TechSpot

Windows 7 (64-bit) problem with enabling firewall and using MSE

By primp1
Jul 5, 2012
  1. We are all really lucky that forums like this exist. I hope that I'll be another PC user to be helped by you guys! Now, according to your instructions, the things you need to check:

    1. Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    (Translated from Greek, since log was generated in this language...sorry!)

    Έκδοση βάσης δεδομένων: v2012.07.05.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Primp :: PRIMP-TURBO [διαχειριστής]

    5/7/2012 12:14:46 μμ
    mbam-log-2012-07-05 (12-14-46).txt

    Τύπος σάρωσης: Γρήγορη σάρωση
    Ενεργοποιημένες επιλογές σάρωσης: Μνήμη | Εκκίνηση | Μητρώο | Σύστημα αρχείων | Ευρετική μέθοδος/Extra | Ευρετική μέθοδος/Shuriken | PUP | PUM
    Απενεργοποιημένες επιλογές σάρωσης: P2P
    Αντικείμενα που σαρώθηκαν: 227928
    Χρόνος που έχει διανυθεί: 4 λεπτό(ά), 6 δευτερόλεπτο(α)

    Εντοπίστηκαν διεργασίες στη μνήμη: 1
    C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 1692 -> Deleted during restart.

    Εντοπίστηκαν στοιχεία στη μνήμη: 0
    (No harmful objects detected)

    Εντοπίστηκαν κλειδιά στο μητρώο: 0
    (No harmful objects detected)

    Εντοπίστηκαν τιμές στο μητρώο: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Δεδομένα: C:\Windows\system32\regedit.exe -> Isolated and successfully deleted.

    Εντοπίστηκαν αντικείμενα δεδομένων στο μητρώο: 0
    (Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

    Εντοπίστηκαν φάκελοι: 0
    (Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

    Εντοπίστηκαν αρχεία: 6
    C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Deleted during restart.
    C:\Users\Primp\AppData\Local\Temp\30359182.exe (Trojan.Ransom) -> Isolated and successfully deleted.
    C:\Windows\Installer\{4eac500b-479f-5042-11b6-d7bcfd1bc3ec}\n (Trojan.Sirefef) -> Isolated and successfully deleted.
    C:\Windows\Installer\{4eac500b-479f-5042-11b6-d7bcfd1bc3ec}\U\800000cb.@ (Rootkit.0Access) -> Isolated and successfully deleted.
    C:\Users\Primp\AppData\Local\Temp\.exe (Trojan.Agent) -> Isolated and successfully deleted.
    C:\Windows\System32\regedit.exe (Trojan.Agent) -> Isolated and successfully deleted.



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-07-05 12:29:52
    Windows 6.1.7601 Service Pack 1
    Running: 8eq10t8t.exe


    ---- Services - GMER 1.0.15 ----

    Service C:\SystemRoot\System32\Drivers\53d2bc0aae3392cd.sys (*** hidden *** ) [BOOT] 53d2bc0aae3392cd <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----



    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Primp at 12:32:02 on 2012-07-05
    Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1032.18.4007.2309 [GMT 3:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
    C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe
    C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe
    C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\FSP\FspUip.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe
    C:\Users\Primp\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\QuickTime\qttask.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files (x86)\PHotkey\PHotkey.exe
    C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
    C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
    C:\Program Files (x86)\PHotkey\PVDesktop.exe
    C:\Program Files (x86)\PHotkey\PVDAgent.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\PHotkey\POSD.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://redplanet.gr/
    uDefault_Page_URL = hxxp://nmd.msn.com
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [CamAppSTI.exe] C:\Program Files (x86)\AVEO\AVEO USB2.0 PC Camera(E2WVTM2N90829)\STI\CamAppSTI.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [UVS11 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    StartupFolder: C:\Users\Primp\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Primp\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOBILE~1.LNK - C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&ξαγωγή στο Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Απ&οστολή στο OneNote - C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{FC014274-D8FC-4F5C-8A59-DC420E4AABC2} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{FC014274-D8FC-4F5C-8A59-DC420E4AABC2}\052796D607 : DhcpNameServer = 192.168.2.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    {9FDDE16B-836F-4806-AB1F-1455CBEFF289}
    {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    {B4F3A835-0E21-4959-BA22-42B3008E02FF}
    {d2ce3e00-f94a-4740-988e-03dc2f38c34f}
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    {8dcb7100-df86-4384-8842-8fa844297b3f}
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [CamAppSTI.exe] C:\Program Files (x86)\AVEO\AVEO USB2.0 PC Camera(E2WVTM2N90829)\STI\CamAppSTI.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [UVS11 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
    SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Primp\AppData\Roaming\Mozilla\Firefox\Profiles\q06ktbyx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://redplanet.gr/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [2011-4-15 151552]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Atheros\Bluetooth Suite\AdminService.exe [2010-11-25 52896]
    R2 GFNEXSrv;GFNEX Service;C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [2011-4-15 159752]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-15 1997416]
    R2 PEGAGFN;PEGAGFN;C:\Program Files (x86)\PHotkey\PEGAGFN.sys [2011-4-15 14344]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-8-24 430136]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.EXE [2011-4-15 2655768]
    R3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\system32\drivers\anvsnddrv.sys --> C:\Windows\system32\drivers\anvsnddrv.sys [?]
    R3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
    R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
    R3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;C:\Windows\system32\DRIVERS\fspad_wlh64.sys --> C:\Windows\system32\DRIVERS\fspad_wlh64.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 KMService;KMService;C:\Windows\System32\srvany.exe [2012-2-8 8192]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
    S3 appliand;Applian Network Service;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 113120]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Υπηρεσία Τεχνολογιών ενεργοποίησης των Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WiselinkPro;SAMSUNG WiselinkPro Service;C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2009-1-8 4136960]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-07-05 09:23:17 328704 ----a-w- C:\Windows\System32\services.exe.FDBAA0CCA8F582EF
    2012-07-05 09:10:26 -------- d-----w- C:\Users\Primp\AppData\Roaming\Malwarebytes
    2012-07-05 09:10:22 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-05 09:10:22 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-05 09:10:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-05 07:44:10 328704 ----a-w- C:\Windows\System32\services.exe.E6C01FE05E24A771
    2012-07-05 07:25:44 328704 ----a-w- C:\Windows\System32\services.exe.FACD1AAEFC2CD377
    2012-07-05 06:34:15 328704 ----a-w- C:\Windows\System32\services.exe.7A7ECDBE1008DDBC
    2012-07-05 06:08:26 328704 ----a-w- C:\Windows\System32\services.exe.6EC053BBB99677CD
    2012-07-05 05:02:52 328704 ----a-w- C:\Windows\System32\services.exe.38B0BD81EE1C95CA
    2012-07-05 05:01:18 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9C451E05-512F-4679-B088-694D3EDC6A8C}\gapaengine.dll
    2012-07-05 05:00:53 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C8578B6-4B4A-42E6-9B42-0EF55AC0B508}\mpengine.dll
    2012-07-05 04:56:59 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-07-05 04:56:55 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-07-05 04:56:31 -------- d-----w- C:\4a8794088a3e3564e8add8
    2012-07-05 03:12:28 328704 ----a-w- C:\Windows\System32\services.exe.0F275663ECCF0FA6
    2012-07-05 02:39:04 328704 ----a-w- C:\Windows\System32\services.exe.BB341C7F86CDA583
    2012-07-05 02:05:53 328704 ----a-w- C:\Windows\System32\services.exe.25A17A8BA553B200
    2012-07-05 01:32:39 328704 ----a-w- C:\Windows\System32\services.exe.D75A04C5B4CC0433
    2012-07-05 00:59:24 328704 ----a-w- C:\Windows\System32\services.exe.86D2F22C6BEA5DC6
    2012-07-05 00:26:12 328704 ----a-w- C:\Windows\System32\services.exe.4EB5B85A2A1F51BC
    2012-07-04 23:53:06 328704 ----a-w- C:\Windows\System32\services.exe.A592970885CBF363
    2012-07-04 23:07:56 328704 ----a-w- C:\Windows\System32\services.exe.AA0421C5A7E274DF
    2012-07-04 22:34:46 328704 ----a-w- C:\Windows\System32\services.exe.446547DEA88485C3
    2012-07-04 22:01:31 328704 ----a-w- C:\Windows\System32\services.exe.E286743384FBF9CF
    2012-07-04 21:28:11 328704 ----a-w- C:\Windows\System32\services.exe.6EFB8D6DE65AD994
    2012-07-04 20:54:59 328704 ----a-w- C:\Windows\System32\services.exe.AD7DD862ECD3A3C0
    2012-07-04 19:58:26 328704 ----a-w- C:\Windows\System32\services.exe.B7FD9E996CA30787
    2012-07-04 19:13:24 328704 ----a-w- C:\Windows\System32\services.exe.D98A11EECD25719C
    2012-07-04 18:40:21 328704 ----a-w- C:\Windows\System32\services.exe.1D4790F504C4F182
    2012-07-04 18:07:16 328704 ----a-w- C:\Windows\System32\services.exe.FE400439CA2BA703
    2012-07-04 17:34:11 328704 ----a-w- C:\Windows\System32\services.exe.98D591B013D24E3A
    2012-07-04 17:01:11 328704 ----a-w- C:\Windows\System32\services.exe.0D72D46903DA2B52
    2012-07-04 16:27:58 328704 ----a-w- C:\Windows\System32\services.exe.8E7FE08AB30EC89D
    2012-07-04 15:54:44 328704 ----a-w- C:\Windows\System32\services.exe.1D161B10D30F0AC8
    2012-07-04 15:21:30 328704 ----a-w- C:\Windows\System32\services.exe.1F19D756E4A8F770
    2012-07-04 14:36:27 328704 ----a-w- C:\Windows\System32\services.exe.6E1CD41EAD298BF6
    2012-07-04 13:52:04 328704 ----a-w- C:\Windows\System32\services.exe.2AA1BA8D3E5C7DF1
    2012-07-04 13:06:56 328704 ----a-w- C:\Windows\System32\services.exe.E34DA390E5A7F994
    2012-07-03 21:04:00 328704 ----a-w- C:\Windows\System32\services.exe.A6A603BDF504085C
    2012-07-03 20:27:11 328704 ----a-w- C:\Windows\System32\services.exe.608B43EA96789A0D
    2012-07-03 19:29:00 328704 ----a-w- C:\Windows\System32\services.exe.C90C269205C28EF6
    2012-07-03 10:35:03 328704 ----a-w- C:\Windows\System32\services.exe.7C83AA13EDC29D5F
    2012-07-03 09:28:31 15824 ----a-w- C:\FixitRegBackup.reg
    2012-07-03 09:18:24 328704 ----a-w- C:\Windows\System32\services.exe.BA505ED1D8D50E1E
    2012-07-03 08:47:28 328704 ----a-w- C:\Windows\System32\services.exe.ACD0D92549659CE9
    2012-07-03 08:44:07 -------- d-s---w- C:\Windows\SysWow64\Microsoft
    2012-07-03 08:35:05 328704 ----a-w- C:\Windows\System32\services.exe.1ACC0F1279A5C723
    2012-07-03 08:22:09 328704 ----a-w- C:\Windows\System32\services.exe.32427D6E07835127
    2012-07-03 08:20:24 -------- d-----w- C:\Users\Primp\AppData\Local\ElevatedDiagnostics
    2012-07-03 08:15:23 -------- d-----w- C:\4d1a849fb5212d8e3a0b4b5888f3
    2012-06-23 08:07:51 -------- d-sh--w- C:\Windows\System32\%APPDATA%
    2012-06-22 19:46:52 40960 ----a-w- C:\Users\Primp\0i763f66bz.exe
    2012-06-19 11:12:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-19 11:11:55 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-19 11:11:43 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-19 11:11:43 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-19 08:05:40 -------- d-----w- C:\Users\Primp\AppData\Roaming\ooVoo Details
    2012-06-19 08:05:32 -------- d-----w- C:\Program Files (x86)\ooVoo
    2012-06-13 15:52:37 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-12 04:52:59 -------- d-----w- C:\Users\Primp\AppData\Local\Macromedia
    2012-06-07 07:56:42 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-07 07:56:42 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-06 20:02:03 -------- d-----w- C:\Program Files (x86)\Eidos
    .
    ==================== Find3M ====================
    .
    2012-06-24 14:38:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-24 14:38:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-03 20:05:35 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-11 09:01:45 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
    2012-05-11 09:01:45 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    .
    ============= FINISH: 12:32:46,88 ===============



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/2/2012 10:26:59 μμ
    System Uptime: 5/7/2012 12:24:38 μμ (0 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | A15
    Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz | CPU 1 | 1392/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 249 GiB total, 96,742 GiB free.
    D: is CDROM (UDF)
    E: is FIXED (NTFS) - 217 GiB total, 44,184 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP87: 22/6/2012 8:58:19 πμ - Windows Update
    RP88: 24/6/2012 7:00:20 μμ - Πρόγραμμα αντιγράφων ασφαλείας των Windows
    RP89: 1/7/2012 10:01:57 μμ - Πρόγραμμα αντιγράφων ασφαλείας των Windows
    RP90: 3/7/2012 11:12:17 πμ - Installed Microsoft Fix it 50687
    RP91: 3/7/2012 12:27:45 μμ - Installed Microsoft Fix it 50535
    RP92: 5/7/2012 9:30:05 πμ - Installed Microsoft Fix it 50687
    RP93: 5/7/2012 10:21:37 πμ - Λειτουργία επαναφοράς
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Alcor Micro USB Card Reader
    Any Video Converter Professional 3.0.7
    Any Video Converter Ultimate 4.3.5
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Atheros Driver Installation Program
    AVEO USB2.0 PC Camera(E2WVTM2N90829)
    Bing Bar
    Bing Bar Platform
    BS.Player FREE
    D3DX10
    DAEMON Tools Lite
    Dropbox
    ImgBurn
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    InterVideo DeviceService
    Java Auto Updater
    Java(TM) 6 Update 31
    Junk Mail filter update
    Malwarebytes Anti-Malware έκδοση 1.61.0.1400
    Mesh Runtime
    Messenger Companion
    Microsoft Search Enhancement Pack
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    MKVToolNix 5.6.0
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    ooVoo
    PHotkey
    PMB
    QuickTime
    Renesas Electronics USB 3.0 Host Controller Driver
    Replay Media Catcher 4 (4.3.2)
    SAMSUNG PC Share Manager
    Security Update for Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Skype Click to Call
    Skype™ 5.9
    SmartSound Quicktracks Plugin
    Sony Image Data Suite
    SopCast 3.5.0
    TELL ME MORE
    Ulead VideoStudio 11
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VideoStudio
    VLC media player 2.0.1
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinFlash
    Wondershare MobileGo ( Version 1.1.0 )
    Xvid MPEG-4 Video Codec
    .
    ==== End Of File ===========================


    I hope that's all!

    Thanks in advance!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  3. primp1

    primp1 TS Rookie Topic Starter Posts: 16

    Thanks for the super fast reply! Did everything as instructed. Here you are:

    Scan result of Farbar Recovery Scan Tool Version: 05-07-2012 01
    Ran by SYSTEM at 06-07-2012 10:02:14
    Running from F:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2010-12-19] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2010-12-19] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418328 2010-12-19] (Intel Corporation)
    HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2010-04-27] ()
    HKLM\...\Run: [fspuip] %ProgramFiles%\FSP\fspuip.exe [4055552 2010-11-07] (Sentelic Corporation)
    HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-21] (Alcor Micro Corp.)
    HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [613536 2010-11-25] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" [379040 2010-11-25] (Atheros Commnucations)
    HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-26] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [CamAppSTI.exe] C:\Program Files (x86)\AVEO\AVEO USB2.0 PC Camera(E2WVTM2N90829)\STI\CamAppSTI.exe [x]
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [UVS11 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [341488 2007-03-03] (InterVideo Digital Technology Corporation)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime [282624 2006-09-01] (Apple Computer, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
    HKU\Primp\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\MobileGo Service.lnk
    ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare)
    Startup: C:\Users\Primp\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ==================== Services (Whitelisted) ======

    2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
    2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [151552 2010-05-24] (Atheros)
    2 AtherosSvc; C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe [52896 2010-11-25] (Atheros Commnucations)
    2 Capture Device Service; "C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe" [198168 2007-03-06] (InterVideo Inc.)
    2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-10-06] ()
    2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-02-08] ()
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2655768 2010-10-05] (Intel Corporation)
    3 WiselinkPro; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [4136960 2009-01-07] ()

    ========================== Drivers (Whitelisted) =============

    0 53d2bc0aae3392cd; C:\Windows\System32\Drivers\53d2bc0aae3392cd.sys [74184 2012-06-23] ()
    3 anvsnddrv; C:\Windows\System32\Drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
    3 appliand; C:\Windows\System32\Drivers\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
    3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
    3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2010-11-25] (Atheros)
    3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [298144 2010-11-25] (Atheros)
    3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [28832 2010-11-25] (Atheros)
    3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [201376 2010-11-25] (Atheros)
    3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [55456 2010-11-25] (Atheros)
    3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [154272 2010-11-25] (Atheros)
    3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [275616 2010-11-25] (Atheros)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-06-03] (DT Soft Ltd)
    3 fspad_wlh64; C:\Windows\System32\Drivers\fspad_wlh64.sys [68608 2010-11-07] (Sentelic Corporation)
    2 PEGAGFN; \??\C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
    3 tswNT; \??\C:\Users\ADMINI~1\AppData\Local\Temp\00029636\tswnt.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    (to be continued in second reply...)
     
  4. primp1

    primp1 TS Rookie Topic Starter Posts: 16

    ============ One Month Created Files and Folders ==============

    2012-07-06 10:01 - 2012-07-06 10:02 - 00000000 ____D C:\FRST
    2012-07-05 22:19 - 2012-07-05 22:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4EEF945881AB22E5
    2012-07-05 03:53 - 2012-07-05 03:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8A6BC3D768403267
    2012-07-05 03:12 - 2012-07-05 03:12 - 00352047 ____A C:\Users\Primp\Documents\Stefanos Leandros.xps
    2012-07-05 03:11 - 2012-07-05 03:11 - 00003231 ____A C:\Users\Primp\Documents\Stefanos Leandros.txt
    2012-07-05 02:14 - 2012-07-05 02:14 - 00004249 ____A C:\Users\Primp\Desktop\Attach.txt
    2012-07-05 02:13 - 2012-07-05 02:13 - 00026665 ____A C:\Users\Primp\Desktop\DDS.txt
    2012-07-05 01:31 - 2012-07-05 01:31 - 00607260 ____R (Swearware) C:\Users\Primp\Downloads\dds.scr
    2012-07-05 01:29 - 2012-07-05 01:29 - 00000332 ____A C:\Users\Primp\Desktop\gmer.log
    2012-07-05 01:26 - 2012-07-05 01:26 - 00302592 ____A C:\Users\Primp\Downloads\8eq10t8t.exe
    2012-07-05 01:23 - 2012-07-05 01:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FDBAA0CCA8F582EF
    2012-07-05 01:10 - 2012-07-05 01:10 - 00001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-05 01:10 - 2012-07-05 01:10 - 00000000 ____D C:\Users\Primp\AppData\Roaming\Malwarebytes
    2012-07-05 01:10 - 2012-07-05 01:10 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-05 01:10 - 2012-07-05 01:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-05 01:10 - 2012-04-04 04:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-05 01:07 - 2012-07-05 01:09 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Primp\Downloads\mbam-setup-1.61.0.1400.exe
    2012-07-05 00:36 - 2012-07-05 00:36 - 00040992 ____A C:\Users\Primp\Documents\aitisi_general.rtf
    2012-07-04 23:44 - 2012-07-04 23:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E6C01FE05E24A771
    2012-07-04 23:32 - 2012-07-04 23:32 - 04550883 ____A C:\Users\Primp\Documents\Eutrophication 10.xps
    2012-07-04 23:25 - 2012-07-04 23:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FACD1AAEFC2CD377
    2012-07-04 23:11 - 2012-07-04 23:11 - 00347424 ____A (Microsoft Corporation) C:\Users\Primp\Downloads\MicrosoftFixit.wu.LB.19264901118353350.2.1.Run.exe
    2012-07-04 22:34 - 2012-07-04 22:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7A7ECDBE1008DDBC
    2012-07-04 22:28 - 2012-07-04 22:28 - 00677376 ____A C:\Users\Primp\Downloads\MicrosoftFixit50687(1).msi
    2012-07-04 22:08 - 2012-07-04 22:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6EC053BBB99677CD
    2012-07-04 21:02 - 2012-07-04 21:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.38B0BD81EE1C95CA
    2012-07-04 20:56 - 2012-07-04 23:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-04 20:56 - 2012-07-04 23:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-07-04 20:56 - 2012-07-04 23:42 - 00000000 ____D C:\4a8794088a3e3564e8add8
    2012-07-04 20:55 - 2012-07-04 20:56 - 12621696 ____A (Microsoft Corporation) C:\Users\Primp\Downloads\mseinstall(2).exe
    2012-07-04 20:54 - 2012-07-04 20:54 - 00002483 ____A C:\Users\Primp\Documents\Microsoft.rtf
    2012-07-04 20:18 - 2012-07-04 20:19 - 10386472 ____A (OPSWAT, Inc.) C:\Users\Primp\Downloads\AppRemover.exe
    2012-07-04 19:12 - 2012-07-04 19:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F275663ECCF0FA6
    2012-07-04 18:39 - 2012-07-04 18:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BB341C7F86CDA583
    2012-07-04 18:05 - 2012-07-04 18:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.25A17A8BA553B200
    2012-07-04 17:32 - 2012-07-04 17:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D75A04C5B4CC0433
    2012-07-04 16:59 - 2012-07-04 16:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.86D2F22C6BEA5DC6
    2012-07-04 16:26 - 2012-07-04 16:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4EB5B85A2A1F51BC
    2012-07-04 15:53 - 2012-07-04 15:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A592970885CBF363
    2012-07-04 15:07 - 2012-07-04 15:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA0421C5A7E274DF
    2012-07-04 14:34 - 2012-07-04 14:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.446547DEA88485C3
    2012-07-04 14:01 - 2012-07-04 14:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E286743384FBF9CF
    2012-07-04 13:28 - 2012-07-04 13:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6EFB8D6DE65AD994
    2012-07-04 12:54 - 2012-07-04 12:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AD7DD862ECD3A3C0
    2012-07-04 11:58 - 2012-07-04 11:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B7FD9E996CA30787
    2012-07-04 11:13 - 2012-07-04 11:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D98A11EECD25719C
    2012-07-04 10:40 - 2012-07-04 10:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D4790F504C4F182
    2012-07-04 10:07 - 2012-07-04 10:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FE400439CA2BA703
    2012-07-04 09:34 - 2012-07-04 09:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.98D591B013D24E3A
    2012-07-04 09:01 - 2012-07-04 09:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0D72D46903DA2B52
    2012-07-04 08:27 - 2012-07-04 08:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8E7FE08AB30EC89D
    2012-07-04 07:54 - 2012-07-04 07:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D161B10D30F0AC8
    2012-07-04 07:21 - 2012-07-04 07:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F19D756E4A8F770
    2012-07-04 06:36 - 2012-07-04 06:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6E1CD41EAD298BF6
    2012-07-04 05:52 - 2012-07-04 05:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2AA1BA8D3E5C7DF1
    2012-07-04 05:06 - 2012-07-04 05:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E34DA390E5A7F994
    2012-07-03 13:04 - 2012-07-03 13:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6A603BDF504085C
    2012-07-03 12:27 - 2012-07-03 12:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.608B43EA96789A0D
    2012-07-03 11:29 - 2012-07-03 11:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C90C269205C28EF6
    2012-07-03 02:35 - 2012-07-03 02:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7C83AA13EDC29D5F
    2012-07-03 02:20 - 2012-07-03 02:21 - 12621696 ____A (Microsoft Corporation) C:\Users\Primp\Downloads\mseinstall(1).exe
    2012-07-03 01:54 - 2012-07-03 01:54 - 00347424 ____A (Microsoft Corporation) C:\Users\Primp\Downloads\MicrosoftFixit.wu.LB.22264739607785289.4.1.Run.exe
    2012-07-03 01:47 - 2012-07-03 01:47 - 00347424 ____A (Microsoft Corporation) C:\Users\Primp\Downloads\MicrosoftFixit.wu.LB.22264739607785289.1.1.Run.exe
    2012-07-03 01:45 - 2012-07-03 01:45 - 00000196 ____A C:\Users\Primp\Documents\????af?.rtf
    2012-07-03 01:28 - 2012-07-03 01:28 - 00015824 ____A C:\FixitRegBackup.reg
    2012-07-03 01:27 - 2012-07-03 01:27 - 00899584 ____A C:\Users\Primp\Downloads\MicrosoftFixit50535.msi
    2012-07-03 01:26 - 2012-07-03 01:26 - 01819488 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Primp\Downloads\avg_remover_stf_x64_2011_1322.exe
    2012-07-03 01:26 - 2012-07-03 01:26 - 00328064 ____A (AVAST Software) C:\Users\Primp\Downloads\aswclear(1).exe
    2012-07-03 01:26 - 2012-07-03 01:26 - 00210248 ____A C:\Users\Primp\Downloads\avgremover.log
    2012-07-03 01:18 - 2012-07-03 01:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA505ED1D8D50E1E
    2012-07-03 01:16 - 2012-07-03 01:16 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-07-03 01:15 - 2012-07-03 01:15 - 00328064 ____A (AVAST Software) C:\Users\Primp\Downloads\aswclear.exe
    2012-07-03 00:47 - 2012-07-03 00:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ACD0D92549659CE9
    2012-07-03 00:43 - 2012-07-03 00:43 - 03178400 ____A (McAfee, Inc.) C:\Users\Primp\Downloads\MCPR.exe
    2012-07-03 00:35 - 2012-07-03 00:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1ACC0F1279A5C723
    2012-07-03 00:22 - 2012-07-03 00:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.32427D6E07835127
    2012-07-03 00:15 - 2012-07-04 23:42 - 00000000 ____D C:\4d1a849fb5212d8e3a0b4b5888f3
    2012-07-03 00:13 - 2012-07-03 00:14 - 12621696 ____A (Microsoft Corporation) C:\Users\Primp\Downloads\mseinstall.exe
    2012-07-03 00:12 - 2012-07-03 00:12 - 00677376 ____A C:\Users\Primp\Downloads\MicrosoftFixit50687.msi
    2012-07-02 23:52 - 2012-07-02 23:55 - 64404496 ____A (Microsoft Corporation) C:\Users\Primp\Downloads\mpam-fex64.exe
    2012-06-25 02:30 - 2012-06-25 02:30 - 00468480 ____H C:\Users\Primp\Downloads\~WRL0003.tmp
    2012-06-23 05:50 - 2012-06-23 05:50 - 00074184 ____A C:\Windows\System32\Drivers\53d2bc0aae3392cd.sys
    2012-06-23 00:07 - 2012-07-04 23:42 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-22 11:46 - 2012-07-04 23:49 - 00040960 ____A (SmoothCandle) C:\Users\Primp\0i763f66bz.exe
    2012-06-22 01:03 - 2012-06-22 01:03 - 01168216 ____A C:\Users\Primp\Documents\Eutrophication 9.xps
    2012-06-22 01:02 - 2012-06-22 01:02 - 00984987 ____A C:\Users\Primp\Documents\Eutrophication 8.xps
    2012-06-22 01:01 - 2012-06-22 01:01 - 00370449 ____A C:\Users\Primp\Documents\Eutrophication 7.xps
    2012-06-22 01:00 - 2012-06-22 01:00 - 01508785 ____A C:\Users\Primp\Documents\Eutrophication 6.xps
    2012-06-22 01:00 - 2012-06-22 01:00 - 00363592 ____A C:\Users\Primp\Documents\Eutrophication 5.xps
    2012-06-22 00:59 - 2012-06-22 00:59 - 01286449 ____A C:\Users\Primp\Documents\Eutrophication 4.xps
    2012-06-22 00:58 - 2012-06-22 00:58 - 00760729 ____A C:\Users\Primp\Documents\Eutrophication 2.xps
    2012-06-22 00:58 - 2012-06-22 00:58 - 00760619 ____A C:\Users\Primp\Documents\Eutrophication 3.xps
    2012-06-22 00:57 - 2012-06-22 00:57 - 00250989 ____A C:\Users\Primp\Documents\Eutrophication 1.xps
    2012-06-21 02:36 - 2012-06-21 02:36 - 00296263 ____A C:\Users\Primp\Documents\Paper 4.xps
    2012-06-21 02:35 - 2012-06-21 02:35 - 00098650 ____A C:\Users\Primp\Documents\Paper 3.xps
    2012-06-21 02:34 - 2012-06-21 02:34 - 00462503 ____A C:\Users\Primp\Documents\Paper 2.xps
    2012-06-20 03:29 - 2012-06-20 03:29 - 00461475 ____A C:\Users\Primp\Documents\Paper 1.xps
    2012-06-19 03:12 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-19 03:12 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-19 03:12 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-19 03:12 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-19 03:11 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-19 03:11 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-19 03:11 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-19 03:11 - 2012-06-02 04:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-19 03:11 - 2012-06-02 04:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-19 00:05 - 2012-06-19 00:08 - 00000000 ____D C:\Users\Primp\AppData\Roaming\ooVoo Details
    2012-06-19 00:05 - 2012-06-19 00:05 - 00001861 ____A C:\Users\Public\Desktop\ooVoo.lnk
    2012-06-19 00:05 - 2012-06-19 00:05 - 00000000 ____D C:\Program Files (x86)\ooVoo
    2012-06-19 00:04 - 2012-06-19 00:04 - 01633360 ____A (ooVoo LLC) C:\Users\Primp\Downloads\ooVooSetup.exe
    2012-06-13 21:54 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-13 21:54 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-13 21:54 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-13 21:54 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-13 21:54 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-13 21:54 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-13 21:54 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-13 21:54 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-13 21:54 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-13 21:54 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-13 21:54 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-13 21:54 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-13 21:54 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-13 21:54 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-13 21:54 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-13 21:54 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-13 21:54 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-13 21:54 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-13 21:54 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-13 21:54 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-13 21:54 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-13 21:54 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-13 21:54 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-13 21:54 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-13 21:54 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-13 21:54 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-13 21:54 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-13 21:54 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-13 12:55 - 2012-06-13 12:55 - 00001130 ____A C:\Users\Public\Desktop\BS.Player FREE.lnk
    2012-06-13 12:53 - 2012-06-13 12:54 - 14044920 ____A C:\Users\Primp\Downloads\bsplayer262.1068.exe
    2012-06-13 07:52 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 07:52 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 07:52 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 07:52 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 07:52 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-13 07:52 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 07:52 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 07:52 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 07:52 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 07:52 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 07:52 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 07:52 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 07:52 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 07:52 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 07:52 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-13 07:52 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 07:52 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-11 20:52 - 2012-06-11 20:52 - 00000000 ____D C:\Users\Primp\AppData\Local\Macromedia
    2012-06-06 12:05 - 2007-04-04 07:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
    2012-06-06 12:05 - 2007-04-04 07:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
    2012-06-06 12:05 - 2007-04-04 07:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
    2012-06-06 12:05 - 2007-04-04 07:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
    2012-06-06 12:05 - 2007-03-12 05:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
    2012-06-06 12:05 - 2007-03-12 05:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
    2012-06-06 12:05 - 2007-03-05 01:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
    2012-06-06 12:05 - 2007-03-05 01:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
    2012-06-06 12:05 - 2007-01-24 04:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
    2012-06-06 12:05 - 2007-01-24 04:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
    2012-06-06 12:05 - 2006-12-08 01:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
    2012-06-06 12:05 - 2006-12-08 01:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
    2012-06-06 12:05 - 2006-09-28 05:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
    2012-06-06 12:05 - 2006-09-28 05:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
    2012-06-06 12:05 - 2006-09-28 05:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
    2012-06-06 12:05 - 2006-09-28 05:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
    2012-06-06 12:05 - 2006-07-27 22:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
    2012-06-06 12:05 - 2006-07-27 22:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
    2012-06-06 12:05 - 2006-07-27 22:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
    2012-06-06 12:05 - 2006-07-27 22:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
    2012-06-06 12:05 - 2006-05-30 20:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
    2012-06-06 12:05 - 2006-05-30 20:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
    2012-06-06 12:05 - 2006-03-31 01:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
    2012-06-06 12:05 - 2006-03-31 01:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
    2012-06-06 12:05 - 2006-03-31 01:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
    2012-06-06 12:05 - 2006-03-31 01:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
    2012-06-06 12:05 - 2006-02-02 21:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
    2012-06-06 12:05 - 2006-02-02 21:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
    2012-06-06 12:05 - 2006-02-02 21:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
    2012-06-06 12:05 - 2006-02-02 21:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
    2012-06-06 12:05 - 2006-02-02 21:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
    2012-06-06 12:05 - 2006-02-02 21:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
    2012-06-06 12:05 - 2005-12-05 07:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
    2012-06-06 12:05 - 2005-12-05 07:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
    2012-06-06 12:05 - 2005-07-22 08:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
    2012-06-06 12:05 - 2005-07-22 08:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
    2012-06-06 12:05 - 2005-05-26 04:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
    2012-06-06 12:05 - 2005-05-26 04:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
    2012-06-06 12:05 - 2005-03-18 06:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
    2012-06-06 12:05 - 2005-03-18 06:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
    2012-06-06 12:05 - 2005-02-05 08:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
    2012-06-06 12:05 - 2005-02-05 08:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
    2012-06-06 12:02 - 2012-06-06 12:02 - 00000000 ____D C:\Program Files (x86)\Eidos
    2012-06-06 11:40 - 2012-06-06 11:40 - 00000000 ____D C:\Users\Primp\Downloads\menagerr
    2012-06-06 01:54 - 2012-06-06 03:00 - 117248000 ____A C:\Users\Primp\Downloads\OneDDL.com-rld-cm10.iso.part

    ============ 3 Months Modified Files ========================

    2012-07-05 22:43 - 2011-03-22 00:28 - 00562226 ____A C:\Windows\System32\perfh008.dat
    2012-07-05 22:43 - 2011-03-22 00:28 - 00090752 ____A C:\Windows\System32\perfc008.dat
    2012-07-05 22:43 - 2009-07-13 21:13 - 01370668 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-05 22:31 - 2011-04-15 04:39 - 01520119 ____A C:\Windows\WindowsUpdate.log
    2012-07-05 22:28 - 2009-07-13 20:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-05 22:28 - 2009-07-13 20:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-05 22:21 - 2011-04-15 05:22 - 00000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini
    2012-07-05 22:21 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-05 22:21 - 2009-07-13 20:51 - 00069020 ____A C:\Windows\setupact.log
    2012-07-05 22:19 - 2012-07-05 22:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4EEF945881AB22E5
    2012-07-05 11:22 - 2012-03-30 22:18 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-05 03:53 - 2012-07-05 03:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8A6BC3D768403267
    2012-07-05 03:12 - 2012-07-05 03:12 - 00352047 ____A C:\Users\Primp\Documents\Stefanos Leandros.xps
    2012-07-05 03:11 - 2012-07-05 03:11 - 00003231 ____A C:\Users\Primp\Documents\Stefanos Leandros.txt
    2012-07-05 02:14 - 2012-07-05 02:14 - 00004249 ____A C:\Users\Primp\Desktop\Attach.txt
    2012-07-05 02:13 - 2012-07-05 02:13 - 00026665 ____A C:\Users\Primp\Desktop\DDS.txt
    2012-07-05 01:31 - 2012-07-05 01:31 - 00607260 ____R (Swearware) C:\Users\Primp\Downloads\dds.scr
    2012-07-05 01:29 - 2012-07-05 01:29 - 00000332 ____A C:\Users\Primp\Desktop\gmer.log
    2012-07-05 01:26 - 2012-07-05 01:26 - 00302592 ____A C:\Users\Primp\Downloads\8eq10t8t.exe
    2012-07-05 01:23 - 2012-07-05 01:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FDBAA0CCA8F582EF
    2012-07-05 01:22 - 2010-11-20 19:47 - 00011818 ____A C:\Windows\PFRO.log
    2012-07-05 01:10 - 2012-07-05 01:10 - 00001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-05 01:09 - 2012-07-05 01:07 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Primp\Downloads\mbam-setup-1.61.0.1400.exe
    2012-07-05 00:36 - 2012-07-05 00:36 - 00040992 ____A C:\Users\Primp\Documents\aitisi_general.rtf
    2012-07-04 23:49 - 2012-06-22 11:46 - 00040960 ____A (SmoothCandle) C:\Users\Primp\0i763f66bz.exe
    2012-07-04 23:44 - 2012-07-04 23:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E6C01FE05E24A771
    2012-07-04 23:32 - 2012-07-04 23:32 - 04550883 ____A C:\Users\Primp\Documents\Eutrophication 10.xps
    2012-07-04 23:25 - 2012-07-04 23:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FACD1AAEFC2CD377
    2012-07-04 23:11 - 2012-07-04 23:11 - 00347424 ____A (Microsoft Corporation) C:\Users\Primp\Downloads\MicrosoftFixit.wu.LB.19264901118353350.2.1.Run.exe
    2012-07-04 22:34 - 2012-07-04 22:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7A7ECDBE1008DDBC
    2012-07-04 22:28 - 2012-07-04 22:28 - 00677376 ____A C:\Users\Primp\Downloads\MicrosoftFixit50687(1).msi
    2012-07-04 22:08 - 2012-07-04 22:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6EC053BBB99677CD
    2012-07-04 21:02 - 2012-07-04 21:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.38B0BD81EE1C95CA
    2012-07-04 20:57 - 2011-04-12 07:13 - 01390126 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-04 20:56 - 2012-07-04 20:55 - 12621696 ____A (Microsoft Corporation) C:\Users\Primp\Downloads\mseinstall(2).exe
    2012-07-04 20:54 - 2012-07-04 20:54 - 00002483 ____A C:\Users\Primp\Documents\Microsoft.rtf
    2012-07-04 20:23 - 2011-04-12 07:09 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-04 20:19 - 2012-07-04 20:18 - 10386472 ____A (OPSWAT, Inc.) C:\Users\Primp\Downloads\AppRemover.exe
    2012-07-04 19:12 - 2012-07-04 19:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F275663ECCF0FA6
    2012-07-04 18:39 - 2012-07-04 18:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BB341C7F86CDA583
    2012-07-04 18:05 - 2012-07-04 18:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.25A17A8BA553B200
    2012-07-04 17:32 - 2012-07-04 17:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D75A04C5B4CC0433
    2012-07-04 16:59 - 2012-07-04 16:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.86D2F22C6BEA5DC6
    2012-07-04 16:26 - 2012-07-04 16:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4EB5B85A2A1F51BC
    2012-07-04 15:53 - 2012-07-04 15:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A592970885CBF363
    2012-07-04 15:07 - 2012-07-04 15:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA0421C5A7E274DF
    2012-07-04 14:34 - 2012-07-04 14:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.446547DEA88485C3
    2012-07-04 14:01 - 2012-07-04 14:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E286743384FBF9CF
    2012-07-04 13:28 - 2012-07-04 13:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6EFB8D6DE65AD994
    2012-07-04 12:54 - 2012-07-04 12:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AD7DD862ECD3A3C0
    2012-07-04 11:58 - 2012-07-04 11:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B7FD9E996CA30787
    2012-07-04 11:13 - 2012-07-04 11:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D98A11EECD25719C
    2012-07-04 10:40 - 2012-07-04 10:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D4790F504C4F182
    2012-07-04 10:07 - 2012-07-04 10:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FE400439CA2BA703
    2012-07-04 09:34 - 2012-07-04 09:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.98D591B013D24E3A
    2012-07-04 09:01 - 2012-07-04 09:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0D72D46903DA2B52
    2012-07-04 08:27 - 2012-07-04 08:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8E7FE08AB30EC89D
    2012-07-04 07:54 - 2012-07-04 07:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D161B10D30F0AC8
    2012-07-04 07:21 - 2012-07-04 07:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F19D756E4A8F770
    2012-07-04 06:36 - 2012-07-04 06:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6E1CD41EAD298BF6
    2012-07-04 05:52 - 2012-07-04 05:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2AA1BA8D3E5C7DF1
    2012-07-04 05:06 - 2012-07-04 05:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E34DA390E5A7F994
    2012-07-03 13:04 - 2012-07-03 13:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6A603BDF504085C
    2012-07-03 12:27 - 2012-07-03 12:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.608B43EA96789A0D
    2012-07-03 11:29 - 2012-07-03 11:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C90C269205C28EF6
    2012-07-03 02:35 - 2012-07-03 02:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7C83AA13EDC29D5F
    2012-07-03 02:21 - 2012-07-03 02:20 - 12621696 ____A (Microsoft Corporation) C:\Users\Primp\Downloads\mseinstall(1).exe
    2012-07-03 01:54 - 2012-07-03 01:54 - 00347424 ____A (Microsoft Corporation) C:\Users\Primp\Downloads\MicrosoftFixit.wu.LB.22264739607785289.4.1.Run.exe
    2012-07-03 01:47 - 2012-07-03 01:47 - 00347424 ____A (Microsoft Corporation) C:\Users\Primp\Downloads\MicrosoftFixit.wu.LB.22264739607785289.1.1.Run.exe
    2012-07-03 01:45 - 2012-07-03 01:45 - 00000196 ____A C:\Users\Primp\Documents\????af?.rtf
    2012-07-03 01:28 - 2012-07-03 01:28 - 00015824 ____A C:\FixitRegBackup.reg
    2012-07-03 01:27 - 2012-07-03 01:27 - 00899584 ____A C:\Users\Primp\Downloads\MicrosoftFixit50535.msi
    2012-07-03 01:26 - 2012-07-03 01:26 - 01819488 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Primp\Downloads\avg_remover_stf_x64_2011_1322.exe
    2012-07-03 01:26 - 2012-07-03 01:26 - 00328064 ____A (AVAST Software) C:\Users\Primp\Downloads\aswclear(1).exe
    2012-07-03 01:26 - 2012-07-03 01:26 - 00210248 ____A C:\Users\Primp\Downloads\avgremover.log
    2012-07-03 01:18 - 2012-07-03 01:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA505ED1D8D50E1E
    2012-07-03 01:16 - 2012-07-03 01:16 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-07-03 01:15 - 2012-07-03 01:15 - 00328064 ____A (AVAST Software) C:\Users\Primp\Downloads\aswclear.exe
    2012-07-03 00:47 - 2012-07-03 00:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ACD0D92549659CE9
    2012-07-03 00:43 - 2012-07-03 00:43 - 03178400 ____A (McAfee, Inc.) C:\Users\Primp\Downloads\MCPR.exe
    2012-07-03 00:35 - 2012-07-03 00:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1ACC0F1279A5C723
    2012-07-03 00:22 - 2012-07-03 00:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.32427D6E07835127
    2012-07-03 00:14 - 2012-07-03 00:13 - 12621696 ____A (Microsoft Corporation) C:\Users\Primp\Downloads\mseinstall.exe
    2012-07-03 00:12 - 2012-07-03 00:12 - 00677376 ____A C:\Users\Primp\Downloads\MicrosoftFixit50687.msi
    2012-07-02 23:55 - 2012-07-02 23:52 - 64404496 ____A (Microsoft Corporation) C:\Users\Primp\Downloads\mpam-fex64.exe
    2012-06-25 02:30 - 2012-06-25 02:30 - 00468480 ____H C:\Users\Primp\Downloads\~WRL0003.tmp
    2012-06-24 06:38 - 2012-03-30 22:18 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-24 06:38 - 2012-02-07 21:54 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-23 05:50 - 2012-06-23 05:50 - 00074184 ____A C:\Windows\System32\Drivers\53d2bc0aae3392cd.sys
    2012-06-22 01:03 - 2012-06-22 01:03 - 01168216 ____A C:\Users\Primp\Documents\Eutrophication 9.xps
    2012-06-22 01:02 - 2012-06-22 01:02 - 00984987 ____A C:\Users\Primp\Documents\Eutrophication 8.xps
    2012-06-22 01:01 - 2012-06-22 01:01 - 00370449 ____A C:\Users\Primp\Documents\Eutrophication 7.xps
    2012-06-22 01:00 - 2012-06-22 01:00 - 01508785 ____A C:\Users\Primp\Documents\Eutrophication 6.xps
    2012-06-22 01:00 - 2012-06-22 01:00 - 00363592 ____A C:\Users\Primp\Documents\Eutrophication 5.xps
    2012-06-22 00:59 - 2012-06-22 00:59 - 01286449 ____A C:\Users\Primp\Documents\Eutrophication 4.xps
    2012-06-22 00:58 - 2012-06-22 00:58 - 00760729 ____A C:\Users\Primp\Documents\Eutrophication 2.xps
    2012-06-22 00:58 - 2012-06-22 00:58 - 00760619 ____A C:\Users\Primp\Documents\Eutrophication 3.xps
    2012-06-22 00:57 - 2012-06-22 00:57 - 00250989 ____A C:\Users\Primp\Documents\Eutrophication 1.xps
    2012-06-21 02:36 - 2012-06-21 02:36 - 00296263 ____A C:\Users\Primp\Documents\Paper 4.xps
    2012-06-21 02:35 - 2012-06-21 02:35 - 00098650 ____A C:\Users\Primp\Documents\Paper 3.xps
    2012-06-21 02:34 - 2012-06-21 02:34 - 00462503 ____A C:\Users\Primp\Documents\Paper 2.xps
    2012-06-20 22:03 - 2009-07-13 21:08 - 00032498 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-20 03:29 - 2012-06-20 03:29 - 00461475 ____A C:\Users\Primp\Documents\Paper 1.xps
    2012-06-19 00:05 - 2012-06-19 00:05 - 00001861 ____A C:\Users\Public\Desktop\ooVoo.lnk
    2012-06-19 00:04 - 2012-06-19 00:04 - 01633360 ____A (ooVoo LLC) C:\Users\Primp\Downloads\ooVooSetup.exe
    2012-06-13 22:19 - 2009-07-13 20:45 - 00440800 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-13 22:01 - 2012-02-07 12:46 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-13 12:55 - 2012-06-13 12:55 - 00001130 ____A C:\Users\Public\Desktop\BS.Player FREE.lnk
    2012-06-13 12:54 - 2012-06-13 12:53 - 14044920 ____A C:\Users\Primp\Downloads\bsplayer262.1068.exe
    2012-06-06 12:05 - 2011-04-12 07:06 - 00144668 ____A C:\Windows\DirectX.log
    2012-06-06 03:00 - 2012-06-06 01:54 - 117248000 ____A C:\Users\Primp\Downloads\OneDDL.com-rld-cm10.iso.part
    2012-06-05 13:41 - 2012-06-04 11:54 - 2337563421 ____A C:\Users\Primp\Downloads\Letters.From.Iwo.Jima.720p.[nolimits-team].mkv
    2012-06-05 05:34 - 2012-06-05 05:33 - 1576276366 ____A C:\Users\Primp\Downloads\War Horse with Greek Subs.mkv
    2012-06-05 05:15 - 2012-06-05 05:14 - 836540976 ____A C:\Users\Primp\Downloads\Red Tails with Greek Subs.mkv
    2012-06-03 12:51 - 2012-06-03 12:51 - 00001958 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    2012-06-03 12:05 - 2012-06-03 12:05 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2012-06-03 10:15 - 2012-06-04 00:54 - 836708726 ____A C:\Users\Primp\Downloads\Red.Tails.2012.720p.x264 - scOrp.mkv
    2012-06-02 14:19 - 2012-06-19 03:12 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-19 03:12 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-19 03:12 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-19 03:11 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-19 03:11 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-19 03:12 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-19 03:11 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 12:05 - 2012-02-07 21:43 - 00001024 ____A C:\Users\Primp\Desktop\Dropbox.lnk
    2012-06-02 04:19 - 2012-06-19 03:11 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 04:15 - 2012-06-19 03:11 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 11:57 - 2012-05-19 07:06 - 01367763 ____A C:\Windows\SysWOW64\http_ss.log
    2012-05-29 03:52 - 2012-05-29 12:37 - 3370044304 ____A C:\Users\Primp\Downloads\Sherlock Holmes A Game Of Shadows with Subs.mkv
    2012-05-28 11:55 - 2012-05-28 11:54 - 1394457450 ____A C:\Users\Primp\Downloads\Green Zone with Greek Subs.mkv
    2012-05-27 12:43 - 2012-05-27 12:42 - 837742574 ____A C:\Users\Primp\Downloads\Safe House with Greek Subs.mkv
    2012-05-27 12:32 - 2012-05-27 12:32 - 00001870 ____A C:\Users\Public\Desktop\mkvmerge GUI.lnk
    2012-05-27 11:50 - 2012-05-27 11:50 - 00001914 ____A C:\Users\UpdatusUser\Desktop\mkvmerge GUI.lnk
    2012-05-27 10:28 - 2012-05-27 12:20 - 00068194 ____A C:\Users\Primp\Downloads\Safe.House.(2012).BluRay.720p.800MB.Ganool. [ JohnPc666 ]-gre(1)(2)(3).srt
    2012-05-24 23:01 - 2012-05-24 11:39 - 837841617 ____A C:\Users\Primp\Downloads\Safe.House.(2012).BluRay.720p.800MB.Ganool. [ JohnPc666 ].mkv
    2012-05-24 13:09 - 2012-05-24 13:09 - 00259862 ____A C:\Windows\msxml4-KB973685-enu.LOG
    2012-05-23 06:13 - 2012-05-23 06:13 - 00001838 ____A C:\Users\Public\Desktop\PMB Help.lnk
    2012-05-23 06:13 - 2012-05-23 06:13 - 00001113 ____A C:\Users\Public\Desktop\PMB.lnk
    2012-05-23 06:13 - 2012-05-23 06:13 - 00001040 ____A C:\Users\Public\Desktop\PMB Launcher.lnk
    2012-05-21 02:43 - 2012-05-21 02:43 - 00213721 ____A C:\Users\Primp\Documents\??t?s? ????T?.xps
    2012-05-19 07:06 - 2012-05-19 07:06 - 00002046 ____A C:\Users\Public\Desktop\SAMSUNG PC Share Manager.lnk
    2012-05-18 00:18 - 2012-05-18 00:18 - 00003166 ____A C:\Users\Primp\Documents\Curriculum Vitae.txt
    2012-05-17 18:47 - 2012-06-13 21:54 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-13 21:54 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-13 21:54 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-13 21:54 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-13 21:54 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-13 21:54 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-13 21:54 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-13 21:54 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-13 21:54 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-13 21:54 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-13 21:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-13 21:54 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-13 21:54 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-13 21:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-13 21:54 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-13 21:54 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-13 21:54 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-13 21:54 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-13 21:54 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-13 21:54 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-13 21:54 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-13 21:54 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-13 21:54 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-13 21:54 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-13 21:54 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-13 21:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-13 21:54 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-13 21:54 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-17 05:01 - 2012-05-17 05:00 - 00753016 ____A C:\Windows\Minidump\051712-19718-01.dmp
    2012-05-17 05:00 - 2012-01-05 12:59 - 588527296 ____A C:\Windows\MEMORY.DMP
    2012-05-14 17:32 - 2012-06-13 07:52 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-11 01:03 - 2012-05-11 01:03 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
    2012-05-11 01:01 - 2012-05-11 01:01 - 01490656 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01007.dll
    2012-05-11 01:01 - 2012-05-11 01:01 - 00708168 ____A (Microsoft Corporation) C:\Windows\System32\WinUSBCoInstaller.dll
    2012-05-11 00:50 - 2012-05-11 00:50 - 00002111 ____A C:\Users\Public\Desktop\Wondershare MobileGo.lnk
    2012-05-10 07:45 - 2012-05-10 07:45 - 00788032 ____A C:\Windows\Minidump\051012-22011-01.dmp
    2012-05-05 10:09 - 2012-05-05 10:09 - 00000951 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-05-04 06:49 - 2012-06-05 05:07 - 00089837 ____A C:\Users\Primp\Downloads\Red Tails[[2012]BRRip.srt
    2012-05-04 03:06 - 2012-06-13 07:52 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-13 07:52 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-13 07:52 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-04-30 21:40 - 2012-06-13 07:52 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-27 19:55 - 2012-06-13 07:52 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-27 01:36 - 2012-04-27 01:36 - 00752104 ____A C:\Windows\Minidump\042712-23743-01.dmp
    2012-04-26 21:58 - 2012-04-26 21:58 - 00788032 ____A C:\Windows\Minidump\042712-20966-01.dmp
    2012-04-25 21:41 - 2012-06-13 07:52 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-13 07:52 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-13 07:52 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-23 21:37 - 2012-06-13 07:52 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-13 07:52 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-13 07:52 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-13 07:52 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-13 07:52 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-13 07:52 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-17 23:19 - 2012-04-17 23:19 - 00833008 ____A C:\Users\Primp\Documents\Xartis.xps
    2012-04-16 08:03 - 2012-02-07 12:28 - 00120976 ____A C:\Users\Primp\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-04-16 07:59 - 2012-04-16 07:59 - 00001292 ____A C:\Users\Primp\Desktop\Any Video Converter Ultimate.lnk
    2012-04-10 21:45 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini

    ZeroAccess:
    C:\Windows\Installer\{4eac500b-479f-5042-11b6-d7bcfd1bc3ec}
    C:\Windows\Installer\{4eac500b-479f-5042-11b6-d7bcfd1bc3ec}\@
    C:\Windows\Installer\{4eac500b-479f-5042-11b6-d7bcfd1bc3ec}\L
    C:\Windows\Installer\{4eac500b-479f-5042-11b6-d7bcfd1bc3ec}\U
    C:\Windows\Installer\{4eac500b-479f-5042-11b6-d7bcfd1bc3ec}\U\00000001.@
    C:\Windows\Installer\{4eac500b-479f-5042-11b6-d7bcfd1bc3ec}\U\80000000.@
    C:\Windows\Installer\{4eac500b-479f-5042-11b6-d7bcfd1bc3ec}\U\800000cb.@

    ZeroAccess:
    C:\Users\Primp\AppData\Local\{4eac500b-479f-5042-11b6-d7bcfd1bc3ec}
    C:\Users\Primp\AppData\Local\{4eac500b-479f-5042-11b6-d7bcfd1bc3ec}\@
    C:\Users\Primp\AppData\Local\{4eac500b-479f-5042-11b6-d7bcfd1bc3ec}\L
    C:\Users\Primp\AppData\Local\{4eac500b-479f-5042-11b6-d7bcfd1bc3ec}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 14%
    Total physical RAM: 4007.05 MB
    Available physical RAM: 3411.28 MB
    Total Pagefile: 4005.25 MB
    Available Pagefile: 3409.11 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (Win7) (Fixed) (Total:249.08 GB) (Free:92.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (???? t?µ??) (Fixed) (Total:216.68 GB) (Free:44.18 GB) NTFS
    3 Drive e: (DVDIRECT_DISC_0010006C695) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
    4 Drive f: (PENDRIVE) (Removable) (Total:7.51 GB) (Free:5.58 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 1024 KB
    Disk 1 Online 7702 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 249 GB 31 KB
    Partition 2 Primary 216 GB 249 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C Win7 NTFS Partition 249 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D ???? η?ζ?? NTFS Partition 216 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7701 MB 31 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F PENDRIVE FAT32 Removable 7701 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-06-28 04:58

    ======================= End Of Log ==========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  6. primp1

    primp1 TS Rookie Topic Starter Posts: 16

    Did it...

    Farbar Recovery Scan Tool Version: 05-07-2012 01
    Ran by SYSTEM at 2012-07-07 07:32:39
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  7. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  8. primp1

    primp1 TS Rookie Topic Starter Posts: 16

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-07-2012 01
    Ran by SYSTEM at 2012-07-07 15:35:51 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    53d2bc0aae3392cd service deleted successfully.
    tswNT service deleted successfully.
    C:\Windows\System32\services.exe.4EEF945881AB22E5 moved successfully.
    C:\Windows\System32\services.exe.8A6BC3D768403267 moved successfully.
    C:\Windows\System32\services.exe.FDBAA0CCA8F582EF moved successfully.
    C:\Windows\System32\services.exe.E6C01FE05E24A771 moved successfully.
    C:\Windows\System32\services.exe.FACD1AAEFC2CD377 moved successfully.
    C:\Windows\System32\services.exe.7A7ECDBE1008DDBC moved successfully.
    C:\Windows\System32\services.exe.6EC053BBB99677CD moved successfully.
    C:\Windows\System32\services.exe.38B0BD81EE1C95CA moved successfully.
    C:\Windows\System32\services.exe.0F275663ECCF0FA6 moved successfully.
    C:\Windows\System32\services.exe.BB341C7F86CDA583 moved successfully.
    C:\Windows\System32\services.exe.25A17A8BA553B200 moved successfully.
    C:\Windows\System32\services.exe.D75A04C5B4CC0433 moved successfully.
    C:\Windows\System32\services.exe.86D2F22C6BEA5DC6 moved successfully.
    C:\Windows\System32\services.exe.4EB5B85A2A1F51BC moved successfully.
    C:\Windows\System32\services.exe.A592970885CBF363 moved successfully.
    C:\Windows\System32\services.exe.AA0421C5A7E274DF moved successfully.
    C:\Windows\System32\services.exe.446547DEA88485C3 moved successfully.
    C:\Windows\System32\services.exe.E286743384FBF9CF moved successfully.
    C:\Windows\System32\services.exe.6EFB8D6DE65AD994 moved successfully.
    C:\Windows\System32\services.exe.AD7DD862ECD3A3C0 moved successfully.
    C:\Windows\System32\services.exe.B7FD9E996CA30787 moved successfully.
    C:\Windows\System32\services.exe.D98A11EECD25719C moved successfully.
    C:\Windows\System32\services.exe.1D4790F504C4F182 moved successfully.
    C:\Windows\System32\services.exe.FE400439CA2BA703 moved successfully.
    C:\Windows\System32\services.exe.98D591B013D24E3A moved successfully.
    C:\Windows\System32\services.exe.0D72D46903DA2B52 moved successfully.
    C:\Windows\System32\services.exe.8E7FE08AB30EC89D moved successfully.
    C:\Windows\System32\services.exe.1D161B10D30F0AC8 moved successfully.
    C:\Windows\System32\services.exe.1F19D756E4A8F770 moved successfully.
    C:\Windows\System32\services.exe.6E1CD41EAD298BF6 moved successfully.
    C:\Windows\System32\services.exe.2AA1BA8D3E5C7DF1 moved successfully.
    C:\Windows\System32\services.exe.E34DA390E5A7F994 moved successfully.
    C:\Windows\System32\services.exe.A6A603BDF504085C moved successfully.
    C:\Windows\System32\services.exe.608B43EA96789A0D moved successfully.
    C:\Windows\System32\services.exe.C90C269205C28EF6 moved successfully.
    C:\Windows\System32\services.exe.7C83AA13EDC29D5F moved successfully.
    C:\Windows\System32\services.exe.BA505ED1D8D50E1E moved successfully.
    C:\Windows\System32\services.exe.ACD0D92549659CE9 moved successfully.
    C:\Windows\System32\services.exe.1ACC0F1279A5C723 moved successfully.
    C:\Windows\System32\services.exe.32427D6E07835127 moved successfully.
    C:\Users\Primp\Downloads\~WRL0003.tmp moved successfully.
    C:\Windows\System32\Drivers\53d2bc0aae3392cd.sys moved successfully.
    C:\Users\Primp\0i763f66bz.exe moved successfully.
    C:\Windows\Installer\{4eac500b-479f-5042-11b6-d7bcfd1bc3ec} moved successfully.
    C:\Users\Primp\AppData\Local\{4eac500b-479f-5042-11b6-d7bcfd1bc3ec} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====



    ComboFix 12-07-07.02 - Primp 07/07/2012 15:53:32.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1032.18.4007.2586 [GMT 3:00]
    Running from: c:\users\Primp\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-07 12:57 . 2012-07-07 12:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-07-07 12:14 . 2012-07-07 12:14 328704 ----a-w- c:\windows\system32\services.exe.7C70B3ACD9416CFB
    2012-07-07 04:36 . 2012-07-07 04:36 328704 ----a-w- c:\windows\system32\services.exe.B374A8AA77E6EDCE
    2012-07-06 18:01 . 2012-07-06 18:02 -------- d-----w- C:\FRST
    2012-07-06 15:39 . 2012-07-06 15:39 328704 ----a-w- c:\windows\system32\services.exe.495B6C15FA5F3723
    2012-07-06 07:06 . 2012-07-06 07:06 328704 ----a-w- c:\windows\system32\services.exe.0D90645EBF8B28C4
    2012-07-05 09:10 . 2012-07-05 09:10 -------- d-----w- c:\users\Primp\AppData\Roaming\Malwarebytes
    2012-07-05 09:10 . 2012-07-05 09:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-05 09:10 . 2012-07-05 09:10 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-05 09:10 . 2012-04-04 12:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-05 05:01 . 2012-02-09 11:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C451E05-512F-4679-B088-694D3EDC6A8C}\gapaengine.dll
    2012-07-05 05:00 . 2012-06-18 00:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C8578B6-4B4A-42E6-9B42-0EF55AC0B508}\mpengine.dll
    2012-07-05 04:56 . 2012-07-05 07:42 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-05 04:56 . 2012-07-05 07:42 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-05 04:56 . 2012-07-05 07:42 -------- d-----w- C:\4a8794088a3e3564e8add8
    2012-07-03 09:28 . 2012-07-03 09:28 15824 ----a-w- C:\FixitRegBackup.reg
    2012-07-03 08:44 . 2012-07-03 08:44 -------- d-s---w- c:\windows\SysWow64\Microsoft
    2012-07-03 08:20 . 2012-07-03 08:20 -------- d-----w- c:\users\Primp\AppData\Local\ElevatedDiagnostics
    2012-07-03 08:15 . 2012-07-05 07:42 -------- d-----w- C:\4d1a849fb5212d8e3a0b4b5888f3
    2012-06-23 08:07 . 2012-07-05 07:42 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-19 11:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-19 11:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-19 11:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-19 11:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-19 11:11 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-19 11:11 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-19 11:11 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-19 11:11 . 2012-06-02 12:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-19 11:11 . 2012-06-02 12:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-19 08:05 . 2012-06-19 08:08 -------- d-----w- c:\users\Primp\AppData\Roaming\ooVoo Details
    2012-06-19 08:05 . 2012-06-19 08:05 -------- d-----w- c:\program files (x86)\ooVoo
    2012-06-13 15:52 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-12 04:52 . 2012-06-12 04:52 -------- d-----w- c:\users\Primp\AppData\Local\Macromedia
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-24 14:38 . 2012-03-31 06:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-24 14:38 . 2012-02-08 05:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-03 20:05 . 2012-06-03 20:05 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-05-11 09:01 . 2012-05-11 09:01 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
    2012-05-11 09:01 . 2012-05-11 09:01 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 94208 ----a-w- c:\users\Primp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 94208 ----a-w- c:\users\Primp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 94208 ----a-w- c:\users\Primp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "UVS11 Preload"="c:\program files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
    "QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2006-09-01 282624]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
    .
    c:\users\Primp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Primp\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    MobileGo Service.lnk - c:\program files (x86)\Wondershare\MobileGo\MobileGoService.exe [2012-5-11 245608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-10-23 46592]
    R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Υπηρεσία Τεχνολογιών ενεργοποίησης των Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-09 1255736]
    R3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2009-01-08 4136960]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-12-24 25960]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-03 283200]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Atheros\Ath_CoexAgent.exe [2010-05-24 151552]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [2010-11-25 52896]
    S2 GFNEXSrv;GFNEX Service;c:\program files (x86)\PHotkey\GFNEXSrv.exe [2010-10-06 159752]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-24 1997416]
    S2 PEGAGFN;PEGAGFN;c:\program files (x86)\PHotkey\PEGAGFN.sys [2009-09-11 14344]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
    S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
    S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-11-25 36000]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-11-25 298144]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-11-25 28832]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-11-25 201376]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-11-25 55456]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-11-25 154272]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-11-25 275616]
    S3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;c:\windows\system32\DRIVERS\fspad_wlh64.sys [2010-11-08 68608]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-07-27 78848]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-07-27 180224]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 14:38]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 97792 ----a-w- c:\users\Primp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 97792 ----a-w- c:\users\Primp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 97792 ----a-w- c:\users\Primp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 97792 ----a-w- c:\users\Primp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-20 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-20 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-20 418328]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
    "AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [2010-11-25 613536]
    "AthBtTray"="c:\program files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-11-25 379040]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://redplanet.gr/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Απ&οστολή στο OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Primp\AppData\Roaming\Mozilla\Firefox\Profiles\q06ktbyx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://redplanet.gr/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-CamAppSTI.exe - c:\program files (x86)\AVEO\AVEO USB2.0 PC Camera(E2WVTM2N90829)\STI\CamAppSTI.exe
    Toolbar-Locked - (no file)
    HKLM-Run-fspuip - c:\program files (x86)\FSP\fspuip.exe
    AddRemove-Any Video Converter Professional_is1 - c:\program files (x86)\AnvSoft\Any Video Converter Professional\unins000.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\PHotkey\ASLDRSrv.exe
    c:\program files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-07 16:03:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-07 13:03
    .
    Pre-Run: 10 Κατάλογοι 102.568.624.128 διαθέσιμα byte
    Post-Run: 15 Κατάλογοι 103.340.994.560 διαθέσιμα byte
    .
    - - End Of File - - 7A005E28F7969F061B0A0A70AAD4769C
     
  9. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\services.exe.0D90645EBF8B28C4
    c:\windows\system32\services.exe.495B6C15FA5F3723
    c:\windows\system32\services.exe.B374A8AA77E6EDCE
    c:\windows\system32\services.exe.7C70B3ACD9416CFB
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  10. primp1

    primp1 TS Rookie Topic Starter Posts: 16

    Thanks so much for the fast replies! Here it is what you asked:

    ComboFix 12-07-07.04 - Primp 08/07/2012 8:26.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1032.18.4007.2286 [GMT 3:00]
    Running from: c:\users\Primp\Desktop\ComboFix.exe
    Command switches used :: c:\users\Primp\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\services.exe.0D90645EBF8B28C4"
    "c:\windows\system32\services.exe.495B6C15FA5F3723"
    "c:\windows\system32\services.exe.7C70B3ACD9416CFB"
    "c:\windows\system32\services.exe.B374A8AA77E6EDCE"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\services.exe.0D90645EBF8B28C4
    c:\windows\system32\services.exe.495B6C15FA5F3723
    c:\windows\system32\services.exe.7C70B3ACD9416CFB
    c:\windows\system32\services.exe.B374A8AA77E6EDCE
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-08 05:31 . 2012-07-08 05:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-07-08 05:31 . 2012-07-08 05:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-08 05:23 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
    2012-07-07 13:44 . 2012-06-18 00:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57A01A69-CB1A-4A8F-B2D6-51799C8C2C69}\mpengine.dll
    2012-07-06 18:01 . 2012-07-06 18:02 -------- d-----w- C:\FRST
    2012-07-05 09:10 . 2012-07-05 09:10 -------- d-----w- c:\users\Primp\AppData\Roaming\Malwarebytes
    2012-07-05 09:10 . 2012-07-05 09:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-05 09:10 . 2012-07-05 09:10 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-05 09:10 . 2012-04-04 12:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-05 05:01 . 2012-02-09 11:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C451E05-512F-4679-B088-694D3EDC6A8C}\gapaengine.dll
    2012-07-05 05:00 . 2012-06-18 00:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-05 04:56 . 2012-07-05 07:42 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-05 04:56 . 2012-07-05 07:42 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-05 04:56 . 2012-07-05 07:42 -------- d-----w- C:\4a8794088a3e3564e8add8
    2012-07-03 09:28 . 2012-07-03 09:28 15824 ----a-w- C:\FixitRegBackup.reg
    2012-07-03 08:44 . 2012-07-03 08:44 -------- d-s---w- c:\windows\SysWow64\Microsoft
    2012-07-03 08:20 . 2012-07-03 08:20 -------- d-----w- c:\users\Primp\AppData\Local\ElevatedDiagnostics
    2012-07-03 08:15 . 2012-07-05 07:42 -------- d-----w- C:\4d1a849fb5212d8e3a0b4b5888f3
    2012-06-23 08:07 . 2012-07-05 07:42 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-19 11:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-19 11:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-19 11:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-19 11:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-19 11:11 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-19 11:11 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-19 11:11 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-19 11:11 . 2012-06-02 12:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-19 11:11 . 2012-06-02 12:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-19 08:05 . 2012-06-19 08:08 -------- d-----w- c:\users\Primp\AppData\Roaming\ooVoo Details
    2012-06-19 08:05 . 2012-06-19 08:05 -------- d-----w- c:\program files (x86)\ooVoo
    2012-06-13 15:52 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-12 04:52 . 2012-06-12 04:52 -------- d-----w- c:\users\Primp\AppData\Local\Macromedia
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-24 14:38 . 2012-03-31 06:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-24 14:38 . 2012-02-08 05:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-03 20:05 . 2012-06-03 20:05 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-05-11 09:01 . 2012-05-11 09:01 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
    2012-05-11 09:01 . 2012-05-11 09:01 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-07_12.59.04 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-21 03:09 . 2012-07-08 05:21 49168 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-07-08 05:21 40446 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2012-02-08 04:44 . 2012-07-08 05:21 12224 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2289655667-1653909528-2602393308-1002_UserData.bin
    - 2011-03-22 08:28 . 2012-07-07 12:42 90752 c:\windows\system32\perfc008.dat
    + 2011-03-22 08:28 . 2012-07-08 05:24 90752 c:\windows\system32\perfc008.dat
    + 2012-02-08 22:05 . 2012-07-07 13:05 7446 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2011-04-12 14:58 . 2012-07-07 14:07 1735 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    - 2011-04-12 14:58 . 2012-07-07 12:57 1735 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    - 2012-07-07 12:58 . 2012-07-07 12:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-08 05:19 . 2012-07-08 05:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-08 05:19 . 2012-07-08 05:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-07-07 12:58 . 2012-07-07 12:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 02:36 . 2012-07-07 12:42 618274 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-07-08 05:24 618274 c:\windows\system32\perfh009.dat
    + 2011-03-22 08:28 . 2012-07-08 05:24 562226 c:\windows\system32\perfh008.dat
    - 2011-03-22 08:28 . 2012-07-07 12:42 562226 c:\windows\system32\perfh008.dat
    - 2009-07-14 02:36 . 2012-07-07 12:42 107554 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-07-08 05:24 107554 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2012-07-07 12:57 399828 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-07-07 14:07 399828 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 02:34 . 2012-07-08 05:24 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:34 . 2012-06-19 11:24 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2012-02-07 22:26 . 2012-07-07 12:57 46990608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2289655667-1653909528-2602393308-1002-8192.dat
    + 2012-02-07 22:26 . 2012-07-07 14:07 46990608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2289655667-1653909528-2602393308-1002-8192.dat
    + 2012-07-08 05:25 . 2012-07-08 05:25 10199040 c:\windows\erdnt\Hiv-backup\SCHEMA.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 94208 ----a-w- c:\users\Primp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 94208 ----a-w- c:\users\Primp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 94208 ----a-w- c:\users\Primp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "UVS11 Preload"="c:\program files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
    "QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2006-09-01 282624]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
    .
    c:\users\Primp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Primp\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    MobileGo Service.lnk - c:\program files (x86)\Wondershare\MobileGo\MobileGoService.exe [2012-5-11 245608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-10-23 46592]
    R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Υπηρεσία Τεχνολογιών ενεργοποίησης των Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-09 1255736]
    R3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2009-01-08 4136960]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-12-24 25960]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-03 283200]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Atheros\Ath_CoexAgent.exe [2010-05-24 151552]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [2010-11-25 52896]
    S2 GFNEXSrv;GFNEX Service;c:\program files (x86)\PHotkey\GFNEXSrv.exe [2010-10-06 159752]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-24 1997416]
    S2 PEGAGFN;PEGAGFN;c:\program files (x86)\PHotkey\PEGAGFN.sys [2009-09-11 14344]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
    S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
    S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-11-25 36000]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-11-25 298144]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-11-25 28832]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-11-25 201376]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-11-25 55456]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-11-25 154272]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-11-25 275616]
    S3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;c:\windows\system32\DRIVERS\fspad_wlh64.sys [2010-11-08 68608]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-07-27 78848]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-07-27 180224]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 14:38]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 97792 ----a-w- c:\users\Primp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 97792 ----a-w- c:\users\Primp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 97792 ----a-w- c:\users\Primp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 97792 ----a-w- c:\users\Primp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-20 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-20 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-20 418328]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
    "fspuip"="c:\program files (x86)\FSP\fspuip.exe" [BU]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
    "AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [2010-11-25 613536]
    "AthBtTray"="c:\program files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-11-25 379040]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "BrowserChoice"="browserchoice.exe" [2010-02-23 294912]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://redplanet.gr/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Απ&οστολή στο OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Primp\AppData\Roaming\Mozilla\Firefox\Profiles\q06ktbyx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://redplanet.gr/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    AddRemove-Any Video Converter Professional_is1 - c:\program files (x86)\AnvSoft\Any Video Converter Professional\unins000.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-07-08 08:33:05
    ComboFix-quarantined-files.txt 2012-07-08 05:33
    ComboFix2.txt 2012-07-07 13:03
    .
    Pre-Run: 14 Κατάλογοι 103.954.038.784 διαθέσιμα byte
    Post-Run: 15 Κατάλογοι 103.533.731.840 διαθέσιμα byte
    .
    - - End Of File - - 163B95F39508A3D1EE289275A996CA3C
     
  11. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Good :)

    Any current issues?

    ====================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =====================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. primp1

    primp1 TS Rookie Topic Starter Posts: 16

    So far, so good! It seems things are back in track. My only concern is that I keep getting a message at the bottom right corner of the desktop (just above the clock) that Windows are running on a test mode - Build 7601...

    After running Malwarebytes, here is the log:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.08.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Primp :: PRIMP-TURBO [administrator]

    8/7/2012 11:22:12 μμ
    mbam-log-2012-07-08 (23-22-12).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 229935
    Time elapsed: 5 minute(s), 11 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  13. Broni

    Broni Malware Annihilator Posts: 52,890   +344

  14. primp1

    primp1 TS Rookie Topic Starter Posts: 16

    Thanks! I looked it up myself while I am waiting to download OTL (Server is too busy...). However, once again many thanks for the support!!!
     
  15. Broni

    Broni Malware Annihilator Posts: 52,890   +344

  16. primp1

    primp1 TS Rookie Topic Starter Posts: 16

    Cool! Here is the first log (OTL.txt):

    OTL logfile created on: 8/7/2012 11:53:42 μμ - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Primp\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

    3,91 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 64,91% Memory free
    7,82 Gb Paging File | 6,38 Gb Available in Paging File | 81,58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 249,08 Gb Total Space | 95,76 Gb Free Space | 38,45% Space Free | Partition Type: NTFS
    Drive D: | 3,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
    Drive E: | 216,68 Gb Total Space | 37,42 Gb Free Space | 17,27% Space Free | Partition Type: NTFS

    Computer Name: PRIMP-TURBO | User Name: Primp | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/08 23:50:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Primp\Desktop\OTL.exe
    PRC - [2012/05/24 21:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Primp\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/04/17 18:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2012/01/03 16:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/09/20 15:52:58 | 000,245,608 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe
    PRC - [2011/08/24 17:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    PRC - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    PRC - [2011/01/05 20:21:00 | 003,095,048 | ---- | M] (Pegatron Corporation) -- C:\Program Files (x86)\PHotkey\POSD.exe
    PRC - [2011/01/05 19:43:20 | 000,813,576 | ---- | M] (Pegatron Corporation) -- C:\Program Files (x86)\PHotkey\PHotkey.exe
    PRC - [2010/12/24 03:26:00 | 001,997,416 | R--- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2010/10/05 16:08:46 | 002,655,768 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/10/05 16:08:42 | 000,325,656 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/05/24 15:44:48 | 000,151,552 | ---- | M] (Atheros) -- C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe
    PRC - [2010/04/27 05:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2010/01/12 17:36:00 | 000,117,256 | R--- | M] () -- C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
    PRC - [2009/12/18 15:40:48 | 000,104,968 | R--- | M] () -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
    PRC - [2007/03/06 11:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/14 09:20:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 09:20:23 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/05/12 12:17:02 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
    MOD - [2012/05/12 12:17:02 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
    MOD - [2012/05/12 12:17:01 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
    MOD - [2012/05/12 12:16:23 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/12 12:16:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/12 12:16:20 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/12 12:16:16 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011/06/02 15:28:04 | 000,904,704 | ---- | M] () -- C:\Program Files (x86)\Wondershare\MobileGo\System.Data.SQLite.dll
    MOD - [2010/11/21 06:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2009/06/11 00:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2012/06/24 17:38:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/19 08:35:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/08 23:48:45 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
    SRV - [2012/01/03 16:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2010/12/24 03:26:00 | 001,997,416 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2010/11/25 20:29:54 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
    SRV - [2010/10/06 17:46:42 | 000,159,752 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv)
    SRV - [2010/10/05 16:08:46 | 002,655,768 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/10/05 16:08:42 | 000,325,656 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/05/24 15:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/18 15:40:48 | 000,104,968 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe -- (ASLDRService)
    SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/01/08 09:38:46 | 004,136,960 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (WiselinkPro)
    SRV - [2007/03/06 11:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/06/03 23:05:35 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/28 14:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
    DRV:64bit: - [2011/08/10 17:40:58 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
    DRV:64bit: - [2011/06/26 03:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliandMP)
    DRV:64bit: - [2011/06/26 03:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliand)
    DRV:64bit: - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/12/24 03:26:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2010/12/16 12:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/11/25 20:30:12 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2010/11/25 20:30:12 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV:64bit: - [2010/11/25 20:30:12 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV:64bit: - [2010/11/25 20:30:12 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV:64bit: - [2010/11/25 20:30:12 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
    DRV:64bit: - [2010/11/25 20:30:12 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV:64bit: - [2010/11/25 20:30:10 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV:64bit: - [2010/11/24 08:24:52 | 001,565,824 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2010/11/21 06:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/21 06:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/13 20:32:40 | 002,647,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/11/08 09:52:14 | 000,068,608 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fspad_wlh64.sys -- (fspad_wlh64)
    DRV:64bit: - [2010/10/14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/09/21 04:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/09/13 13:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/08/24 12:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2010/07/27 04:45:46 | 000,180,224 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/07/27 04:45:46 | 000,078,848 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2009/10/23 11:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/11 00:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/11 00:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/11 00:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 23:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/06/10 23:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
    DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/09/11 14:11:46 | 000,014,344 | R--- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN)
    DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




    IE - HKU\S-1-5-21-2289655667-1653909528-2602393308-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://redplanet.gr/
    IE - HKU\S-1-5-21-2289655667-1653909528-2602393308-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2289655667-1653909528-2602393308-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://redplanet.gr/"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/19 08:35:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/16 11:15:07 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/19 08:35:53 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/16 11:15:07 | 000,000,000 | ---D | M]

    [2012/02/08 08:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Primp\AppData\Roaming\mozilla\Extensions
    [2012/06/13 23:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Primp\AppData\Roaming\mozilla\Firefox\Profiles\q06ktbyx.default\extensions
    [2012/03/30 22:41:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Primp\AppData\Roaming\mozilla\Firefox\Profiles\q06ktbyx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/05/31 11:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2012/05/31 11:21:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/02/11 14:39:05 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\PRIMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q06KTBYX.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
    [2012/06/13 23:52:41 | 000,185,600 | ---- | M] () (No name found) -- C:\USERS\PRIMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q06KTBYX.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI
    [2012/06/19 08:35:53 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/03/11 13:25:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/03/20 10:36:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/03/20 10:36:30 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/07/08 08:31:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
    O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Communications)
    O4:64bit: - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
    O4 - HKU\S-1-5-21-2289655667-1653909528-2602393308-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2289655667-1653909528-2602393308-1002..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-2289655667-1653909528-2602393308-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Primp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Primp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2289655667-1653909528-2602393308-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2289655667-1653909528-2602393308-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2289655667-1653909528-2602393308-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
    O8:64bit: - Extra context menu item: Απ&οστολή στο OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Απ&οστολή στο OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
    O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC014274-D8FC-4F5C-8A59-DC420E4AABC2}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/08 23:50:42 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Primp\Desktop\OTL.exe
    [2012/07/08 23:37:01 | 000,000,000 | R--D | C] -- C:\Users\Primp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    [2012/07/08 23:07:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/08 08:33:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/07 15:51:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/07 15:51:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/07 15:51:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/07 15:44:18 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/07 15:43:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/07 15:41:45 | 004,574,136 | R--- | C] (Swearware) -- C:\Users\Primp\Desktop\ComboFix.exe
    [2012/07/06 21:01:43 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/05 12:10:26 | 000,000,000 | ---D | C] -- C:\Users\Primp\AppData\Roaming\Malwarebytes
    [2012/07/05 12:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/05 12:10:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/05 12:10:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/05 12:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/05 07:56:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/07/05 07:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/05 07:56:31 | 000,000,000 | ---D | C] -- C:\4a8794088a3e3564e8add8
    [2012/07/03 11:44:07 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
    [2012/07/03 11:20:24 | 000,000,000 | ---D | C] -- C:\Users\Primp\AppData\Local\ElevatedDiagnostics
    [2012/07/03 11:15:23 | 000,000,000 | ---D | C] -- C:\4d1a849fb5212d8e3a0b4b5888f3
    [2012/06/23 11:07:51 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/06/19 11:05:40 | 000,000,000 | ---D | C] -- C:\Users\Primp\AppData\Roaming\ooVoo Details
    [2012/06/19 11:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
    [2012/06/19 11:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
    [2012/06/13 23:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player
    [2012/06/12 07:52:59 | 000,000,000 | ---D | C] -- C:\Users\Primp\AppData\Local\Macromedia

    ========== Files - Modified Within 30 Days ==========

    [2012/07/08 23:50:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Primp\Desktop\OTL.exe
    [2012/07/08 23:43:55 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/08 23:43:55 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/08 23:43:02 | 001,370,668 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/08 23:43:02 | 000,618,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/08 23:43:02 | 000,562,226 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
    [2012/07/08 23:43:02 | 000,107,554 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/08 23:43:02 | 000,090,752 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
    [2012/07/08 23:36:55 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
    [2012/07/08 23:36:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/08 23:36:22 | 3151,269,888 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/08 23:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/08 08:31:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/08 08:25:05 | 004,574,136 | R--- | M] (Swearware) -- C:\Users\Primp\Desktop\ComboFix.exe
    [2012/07/06 11:59:01 | 000,028,381 | ---- | M] () -- C:\Users\Primp\Documents\Koiliakoi.jpg
    [2012/07/06 11:24:13 | 000,194,867 | ---- | M] () -- C:\Users\Primp\Documents\Program-Bands-KIDS__101005_094537.pdf
    [2012/07/06 10:52:09 | 000,004,676 | ---- | M] () -- C:\Users\Primp\Documents\tenontitida_clip_image002_0001.jpg
    [2012/07/06 10:49:12 | 000,012,773 | ---- | M] () -- C:\Users\Primp\Documents\double-1_.jpg
    [2012/07/06 10:44:16 | 000,016,209 | ---- | M] () -- C:\Users\Primp\Documents\tenontitida_clip_image002.jpg
    [2012/07/06 10:28:43 | 000,035,975 | ---- | M] () -- C:\Users\Primp\Documents\C__Users_vasilis.zachos_AppData_Local_Opera_Opera_cache_g_0047_opr0B2XZ.jpg
    [2012/07/05 15:13:01 | 000,183,634 | ---- | M] () -- C:\Users\Primp\Documents\Stefanos Leandros.pdf
    [2012/07/05 14:12:42 | 000,352,047 | ---- | M] () -- C:\Users\Primp\Documents\Stefanos Leandros.xps
    [2012/07/05 12:10:23 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/05 11:36:42 | 000,040,992 | ---- | M] () -- C:\Users\Primp\Documents\aitisi_general.rtf
    [2012/07/05 10:32:52 | 004,550,883 | ---- | M] () -- C:\Users\Primp\Documents\Eutrophication 10.xps
    [2012/07/05 07:57:00 | 001,390,126 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/05 07:54:01 | 000,002,483 | ---- | M] () -- C:\Users\Primp\Documents\Microsoft.rtf
    [2012/07/05 07:23:30 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/03 12:45:11 | 000,000,196 | ---- | M] () -- C:\Users\Primp\Documents\Έγγραφο.rtf
    [2012/07/03 12:28:32 | 000,015,824 | ---- | M] () -- C:\FixitRegBackup.reg
    [2012/07/03 12:16:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/06/22 12:03:44 | 001,168,216 | ---- | M] () -- C:\Users\Primp\Documents\Eutrophication 9.xps
    [2012/06/22 12:02:40 | 000,984,987 | ---- | M] () -- C:\Users\Primp\Documents\Eutrophication 8.xps
    [2012/06/22 12:01:27 | 000,370,449 | ---- | M] () -- C:\Users\Primp\Documents\Eutrophication 7.xps
    [2012/06/22 12:00:52 | 001,508,785 | ---- | M] () -- C:\Users\Primp\Documents\Eutrophication 6.xps
    [2012/06/22 12:00:15 | 000,363,592 | ---- | M] () -- C:\Users\Primp\Documents\Eutrophication 5.xps
    [2012/06/22 11:59:33 | 001,286,449 | ---- | M] () -- C:\Users\Primp\Documents\Eutrophication 4.xps
    [2012/06/22 11:58:55 | 000,760,619 | ---- | M] () -- C:\Users\Primp\Documents\Eutrophication 3.xps
    [2012/06/22 11:58:22 | 000,760,729 | ---- | M] () -- C:\Users\Primp\Documents\Eutrophication 2.xps
    [2012/06/22 11:57:41 | 000,250,989 | ---- | M] () -- C:\Users\Primp\Documents\Eutrophication 1.xps
    [2012/06/21 15:56:29 | 000,077,704 | ---- | M] () -- C:\Users\Primp\Documents\Euro(vision)2012.jpg
    [2012/06/21 13:36:23 | 000,296,263 | ---- | M] () -- C:\Users\Primp\Documents\Paper 4.xps
    [2012/06/21 13:35:40 | 000,098,650 | ---- | M] () -- C:\Users\Primp\Documents\Paper 3.xps
    [2012/06/21 13:34:54 | 000,462,503 | ---- | M] () -- C:\Users\Primp\Documents\Paper 2.xps
    [2012/06/20 14:29:58 | 000,461,475 | ---- | M] () -- C:\Users\Primp\Documents\Paper 1.xps
    [2012/06/20 14:24:00 | 000,510,715 | ---- | M] () -- C:\Users\Primp\Documents\Exploring interactions among interdital macrozoobenthos of the Dutch Wadden Sea using population growth models.pdf
    [2012/06/19 11:05:33 | 000,001,861 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
    [2012/06/14 09:19:08 | 000,440,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/13 23:55:21 | 000,001,154 | ---- | M] () -- C:\Users\Primp\Application Data\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk
    [2012/06/13 23:55:21 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\BS.Player FREE.lnk
    [2012/06/13 16:30:01 | 000,154,450 | ---- | M] () -- C:\Users\Primp\Documents\FEK_ΤΡΟΠΟΠΟΙΗΣΗ.pdf
    [2012/06/13 14:57:44 | 001,845,363 | ---- | M] () -- C:\Users\Primp\Documents\OAED.pdf
    [2012/06/12 11:57:25 | 000,301,308 | ---- | M] () -- C:\Users\Primp\Documents\Βιογραφικό Σημείωμα.pdf

    ========== Files Created - No Company Name ==========

    [2012/07/07 15:51:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/07 15:51:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/07 15:51:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/07 15:51:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/07 15:51:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/06 11:59:01 | 000,028,381 | ---- | C] () -- C:\Users\Primp\Documents\Koiliakoi.jpg
    [2012/07/06 11:24:13 | 000,194,867 | ---- | C] () -- C:\Users\Primp\Documents\Program-Bands-KIDS__101005_094537.pdf
    [2012/07/06 10:52:08 | 000,004,676 | ---- | C] () -- C:\Users\Primp\Documents\tenontitida_clip_image002_0001.jpg
    [2012/07/06 10:49:12 | 000,012,773 | ---- | C] () -- C:\Users\Primp\Documents\double-1_.jpg
    [2012/07/06 10:44:16 | 000,016,209 | ---- | C] () -- C:\Users\Primp\Documents\tenontitida_clip_image002.jpg
    [2012/07/06 10:28:42 | 000,035,975 | ---- | C] () -- C:\Users\Primp\Documents\C__Users_vasilis.zachos_AppData_Local_Opera_Opera_cache_g_0047_opr0B2XZ.jpg
    [2012/07/05 15:12:09 | 000,183,634 | ---- | C] () -- C:\Users\Primp\Documents\Stefanos Leandros.pdf
    [2012/07/05 14:12:42 | 000,352,047 | ---- | C] () -- C:\Users\Primp\Documents\Stefanos Leandros.xps
    [2012/07/05 12:10:23 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/05 11:36:42 | 000,040,992 | ---- | C] () -- C:\Users\Primp\Documents\aitisi_general.rtf
    [2012/07/05 10:32:41 | 004,550,883 | ---- | C] () -- C:\Users\Primp\Documents\Eutrophication 10.xps
    [2012/07/05 07:57:03 | 000,001,919 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/05 07:54:01 | 000,002,483 | ---- | C] () -- C:\Users\Primp\Documents\Microsoft.rtf
    [2012/07/03 12:45:11 | 000,000,196 | ---- | C] () -- C:\Users\Primp\Documents\Έγγραφο.rtf
    [2012/07/03 12:28:31 | 000,015,824 | ---- | C] () -- C:\FixitRegBackup.reg
    [2012/07/03 12:16:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/06/22 12:03:42 | 001,168,216 | ---- | C] () -- C:\Users\Primp\Documents\Eutrophication 9.xps
    [2012/06/22 12:02:38 | 000,984,987 | ---- | C] () -- C:\Users\Primp\Documents\Eutrophication 8.xps
    [2012/06/22 12:01:26 | 000,370,449 | ---- | C] () -- C:\Users\Primp\Documents\Eutrophication 7.xps
    [2012/06/22 12:00:46 | 001,508,785 | ---- | C] () -- C:\Users\Primp\Documents\Eutrophication 6.xps
    [2012/06/22 12:00:14 | 000,363,592 | ---- | C] () -- C:\Users\Primp\Documents\Eutrophication 5.xps
    [2012/06/22 11:59:26 | 001,286,449 | ---- | C] () -- C:\Users\Primp\Documents\Eutrophication 4.xps
    [2012/06/22 11:58:53 | 000,760,619 | ---- | C] () -- C:\Users\Primp\Documents\Eutrophication 3.xps
    [2012/06/22 11:58:20 | 000,760,729 | ---- | C] () -- C:\Users\Primp\Documents\Eutrophication 2.xps
    [2012/06/22 11:57:38 | 000,250,989 | ---- | C] () -- C:\Users\Primp\Documents\Eutrophication 1.xps
    [2012/06/21 15:56:28 | 000,077,704 | ---- | C] () -- C:\Users\Primp\Documents\Euro(vision)2012.jpg
    [2012/06/21 13:36:21 | 000,296,263 | ---- | C] () -- C:\Users\Primp\Documents\Paper 4.xps
    [2012/06/21 13:35:39 | 000,098,650 | ---- | C] () -- C:\Users\Primp\Documents\Paper 3.xps
    [2012/06/21 13:34:53 | 000,462,503 | ---- | C] () -- C:\Users\Primp\Documents\Paper 2.xps
    [2012/06/20 14:29:55 | 000,461,475 | ---- | C] () -- C:\Users\Primp\Documents\Paper 1.xps
    [2012/06/20 14:24:00 | 000,510,715 | ---- | C] () -- C:\Users\Primp\Documents\Exploring interactions among interdital macrozoobenthos of the Dutch Wadden Sea using population growth models.pdf
    [2012/06/19 11:05:33 | 000,001,861 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
    [2012/06/13 23:55:21 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\BS.Player FREE.lnk
    [2012/06/13 16:30:01 | 000,154,450 | ---- | C] () -- C:\Users\Primp\Documents\FEK_ΤΡΟΠΟΠΟΙΗΣΗ.pdf
    [2012/06/13 14:57:44 | 001,845,363 | ---- | C] () -- C:\Users\Primp\Documents\OAED.pdf
    [2012/04/16 18:58:46 | 000,632,832 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2012/04/16 18:58:46 | 000,235,520 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2012/02/15 14:01:22 | 000,210,456 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
    [2012/02/15 14:01:22 | 000,206,360 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
    [2012/02/15 14:01:22 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
    [2012/02/15 14:01:22 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
    [2012/02/15 14:01:22 | 000,194,072 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
    [2012/02/15 14:01:22 | 000,026,136 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
    [2012/02/15 11:44:12 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
    [2012/02/08 23:50:42 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
    [2011/04/15 15:51:54 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/04/15 15:51:54 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/04/15 15:51:54 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/04/15 15:50:21 | 000,008,192 | R--- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
    [2011/04/12 18:13:21 | 001,390,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== LOP Check ==========

    [2012/04/16 19:03:53 | 000,000,000 | ---D | M] -- C:\Users\Primp\AppData\Roaming\AnvSoft
    [2012/05/22 15:46:54 | 000,000,000 | ---D | M] -- C:\Users\Primp\AppData\Roaming\BSplayer
    [2012/05/04 22:59:59 | 000,000,000 | ---D | M] -- C:\Users\Primp\AppData\Roaming\BSplayer Pro
    [2012/07/03 22:47:34 | 000,000,000 | ---D | M] -- C:\Users\Primp\AppData\Roaming\DAEMON Tools Lite
    [2012/07/08 23:37:53 | 000,000,000 | ---D | M] -- C:\Users\Primp\AppData\Roaming\Dropbox
    [2012/02/08 12:51:48 | 000,000,000 | ---D | M] -- C:\Users\Primp\AppData\Roaming\Greekddl
    [2012/02/15 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Primp\AppData\Roaming\ImgBurn
    [2012/04/13 23:00:53 | 000,000,000 | ---D | M] -- C:\Users\Primp\AppData\Roaming\mkvtoolnix
    [2012/06/19 11:08:00 | 000,000,000 | ---D | M] -- C:\Users\Primp\AppData\Roaming\ooVoo Details
    [2012/02/25 23:51:55 | 000,000,000 | ---D | M] -- C:\Users\Primp\AppData\Roaming\Replay Media Catcher 4
    [2012/02/14 16:23:39 | 000,000,000 | ---D | M] -- C:\Users\Primp\AppData\Roaming\Thinstall
    [2012/02/16 07:16:07 | 000,000,000 | ---D | M] -- C:\Users\Primp\AppData\Roaming\Ulead Systems
    [2012/07/05 10:42:08 | 000,000,000 | ---D | M] -- C:\Users\Primp\AppData\Roaming\uTorrent
    [2012/05/11 11:52:39 | 000,000,000 | ---D | M] -- C:\Users\Primp\AppData\Roaming\Wondershare
    [2012/06/21 09:03:11 | 000,032,498 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:661DFA1C

    < End of report >
     
  17. primp1

    primp1 TS Rookie Topic Starter Posts: 16

    And the Extras.txt:
    OTL Extras logfile created on: 8/7/2012 11:53:42 μμ - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Primp\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

    3,91 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 64,91% Memory free
    7,82 Gb Paging File | 6,38 Gb Available in Paging File | 81,58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 249,08 Gb Total Space | 95,76 Gb Free Space | 38,45% Space Free | Partition Type: NTFS
    Drive D: | 3,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
    Drive E: | 216,68 Gb Total Space | 37,42 Gb Free Space | 17,27% Space Free | Partition Type: NTFS

    Computer Name: PRIMP-TURBO | User Name: Primp | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\Windows\regedit.exe ()

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .reg [@ = regfile] -- C:\Windows\regedit.exe ()

    [HKEY_USERS\S-1-5-21-2289655667-1653909528-2602393308-1002\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [open] -- regedit.exe "%1" ()
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [open] -- regedit.exe "%1" ()
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0408-1000-0000000FF1CE}" = Microsoft Office Access MUI (Greek) 2010
    "{90140000-0015-0408-1000-0000000FF1CE}_Office14.PROPLUS_{39D7D104-10FA-4DD1-82A2-A6C34865E6CB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0408-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Greek) 2010
    "{90140000-0016-0408-1000-0000000FF1CE}_Office14.PROPLUS_{39D7D104-10FA-4DD1-82A2-A6C34865E6CB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0408-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Greek) 2010
    "{90140000-0018-0408-1000-0000000FF1CE}_Office14.PROPLUS_{39D7D104-10FA-4DD1-82A2-A6C34865E6CB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0408-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Greek) 2010
    "{90140000-0019-0408-1000-0000000FF1CE}_Office14.PROPLUS_{39D7D104-10FA-4DD1-82A2-A6C34865E6CB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0408-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Greek) 2010
    "{90140000-001A-0408-1000-0000000FF1CE}_Office14.PROPLUS_{39D7D104-10FA-4DD1-82A2-A6C34865E6CB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0408-1000-0000000FF1CE}" = Microsoft Office Word MUI (Greek) 2010
    "{90140000-001B-0408-1000-0000000FF1CE}_Office14.PROPLUS_{39D7D104-10FA-4DD1-82A2-A6C34865E6CB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
    "{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0408-1000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2010
    "{90140000-001F-0408-1000-0000000FF1CE}_Office14.PROPLUS_{C237F777-8DD0-4200-8540-7D4112C9B97F}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0408-1000-0000000FF1CE}" = Microsoft Office Proofing (Greek) 2010
    "{90140000-002C-0408-1000-0000000FF1CE}_Office14.PROPLUS_{E6D97278-C584-4766-8F76-F9EF7FDFCD4F}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0408-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Greek) 2010
    "{90140000-0043-0408-1000-0000000FF1CE}_Office14.PROPLUS_{E8722DB8-67AB-4238-AF30-EE2B62FC32CF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0408-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Greek) 2010
    "{90140000-0044-0408-1000-0000000FF1CE}_Office14.PROPLUS_{39D7D104-10FA-4DD1-82A2-A6C34865E6CB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0408-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Greek) 2010
    "{90140000-006E-0408-1000-0000000FF1CE}_Office14.PROPLUS_{734A3927-FD2A-4628-9FD8-CE06840CFD29}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0408-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Greek) 2010
    "{90140000-00A1-0408-1000-0000000FF1CE}_Office14.PROPLUS_{39D7D104-10FA-4DD1-82A2-A6C34865E6CB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0408-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Greek) 2010
    "{90140000-00BA-0408-1000-0000000FF1CE}_Office14.PROPLUS_{39D7D104-10FA-4DD1-82A2-A6C34865E6CB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{9EC10607-4F0B-336D-80FE-B869F4D55ABC}" = Microsoft .NET Framework 4 Client Profile ELL Language Pack
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.39
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger Sensing Pad Driver
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile ELL Language Pack" = Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Client Profile
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
    "Microsoft Security Client" = Microsoft Security Essentials
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "WinRAR archiver" = WinRAR 4.10 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1" = Wondershare MobileGo ( Version 1.1.0 )
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
    "{48106FE4-B1AF-4941-BF3D-83E6C4B7CAF3}" = Alcor Micro USB Card Reader
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8C8D2898-652B-4C39-BC26-C80CA58D98E1}" = AVEO USB2.0 PC Camera(E2WVTM2N90829)
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B39AA98E-C966-46C9-ACA2-D2586E300988}" = WinFlash
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
    "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AmUStor" = Alcor Micro USB Card Reader
    "Any Video Converter Professional_is1" = Any Video Converter Professional 3.0.7
    "Any Video Converter Ultimate_is1" = Any Video Converter Ultimate 4.3.5
    "BSPlayerf" = BS.Player FREE
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "ImgBurn" = ImgBurn
    "InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
    "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware έκδοση 1.61.0.1400
    "MKVtoolnix" = MKVToolNix 5.6.0
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Replay Media Catcher 4" = Replay Media Catcher 4 (4.3.2)
    "SopCast" = SopCast 3.5.0
    "TMM70" = TELL ME MORE
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.1
    "WinLiveSuite" = Windows Live Essentials
    "xvid" = Xvid MPEG-4 Video Codec

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2289655667-1653909528-2602393308-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 4/7/2012 4:49:00 μμ | Computer Name = Primp-Turbo | Source = Application Error | ID = 1000
    Description = Όνομα ελαττωματικής εφαρμογής wmpnscfg.exe, έκδοση 12.0.7600.16385,
    χρονική σήμανση 0x4a5bd026 Όνομα ελαττωματικής λειτουργικής μονάδας KERNELBASE.dll,
    έκδοση 6.1.7601.17651, χρονική σήμανση 0x4e21213c Κωδικός εξαίρεσης: 0xc06d007f Μετατόπιση
    σφάλματος: 0x000000000000cacd Αναγνωριστικό ελαττωματικής διεργασίας: 0x678 Χρόνος
    έναρξης ελαττωματικής εφαρμογής: 0x01cd5a2670742a16 Διαδρομή ελαττωματικής εφαρμογής:
    C:\Program Files\Windows Media Player\wmpnscfg.exe Διαδρομή ελλατωματικής λειτουργικής
    μονάδας:C:\Windows\system32\KERNELBASE.dll Αναγνωριστικό αναφοράς:ae3fe559-c619-11e1-bc59-e0915361b2f5

    Error - 4/7/2012 4:49:23 μμ | Computer Name = Primp-Turbo | Source = Application Error | ID = 1000
    Description = Όνομα ελαττωματικής εφαρμογής wmpnscfg.exe, έκδοση 12.0.7600.16385,
    χρονική σήμανση 0x4a5bd026 Όνομα ελαττωματικής λειτουργικής μονάδας KERNELBASE.dll,
    έκδοση 6.1.7601.17651, χρονική σήμανση 0x4e21213c Κωδικός εξαίρεσης: 0xc06d007f Μετατόπιση
    σφάλματος: 0x000000000000cacd Αναγνωριστικό ελαττωματικής διεργασίας: 0xd70 Χρόνος
    έναρξης ελαττωματικής εφαρμογής: 0x01cd5a267e43053c Διαδρομή ελαττωματικής εφαρμογής:
    C:\Program Files\Windows Media Player\wmpnscfg.exe Διαδρομή ελλατωματικής λειτουργικής
    μονάδας:C:\Windows\system32\KERNELBASE.dll Αναγνωριστικό αναφοράς:bbf4cfdd-c619-11e1-bc59-e0915361b2f5

    Error - 4/7/2012 5:14:25 μμ | Computer Name = Primp-Turbo | Source = Microsoft-Windows-Defrag | ID = 257
    Description =

    Error - 4/7/2012 5:47:44 μμ | Computer Name = Primp-Turbo | Source = Microsoft-Windows-Defrag | ID = 257
    Description =

    Error - 4/7/2012 6:20:56 μμ | Computer Name = Primp-Turbo | Source = Microsoft-Windows-Defrag | ID = 257
    Description =

    Error - 4/7/2012 11:31:21 μμ | Computer Name = Primp-Turbo | Source = Application Error | ID = 1000
    Description = Όνομα ελαττωματικής εφαρμογής wmpnscfg.exe, έκδοση 12.0.7600.16385,
    χρονική σήμανση 0x4a5bd026 Όνομα ελαττωματικής λειτουργικής μονάδας KERNELBASE.dll,
    έκδοση 6.1.7601.17651, χρονική σήμανση 0x4e21213c Κωδικός εξαίρεσης: 0xc06d007f Μετατόπιση
    σφάλματος: 0x000000000000cacd Αναγνωριστικό ελαττωματικής διεργασίας: 0x10ec Χρόνος
    έναρξης ελαττωματικής εφαρμογής: 0x01cd5a5ea5497c2b Διαδρομή ελαττωματικής εφαρμογής:
    C:\Program Files\Windows Media Player\wmpnscfg.exe Διαδρομή ελλατωματικής λειτουργικής
    μονάδας:C:\Windows\system32\KERNELBASE.dll Αναγνωριστικό αναφοράς:e312978e-c651-11e1-9be3-e0915361b2f5

    Error - 4/7/2012 11:31:21 μμ | Computer Name = Primp-Turbo | Source = Application Error | ID = 1000
    Description = Όνομα ελαττωματικής εφαρμογής wmpnscfg.exe, έκδοση 12.0.7600.16385,
    χρονική σήμανση 0x4a5bd026 Όνομα ελαττωματικής λειτουργικής μονάδας KERNELBASE.dll,
    έκδοση 6.1.7601.17651, χρονική σήμανση 0x4e21213c Κωδικός εξαίρεσης: 0xc06d007f Μετατόπιση
    σφάλματος: 0x000000000000cacd Αναγνωριστικό ελαττωματικής διεργασίας: 0x107c Χρόνος
    έναρξης ελαττωματικής εφαρμογής: 0x01cd5a5ea538d289 Διαδρομή ελαττωματικής εφαρμογής:
    C:\Program Files\Windows Media Player\wmpnscfg.exe Διαδρομή ελλατωματικής λειτουργικής
    μονάδας:C:\Windows\system32\KERNELBASE.dll Αναγνωριστικό αναφοράς:e312be9e-c651-11e1-9be3-e0915361b2f5

    Error - 5/7/2012 12:25:45 πμ | Computer Name = Primp-Turbo | Source = Application Error | ID = 1000
    Description = Όνομα ελαττωματικής εφαρμογής wmpnscfg.exe, έκδοση 12.0.7600.16385,
    χρονική σήμανση 0x4a5bd026 Όνομα ελαττωματικής λειτουργικής μονάδας KERNELBASE.dll,
    έκδοση 6.1.7601.17651, χρονική σήμανση 0x4e21213c Κωδικός εξαίρεσης: 0xc06d007f Μετατόπιση
    σφάλματος: 0x000000000000cacd Αναγνωριστικό ελαττωματικής διεργασίας: 0xf50 Χρόνος
    έναρξης ελαττωματικής εφαρμογής: 0x01cd5a663b90b194 Διαδρομή ελαττωματικής εφαρμογής:
    C:\Program Files\Windows Media Player\wmpnscfg.exe Διαδρομή ελλατωματικής λειτουργικής
    μονάδας:C:\Windows\system32\KERNELBASE.dll Αναγνωριστικό αναφοράς:7d0149c3-c659-11e1-bbb6-e0915361b2f5

    Error - 5/7/2012 12:25:45 πμ | Computer Name = Primp-Turbo | Source = Application Error | ID = 1000
    Description = Όνομα ελαττωματικής εφαρμογής wmpnscfg.exe, έκδοση 12.0.7600.16385,
    χρονική σήμανση 0x4a5bd026 Όνομα ελαττωματικής λειτουργικής μονάδας KERNELBASE.dll,
    έκδοση 6.1.7601.17651, χρονική σήμανση 0x4e21213c Κωδικός εξαίρεσης: 0xc06d007f Μετατόπιση
    σφάλματος: 0x000000000000cacd Αναγνωριστικό ελαττωματικής διεργασίας: 0xf88 Χρόνος
    έναρξης ελαττωματικής εφαρμογής: 0x01cd5a663bc9d29b Διαδρομή ελαττωματικής εφαρμογής:
    C:\Program Files\Windows Media Player\wmpnscfg.exe Διαδρομή ελλατωματικής λειτουργικής
    μονάδας:C:\Windows\system32\KERNELBASE.dll Αναγνωριστικό αναφοράς:7d0170d3-c659-11e1-bbb6-e0915361b2f5

    Error - 5/7/2012 12:27:20 πμ | Computer Name = Primp-Turbo | Source = Software Protection Platform Service | ID = 1001
    Description = Η εκκίνηση της Υπηρεσίας προστασίας λογισμικού απέτυχε. 0xD0000022
    6.1.7601.17514

    [ System Events ]
    Error - 25/6/2012 4:00:09 πμ | Computer Name = Primp-Turbo | Source = Service Control Manager | ID = 7023
    Description = Η υπηρεσία Δημοσίευση πόρων εντοπισμού λειτουργιών τερματίστηκε με
    το ακόλουθο σφάλμα: %%-2147024891

    Error - 25/6/2012 4:00:09 πμ | Computer Name = Primp-Turbo | Source = Service Control Manager | ID = 7003
    Description = Η υπηρεσία Παράγοντας πολιτικής IPsec εξαρτάται από την ακόλουθη υπηρεσία:
    BFE. Αυτή η υπηρεσία ενδέχεται να μην είναι εγκατεστημένη.

    Error - 25/6/2012 4:00:10 πμ | Computer Name = Primp-Turbo | Source = Service Control Manager | ID = 7026
    Description = Απέτυχε η φόρτωση των ακόλουθων προγραμμάτων οδήγησης της εκκίνησης
    του υπολογιστή ή της εκκίνησης του συστήματος: MpFilter

    Error - 25/6/2012 9:12:03 πμ | Computer Name = Primp-Turbo | Source = Service Control Manager | ID = 7023
    Description = Η υπηρεσία Αναζήτηση υπολογιστών τερματίστηκε με το ακόλουθο σφάλμα:
    %%1060

    Error - 25/6/2012 9:12:04 πμ | Computer Name = Primp-Turbo | Source = Service Control Manager | ID = 7003
    Description = Η υπηρεσία Λειτουργικές μονάδες κλειδιών IKE και AuthIP IPsec εξαρτάται
    από την ακόλουθη υπηρεσία: BFE. Αυτή η υπηρεσία ενδέχεται να μην είναι εγκατεστημένη.

    Error - 25/6/2012 9:12:05 πμ | Computer Name = Primp-Turbo | Source = Service Control Manager | ID = 7023
    Description = Η υπηρεσία Δημοσίευση πόρων εντοπισμού λειτουργιών τερματίστηκε με
    το ακόλουθο σφάλμα: %%-2147024891

    Error - 25/6/2012 9:12:05 πμ | Computer Name = Primp-Turbo | Source = Service Control Manager | ID = 7003
    Description = Η υπηρεσία Παράγοντας πολιτικής IPsec εξαρτάται από την ακόλουθη υπηρεσία:
    BFE. Αυτή η υπηρεσία ενδέχεται να μην είναι εγκατεστημένη.

    Error - 25/6/2012 9:12:07 πμ | Computer Name = Primp-Turbo | Source = Service Control Manager | ID = 7026
    Description = Απέτυχε η φόρτωση των ακόλουθων προγραμμάτων οδήγησης της εκκίνησης
    του υπολογιστή ή της εκκίνησης του συστήματος: MpFilter

    Error - 25/6/2012 9:13:06 πμ | Computer Name = Primp-Turbo | Source = Service Control Manager | ID = 7023
    Description = Η υπηρεσία Δημοσίευση πόρων εντοπισμού λειτουργιών τερματίστηκε με
    το ακόλουθο σφάλμα: %%-2147024891

    Error - 25/6/2012 9:13:06 πμ | Computer Name = Primp-Turbo | Source = Service Control Manager | ID = 7001
    Description = Η υπηρεσία Υπηρεσία παροχής οικιακής ομάδας εξαρτάται από την υπηρεσία
    Δημοσίευση πόρων εντοπισμού λειτουργιών της οποίας η εκκίνηση απέτυχε εξαιτίας
    του ακόλουθου σφάλματος: %%-2147024891


    < End of report >
     
  18. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4 - HKU\S-1-5-21-2289655667-1653909528-2602393308-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O8:64bit: - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
      O8:64bit: - Extra context menu item: Απ&οστολή στο OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
      O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: Απ&οστολή στο OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
      O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
      @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:661DFA1C
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===============================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  19. primp1

    primp1 TS Rookie Topic Starter Posts: 16

    Here is the OTL's log:

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2289655667-1653909528-2602393308-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&ξαγωγή στο Microsoft Excel\ deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Απ&οστολή στο OneNote\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&ξαγωγή στο Microsoft Excel\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Απ&οστολή στο OneNote\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.
    ADS C:\ProgramData\TEMP:661DFA1C deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Primp
    ->Temp folder emptied: 3225 bytes
    ->Temporary Internet Files folder emptied: 76388096 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 523022810 bytes
    ->Flash cache emptied: 44325 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 25836 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 53854145 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 623,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Primp
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Primp
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.53.1 log created on 07092012_001518

    Files\Folders moved on Reboot...
    C:\Users\Primp\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\Primp\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
     
  20. primp1

    primp1 TS Rookie Topic Starter Posts: 16

    From Security Check:

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 31
    Adobe Flash Player 11.3.300.262
    Adobe Reader X (10.1.3)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````


    Farbar Service Scanner:

    Farbar Service Scanner Version: 08-07-2012
    Ran by Primp (administrator) on 09-07-2012 at 00:27:38
    Running from "C:\Users\Primp\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****


    For TFC, again server is busy... :(
     
  21. Broni

    Broni Malware Annihilator Posts: 52,890   +344

  22. primp1

    primp1 TS Rookie Topic Starter Posts: 16

    Busy again...
     
  23. Broni

    Broni Malware Annihilator Posts: 52,890   +344

  24. primp1

    primp1 TS Rookie Topic Starter Posts: 16

    Sorry I gave up yesterday, but I kept trying till 2.00 am and then went to sleep. Here is the ESETScan log:

    C:\FRST\Quarantine\0i763f66bz.exe Win32/Wigon.OW trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\53d2bc0aae3392cd.sys Win64/Necurs.A trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan deleted - quarantined
    C:\FRST\Quarantine\{4eac500b-479f-5042-11b6-d7bcfd1bc3ec}\U\80000000.@ Win64/Sirefef.AL trojan cleaned by deleting - quarantined
    C:\Users\Primp\Documents\Microsoft Office Professional Plus 2010 X64 v.14.0.4760.1000 - Greek\Activator\mini-KMS_Activator_v1.053_ENG.exe a variant of Win32/HackKMS.A application deleted - quarantined
    E:\PRIMP-TURBO\Backup Set 2012-06-10 210230\Backup Files 2012-06-10 210230\Backup files 1.zip a variant of Win32/HackKMS.A application deleted - quarantined
    E:\PRIMP-TURBO\Backup Set 2012-06-10 210230\Backup Files 2012-06-24 190000\Backup files 4.zip JS/Iframe.EI trojan deleted - quarantined
    E:\PRIMP-TURBO\Backup Set 2012-06-10 210230\Backup Files 2012-06-24 190000\Backup files 6.zip a variant of Java/Exploit.CVE-2012-0507.CD trojan deleted - quarantined
    E:\PRIMP-TURBO\Backup Set 2012-07-08 231738\Backup Files 2012-07-08 231738\Backup files 1.zip a variant of Win32/HackKMS.A application deleted - quarantined

    Is this the (happy) end??? :)
     
  25. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =============================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...