012 5:19:28 μμ, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
20/2/2012 5:17:49 μμ, Error: Service Control Manager [7034] - The MySQL2 service terminated unexpectedly. It has done this 1 time(s).
20/2/2012 5:17:49 μμ, Error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
20/2/2012 5:17:47 μμ, Error: Service Control Manager [7024] - The VMware Workstation Server service terminated with service-specific error %%-1.
19/2/2012 8:45:33 μμ, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
19/2/2012 8:43:44 μμ, Error: Service Control Manager [7034] - The MySQL2 service terminated unexpectedly. It has done this 1 time(s).
19/2/2012 8:43:44 μμ, Error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
19/2/2012 8:43:42 μμ, Error: Service Control Manager [7024] - The VMware Workstation Server service terminated with service-specific error %%-1.
19/2/2012 5:48:32 μμ, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
19/2/2012 4:32:56 πμ, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
19/2/2012 4:31:33 πμ, Error: Service Control Manager [7034] - The MySQL2 service terminated unexpectedly. It has done this 1 time(s).
19/2/2012 4:31:33 πμ, Error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
19/2/2012 4:30:32 πμ, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VMware Workstation Server service to connect.
19/2/2012 4:30:32 πμ, Error: Service Control Manager [7000] - The VMware Workstation Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
19/2/2012 2:54:52 μμ, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
19/2/2012 2:01:49 μμ, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
19/2/2012 2:00:46 μμ, Error: Service Control Manager [7034] - The MySQL2 service terminated unexpectedly. It has done this 1 time(s).
19/2/2012 2:00:46 μμ, Error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
19/2/2012 2:00:45 μμ, Error: Service Control Manager [7024] - The VMware Workstation Server service terminated with service-specific error %%-1.
19/2/2012 2:00:29 μμ, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041790, 0xfffffa80007aa7b0, 0x000000000000ffff, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021912-26192-01.
19/2/2012 12:40:58 μμ, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
19/2/2012 12:39:32 μμ, Error: Service Control Manager [7034] - The MySQL2 service terminated unexpectedly. It has done this 1 time(s).
19/2/2012 12:39:32 μμ, Error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
19/2/2012 12:38:32 μμ, Error: Service Control Manager [7024] - The VMware Workstation Server service terminated with service-specific error %%-1.
19/2/2012 12:35:03 μμ, Error: Service Control Manager [7000] - The PORTIO64 service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
19/2/2012 11:45:58 πμ, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
19/2/2012 11:45:40 πμ, Error: Service Control Manager [7034] - The MySQL2 service terminated unexpectedly. It has done this 1 time(s).
19/2/2012 11:45:40 πμ, Error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
19/2/2012 11:45:34 πμ, Error: Service Control Manager [7024] - The VMware Workstation Server service terminated with service-specific error %%-1.
17/2/2012 5:20:30 μμ, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
17/2/2012 5:18:33 μμ, Error: Service Control Manager [7034] - The MySQL2 service terminated unexpectedly. It has done this 1 time(s).
17/2/2012 5:18:33 μμ, Error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
17/2/2012 5:18:33 μμ, Error: Service Control Manager [7024] - The VMware Workstation Server service terminated with service-specific error %%-1.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================================

Download BTKR_RunBox to your desktop.

Double click on downloaded BTKR_RunBox.exe file.
Small RunBox DOS window will open.
Press any key to continue.
Press "1" to select "Run a scan with Bootkit Remover" option.
Press "Enter".
Press "Enter" one more time to generate log.
Click OK, IF any "Warning" message pops up.
Notepad will open with Bootkit Remover log.
Copy the content and post it in your next reply.
In RunBox press "4" then Enter to exit it.

NOTE. In case you lost the log it's also located on your desktop as "scan.txt"
 
Thank you for your reply and sorry about the double post! Here are the next two logs that you requested:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-25 00:46:28
-----------------------------
00:46:28.175 OS Version: Windows x64 6.1.7601 Service Pack 1
00:46:28.176 Number of processors: 4 586 0x1E05
00:46:28.176 ComputerName: PSYGEIO UserName:
00:46:30.144 Initialize success
00:48:14.384 AVAST engine defs: 12022402
00:48:31.211 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-5
00:48:31.214 Disk 0 Vendor: WDC_WD10EADS-00L5B1 01.01A01 Size: 953869MB BusType: 11
00:48:31.217 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
00:48:31.219 Disk 1 Vendor: WDC_WD5000AAKS-22YGA0 12.01C02 Size: 476940MB BusType: 11
00:48:31.234 Disk 1 MBR read successfully
00:48:31.237 Disk 1 MBR scan
00:48:31.243 Disk 1 unknown MBR code
00:48:31.246 Disk 1 Partition - 00 05 Extended 100000 MB offset 2046
00:48:31.263 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 376938 MB offset 204802048
00:48:31.280 Disk 1 Partition 2 00 83 Linux 976 MB offset 2048
00:48:31.287 Disk 1 Partition - 00 05 Extended 977 MB offset 2000896
00:48:31.327 Disk 1 scanning C:\Windows\system32\drivers
00:48:46.252 Service scanning
00:49:13.975 Modules scanning
00:49:13.986 Disk 1 trace - called modules:
00:49:14.004 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800432f2c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
00:49:14.010 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004b16060]
00:49:14.014 3 CLASSPNP.SYS[fffff8800162c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8004869680]
00:49:14.018 \Driver\atapi[0xfffffa80047e91e0] -> IRP_MJ_CREATE -> 0xfffffa800432f2c0
00:49:15.456 AVAST engine scan C:\Windows
00:49:20.088 AVAST engine scan C:\Windows\system32
00:52:53.338 AVAST engine scan C:\Windows\system32\drivers
00:53:12.426 AVAST engine scan C:\Users\Θεωρητικώς Φυσικός
01:08:41.592 AVAST engine scan C:\ProgramData
01:12:49.388 Scan finished successfully
01:13:45.487 Disk 1 MBR has been saved successfully to "C:\Users\Θεωρητικώς Φυσικός\Desktop\MBR.dat"
01:13:45.493 The log file has been saved successfully to "C:\Users\Θεωρητικώς Φυσικός\Desktop\aswMBR.txt"


Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com
Program version: 1.2.0.0
OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 64-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive1 at offset 0x00000018`6a100000
Boot sector MD5 is: 0df30532d29b134f3f80dd7d908543b3

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive1 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;



Press any key to quit...
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Hello and thanks for your reply.

When ComboFix finished I re-opened Eset and Anti-Malware as I was guided, but I mistakenly re-opened Chrome (I don't use Firefox for the time being) before I enabled them, because I thought it was done automatically.

Here is the results from C:\ComboFix.txt

ComboFix 12-02-27.02 - Θεωρητικώς Φυσικός 27/02/2012 18:08:26.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1253.30.1033.18.4087.2536 [GMT 2:00]
Running from: c:\users\Lί?±ύΪώΆ¦? ?Ϋ?ώΆ??\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\SysWow64\pthreadVC.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-27 to 2012-02-27 )))))))))))))))))))))))))))))))
.
.
2012-02-27 16:17 . 2012-02-27 16:17 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Local\temp
2012-02-27 15:52 . 2012-02-27 15:52 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{0C2AC31A-35B5-4CD8-BBAB-5DA9FBEE11A8}
2012-02-27 15:51 . 2012-02-27 15:52 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{4FCC22C1-1ACB-4BB1-B843-A1B292F9E92B}
2012-02-24 21:23 . 2012-02-24 21:23 -------- d-----w- c:\users\1F4B~1
2012-02-24 19:35 . 2012-02-24 19:35 -------- d-----w- c:\program files (x86)\Bigasoft
2012-02-24 19:10 . 2012-02-19 23:05 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD8CDE5C-7250-4DA0-AA61-0AE13C39DE1F}\mpengine.dll
2012-02-24 19:09 . 2012-02-24 19:10 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{5ACE74B0-C85E-4820-A27F-1E29B6941827}
2012-02-24 19:09 . 2012-02-24 19:09 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{3C5F1CDE-835F-41EE-A5C5-1FAB5D39D6A9}
2012-02-24 06:02 . 2012-02-24 06:03 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{0B39791B-0646-4676-B279-5588C0D3EAE6}
2012-02-24 06:02 . 2012-02-24 06:02 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{EB8F12B9-5835-43C8-8ACA-4BEC616FC274}
2012-02-23 22:18 . 2012-02-23 22:18 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Roaming\Malwarebytes
2012-02-23 22:17 . 2012-02-23 22:17 -------- d-----w- c:\programdata\Malwarebytes
2012-02-23 22:17 . 2012-02-23 22:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-23 22:17 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 14:08 . 2012-02-23 14:08 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{154E9927-1E42-43C8-8730-13D0AB9091F0}
2012-02-23 14:08 . 2012-02-23 14:08 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{03CFFACD-CABC-4E2C-BB17-06495F8A1736}
2012-02-21 13:17 . 2012-02-21 13:17 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{BA36E659-9417-4AEA-AB45-11023A30DCF6}
2012-02-21 13:17 . 2012-02-21 13:17 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{4FA3C4EE-6826-4B6E-90FB-328597AA759A}
2012-02-20 15:19 . 2012-02-20 15:20 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{34A5E794-E0E5-40C7-A345-CCDEE3596C8F}
2012-02-20 15:19 . 2012-02-20 15:19 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{A3CEBDA6-1E5F-47D6-9FBF-C88E7FA7D080}
2012-02-19 17:44 . 2012-02-19 17:44 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-02-19 15:49 . 2012-02-19 15:49 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{548E1A0A-E3F9-42A2-922A-585A170DF836}
2012-02-19 15:48 . 2012-02-19 15:49 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{F1031BEA-A8EA-4D11-AD37-D9116C72CAD9}
2012-02-19 12:02 . 2012-02-19 12:02 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Local\{466930CE-0FB7-42F2-95F1-954315130A8F}
2012-02-19 12:02 . 2012-02-19 12:02 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Local\{0F6FECA1-152C-4AAC-9E36-FC70A293270A}
2012-02-19 02:33 . 2012-02-19 02:33 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{33A8AFED-1A11-45F4-A309-0FE7D2331003}
2012-02-19 02:33 . 2012-02-19 02:33 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{6B6F82C3-49A9-4DFD-B82A-2F396CEB1860}
2012-02-17 15:19 . 2012-02-17 15:19 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Local\{9775C6A0-EA56-4868-B1A4-3370E09E06A3}
2012-02-17 15:19 . 2012-02-17 15:19 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Local\{8C365F22-9AC2-478D-81F9-253794E0084C}
2012-02-15 18:53 . 2012-02-15 18:53 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Local\{6EDBE16C-8572-4529-BF22-FACA09E0A8A8}
2012-02-15 18:53 . 2012-02-15 18:53 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Local\{C84C55FA-8A37-45A8-B9C7-DBB3EA31E4BB}
2012-02-14 20:29 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 20:29 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-14 20:29 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 20:29 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-14 20:29 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 20:29 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 20:28 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 20:28 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 20:01 . 2012-02-14 20:01 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{C729050A-4A15-4BD5-9B51-9AB1EC50BFA8}
2012-02-14 20:01 . 2012-02-14 20:01 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{98C85F8E-8E1A-4453-A986-156F9C88117C}
2012-02-14 13:09 . 2012-02-14 13:09 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Local\{877FFE05-3740-4FC9-AEFC-2D7C7F48D1C6}
2012-02-14 13:08 . 2012-02-14 13:09 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Local\{BED2C4D3-3B2F-4F79-A18D-255E88A6D470}
2012-02-10 08:56 . 2012-02-10 08:56 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Local\{137F1B07-3AEC-470F-BEAC-615A234B836A}
2012-02-10 08:55 . 2012-02-10 08:56 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Local\{986913D5-3B81-4F93-997C-0175718C51CB}
2012-02-09 20:10 . 2012-02-09 20:10 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{CE062A88-0CE8-4D68-96EB-88DEB10FF6AF}
2012-02-09 20:10 . 2012-02-09 20:10 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{B641D319-2F4C-413F-A787-993983A2688D}
2012-02-08 15:39 . 2012-02-08 15:39 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Local\{B85C49FD-0ACD-4BBB-AA0F-BF56E733FD95}
2012-02-08 15:39 . 2012-02-08 15:39 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Local\{B8E6C776-B0C5-4763-86A8-E648DB43DD15}
2012-02-07 20:47 . 2012-02-07 20:49 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Roaming\vlc
2012-02-07 20:01 . 2012-02-07 20:02 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Local\{C8F831D5-FA2A-4755-8ED2-685E5E44A41C}
2012-02-07 20:01 . 2012-02-07 20:01 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Local\{733200E3-AC66-4E83-A40C-7DAFB5C9D8E0}
2012-02-06 09:19 . 2012-02-06 09:19 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Local\{C4A54B16-B198-489F-9946-F3B91A220A9B}
2012-02-06 09:19 . 2012-02-06 09:19 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Local\{6584504D-A86C-49D3-AF64-887C73B37134}
2012-02-05 20:24 . 2012-02-05 20:24 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{DA6C536A-149B-4E9A-8C55-3AF566FAE7DC}
2012-02-05 20:24 . 2012-02-05 20:24 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{1EB3A37D-218D-4CA6-BB01-BF7A91583CD3}
2012-02-02 19:22 . 2012-02-02 19:22 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{6B95523C-92CA-41E5-A362-CE2FD169803F}
2012-02-02 19:21 . 2012-02-02 19:22 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{BB1028C5-8E81-404E-8D35-D8DCF7345DCC}
2012-02-01 06:38 . 2012-02-01 06:39 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Local\{4E9A58B5-090D-406C-A156-C7A1EDF81383}
2012-02-01 06:38 . 2012-02-01 06:38 -------- d-----w- c:\users\Έφη-Κώστας\AppData\Local\{D8EBA06E-0EE6-4EDC-B120-1638E31E94AF}
2012-01-30 14:35 . 2012-01-30 14:35 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{7587C166-382C-4127-BE79-5AFD8408A5EA}
2012-01-30 14:34 . 2012-01-30 14:35 -------- d-----w- c:\users\Θεωρητικώς Φυσικός\AppData\Local\{F2B5F1B1-8E5E-4E8A-AF8C-7E91113C993C}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 17:37 . 2012-01-12 20:38 101680 ----a-w- c:\windows\system32\stkMonitor.dll
2012-02-19 09:49 . 2011-05-25 14:25 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 03:10 . 2010-05-11 01:46 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-17 18:19 . 2012-01-09 13:30 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2011-12-02 20:27 . 2011-12-02 20:27 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-21 21:12 8192 --sha-w- c:\windows\SysWOW64\srvany.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Θεωρητικώς Φυσικός\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Θεωρητικώς Φυσικός\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Θεωρητικώς Φυσικός\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-01-03 1243040]
"011004DFE4DB614BF6A0C2585926100B3190CE98._service_run"="c:\users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-02-21 1216496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-08-22 103536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Θεωρητικώς Φυσικός\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Θεωρητικώς Φυσικός\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
EvernoteClipper.lnk - c:\users\Θεωρητικώς Φυσικός\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2010-8-19 503808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2011-3-9 155648]
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2011-3-9 651264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 EauthSrv;ESET Zone Authentication Service;c:\program files (x86)\ESET\ESET Authentication Server\EHttpSrv.exe [2010-04-01 33560]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 136176]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
R2 MySQL2;MySQL2;c:\program files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.1\my.ini MySQL2 [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-11 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-05-11 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 esihdrv;esihdrv;c:\users\8F72~1\AppData\Local\Temp\esihdrv.sys [x]
R3 gupdatem;Υπηρεσία Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PORTIO64;PORTIO64;c:\users\8F72~1\AppData\Local\Temp\PIO10F0.tmp [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-09 344064]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-12-10 405504]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 M4iPodWPDService;M4iPodWPDService;c:\program files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe [2010-11-15 211968]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-07-29 205312]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-05-04 218112]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 5009920]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-21 846448]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;c:\windows\system32\DRIVERS\AVerBDA716x_x64.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\DRIVERS\RtsUCcid.sys [2009-08-10 50176]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-19 222720]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 18:49]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 18:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Θεωρητικώς Φυσικός\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Θεωρητικώς Φυσικός\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Θεωρητικώς Φυσικός\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Θεωρητικώς Φυσικός\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 2345848]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-05-25 343040]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-05-25 192512]
"{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}"="c:\program files\Mediafour\XPlay 3\XPlay.exe" [2010-11-15 395776]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-07-28 499608]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.gr/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\users\Θεωρητικώς Φυσικός\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Απ&οστολή στο OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Θεωρητικώς Φυσικός\AppData\Roaming\Mozilla\Firefox\Profiles\2zowhpek.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WLSync - c:\program files (x86)\Windows Live\Mesh\WLSync.exe
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Tiberian Sun - c:\westwood\SUN\Uninstll.EXE
AddRemove-Wubi - e:\ubuntu\uninstall-wubi.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL2]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL2"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PORTIO64]
"ImagePath"="\??\c:\users\8F72~1\AppData\Local\Temp\PIO10F0.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-27 18:20:10
ComboFix-quarantined-files.txt 2012-02-27 16:20
.
Pre-Run: 68.447.641.600 bytes free
Post-Run: 71.403.692.032 bytes free
.
- - End Of File - - 140EDAA005A2766095AC5D8C5264A6E6
 
Looks good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Works smoothly so far! No messages from the AV programs so far.

Here are the logs from OTL. They are two large to fit in one message, so I'll break them in parts.


OTL Extras logfile created on: 28/2/2012 8:29:15 πμ - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Θεωρητικώς Φυσικός\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

3,99 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 57,81% Memory free
7,98 Gb Paging File | 6,10 Gb Available in Paging File | 76,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 368,10 Gb Total Space | 68,40 Gb Free Space | 18,58% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 12,71 Gb Free Space | 1,36% Space Free | Partition Type: NTFS

Computer Name: PSYGEIO | User Name: Θεωρητικώς Φυσικός | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-3920980187-3421094710-1568484316-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{129C5584-DB98-4A98-B28F-299C45E1E355}" = Microsoft Camera Codec Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{391C9982-E373-42CE-A6B1-DF84632DF7E9}" = MacDrive 8
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{528E2373-AE49-4802-B4A8-326BBFDAD6A0}" = VmciSockets
"{5586CBEA-C071-4616-B809-6E11815D2190}" = ESET Smart Security
"{561AB451-B967-475C-80E0-3B6679C38B52}" = MySQL Server 5.1
"{5621D339-24C0-492F-ACDD-C7B478EC15BD}" = XPlay 3
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{64A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1 (64-bit)
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0408-1000-0000000FF1CE}" = Microsoft Office Access MUI (Greek) 2010
"{90140000-0015-0408-1000-0000000FF1CE}_Office14.PROPLUS_{39D7D104-10FA-4DD1-82A2-A6C34865E6CB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0408-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Greek) 2010
"{90140000-0016-0408-1000-0000000FF1CE}_Office14.PROPLUS_{39D7D104-10FA-4DD1-82A2-A6C34865E6CB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0408-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Greek) 2010
"{90140000-0018-0408-1000-0000000FF1CE}_Office14.PROPLUS_{39D7D104-10FA-4DD1-82A2-A6C34865E6CB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0408-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Greek) 2010
"{90140000-0019-0408-1000-0000000FF1CE}_Office14.PROPLUS_{39D7D104-10FA-4DD1-82A2-A6C34865E6CB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0408-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Greek) 2010
"{90140000-001A-0408-1000-0000000FF1CE}_Office14.PROPLUS_{39D7D104-10FA-4DD1-82A2-A6C34865E6CB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0408-1000-0000000FF1CE}" = Microsoft Office Word MUI (Greek) 2010
"{90140000-001B-0408-1000-0000000FF1CE}_Office14.PROPLUS_{39D7D104-10FA-4DD1-82A2-A6C34865E6CB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0408-1000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2010
"{90140000-001F-0408-1000-0000000FF1CE}_Office14.PROPLUS_{C237F777-8DD0-4200-8540-7D4112C9B97F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0408-1000-0000000FF1CE}" = Microsoft Office Proofing (Greek) 2010
"{90140000-002C-0408-1000-0000000FF1CE}_Office14.PROPLUS_{E6D97278-C584-4766-8F76-F9EF7FDFCD4F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0408-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Greek) 2010
"{90140000-0043-0408-1000-0000000FF1CE}_Office14.PROPLUS_{E8722DB8-67AB-4238-AF30-EE2B62FC32CF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0408-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Greek) 2010
"{90140000-0044-0408-1000-0000000FF1CE}_Office14.PROPLUS_{39D7D104-10FA-4DD1-82A2-A6C34865E6CB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0408-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Greek) 2010
"{90140000-006E-0408-1000-0000000FF1CE}_Office14.PROPLUS_{734A3927-FD2A-4628-9FD8-CE06840CFD29}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0408-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Greek) 2010
"{90140000-00A1-0408-1000-0000000FF1CE}_Office14.PROPLUS_{39D7D104-10FA-4DD1-82A2-A6C34865E6CB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0408-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Greek) 2010
"{90140000-00BA-0408-1000-0000000FF1CE}_Office14.PROPLUS_{39D7D104-10FA-4DD1-82A2-A6C34865E6CB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-1000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 64-bit
"{95140000-007D-0409-1000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{98F1227D-0001-0C05-4752-545A69204274}_is1" = Best Collection Digital Color Palette for Photoshop CS5 - 32/64bit
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{d40af016-506c-43fb-a738-bd54fa8c1e86}" = Python 3.1.2 (64-bit)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E2C98732-F973-4985-A9C5-DC06178E16EE}" = Microsoft Mathematics Add-in (64-bit)
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"M-WIN-L 7.0.1 1213965_is1" = Wolfram Mathematica 7 (M-WIN-L 7.0.1 1213965)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RealVNC_is1" = VNC Enterprise Edition E4.6.1
"SP6" = Logitech SetPoint 6.30
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"uTorrent" = µTorrent
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"VNCPrinter_is1" = VNC Printer Driver 1.7.0
"WinRAR archiver" = WinRAR 4.10 beta 3 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{182C5618-801C-4FB2-B2B0-F389FACC900E}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone
"{1873789F-59D5-4002-8A2F-60A827B78F98}_is1" = GmapTool 0.4.8
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19DD4C89-7C0E-4A27-B44B-8219A8ACB53D}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone
"{1BA8864E-AE9C-42AA-8F34-D76B7EE68817}" = MySQL Workbench 5.2 CE
"{1EA21742-4EBF-47B3-9262-F445CAFA9AC1}" = LibreOffice 3.3 Help Pack (Greek)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216729B6-014A-F413-814F-F17F74FBA113}_is1" = Google Books Downloader version 1.6
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2497107D-1D39-4A87-8342-C0B96240CD74}" = Garmin HomePort
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{38D218CF-2D27-4A35-8344-B17C269F08DE}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{42146C53-4D93-46EF-A221-734B08978E1B}" = calibre
"{423F0323-854D-4D18-BC21-EAFA16B9651E}" = BlackBerry Desktop Software 6.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A64AAC8-904B-4AAB-86D5-5376E2EBA999}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone
"{5C318BD3-BA72-43E4-9D16-A18210B4A5A5}" = Media Go
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B76F16C-850D-4E53-B395-8C0690BA9018}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7BFD42CA-460A-11E1-AE58-984BE15F174E}" = Evernote v. 4.5.3
"{7D41E190-A28D-42E1-A106-D07F405821A4}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{7F9A6943-ABCF-47CB-99F6-EFDF65212448}_is1" = SyncMate 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86DDAB11-AC32-45E8-B346-FBEF11F21073}" = BlackBerry Theme Studio 6.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CCA4800-152A-4C51-8569-5803FBD67CC9}" = LibreOffice 3.3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DD6892C-C9A8-404B-95ED-1CCE15324178}" = BlackBerry App World Browser Plugin
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A5B5FFFA-2CD9-ECEA-ECE7-17EAA9063E0C}" = Blogg-X
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96CDEDA-6C94-4C7B-9B55-AC1CD88B5494}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Franηais, Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B2F3FB19-D848-479C-818E-130ABC9366DB}" = BlackBerry Device Software Updater
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B676A5C6-5DA0-4169-8B20-8FE6F68CC21B}" = ESET Authentication Server
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep(TM)
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C55C88F9-4627-47CE-823D-53B0A86D4A71}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2912CB2-F95A-406C-AA88-2BB5DCB6D275}" = AVer Media Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF181652-D4F9-7D64-AED8-57D31E8D0410}" = Media Go Video Playback Engine 1.32.107.05130
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C18656-7971-4D0D-B075-0B974595308A}" = Plex Media Server
"{E6333CE4-9DC0-455C-9D43-E011CE33F5FA}_is1" = Bigasoft Audio Converter 3.6.7.4419
"{E9A09D40-EB20-4169-8674-F96132AAD2A3}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB9607C0-17B8-42B8-BB99-A1C9F7038363}" = Wolfram Notebook Indexer 2.0
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"abgx360" = abgx360 v1.0.4
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALchemy" = Creative ALchemy
"Android SDK Tools" = Android SDK Tools
"AudioCS" = Creative Audio Control Panel
"AVS Document Converter_is1" = AVS Document Converter 2.1.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Blogg-X.CD1239318CC6AFFD683724AE31E8A0CEF8672511.1" = Blogg-X
"CanonMyPrinter" = Canon My Printer
"cGPSmapper Free_is1" = cGPSmapper Free 0100d
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DVDFab 8_is1" = DVDFab 8.0.0.5 (25/08/2010)
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FBReader for Windows" = FBReader for Windows
"FileZilla Client" = FileZilla Client 3.4.0
"GSAK_is1" = GSAK 7.7.3.53 (Final)
"GTK2-Runtime" = GTK2-Runtime
"ImgBurn" = ImgBurn
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{D2912CB2-F95A-406C-AA88-2BB5DCB6D275}" = AVer Media Center
"LimeWire" = LimeWire 5.5.14
"Lunascape6" = Lunascape6 (All Users)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"Mp3tag" = Mp3tag v2.49b
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Nokia Suite" = Nokia Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.1.4
"Opera 11.52.1100" = Opera 11.52
"outlookset" = Outlook Setup Tool
"OziExplorer 3.95_is1" = OziExplorer 3.95
"PE Builder_is1" = PE Builder 3.1.10a
"Pidgin" = Pidgin
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.393
"ScummVM_is1" = ScummVM 1.2.0
"SendToKindle" = Amazon Send to Kindle
"SFBM" = SoundFont Bank Manager
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"StarCraft II" = StarCraft II
"Stellarium_is1" = Stellarium 0.10.6.1
"Tiberian Sun" = Command & Conquer Tiberian Sun
"Totalcmd" = Total Commander (Remove or Repair)
"Urban Terror_is1" = Urban Terror 4.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.0
"VMware_Workstation" = VMware Workstation
"WaveStudio 7" = Creative WaveStudio 7
"webmmf" = WebM Media Foundation Components
"WinLiveSuite" = Windows Live Essentials
"Wubi" = Ubuntu
"X3TerranConflict_is1" = X3 Terran Conflict v2.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3920980187-3421094710-1568484316-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"Amazon Kindle For PC" = Amazon Kindle For PC
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"XBMC" = XBMC

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
OTL logfile created on: 28/2/2012 8:29:15 πμ - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Θεωρητικώς Φυσικός\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

3,99 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 57,81% Memory free
7,98 Gb Paging File | 6,10 Gb Available in Paging File | 76,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 368,10 Gb Total Space | 68,40 Gb Free Space | 18,58% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 12,71 Gb Free Space | 1,36% Space Free | Partition Type: NTFS

Computer Name: PSYGEIO | User Name: Θεωρητικώς Φυσικός | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/28 08:27:44 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\OTL.exe
PRC - [2012/02/15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/23 14:42:34 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 15:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2011/08/22 16:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011/08/22 16:07:18 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2011/08/22 16:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011/08/22 14:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011/02/18 09:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/11/20 14:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/11/15 15:50:58 | 000,211,968 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe
PRC - [2010/05/05 18:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/05/05 18:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/01/19 04:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/08/01 03:06:25 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2009/07/29 10:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
PRC - [2009/06/20 01:31:39 | 000,651,264 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
PRC - [2009/04/09 03:49:30 | 000,344,064 | ---- | M] (AVerMedia) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/12/10 10:01:50 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/31 15:44:40 | 000,315,392 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Apps\Evernote\Evernote\libtidy.dll
MOD - [2011/08/31 15:44:38 | 000,433,664 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Apps\Evernote\Evernote\libxml2.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/05 18:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CtxfiRes.dll
MOD - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/08/01 03:06:25 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/06/17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/03/15 14:18:32 | 002,610,952 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2011/03/15 14:18:22 | 002,266,376 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2011/02/04 21:36:56 | 002,360,048 | ---- | M] (RealVNC Ltd) [On_Demand | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV:64bit: - [2010/05/04 13:33:00 | 000,218,112 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/12/08 20:25:45 | 005,009,920 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/31 15:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/22 16:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/08/22 16:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011/08/22 15:34:52 | 011,837,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2011/08/22 14:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/08/21 22:11:28 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2010/11/15 15:50:58 | 000,211,968 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe -- (M4iPodWPDService)
SRV - [2010/11/08 23:04:26 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/05/11 13:29:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/05/11 13:18:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/01 14:32:36 | 000,033,560 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files (x86)\ESET\ESET Authentication Server\EHttpSrv.exe -- (EauthSrv)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/19 04:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009/07/29 10:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE -- (M4LIC)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/09 03:49:30 | 000,344,064 | ---- | M] (AVerMedia) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/12/10 10:01:50 | 000,405,504 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2007/05/31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/22 16:07:58 | 000,062,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011/08/22 16:07:50 | 000,031,344 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2011/08/22 16:06:46 | 000,032,880 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011/08/22 16:06:14 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011/08/22 14:12:26 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011/08/22 14:12:26 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011/08/21 22:11:26 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/17 12:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 12:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 12:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 12:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/08/09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/08 13:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/08/04 09:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011/08/04 09:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2011/06/01 05:16:50 | 000,535,656 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/12 16:38:37 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/04/30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/04/30 13:59:10 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/04/30 13:59:10 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 16:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/01/10 17:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/08 23:04:26 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/06/17 07:44:24 | 000,138,256 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2010/05/18 09:07:26 | 000,306,280 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV:64bit: - [2010/05/05 20:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/05/05 20:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/05/05 20:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/05/05 20:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/05/05 20:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/05/05 20:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/05/05 20:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/05/05 20:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/05/05 20:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/05/05 20:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/05/05 20:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/05/05 20:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/05/05 20:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/05/05 09:43:24 | 000,032,352 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV:64bit: - [2010/04/16 07:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/04/09 15:04:26 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2010/01/27 10:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/01/13 10:15:54 | 000,070,344 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CBDisk.sys -- (CBDisk)
DRV:64bit: - [2009/10/07 07:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam E3500(UVC)
DRV:64bit: - [2009/10/07 07:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/08/19 21:12:24 | 000,222,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/10 12:46:54 | 000,050,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUCcid.sys -- (RSUSBCCID)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 11:58:40 | 001,354,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerBDA716x_x64.sys -- (AVerBDA6x_x64)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2011/11/23 20:42:45 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/08/19 21:12:24 | 000,222,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/08/10 12:46:54 | 000,050,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\RtsUCcid.sys -- (RSUSBCCID)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3920980187-3421094710-1568484316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.gr/
IE - HKU\S-1-5-21-3920980187-3421094710-1568484316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = el-GR
IE - HKU\S-1-5-21-3920980187-3421094710-1568484316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F4 02 00 7C 1A 26 CC 01 [binary data]
IE - HKU\S-1-5-21-3920980187-3421094710-1568484316-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3920980187-3421094710-1568484316-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/01/09 13:28:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/01/12 22:37:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/07/28 22:50:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/24 08:18:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/12 22:37:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/31 23:07:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/01/09 13:28:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_3.1@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 [2011/11/12 18:13:26 | 000,000,000 | ---D | M]

[2012/02/24 08:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Mozilla\Extensions
[2010/09/20 13:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/02/24 08:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Mozilla\Firefox\Profiles\2zowhpek.default\extensions
[2012/02/24 08:18:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/24 08:18:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
File not found (No name found) -- C:\USERS\Ξ˜ΞΜΟ‰ΟΞ·Ο„ΞΉΞΊΟŽΟ‚ ΦυΟƑΞΉΞΊΟŒΟ‚\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2ZOWHPEK.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012/02/16 11:42:22 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/27 17:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007/02/04 22:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll
[2012/02/16 11:41:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 11:41:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\\u0398\u03B5\u03C9\u03C1\u03B7\u03C4\u03B9\u03BA\u03CE\u03C2 \u03A6\u03C5\u03C3\u03B9\u03BA\u03CC\u03C2\AppData\Local\Google\Chrome\Application\18.0.1025.39\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\\u0398\u03B5\u03C9\u03C1\u03B7\u03C4\u03B9\u03BA\u03CE\u03C2 \u03A6\u03C5\u03C3\u03B9\u03BA\u03CC\u03C2\AppData\Local\Google\Chrome\Application\18.0.1025.39\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\\u0398\u03B5\u03C9\u03C1\u03B7\u03C4\u03B9\u03BA\u03CE\u03C2 \u03A6\u03C5\u03C3\u03B9\u03BA\u03CC\u03C2\AppData\Local\Google\Chrome\Application\18.0.1025.39\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\\u0398\u03B5\u03C9\u03C1\u03B7\u03C4\u03B9\u03BA\u03CE\u03C2 \u03A6\u03C5\u03C3\u03B9\u03BA\u03CC\u03C2\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: LizardTech DjVu (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\\u0398\u03B5\u03C9\u03C1\u03B7\u03C4\u03B9\u03BA\u03CE\u03C2 \u03A6\u03C5\u03C3\u03B9\u03BA\u03CC\u03C2\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\\u0398\u03B5\u03C9\u03C1\u03B7\u03C4\u03B9\u03BA\u03CE\u03C2 \u03A6\u03C5\u03C3\u03B9\u03BA\u03CC\u03C2\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\\u0398\u03B5\u03C9\u03C1\u03B7\u03C4\u03B9\u03BA\u03CE\u03C2 \u03A6\u03C5\u03C3\u03B9\u03BA\u03CC\u03C2\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Angry Birds = C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Twitter = C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgpkgmkabdomefpimepbdjhcnifanacj\1.0.1_0\
CHR - Extension: YouTube = C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: posthoc = C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikajdinojambnjmdglchkjiklcmklalj\0.4_0\
CHR - Extension: BBC Good Food = C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja\3_0\
CHR - Extension: Inventive Theme | Tema Inventivo = C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\User Data\Default\Extensions\jogkafbidohnjkkhgjbcmjipdlejjedi\1.0_0\
CHR - Extension: Poppit = C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Amazon Windowshop = C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\User Data\Default\Extensions\nielaigelomefgdoljcpfgbdbfefhdjc\1.1.0.0_0\
CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.7_0\
CHR - Extension: Gmail = C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/02/27 18:17:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Reg Error: Value error.) - {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} - C:\Program Files\Mediafour\XPlay 3\XPBHO.DLL (Mediafour Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKU\S-1-5-21-3920980187-3421094710-1568484316-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}] C:\Program Files\Mediafour\XPlay 3\XPlay.exe (Mediafour Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-3920980187-3421094710-1568484316-1000..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3920980187-3421094710-1568484316-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3920980187-3421094710-1568484316-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4513784B-B413-4714-B369-6457A8383590}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5155F9F-E308-4F85-96FB-5115D7378BBB}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/28 08:27:49 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\OTL.exe
[2012/02/28 08:22:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/27 18:05:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/27 18:05:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/27 18:05:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/27 18:05:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/27 18:05:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/27 17:56:05 | 004,420,957 | R--- | C] (Swearware) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\ComboFix.exe
[2012/02/27 17:52:04 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{0C2AC31A-35B5-4CD8-BBAB-5DA9FBEE11A8}
[2012/02/27 17:51:49 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{4FCC22C1-1ACB-4BB1-B843-A1B292F9E92B}
[2012/02/25 00:45:34 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\aswMBR.exe
[2012/02/24 23:15:49 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\dds.scr
[2012/02/24 21:38:58 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\Documents\Bigasoft Audio Converter
[2012/02/24 21:37:51 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\Desktop\Bigasoft.Audio.Converter.v3.5.2.4281.Incl.Keymaker-BLiZZARD
[2012/02/24 21:35:43 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bigasoft
[2012/02/24 21:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bigasoft
[2012/02/24 21:34:21 | 010,455,456 | ---- | C] (Bigasoft Corporation) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\b-audio-converter.exe
[2012/02/24 21:09:40 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{5ACE74B0-C85E-4820-A27F-1E29B6941827}
[2012/02/24 21:09:28 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{3C5F1CDE-835F-41EE-A5C5-1FAB5D39D6A9}
[2012/02/24 08:02:55 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{0B39791B-0646-4676-B279-5588C0D3EAE6}
[2012/02/24 08:02:35 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\TDSSKiller.exe
[2012/02/24 08:02:26 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{EB8F12B9-5835-43C8-8ACA-4BEC616FC274}
[2012/02/24 00:18:00 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Malwarebytes
[2012/02/24 00:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/24 00:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/24 00:17:54 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/24 00:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/24 00:12:46 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\001_mbam-setup-1.60.1.1000.exe
[2012/02/23 16:08:40 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{154E9927-1E42-43C8-8730-13D0AB9091F0}
[2012/02/23 16:08:05 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{03CFFACD-CABC-4E2C-BB17-06495F8A1736}
[2012/02/23 00:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2012/02/21 15:17:19 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{BA36E659-9417-4AEA-AB45-11023A30DCF6}
[2012/02/21 15:17:07 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{4FA3C4EE-6826-4B6E-90FB-328597AA759A}
[2012/02/20 17:19:50 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{34A5E794-E0E5-40C7-A345-CCDEE3596C8F}
[2012/02/20 17:19:37 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{A3CEBDA6-1E5F-47D6-9FBF-C88E7FA7D080}
[2012/02/19 19:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/02/19 19:44:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/02/19 17:49:04 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{548E1A0A-E3F9-42A2-922A-585A170DF836}
[2012/02/19 17:48:52 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{F1031BEA-A8EA-4D11-AD37-D9116C72CAD9}
[2012/02/19 12:34:10 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\Desktop\JungleFlasher v0.1.92 Beta (304)
[2012/02/19 05:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/02/19 04:33:41 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{33A8AFED-1A11-45F4-A309-0FE7D2331003}
[2012/02/19 04:33:29 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{6B6F82C3-49A9-4DFD-B82A-2F396CEB1860}
[2012/02/14 23:43:24 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\Desktop\Total.Commander.v7.57.RC1.Multilingual.WinALL.Cracked-BLiZZARD
[2012/02/14 22:01:43 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{C729050A-4A15-4BD5-9B51-9AB1EC50BFA8}
[2012/02/14 22:01:25 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{98C85F8E-8E1A-4453-A986-156F9C88117C}
[2012/02/09 22:10:30 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{CE062A88-0CE8-4D68-96EB-88DEB10FF6AF}
[2012/02/09 22:10:10 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{B641D319-2F4C-413F-A787-993983A2688D}
[2012/02/05 22:24:22 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{DA6C536A-149B-4E9A-8C55-3AF566FAE7DC}
[2012/02/05 22:24:11 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{1EB3A37D-218D-4CA6-BB01-BF7A91583CD3}
[2012/02/02 21:22:21 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{6B95523C-92CA-41E5-A362-CE2FD169803F}
[2012/02/02 21:21:46 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{BB1028C5-8E81-404E-8D35-D8DCF7345DCC}
[2012/01/30 16:35:11 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{7587C166-382C-4127-BE79-5AFD8408A5EA}
[2012/01/30 16:34:56 | 000,000,000 | ---D | C] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{F2B5F1B1-8E5E-4E8A-AF8C-7E91113C993C}
[2010/09/05 01:53:59 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\pcouffin.sys
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/28 08:29:38 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/28 08:29:38 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/28 08:27:44 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\OTL.exe
[2012/02/28 08:24:48 | 000,001,039 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/28 08:24:10 | 000,001,208 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/28 08:23:07 | 000,001,204 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/28 08:21:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/28 08:21:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/02/28 08:21:34 | 3214,528,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/27 23:28:51 | 000,062,476 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000005-00001102-00000005-00311102}.rfx
[2012/02/27 23:28:51 | 000,062,476 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000005-00001102-00000005-00311102}.rfx
[2012/02/27 23:28:51 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000005-00001102-00000005-00311102}.rfx
[2012/02/27 21:17:59 | 001,642,044 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\xartis_parnassou.jpg
[2012/02/27 18:17:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/27 17:56:46 | 004,420,957 | R--- | M] (Swearware) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\ComboFix.exe
[2012/02/25 01:13:45 | 000,000,512 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\MBR.dat
[2012/02/25 00:48:12 | 000,568,832 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\BTKR_RunBox.exe
[2012/02/25 00:46:15 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\aswMBR.exe
[2012/02/24 23:15:51 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\dds.scr
[2012/02/24 22:21:41 | 000,302,592 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\tgoy3uqh.exe
[2012/02/24 21:35:43 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Bigasoft Audio Converter.lnk
[2012/02/24 21:34:46 | 010,455,456 | ---- | M] (Bigasoft Corporation) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\b-audio-converter.exe
[2012/02/24 08:18:44 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/24 00:17:56 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/23 18:42:44 | 001,008,141 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\rkill.com
[2012/02/23 00:15:12 | 000,730,656 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/23 00:15:12 | 000,618,716 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/23 00:15:12 | 000,107,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/23 00:15:02 | 000,001,010 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Application Data\Microsoft\Internet Explorer\Quick Launch\Mp3tag.lnk
[2012/02/23 00:13:09 | 002,452,400 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\001_mp3tagv249bsetup.exe
[2012/02/22 22:24:10 | 001,624,928 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\001_Government_Employee1.wmv
[2012/02/22 00:33:17 | 103,051,696 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\nfs_233.zip
[2012/02/22 00:25:40 | 001,210,183 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\Monopoly0.0.40.apk_signed.apk
[2012/02/22 00:24:58 | 052,865,780 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\TheSims™3 v1.0.46 SDFiles-Any Device.zip
[2012/02/22 00:20:19 | 001,099,819 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\TheSims™3 v1.0.46.apk
[2012/02/22 00:16:44 | 005,870,605 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\N2HD1.0.3.apk
[2012/02/21 19:47:19 | 003,648,023 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\953250EL.pdf
[2012/02/21 19:37:09 | 000,101,680 | ---- | M] (Amazon.com, Inc.) -- C:\Windows\SysNative\stkMonitor.dll
[2012/02/21 18:53:29 | 020,529,626 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\001_Navigon401EU.apk
[2012/02/21 09:24:16 | 000,060,646 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\Lloyd's List - Tankers - OSG abandons $241.pdf
[2012/02/21 02:34:41 | 000,045,260 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\001_Hugo 2011 1080p BluRay X264-AMIABLE.torrent
[2012/02/19 18:16:09 | 000,085,791 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\billing_407156255_4f4120452dfef.pdf
[2012/02/19 14:00:16 | 586,058,232 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/19 12:00:07 | 000,051,200 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/16 12:05:59 | 002,041,519 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\001_tdsskiller.zip
[2012/02/15 21:34:16 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\TDSSKiller.exe
[2012/02/14 23:53:59 | 000,060,992 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000005-00001102-00000005-00311102}.rfx
[2012/02/14 23:53:59 | 000,060,992 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000005-00001102-00000005-00311102}.rfx
[2012/02/14 23:53:59 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000005-00001102-00000005-00311102}.rfx
[2012/02/14 23:03:19 | 005,054,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/09 09:36:54 | 004,264,249 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\PPT_Ship_Operating_Costs.pdf
[2012/02/08 02:34:26 | 093,887,319 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\001_SystemUpdate_14717_USB.zip
[2012/01/31 00:44:47 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\001_mbam-setup-1.60.1.1000.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/27 21:18:04 | 001,642,044 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\xartis_parnassou.jpg
[2012/02/27 18:05:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/27 18:05:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/27 18:05:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/27 18:05:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/27 18:05:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/25 01:13:45 | 000,000,512 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\MBR.dat
[2012/02/25 00:48:02 | 000,568,832 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\BTKR_RunBox.exe
[2012/02/24 22:21:44 | 000,302,592 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\tgoy3uqh.exe
[2012/02/24 21:35:43 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Bigasoft Audio Converter.lnk
[2012/02/24 08:18:44 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/24 08:18:44 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/24 00:17:56 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/24 00:12:24 | 002,041,519 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\001_tdsskiller.zip
[2012/02/23 18:42:38 | 001,008,141 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\rkill.com
[2012/02/23 00:13:04 | 002,452,400 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\001_mp3tagv249bsetup.exe
[2012/02/22 23:18:14 | 004,264,249 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\PPT_Ship_Operating_Costs.pdf
[2012/02/22 23:18:14 | 000,050,544 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\SHIP OPERATING COSTS_PDF.mmap.pdf
[2012/02/22 22:24:12 | 001,624,928 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\001_Government_Employee1.wmv
[2012/02/22 00:25:34 | 001,210,183 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\Monopoly0.0.40.apk_signed.apk
[2012/02/22 00:24:18 | 103,051,696 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\nfs_233.zip
[2012/02/22 00:20:30 | 052,865,780 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\TheSims™3 v1.0.46 SDFiles-Any Device.zip
[2012/02/22 00:20:15 | 001,099,819 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\TheSims™3 v1.0.46.apk
[2012/02/22 00:15:19 | 005,870,605 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\N2HD1.0.3.apk
[2012/02/21 19:47:19 | 003,648,023 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\953250EL.pdf
[2012/02/21 18:53:30 | 020,529,626 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\001_Navigon401EU.apk
[2012/02/21 09:24:16 | 000,060,646 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\Lloyd's List - Tankers - OSG abandons $241.pdf
[2012/02/21 02:34:42 | 000,045,260 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\001_Hugo 2011 1080p BluRay X264-AMIABLE.torrent
[2012/02/19 18:16:08 | 000,085,791 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\billing_407156255_4f4120452dfef.pdf
[2012/02/19 12:59:24 | 093,887,319 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\001_SystemUpdate_14717_USB.zip
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/25 16:01:08 | 000,000,000 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{FA2F7967-5B9F-43A7-BAD0-20287A420735}
[2011/09/25 15:59:51 | 000,000,000 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{B823924B-FF44-4413-9598-459680FA6F0D}
[2011/09/21 03:09:05 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/11 19:37:46 | 000,000,000 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{924413E8-4033-4534-9921-0285B879ECE8}
[2011/09/11 19:36:04 | 000,000,000 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{804A093D-EF1D-4051-A071-AED4AEC3E003}
[2011/05/18 18:11:24 | 000,000,000 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{359BEC59-16ED-4D2B-8BF0-7227E7F40D17}
[2011/05/18 18:10:05 | 000,000,000 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{1659028D-5807-49C0-9192-5F53CDABDF3D}
[2011/05/18 17:26:44 | 000,000,000 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{107F2729-766D-4F97-A58A-FC3D9B12FC21}
[2011/05/18 17:25:15 | 000,000,000 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{8518CF74-8FDE-4CCB-BBB3-E699C9EF1FFE}
[2011/05/18 17:20:12 | 000,000,000 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{D46C2719-7E1D-49EB-8BBC-1157CB4803FD}
[2011/05/18 17:18:35 | 000,000,000 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{06142DD5-3B2A-4105-9227-84FCB9C7112B}
[2011/05/18 16:45:48 | 000,000,000 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{02A825D6-F793-48DE-A9F6-852622E36C80}
[2011/05/18 16:44:16 | 000,000,000 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\{9AAAA69B-31D8-4E2B-AA7F-809142E5854C}
[2011/04/05 12:49:29 | 000,000,132 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/03/09 22:07:38 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.dll
[2011/03/09 22:07:38 | 000,003,456 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.sys
[2011/03/09 22:07:37 | 000,598,016 | ---- | C] () -- C:\Windows\SysWow64\sptlib21.dll
[2011/03/09 22:07:37 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\sptlib11.dll
[2011/03/09 22:07:37 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\sptlib22.dll
[2011/03/09 22:07:37 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\sptlib03.dll
[2011/03/09 22:07:37 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\sptlib01.dll
[2011/03/09 22:07:37 | 000,225,280 | ---- | C] () -- C:\Windows\SysWow64\sptlib02.dll
[2011/03/09 22:07:37 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\sptlib12.dll
[2011/01/19 03:18:37 | 000,000,173 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\msmathematics.qat.Θεωρητικώς Φυσικός
[2011/01/14 16:37:14 | 000,225,280 | ---- | C] () -- C:\Windows\SysWow64\net_rim_plazmic_flint_dialog.dll
[2010/12/24 19:35:14 | 000,008,192 | -HS- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010/11/24 02:13:28 | 002,493,643 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2010/11/21 14:44:15 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2010/11/21 14:38:39 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/10/10 23:38:23 | 000,051,200 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/05 01:53:59 | 000,099,384 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\inst.exe
[2010/09/05 01:53:59 | 000,007,859 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\pcouffin.cat
[2010/09/05 01:53:59 | 000,001,167 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\pcouffin.inf
[2010/07/06 19:57:21 | 000,001,456 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/06/03 03:06:56 | 000,007,613 | ---- | C] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Resmon.ResmonCfg
[2010/05/22 15:52:23 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2010/05/11 19:37:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/11 13:17:24 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/05/11 13:17:24 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/05/05 19:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/05/05 18:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010/05/05 18:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010/05/05 18:46:30 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/05/05 18:46:30 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/05/05 18:38:22 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010/05/05 18:38:18 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

========== LOP Check ==========

[2010/06/02 20:21:49 | 000,000,000 | ---D | M] -- C:\Users\aris\AppData\Roaming\ESET
[2010/06/19 20:21:01 | 000,000,000 | ---D | M] -- C:\Users\aris\AppData\Roaming\Research In Motion
[2011/12/13 23:08:28 | 000,000,000 | ---D | M] -- C:\Users\Έφη-Κώστας\AppData\Roaming\Canon
[2010/09/26 17:05:37 | 000,000,000 | ---D | M] -- C:\Users\Έφη-Κώστας\AppData\Roaming\ESET
[2011/10/02 19:49:49 | 000,000,000 | ---D | M] -- C:\Users\Έφη-Κώστας\AppData\Roaming\Leadertech
[2010/10/23 16:22:27 | 000,000,000 | ---D | M] -- C:\Users\Έφη-Κώστας\AppData\Roaming\OpenOffice.org
[2010/12/15 16:11:27 | 000,000,000 | ---D | M] -- C:\Users\Έφη-Κώστας\AppData\Roaming\Thunderbird
[2010/11/05 03:33:28 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\.purple
[2010/05/31 03:23:36 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\abgx360
[2010/12/29 15:22:01 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Amazon
[2011/04/27 00:18:27 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\anpo.republika.pl
[2011/01/28 02:39:04 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Blackberry Desktop
[2010/09/20 14:11:09 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Blogg-X.CD1239318CC6AFFD683724AE31E8A0CEF8672511.1
[2011/12/16 17:59:06 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\calibre
[2010/11/26 22:43:02 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Canon
[2010/11/02 16:46:49 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/02 14:09:53 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\com.adobe.dmp.contentviewer
[2011/07/25 20:12:39 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/01/30 19:45:45 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Composer
[2010/05/11 19:34:04 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\DAEMON Tools Lite
[2010/05/13 18:16:17 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\deluge
[2012/02/28 08:25:05 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Dropbox
[2010/09/05 02:07:46 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\DVDFab
[2010/09/23 20:21:00 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\enchant
[2010/05/11 03:43:08 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\ESET
[2010/06/11 05:49:53 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Facebook
[2011/05/03 19:02:42 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\FileZilla
[2011/04/26 23:42:31 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\fltk.org
[2011/04/26 23:21:31 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\GARMIN
[2011/08/07 14:21:42 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\GHISLER
[2011/09/11 18:30:18 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\gsak
[2010/09/23 20:24:19 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\gtk-2.0
[2010/06/06 02:31:48 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Guitar Pro 6
[2010/05/22 15:06:51 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\ImgBurn
[2011/03/21 22:56:41 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\LaunchPad
[2010/05/11 03:56:40 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Leadertech
[2011/01/26 09:35:23 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\LibreOffice
[2012/02/28 08:23:47 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\LimeWire
[2010/09/24 20:39:18 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\LucasArts
[2010/10/09 13:02:03 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Lunascape
[2012/02/23 00:33:30 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Mp3tag
[2010/09/22 00:11:01 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\MySQL
[2010/09/01 21:16:41 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\OOo-dev
[2010/06/17 05:51:32 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\OpenOffice.org
[2010/05/12 04:49:47 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Opera
[2011/03/22 01:58:43 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\PACE Anti-Piracy
[2011/12/23 15:55:11 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\PC Suite
[2011/01/28 14:41:18 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Research In Motion
[2010/06/29 00:28:24 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\ScummVM
[2010/06/24 11:50:49 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Sony
[2010/06/24 11:46:33 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Sony Setup
[2010/06/22 00:56:41 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Stellarium
[2010/10/27 20:19:10 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\SyncMate
[2011/09/20 20:44:05 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\SystemRequirementsLab
[2010/09/20 13:14:34 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Thunderbird
[2012/02/24 21:50:04 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\uTorrent
[2010/09/05 01:54:25 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Vso
[2011/08/01 15:29:45 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\X-Chat 2
[2011/12/25 16:57:28 | 000,000,000 | ---D | M] -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\XBMC
[2012/02/20 17:17:44 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/09/21 03:09:11 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/11/20 14:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2010/05/11 14:15:27 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/02/27 18:20:10 | 000,030,068 | ---- | M] () -- C:\ComboFix.txt
[2011/01/12 22:37:25 | 000,147,460 | ---- | M] () -- C:\CTSUFile.txt
[2010/09/23 09:07:51 | 000,000,606 | ---- | M] () -- C:\debug.log
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/02/28 08:21:34 | 3214,528,512 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/05/11 03:44:25 | 000,000,512 | ---- | M] () -- C:\openbsd.pbr
[2012/02/28 08:21:32 | 4286,038,016 | -HS- | M] () -- C:\pagefile.sys
[2012/02/24 08:04:38 | 000,000,517 | ---- | M] () -- C:\rkill.log
[2012/02/24 08:10:35 | 000,094,632 | ---- | M] () -- C:\TDSSKiller.2.7.13.0_24.02.2012_08.05.08_log.txt
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI
[2010/05/23 05:01:53 | 000,088,813 | ---- | M] () -- C:\wubildr
[2010/05/23 05:01:53 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr


< %systemroot%\Fonts\*.com >
[2009/07/14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/03/15 22:41:35 | 000,000,221 | -HS- | M] () -- C:\Users\Θεωρητικώς Φυσικός\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/01/31 00:44:47 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\001_mbam-setup-1.60.1.1000.exe
[2012/02/23 00:13:09 | 002,452,400 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\001_mp3tagv249bsetup.exe
[2012/02/25 00:46:15 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\aswMBR.exe
[2012/02/24 21:34:46 | 010,455,456 | ---- | M] (Bigasoft Corporation) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\b-audio-converter.exe
[2012/02/25 00:48:12 | 000,568,832 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\BTKR_RunBox.exe
[2012/02/27 17:56:46 | 004,420,957 | R--- | M] (Swearware) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\ComboFix.exe
[2012/02/28 08:27:44 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\OTL.exe
[2012/02/15 21:34:16 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Θεωρητικώς Φυσικός\Desktop\TDSSKiller.exe
[2012/02/24 22:21:41 | 000,302,592 | ---- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Desktop\tgoy3uqh.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\tasks\*.* >
[2012/02/28 08:23:07 | 000,001,204 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/28 08:24:10 | 000,001,208 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/28 08:21:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/02/20 17:17:44 | 000,032,550 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 23:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/11/10 18:57:29 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/11/10 18:57:29 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2010/05/11 03:52:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2010/05/11 03:52:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/11/10 18:57:29 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/14 23:04:33 | 000,000,402 | -HS- | M] () -- C:\Users\Θεωρητικώς Φυσικός\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
No captured output from command...

< dir /b "%systemroot%\*.exe" | find /i " " /c >
No captured output from command...

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2011/04/09 14:29:32 | 000,000,000 | ---D | M](C:\Users\Eauncoee?o Oooeeuo\AppData\Roaming\Research In Motion) -- C:\Users\Èåùñçôéêþò Öõóéêüò\AppData\Roaming\Research In Motion

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:5F64C164

< End of report >
 
Good news :)

OTL logs are clean.

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please, run F-Secure Online Scanner

  • Disable your Antivirus program.
  • Checkmark I have read and accepted the license terms.
  • Click on Run Check button.
  • Quick scan (recommended) option will come pre-checked. Don't change it.
  • Click on Start button.
  • When scan is done, in Step 3: Clean the files, leave all settings as they're.
  • Click Next button.
  • Click Full report... button.
  • Copy report's content and paste it into your next reply.
 
Thanks for your reply!

The PC is running smoothly! So far, so good! :)

Here are the results from Security Check:


Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Authentication Server
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 20
Java(TM) 6 Update 29
Java(TM) 6 Update 22
Out of date Java installed!
Mozilla Thunderbird (3.1.4) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

From FSS:

Farbar Service Scanner Version: 22-02-2012
Ran by Θεωρητικώς Φυσικός (administrator) on 29-02-2012 at 09:18:43
Running from "C:\Users\Θεωρητικώς Φυσικός\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

From F-Secure Online Scanner:
Scanning Report
Wednesday, February 29, 2012 09:50:35 - 10:00:59

Computer name: PSYGEIO
Scanning type: Quick scan
Target: System
6 malware found
TrackingCookie.2o7 (spyware)

System (Disinfected)

TrackingCookie.Atdmt (spyware)

System (Disinfected)

TrackingCookie.Doubleclick (spyware)

System (Disinfected)

TrackingCookie.Webtrends (spyware)

System (Disinfected)

TrackingCookie.Liveperson (spyware)

System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

System (Disinfected)

Statistics
Scanned:

Files: 6624
System: 6624
Not scanned: 0

Actions:

Disinfected: 6
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0

Options
Scanning engines:

Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Thanks for your reply. All running smoothly except for this (from Anti-Malware logs):

2012/02/29 12:11:50 +0200 PSYGEIO Θεωρητικώς Φυσικός IP-BLOCK 195.216.243.41 (Type: outgoing, Port: 52485, Process: firefox.exe)
2012/02/29 12:11:58 +0200 PSYGEIO Θεωρητικώς Φυσικός IP-BLOCK 174.36.242.32 (Type: outgoing, Port: 52586, Process: firefox.exe)

Here are the logs from OTL's clean-up:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: aris
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: dsp
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 0 bytes

User: Èåùñçôéêþò Öõóéêüò
->Temp folder emptied: 0 bytes

User: Έφη-Κώστας
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Θεωρητικώς Φυσικός
->Temp folder emptied: 170920800 bytes
->Temporary Internet Files folder emptied: 4345363 bytes
->Java cache emptied: 31658 bytes
->FireFox cache emptied: 52638979 bytes
->Google Chrome cache emptied: 17018512 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2673 bytes

User: ‡œΰ¨ž«*΅ι ”¬©*΅ζ
->Temp folder emptied: 0 bytes

User: ╚ί∙±ύΪώΆ■≥ ╓Ϋ≤ώΆⁿ≥
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 264180 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 234,00 mb


[EMPTYFLASH]

User: All Users

User: aris
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: dsp

User: Public

User: user

User: Èåùñçôéêþò Öõóéêüò

User: Έφη-Κώστας
->Flash cache emptied: 0 bytes

User: Θεωρητικώς Φυσικός
->Flash cache emptied: 0 bytes

User: ‡œΰ¨ž«*΅ι ”¬©*΅ζ

User: ╚ί∙±ύΪώΆ■≥ ╓Ϋ≤ώΆⁿ≥

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: aris
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: dsp

User: Public

User: user

User: Èåùñçôéêþò Öõóéêüò

User: Έφη-Κώστας
->Java cache emptied: 0 bytes

User: Θεωρητικώς Φυσικός
->Java cache emptied: 0 bytes

User: ‡œΰ¨ž«*΅ι ”¬©*΅ζ

User: ╚ί∙±ύΪώΆ■≥ ╓Ϋ≤ώΆⁿ≥

Total Java Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.33.2 log created on 03012012_214427

Files\Folders moved on Reboot...
C:\Users\Θεωρητικώς Φυσικός\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2340.log moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back