Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I don't know maybe malware what I do? [Solved]

Started by Fashion Crab , Jun 15 2014 09:05 AM
malware virus

  • This topic is locked This topic is locked
31 replies to this topic

#16 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 19 June 2014 - 11:20 AM

Ok that looks better.  Oh...please move ComboFix to the Desktop of the infected system.  :)

 

How is your computer running?


Posted Image
 
 

    Advertisements

Register to Remove

#17 Fashion Crab

Fashion Crab

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 19 June 2014 - 11:59 AM

Hi Jeff

Actually a lot better... The updates are ok and evereything is rolling..

Thanks Jeff for your time and your advices...!!!


#18 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 20 June 2014 - 01:14 PM

Good to hear and sorry for any delay.

 

When you ran OTL the first time there was a log that you attached to a reply labeled Extras.txt.....Could you actually post that into a reply here please?  :)


Posted Image
 
 

#19 Fashion Crab

Fashion Crab

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 20 June 2014 - 03:48 PM

Yes of course... Altough I couldn't find Extras.txt so I did a scan again according to the instructions you gave me on previous post.

Here is the new one...

 

OTL logfile created on: 21/6/2014 12:40:02 πμ - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Τα Αρχεία\Anti Malware
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy
 
7,69 Gb Total Physical Memory | 5,15 Gb Available Physical Memory | 66,96% Memory free
15,38 Gb Paging File | 12,73 Gb Available in Paging File | 82,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 53,49 Gb Total Space | 10,98 Gb Free Space | 20,53% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 586,71 Gb Free Space | 62,99% Space Free | Partition Type: NTFS
 
Computer Name: NICK-THE-GREEK | User Name: Νίκος | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - E:\Τα Αρχεία\Anti Malware\OTL.exe (OldTimer Tools)
PRC - C:\Users\Νίκος\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Users\Νίκος\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\users\3e30~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_0ohwj.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll ()
MOD - C:\Users\Νίκος\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Users\Νίκος\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.DLL ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll ()
MOD - C:\PROGRA~2\MICROS~3\Office14\1033\GrooveIntlResource.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswsnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswstm.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (SCDEmu) -- C:\windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD64.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes\{75F4C050-6DFA-41C2-AA04-ADD311301896}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{B43E4D8D-4662-40D6-8F64-3A9C0ACE97AF}: "URL" = http://www.google.co...utputEncoding?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{75F4C050-6DFA-41C2-AA04-ADD311301896}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{B43E4D8D-4662-40D6-8F64-3A9C0ACE97AF}: "URL" = http://www.google.co...utputEncoding?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.e-shop.gr [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{75F4C050-6DFA-41C2-AA04-ADD311301896}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.gr/
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Νίκος\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: No name found = C:\Users\Νίκος\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Νίκος\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Νίκος\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Νίκος\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.34_0\
CHR - Extension: AdBlock = C:\Users\Νίκος\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.35_0\
CHR - Extension: AdBlock = C:\Users\Νίκος\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.35_1\
CHR - Extension: AdBlock = C:\Users\Νίκος\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.37_0\
CHR - Extension: AdBlock = C:\Users\Νίκος\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.1_0\
CHR - Extension: AdBlock = C:\Users\Νίκος\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.3_0\
CHR - Extension: avast! Online Security = C:\Users\Νίκος\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: PDF To Word Converter = C:\Users\Νίκος\AppData\Local\Google\Chrome\User Data\Default\Extensions\kijcidehmghliocaelamimgiaiogcjal\1.1.5_0\
CHR - Extension: PDF To Word Converter = C:\Users\Νίκος\AppData\Local\Google\Chrome\User Data\Default\Extensions\kijcidehmghliocaelamimgiaiogcjal\1.1.5_1\
CHR - Extension: Ξ ΞΏΟτοφΟλι Google = C:\Users\Νίκος\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Ξ ΞΏΟτοφΟλι Google = C:\Users\Νίκος\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Ξ ΞΏΟτοφΟλι Google = C:\Users\Νίκος\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_2\
CHR - Extension: Bloxorz = C:\Users\Νίκος\AppData\Local\Google\Chrome\User Data\Default\Extensions\phiaicokjaoaobiobphcfkmbeiejdang\1.0.0_0\
CHR - Extension: Bloxorz = C:\Users\Νίκος\AppData\Local\Google\Chrome\User Data\Default\Extensions\phiaicokjaoaobiobphcfkmbeiejdang\1.0.0_1\
CHR - Extension: No name found = C:\Users\Νίκος\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/06/19 20:13:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_571D22E49CCFB829BACD91D4C5AB2D91] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Users\Νίκος\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Users\Νίκος\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Νίκος\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{096BE5B1-A0E6-47DD-A7EE-A269EC807FA4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA59D308-BC67-4290-9536-AEB8BDB3CB29}: DhcpNameServer = 127.0.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/19 20:13:33 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/06/16 21:56:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2014/06/16 21:56:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2014/06/16 21:56:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2014/06/16 21:53:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/06/16 21:52:59 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2014/06/16 21:51:39 | 005,207,168 | R--- | C] (Swearware) -- C:\Users\Νίκος\Desktop\ComboFix.exe
[2014/06/16 00:08:37 | 000,000,000 | ---D | C] -- C:\Users\Νίκος\AppData\Roaming\AVAST Software
[2014/06/16 00:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/06/16 00:08:06 | 001,039,096 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswsnx.sys.1402866490882
[2014/06/16 00:08:06 | 001,039,096 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswsnx.sys
[2014/06/16 00:08:06 | 000,423,240 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys.1402866490882
[2014/06/16 00:08:06 | 000,423,240 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys
[2014/06/16 00:08:06 | 000,085,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswstm.sys
[2014/06/16 00:08:06 | 000,079,184 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2014/06/16 00:08:05 | 000,334,648 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2014/06/16 00:08:05 | 000,093,568 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2014/06/16 00:08:04 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2014/06/16 00:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/06/15 23:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2014/06/15 23:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2014/06/15 23:42:03 | 000,000,000 | ---D | C] -- C:\Users\Νίκος\AppData\Local\Avg2014
[2014/06/15 23:26:16 | 000,000,000 | ---D | C] -- C:\FRST
[2014/06/15 23:12:12 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/06/15 23:12:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/15 23:03:17 | 000,423,240 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\drtxzqnm.sys
[2014/06/15 17:28:46 | 000,423,240 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\hsjzfvjk.sys
[2014/06/15 17:00:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/06/15 17:00:30 | 000,000,000 | ---D | C] -- C:\Users\Νίκος\AppData\Local\MFAData
[2014/06/15 17:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/06/15 16:49:49 | 000,423,240 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\jqaiimcs.sys
[2014/06/14 21:05:52 | 000,000,000 | ---D | C] -- C:\Users\Νίκος\AppData\Roaming\QuickScan
[2014/06/14 20:59:23 | 000,423,240 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\qfphbyli.sys
[2014/06/12 19:57:28 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/06/12 19:57:28 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/05/30 23:38:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMIG
[2014/05/27 21:02:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter
[2014/05/27 21:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Δήλωση χρήστη Canon MG2400 series
[2014/05/27 21:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2014/05/27 21:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2400 series Manual
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/21 00:17:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/06/21 00:03:00 | 000,001,182 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/20 22:55:34 | 000,021,888 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/20 22:55:34 | 000,021,888 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/20 22:54:25 | 001,488,880 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/06/20 22:54:25 | 000,653,930 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/06/20 22:54:25 | 000,606,732 | ---- | M] () -- C:\windows\SysNative\perfh008.dat
[2014/06/20 22:54:25 | 000,121,802 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/06/20 22:54:25 | 000,110,928 | ---- | M] () -- C:\windows\SysNative\perfc008.dat
[2014/06/20 22:48:45 | 000,001,178 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/20 22:48:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/06/19 20:13:32 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2014/06/19 20:06:47 | 005,207,168 | R--- | M] (Swearware) -- C:\Users\Νίκος\Desktop\ComboFix.exe
[2014/06/16 00:08:18 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/06/16 00:08:10 | 001,039,096 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsnx.sys
[2014/06/16 00:08:10 | 000,423,240 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys
[2014/06/16 00:08:10 | 000,085,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswstm.sys
[2014/06/16 00:08:04 | 001,039,096 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsnx.sys.1402866490882
[2014/06/16 00:08:04 | 000,423,240 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys.1402866490882
[2014/06/16 00:08:04 | 000,334,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2014/06/16 00:08:04 | 000,208,416 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2014/06/16 00:08:04 | 000,093,568 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2014/06/16 00:08:04 | 000,079,184 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2014/06/16 00:08:04 | 000,065,776 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2014/06/16 00:08:04 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2014/06/16 00:08:04 | 000,029,208 | ---- | M] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2014/06/15 23:03:17 | 000,423,240 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\drtxzqnm.sys
[2014/06/15 17:28:46 | 000,423,240 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\hsjzfvjk.sys
[2014/06/15 16:49:49 | 000,423,240 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\jqaiimcs.sys
[2014/06/14 22:05:20 | 000,002,124 | ---- | M] () -- C:\Users\Νίκος\Desktop\Microsoft Security Essentials.lnk
[2014/06/14 20:59:23 | 000,423,240 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\qfphbyli.sys
[2014/06/13 01:05:06 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/08 12:13:05 | 000,506,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/06/08 12:08:04 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/06/06 13:32:11 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/05/28 01:20:27 | 000,001,063 | ---- | M] () -- C:\Users\Νίκος\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/28 01:20:24 | 000,001,031 | ---- | M] () -- C:\Users\Νίκος\Desktop\Dropbox.lnk
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/16 21:56:40 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2014/06/16 21:56:40 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2014/06/16 21:56:40 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2014/06/16 21:56:40 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2014/06/16 21:56:40 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2014/06/16 00:08:18 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/06/16 00:08:06 | 000,208,416 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2014/06/16 00:08:06 | 000,065,776 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2014/06/16 00:08:05 | 000,029,208 | ---- | C] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2014/06/14 22:05:20 | 000,002,124 | ---- | C] () -- C:\Users\Νίκος\Desktop\Microsoft Security Essentials.lnk
[2013/11/24 19:23:44 | 000,001,025 | ---- | C] () -- C:\windows\SysWow64\sysprs7.dll
[2013/11/24 19:23:44 | 000,000,205 | ---- | C] () -- C:\windows\SysWow64\lsprst7.dll
[2013/11/21 18:43:03 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/11/21 18:14:48 | 001,458,180 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/09/18 10:24:24 | 000,303,104 | ---- | C] () -- C:\windows\SysWow64\igdmd32.dll
[2013/09/18 10:24:23 | 000,180,736 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013/09/18 10:24:23 | 000,142,848 | ---- | C] () -- C:\windows\SysWow64\igdail32.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 05:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 05:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/06/16 00:08:37 | 000,000,000 | ---D | M] -- C:\Users\Νίκος\AppData\Roaming\AVAST Software
[2013/12/24 16:27:14 | 000,000,000 | ---D | M] -- C:\Users\Νίκος\AppData\Roaming\BSplayer
[2013/11/22 20:34:44 | 000,000,000 | ---D | M] -- C:\Users\Νίκος\AppData\Roaming\BSplayer Pro
[2013/12/04 21:34:10 | 000,000,000 | ---D | M] -- C:\Users\Νίκος\AppData\Roaming\Canon
[2014/03/10 02:40:49 | 000,000,000 | ---D | M] -- C:\Users\Νίκος\AppData\Roaming\ChessBase
[2014/04/22 03:16:22 | 000,000,000 | ---D | M] -- C:\Users\Νίκος\AppData\Roaming\DAEMON Tools Ultra
[2014/06/20 22:48:54 | 000,000,000 | ---D | M] -- C:\Users\Νίκος\AppData\Roaming\Dropbox
[2014/06/20 22:48:52 | 000,000,000 | ---D | M] -- C:\Users\Νίκος\AppData\Roaming\DropboxMaster
[2014/02/01 04:46:45 | 000,000,000 | ---D | M] -- C:\Users\Νίκος\AppData\Roaming\Guitar Pro 6
[2014/01/16 13:21:35 | 000,000,000 | ---D | M] -- C:\Users\Νίκος\AppData\Roaming\LockAP
[2014/01/05 20:14:29 | 000,000,000 | ---D | M] -- C:\Users\Νίκος\AppData\Roaming\M-Player
[2013/11/25 03:57:06 | 000,000,000 | ---D | M] -- C:\Users\Νίκος\AppData\Roaming\Maple
[2013/11/23 01:31:42 | 000,000,000 | ---D | M] -- C:\Users\Νίκος\AppData\Roaming\PowerISO
[2014/06/14 21:05:55 | 000,000,000 | ---D | M] -- C:\Users\Νίκος\AppData\Roaming\QuickScan
[2014/03/04 10:18:40 | 000,000,000 | ---D | M] -- C:\Users\Νίκος\AppData\Roaming\TeamViewer
[2013/11/24 15:42:49 | 000,000,000 | ---D | M] -- C:\Users\Νίκος\AppData\Roaming\TP-LINK
[2014/06/21 00:40:41 | 000,000,000 | ---D | M] -- C:\Users\Νίκος\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
< End of report >

#20 Fashion Crab

Fashion Crab

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 20 June 2014 - 03:50 PM

And the Extra.txt

 

OTL Extras logfile created on: 15/6/2014 5:20:23 μμ - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Νίκος\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy
 
7,69 Gb Total Physical Memory | 4,88 Gb Available Physical Memory | 63,48% Memory free
15,38 Gb Paging File | 12,52 Gb Available in Paging File | 81,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 53,49 Gb Total Space | 10,80 Gb Free Space | 20,20% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 592,91 Gb Free Space | 63,65% Space Free | Partition Type: NTFS
 
Computer Name: NICK-THE-GREEK | User Name: Νίκος | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7DDACD71-C05B-498C-A3B1-192AD374A0D8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{8319E251-F786-438F-9FE9-C3DA6C9B7D7B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AADBAAFC-7386-4258-BE87-183DBAFE44B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0973385E-05B9-44D3-9057-BAF87558B61A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{0B5AE48E-0CBA-4399-A4F0-F88BB8B1BCD1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{13C03196-A2D5-4BD2-BEDD-4A07EC4F6EEF}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathematica.exe | 
"{1E2EC02B-2F83-4C49-ADD7-7C61AA2D02E1}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathkernel.exe | 
"{2445038D-17FD-43C8-82B9-A15FAEFE83A2}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\math.exe | 
"{2B3F2863-5325-4E42-B322-AB2D3B67E9C6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{32143D77-C099-427B-820F-ADE959889A8F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{352A6C81-5B03-475F-8C02-48F2BBEECA87}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathkernel.exe | 
"{3FA39609-0DBC-4EC7-A8E3-192273C5AC78}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathematica.exe | 
"{441881E7-99FB-4CA7-8AB1-02C713B247DF}" = protocol=17 | dir=in | app=c:\users\νίκοσ\appdata\roaming\utorrent\utorrent.exe | 
"{48615B99-F0B3-4517-AB74-BB928DA98D40}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{4893BBD2-BC0F-4166-A850-0EF9914050F6}" = protocol=6 | dir=in | app=c:\users\νίκοσ\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5A9CBC6A-D29D-44AF-9E46-639EA40BFBB8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{964BD63B-D6F2-4EF1-901D-AE6903421BAE}" = protocol=6 | dir=in | app=c:\users\νίκοσ\appdata\roaming\utorrent\utorrent.exe | 
"{98955C7B-54F6-4EA5-B68F-C814976D9261}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{A3404222-34B2-42FF-885B-208DF749966C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{BB1C1580-A9D2-40F4-BA0E-B7BC5220113D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{BF9763FD-8AF6-4126-8653-8810F5B0343D}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\math.exe | 
"{D1190D46-C7B0-4531-89EE-1FD5357F08FF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{DC66F79E-7D3B-41AC-BC51-897984224DB6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{E20463AB-697C-4E3E-9841-5C5DD74A3C20}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{EB9F291C-CA82-4293-9C53-3C0097728D29}" = protocol=17 | dir=in | app=c:\users\νίκοσ\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F2FFE558-22B4-4300-822D-CEA7410E4C73}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"TCP Query User{30ADB810-E6E3-4D3D-B17B-36D6C799000B}C:\users\νίκος\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\νίκοσ\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{7F443298-AF9C-4449-8777-4EB47FCE98B6}C:\program files\maple 16\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 16\jre\bin\maple.exe | 
"TCP Query User{CD3129C3-2D7D-46AF-8726-2BC5F42AD93C}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe | 
"TCP Query User{DB16D2C8-2D08-4793-B484-D4DBDA3AC296}C:\program files\ibm\spss\statistics\20\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\stats.exe | 
"TCP Query User{E7A2FFB5-AD66-4729-8B35-1C65A0FE00A8}C:\program files\maple 16\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 16\jre\bin\maple.exe | 
"TCP Query User{EA885271-AE9A-4D3E-BFCB-A0ED35BF905A}C:\users\νίκος\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\νίκοσ\appdata\roaming\utorrent\utorrent.exe | 
"UDP Query User{22CBF40F-CE80-49DC-9160-3999E0431CA5}C:\program files\ibm\spss\statistics\20\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\stats.exe | 
"UDP Query User{42129490-C83A-4352-A008-BC4BB54ED3B9}C:\program files\maple 16\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 16\jre\bin\maple.exe | 
"UDP Query User{57E89754-53C7-4E37-8730-A66C9126E065}C:\program files\maple 16\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 16\jre\bin\maple.exe | 
"UDP Query User{68F45A3C-053A-4FF7-A3CE-22E5986D7BAA}C:\users\νίκος\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\νίκοσ\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{CC9FC8B8-1394-46A1-88D3-C1F9F6F2FE80}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe | 
"UDP Query User{E5856555-D8A2-46DB-868C-C754D189BCB4}C:\users\νίκος\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\νίκοσ\appdata\roaming\utorrent\utorrent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{083808D6-6235-37A8-82C1-98D226EB681F}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60830
"{087B6521-1326-340D-830C-E8CEA1AE55D3}" = Microsoft .NET Framework 4.5.1 (ELL)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2400_series" = Canon MG2400 series MP Drivers
"{122B909F-9DCF-360E-91E7-0679E033FBE1}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60830
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032" = Microsoft .NET Framework 4.5.1 (Ελληνικά)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{96714280-14E6-4DF7-BACD-F797C0F17C3D}" = Intel® Rapid Storage Technology
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"A-WIN-Extras 9.0.1 4055459_is1" = Mathematica Extras 9.0 (4055459)
"Maple 16" = Maple 16
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"M-WIN-L 8.0.1 2063990_is1" = Wolfram Mathematica 8 (M-WIN-L 8.0.1 2063990)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{319D91C6-3D44-436C-9F79-36C0D22372DC}" = TP-LINK Wireless Configuration Utility
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50AF8559-F490-381F-A6E7-06A07DE227DC}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60830
"{5C784162-B9B2-4A32-AF18-3517D602AF33}" = ChessBase 11
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1032-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Greek
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F68B404C-0E04-337F-A132-796508EE337A}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60830
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FDA7E907-6539-42C1-9721-0239C281B336}" = TP-LINK TL-WN881ND Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"BSPlayerf" = BS.Player FREE
"Canon MG2400 series On-screen Manual" = Canon MG2400 series On-screen Manual
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Google Chrome" = Google Chrome
"Maple 16" = Maple 16
"PowerISO" = PowerISO
"SearchProtect" = Search Protect
"Settings Manager" = Settings Manager
"TeamViewer 9" = TeamViewer 9
"WinRAR archiver" = WinRAR 5.00 (32-bit)
"Δήλωση χρήστη Canon MG2400 series" = Δήλωση χρήστη Canon MG2400 series
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14/6/2014 6:32:53 πμ | Computer Name = Nick-The-Greek | Source = System Restore | ID = 8193
Description = 
 
Error - 14/6/2014 6:42:56 πμ | Computer Name = Nick-The-Greek | Source = VSS | ID = 12289
Description = 
 
Error - 14/6/2014 6:45:39 πμ | Computer Name = Nick-The-Greek | Source = System Restore | ID = 8193
Description = 
 
Error - 14/6/2014 7:02:59 πμ | Computer Name = Nick-The-Greek | Source = VSS | ID = 12289
Description = 
 
Error - 14/6/2014 7:02:59 πμ | Computer Name = Nick-The-Greek | Source = System Restore | ID = 8193
Description = 
 
Error - 14/6/2014 7:53:48 πμ | Computer Name = Nick-The-Greek | Source = .NET Runtime Optimization Service | ID = 1111
Description = 
 
Error - 14/6/2014 7:53:49 πμ | Computer Name = Nick-The-Greek | Source = .NET Runtime Optimization Service | ID = 1111
Description = 
 
Error - 14/6/2014 9:10:10 πμ | Computer Name = Nick-The-Greek | Source = System Restore | ID = 8193
Description = 
 
Error - 14/6/2014 9:18:20 πμ | Computer Name = Nick-The-Greek | Source = .NET Runtime Optimization Service | ID = 1111
Description = 
 
Error - 14/6/2014 9:18:21 πμ | Computer Name = Nick-The-Greek | Source = .NET Runtime Optimization Service | ID = 1111
Description = 
 
[ System Events ]
Error - 14/6/2014 1:51:56 μμ | Computer Name = Nick-The-Greek | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Αποτυχία εγκατάστασης: Τα Windows απέτυχαν να εγκαταστήσουν την παρακάτω
 ενημέρωση με σφάλμα 0x80070103: Intel Corporation - Graphics Adapter WDDM1.1, Graphics
 Adapter WDDM1.2, Graphics Adapter WDDM1.3 - Intel® HD Graphics 4000.
 
Error - 14/6/2014 1:51:56 μμ | Computer Name = Nick-The-Greek | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Αποτυχία εγκατάστασης: Τα Windows απέτυχαν να εγκαταστήσουν την παρακάτω
 ενημέρωση με σφάλμα 0x80070005: Microsoft - Keyboard - Microsoft Hardware USB Keyboard.
 
Error - 14/6/2014 1:51:56 μμ | Computer Name = Nick-The-Greek | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Αποτυχία εγκατάστασης: Τα Windows απέτυχαν να εγκαταστήσουν την παρακάτω
 ενημέρωση με σφάλμα 0x80070005: Microsoft - Pointing Drawing - Microsoft Hardware
 USB Mouse.
 
Error - 14/6/2014 1:52:16 μμ | Computer Name = Nick-The-Greek | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Αποτυχία εγκατάστασης: Τα Windows απέτυχαν να εγκαταστήσουν την παρακάτω
 ενημέρωση με σφάλμα 0x80070103: Intel Corporation - Graphics Adapter WDDM1.1, Graphics
 Adapter WDDM1.2, Graphics Adapter WDDM1.3 - Intel® HD Graphics 4000.
 
Error - 14/6/2014 1:52:16 μμ | Computer Name = Nick-The-Greek | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Αποτυχία εγκατάστασης: Τα Windows απέτυχαν να εγκαταστήσουν την παρακάτω
 ενημέρωση με σφάλμα 0x80070005: Microsoft - Keyboard - Microsoft Hardware USB Keyboard.
 
Error - 14/6/2014 1:52:16 μμ | Computer Name = Nick-The-Greek | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Αποτυχία εγκατάστασης: Τα Windows απέτυχαν να εγκαταστήσουν την παρακάτω
 ενημέρωση με σφάλμα 0x80070005: Microsoft - Pointing Drawing - Microsoft Hardware
 USB Mouse.
 
Error - 14/6/2014 1:52:46 μμ | Computer Name = Nick-The-Greek | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Αποτυχία εγκατάστασης: Τα Windows απέτυχαν να εγκαταστήσουν την παρακάτω
 ενημέρωση με σφάλμα 0x80070005: Microsoft - Keyboard - Microsoft Hardware USB Keyboard.
 
Error - 14/6/2014 1:54:14 μμ | Computer Name = Nick-The-Greek | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Αποτυχία εγκατάστασης: Τα Windows απέτυχαν να εγκαταστήσουν την παρακάτω
 ενημέρωση με σφάλμα 0x80070005: Microsoft - Keyboard - Microsoft Hardware USB Keyboard.
 
Error - 15/6/2014 5:39:00 πμ | Computer Name = Nick-The-Greek | Source = volsnap | ID = 393252
Description = Τα σκιώδη αντίγραφα του τόμου C: ματαιώθηκαν επειδή ο χώρος αποθήκευσης
 σκιωδών αντιγράφων δεν ήταν δυνατό να αυξηθεί εξαιτίας ενός επιβεβλημένου ορίου
 από το χρήστη.
 
Error - 15/6/2014 9:56:40 πμ | Computer Name = Nick-The-Greek | Source = Microsoft Antimalware | ID = 2001
Description = Το %%860 αντιμετώπισε σφάλμα κατά την ενημέρωση υπογραφών.     Νέα έκδοση
 υπογραφής:      Προηγούμενη έκδοση υπογραφής: 1.175.2232.0     Προέλευση ενημέρωσης: %%859
 
Στάδιο
 ενημέρωσης: %%852     Διαδρομή προέλευσης: http://www.microsoft.com     Τύπος υπογραφής: 
%%800     Τύπος ενημέρωσης: %%803     Χρήστης: NT AUTHORITY\SYSTEM     Τρέχουσα έκδοση μηχανισμού:
      Προηγούμενη έκδοση μηχανισμού: 1.1.10600.0     Κωδικός σφάλματος: 0x8024402c     Περιγραφή
 σφάλματος: Παρουσιάστηκε μη αναμενόμενο πρόβλημα κατά τον έλεγχο για ενημερώσεις.
 Για πληροφορίες σχετικά με την εγκατάσταση ή την αντιμετώπιση προβλημάτων ενημερώσεων,
 ανατρέξτε στη Βοήθεια και Υποστήριξη. 
 
 
< End of report >

#21 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 21 June 2014 - 03:06 PM

GUZVCQN.jpg Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • Once installed, Malwarebytes will ask if you want to Launch Now.  Please select to do so and then Malwarebytes will open and update on its own.  Please allow this to complete.
  • If an update is found, it will download and install the latest version.
  • Let's be sure to run a Hyper Scan.  Press the Scan tab and then select Hyper Scan.
  • Press Scan Now then Skip Update (since we just updated it).
     
          mbam2.0.1.jpg
       
  • When the scan is complete, click View Detailed Log, then Export to save the log to your Desktop (name the log MBAM Scan).
  • Copy and Paste all of the information in that file to your next reply.

---------------------------
 
ESET Online Scanner
 
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.
  • ----------

Posted Image
 
 

#22 Fashion Crab

Fashion Crab

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 21 June 2014 - 07:25 PM

This the MBAM Scan text:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 22/6/2014
Scan Time: 2:13:02 πμ
Logfile: MBAM Scan.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.21.10
Rootkit Database: v2014.06.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: II?I?I?I?
 
Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 265189
Time Elapsed: 1 min, 4 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.SystemK.A, HKU\S-1-5-21-1672371835-1477520047-1789977004-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SystemK, Quarantined, [f02e17643744b77f87cd6d3cb54d9b65], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.Conduit.A, C:\Users\II?I?I?I?\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage, Quarantined, [ac72bebdaccffc3a2a222c85dd257b85], 
PUP.Optional.Conduit.A, C:\Users\II?I?I?I?\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage-journal, Quarantined, [fc22b1ca0b70aa8cee5ea40d000215eb], 
PUP.Optional.DefaultSearch.A, C:\Users\II?I?I?I?\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://www.google.gr/", "http://www.default-search.net?sid=476&aid=147&itype=n&ver=12302&tm=324&src=hmp", "http://www.default-search.net?sid=476&aid=147&itype=a&ver=12692&tm=324&src=hmp" ],), Replaced,[c05e8cef4b3031051c44ebc427dd21df]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
This is the ESET Scan:
 
 
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir Win32/Conduit.SearchProtect.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir a variant of Win64/Conduit.SearchProtect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\3E30~1\AppData\Local\Temp\NativeMessaging\CT1750559.crx.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\3E30~1\AppData\Local\Temp\NativeMessaging\CT1750559\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.30.1.2_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.30.1.2_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.30.1.2_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_0\APISupport\APISupport.dll.vir Win32/Conduit.SearchProtect potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_1\APISupport\APISupport.dll.vir Win32/Conduit.SearchProtect potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_1\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_1\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_2\APISupport\APISupport.dll.vir Win32/Conduit.SearchProtect potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_2\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_2\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_3\APISupport\APISupport.dll.vir Win32/Conduit.SearchProtect potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_3\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_3\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_4\APISupport\APISupport.dll.vir Win32/Conduit.SearchProtect potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_4\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_4\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_5\APISupport\APISupport.dll.vir Win32/Conduit.SearchProtect potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_5\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_5\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_6\APISupport\APISupport.dll.vir Win32/Conduit.SearchProtect potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_6\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_6\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_7\APISupport\APISupport.dll.vir Win32/Conduit.SearchProtect potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_7\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_7\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_8\APISupport\APISupport.dll.vir Win32/Conduit.SearchProtect potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_8\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_8\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_9\APISupport\APISupport.dll.vir Win32/Conduit.SearchProtect potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_9\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfohacdfdemjkeejihknkmjkabndgkg\10.31.0.526_9\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\NativeMessaging\CT1750559\1_0_2_0\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\?????\AppData\Local\Tbccint\Chrome\CT1750559\CHUninstaller.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Users\?????\AppData\Local\CRE\edfohacdfdemjkeejihknkmjkabndgkg.crx a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Users\?????\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IL193WPO\MiniSP[1].dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Users\?????\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QB6AKBHN\SPSetup[1].exe Win32/Conduit.SearchProtect.Q potentially unwanted application
C:\Users\?????\AppData\Local\TB\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\Users\?????\AppData\Local\TB\APISupport\MiniSP_1.0.2.107\MiniSP.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Users\?????\AppData\Roaming\PowerISO\Upgrade\PowerISO5-x64.exe Win32/Toolbar.Conduit.R potentially unwanted application
E:\NICK-THE-GREEK\Backup Set 2014-03-30 220012\Backup Files 2014-04-13 190000\Backup files 1.zip Win32/Toolbar.Conduit.R potentially unwanted application
E:\NICK-THE-GREEK\Backup Set 2014-04-20 190000\Backup Files 2014-04-20 190000\Backup files 1.zip Win32/Toolbar.Conduit.R potentially unwanted application
E:\NICK-THE-GREEK\Backup Set 2014-05-16 192358\Backup Files 2014-05-16 192358\Backup files 1.zip Win32/Toolbar.Conduit.R potentially unwanted application
E:\NICK-THE-GREEK\Backup Set 2014-05-16 192358\Backup Files 2014-05-16 192358\Backup files 3.zip a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
E:\NICK-THE-GREEK\Backup Set 2014-05-16 192358\Backup Files 2014-05-26 003903\Backup files 2.zip Win32/Conduit.SearchProtect potentially unwanted application
E:\NICK-THE-GREEK\Backup Set 2014-06-14 211409\Backup Files 2014-06-14 211409\Backup files 1.zip Win32/Toolbar.Conduit.R potentially unwanted application
E:\NICK-THE-GREEK\Backup Set 2014-06-14 211409\Backup Files 2014-06-14 211409\Backup files 2.zip a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
E:\NICK-THE-GREEK\Backup Set 2014-06-14 211409\Backup Files 2014-06-14 211409\Backup files 3.zip a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
E:\?? ??????\???????????\bsplayer266.1075.exe Win32/Toolbar.Conduit.M potentially unwanted application
E:\?? ??????\???????????\PowerISO5-x64.exe Win32/OpenCandy potentially unsafe application
 
 
My computer is running just fine but the ESET results discouraged me a little bit...
Thanks for the help

#23 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 22 June 2014 - 02:12 PM

The ESET log was not nearly as bad as it looks....however, it seems that ESET was having a bit of difficulty with the words in your file names.  You also have Potentially Unwanted Programs in your backup files that need to be removed.  Are you ok with removing these and then making a whole new set of backups??


Posted Image
 
 

#24 Fashion Crab

Fashion Crab

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 22 June 2014 - 02:57 PM

yes these programms I think was installed by a game that I downloaded... ok

If I remove them everything is fine?


#25 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 22 June 2014 - 07:16 PM

Let's see if we can remove them this way first.....
 
thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Posted Image
 
 

    Advertisements

Register to Remove

#26 Fashion Crab

Fashion Crab

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 23 June 2014 - 03:55 AM

The JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by 塦 on ƒ¬ 23/06/2014 at 12:48:29,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ƒ¬ 23/06/2014 at 12:54:32,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#27 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 23 June 2014 - 05:29 AM

ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    File::
    C:\Users\Νίκος\AppData\Local\CRE\edfohacdfdemjkeejihknkmjkabndgkg.crx 
    C:\Users\Νίκος\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IL193WPO\MiniSP[1].dll 
    C:\Users\Νίκος\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QB6AKBHN\SPSetup[1].exe 
    C:\Users\Νίκος\AppData\Local\TB\APISupport\APISupport.dll 
    C:\Users\Νίκος\AppData\Local\TB\APISupport\MiniSP_1.0.2.107\MiniSP.dll 
    C:\Users\Νίκος\AppData\Roaming\PowerISO\Upgrade\PowerISO5-x64.exe 

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

 

Post the new ComboFix log and let me know what remaining issues you are having with your system.  :)


Posted Image
 
 

#28 Fashion Crab

Fashion Crab

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 23 June 2014 - 10:31 AM

This the report from ComboFix , and about my computer is rolling fine...!!! Thanks
 
ComboFix 14-06-23.01 - Νίκος 23/06/2014  19:25:17.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1253.30.1032.18.7874.5444 [GMT 3:00]
Running from: c:\users\Νίκος\Downloads\ComboFix.exe
Command switches used :: c:\users\Νίκος\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Νίκος\AppData\Local\CRE\edfohacdfdemjkeejihknkmjkabndgkg.crx"
"c:\users\Νίκος\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IL193WPO\MiniSP[1].dll"
"c:\users\Νίκος\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QB6AKBHN\SPSetup[1].exe"
"c:\users\Νίκος\AppData\Local\TB\APISupport\APISupport.dll"
"c:\users\Νίκος\AppData\Local\TB\APISupport\MiniSP_1.0.2.107\MiniSP.dll"
"c:\users\Νίκος\AppData\Roaming\PowerISO\Upgrade\PowerISO5-x64.exe"
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-23 to 2014-06-23  )))))))))))))))))))))))))))))))
.
.
2014-06-23 16:28 . 2014-06-23 16:28 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-06-23 16:28 . 2014-06-23 16:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-23 16:19 . 2014-06-23 16:22 -------- d-----w- c:\users\Νίκος\AppData\Roaming\GetRightToGo
2014-06-23 10:10 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5E7B384-BA7F-4BE1-929E-2FB3687ABC8E}\mpengine.dll
2014-06-23 10:09 . 2014-06-23 10:09 -------- d-----w- c:\program files\Canon
2014-06-23 09:48 . 2014-06-23 09:48 -------- d-----w- c:\windows\ERUNT
2014-06-21 23:26 . 2014-06-21 23:26 -------- d-----w- c:\program files (x86)\ESET
2014-06-21 23:12 . 2014-06-23 16:15 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-21 23:12 . 2014-06-21 23:12 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-21 23:12 . 2014-06-21 23:12 -------- d-----w- c:\programdata\Malwarebytes
2014-06-21 23:12 . 2014-05-12 04:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-21 23:12 . 2014-05-12 04:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-21 23:12 . 2014-05-12 04:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-21 22:41 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-20 06:01 . 2014-06-20 06:01 -------- d-----w- c:\users\Guest\AppData\Roaming\AVAST Software
2014-06-15 21:08 . 2014-06-15 21:08 -------- d-----w- c:\users\Νίκος\AppData\Roaming\AVAST Software
2014-06-15 21:08 . 2014-06-15 21:08 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-06-15 21:08 . 2014-06-15 21:08 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-06-15 21:08 . 2014-06-15 21:08 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-06-15 21:08 . 2014-06-15 21:08 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-06-15 21:08 . 2014-06-15 21:08 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-06-15 21:08 . 2014-06-15 21:08 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-06-15 21:08 . 2014-06-15 21:08 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-06-15 21:08 . 2014-06-15 21:08 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-06-15 21:08 . 2014-06-15 21:08 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-06-15 21:08 . 2014-06-15 21:08 43152 ----a-w- c:\windows\avastSS.scr
2014-06-15 21:07 . 2014-06-15 21:07 -------- d-----w- c:\program files\AVAST Software
2014-06-15 20:42 . 2014-06-15 20:42 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2014-06-15 20:42 . 2014-06-15 20:42 -------- d-----w- c:\users\Νίκος\AppData\Local\Avg2014
2014-06-15 20:26 . 2014-06-15 20:48 -------- d-----w- C:\FRST
2014-06-15 20:12 . 2010-08-30 05:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-06-15 20:12 . 2014-06-16 21:58 -------- d-----w- C:\AdwCleaner
2014-06-15 20:03 . 2014-06-15 20:03 423240 ----a-w- c:\windows\system32\drivers\drtxzqnm.sys
2014-06-15 14:28 . 2014-06-15 14:28 423240 ----a-w- c:\windows\system32\drivers\hsjzfvjk.sys
2014-06-15 14:00 . 2014-06-15 20:42 -------- d-----w- c:\programdata\MFAData
2014-06-15 14:00 . 2014-06-15 14:00 -------- d--h--w- c:\programdata\Common Files
2014-06-15 14:00 . 2014-06-15 14:00 -------- d-----w- c:\users\Νίκος\AppData\Local\MFAData
2014-06-15 13:49 . 2014-06-15 13:49 423240 ----a-w- c:\windows\system32\drivers\jqaiimcs.sys
2014-06-14 18:05 . 2014-06-14 18:05 -------- d-----w- c:\users\Νίκος\AppData\Roaming\QuickScan
2014-06-14 17:59 . 2014-06-14 17:59 423240 ----a-w- c:\windows\system32\drivers\qfphbyli.sys
2014-06-13 19:58 . 2014-05-02 16:09 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD36F63A-8119-4778-91D1-2106986C2638}\gapaengine.dll
2014-06-12 16:57 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-12 16:57 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-06-11 15:11 . 2014-06-11 15:11 -------- d-----w- c:\users\Guest\AppData\Local\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-12 23:16 . 2013-11-23 18:44 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 18:17 . 2013-11-21 15:47 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 18:17 . 2013-11-21 15:47 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-06 04:40 . 2014-05-15 00:01 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-06 04:17 . 2014-05-15 00:01 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-06 03:07 . 2014-05-15 00:01 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-06 03:00 . 2014-05-15 00:01 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-02 16:09 . 2013-12-19 17:51 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-12 02:22 . 2014-05-14 19:53 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:22 . 2014-05-14 19:53 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:19 . 2014-05-14 19:53 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 19:53 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 19:53 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 19:53 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 19:53 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 19:53 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 19:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-11-22 15:30 . 2013-11-22 15:27 4188160 ----a-w- c:\program files (x86)\GUT55DE.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Νίκος\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Νίκος\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Νίκος\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Νίκος\AppData\Roaming\uTorrent\uTorrent.exe" [2014-06-12 1267536]
"GoogleChromeAutoLaunch_571D22E49CCFB829BACD91D4C5AB2D91"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-06-05 860488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-12-04 291648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-28 958576]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2014-03-11 377368]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-15 3890208]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2013-07-23 1282632]
.
c:\users\Νίκος\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Νίκος\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2013-11-24 846848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKslebb8eb5e;MpKslebb8eb5e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80921F45-E94E-4862-9D4D-383285032197}\MpKslebb8eb5e.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80921F45-E94E-4862-9D4D-383285032197}\MpKslebb8eb5e.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 asahci64;asahci64;c:\windows\system32\drivers\asahci64.sys;c:\windows\SYSNATIVE\drivers\asahci64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Επιθεώρηση δικτύου της Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Υπηρεσία Τεχνολογιών ενεργοποίησης των Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Πρόγραμμα οδήγησης διακόπτη κεντρικού ελεγκτή Intel® USB 3.0;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 IntcDAud;Ήχος οθόνης Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\drivers\ISCTD64.sys;c:\windows\SYSNATIVE\drivers\ISCTD64.sys [x]
S3 iusb3hub;Πρόγραμμα οδήγησης διανομέα Intel® USB 3.0;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Πρόγραμμα οδήγησης επεκτάσιμου κεντρικού ελεγκτή Intel® USB 3.0;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-12 22:04 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-21 18:17]
.
2014-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-07 17:50]
.
2014-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-07 17:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-06-15 21:08 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Νίκος\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Νίκος\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Νίκος\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Νίκος\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-09-12 391152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-09-12 768328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-09-12 769520]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1672371835-1477520047-1789977004-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{54739D49-AC03-4C57-9264-C5195596B3A1}"=hex:51,66,7a,6c,4c,1d,38,12,27,9e,60,
   50,31,e2,39,09,ed,72,86,59,50,c8,f7,b5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-23  19:29:56
ComboFix-quarantined-files.txt  2014-06-23 16:29
ComboFix2.txt  2014-06-19 17:14
ComboFix3.txt  2014-06-16 19:04
.
Pre-Run: 9 Κατάλογοι 10.643.382.272 διαθέσιμα byte
Post-Run: 11 Κατάλογοι 10.408.689.664 διαθέσιμα byte
.
- - End Of File - - 3311F4A3D704068D60DBD2D3B972624B
5FB38429D5D77768867C76DCBDB35194

#29 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 23 June 2014 - 11:34 AM

Providing there are no other malware related problems...
 
IT APPEARS THAT THE LOGS WE HAVE NOW ARE NOW CLEAN!  GREAT JOB!!  
 
This infection appears to have been cleared, but I can not give you any absolute guarantees.  As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------
 
The following will implement some cleanup procedures as well as reset System Restore points:
 
Press the Windows key + R and this will open the Run text box.  Copy/paste the following text into the Run box as shown and click OK.
  Combofix /Uninstall
  (Note: There is a space between the ..X and the /U that needs to be there.)
 
jEuYelX.jpg
----------
 

81mYIKe.jpg  AdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
  • --------------

    BWEBB7V.jpg
    • Download Delfix from here to remove many of the tools we've used during the cleaning process.
    • Ensure Remove disinfection tools is checked.
      Also place a checkmark next to:
      • Create registry backup
      • Purge system restore
      delfix.jpg
    • Click the Run button.
    ----------
     
    Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop. If you did not have Malwarebytes Antimalware before, I would keep it and run it weekly.
    ----------
     
    Here are some tips to reduce the potential for spyware infection in the future:
     
    1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
    2. FireFox  If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure:
    NoScript
    AdBlock Plus 
     
    3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
     
    4. Firewall
    Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.   **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
    Online Armor Free
    Agnitum Outpost Firewall Free
    Comodo Firewall Free
     
    5. Make sure you keep your Windows OS current.  Windows XP users can visit Windows update  regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.  Without these you are leaving the back door open.
     
    6. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites.  WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
     
    7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware.
     
    Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
    ----------

Posted Image
 
 

#30 Fashion Crab

Fashion Crab

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 23 June 2014 - 04:11 PM

Thanks Jeff I believe problem is solved...!!!


Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: malware, virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·