Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

update.exe [Mozilla Firefox?!] pops up all the time | Doesn't look legitimate


  • This topic is locked This topic is locked
29 replies to this topic

#1 akostas77

akostas77

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens, Greece
  • Local time:02:12 PM

Posted 01 October 2013 - 05:20 PM

Hi to all!

 

My nickname is akostas77, I live in Athens, Greece and I'm a first time poster here on Bleeping Computer.

 

I have a weird update.exe file popping out (and crashing) all the time, which I don't think it belongs to Mozilla Firefox as it says and I hope that it doesn't launch any more weird exes without me knowing about it.

 

I could remove the folder containing the file and delete some registry entries, but I don't believe that I'm able to remove it completely and for good! And also I don't know what it does...

 

When I run Sysinternals' Autoruns.exe, I get an entry at:

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run"

 

which says:

"TaskMngr C:\Program Files (x86)\Common Files\sysobject\data.js"

 

I think this is the culprit launching the bogus update.exe.

 

I have run quick and thorough scans using Malwarebytes Antimalware and Avast Free, but found nothing. Yet I think that this is not a file that I want running rampant on my machine.

 

dds.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by neoktisma at 0:29:14 on 2013-10-02
Microsoft Windows 7 Professional   6.1.7600.0.1253.30.1032.18.2047.1039 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msinfo32.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [TaskMngr] wscript.exe "C:\Program Files (x86)\Common Files\sysobject\data.js"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{0C97698D-13A0-4274-ADA3-D35EA2AF8DD2} : DHCPNameServer = 192.168.2.1
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe
x64-SSODL: WebCheck - <orphaned>
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2_x64.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - ExtSQL: 2013-09-08 00:51; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-09-08 23:16; feca4b87-3be4-43da-a1b1-137c24220968@jetpack; C:\Users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
FF - ExtSQL: 2013-09-08 23:46; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-09-16 00:43; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; C:\Users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2013-09-16 00:47; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2013-09-16 02:24; superstart@enjoyfreeware.org; C:\Users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\superstart@enjoyfreeware.org
FF - ExtSQL: 2013-09-16 02:34; {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}; C:\Users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-9-8 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-9-8 204880]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-9-8 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-9-8 378944]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-9-8 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-9-8 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-8 46808]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-11-25 1276928]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-9-7 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-9-7 9800]
S3 StorSvc;Υπηρεσία αποθήκευσης;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
.
=============== Created Last 30 ================
.
2013-09-23 19:59:29    44544    ----a-w-    C:\Windows\System32\themeservice.dll.backup
2013-09-23 19:59:29    --------    d-----w-    C:\Program Files (x86)\UltraUXThemePatcher
2013-09-23 19:59:27    2851328    ----a-w-    C:\Windows\System32\themeui.dll.backup
2013-09-23 19:59:15    332288    ----a-w-    C:\Windows\System32\uxtheme.dll.backup
2013-09-23 19:58:40    156556    ----a-w-    C:\Users\neoktisma\UltraUXThemePatcher_2.1.exe
2013-09-22 19:42:48    98304    ----a-r-    C:\Users\neoktisma\AppData\Roaming\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe
2013-09-22 19:42:46    --------    d-----w-    C:\Users\neoktisma\AppData\Local\Apps
2013-09-22 19:41:20    969504    ----a-w-    C:\Users\neoktisma\Windows7-USB-DVD-tool.exe
2013-09-19 17:21:58    275360    ----a-w-    C:\Windows\System32\DreamScene.dll
2013-09-19 17:21:40    --------    d-----w-    C:\Program Files (x86)\DreamScene Seven
2013-09-17 16:05:55    --------    d-----w-    C:\Program Files (x86)\Ffmpeg For Audacity
2013-09-17 16:05:37    --------    d-----w-    C:\Program Files (x86)\Lame For Audacity
2013-09-17 16:04:16    --------    d-----w-    C:\Program Files (x86)\Audacity
2013-09-15 20:42:43    --------    d-----w-    C:\Windows\iz mouse2 By BlueTheme.cn
2013-09-10 21:39:28    --------    d-----w-    C:\Users\neoktisma\AppData\Roaming\uTorrent
2013-09-10 20:01:52    --------    d-----w-    C:\Users\neoktisma\AppData\Roaming\WinFF
2013-09-10 20:01:46    --------    d-----w-    C:\Program Files\WinFF
2013-09-09 22:55:12    --------    d-----w-    C:\Users\neoktisma\AppData\Roaming\Dexclock
2013-09-09 22:55:11    --------    d-----w-    C:\Program Files (x86)\Dexclock
2013-09-09 20:36:13    --------    d-----w-    C:\Users\neoktisma\AppData\Roaming\Malwarebytes
2013-09-09 20:35:59    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-09-09 20:35:57    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-09-09 20:35:57    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-08 21:40:30    --------    d-----w-    C:\Users\neoktisma\AppData\Roaming\PotPlayerMini64
2013-09-08 21:40:30    --------    d-----w-    C:\Users\neoktisma\AppData\Local\Daum
2013-09-08 21:40:17    --------    d-----w-    C:\Users\neoktisma\AppData\Roaming\1by1
2013-09-08 21:34:26    --------    d-----w-    C:\Program Files\DAUM
2013-09-08 21:33:27    --------    d-----w-    C:\Program Files (x86)\1by1
2013-09-08 21:21:33    --------    d-----w-    C:\Users\neoktisma\AppData\Roaming\mp3DirectCut
2013-09-08 20:27:01    --------    d-----w-    C:\Users\neoktisma\AppData\Local\AMozilla
2013-09-08 20:22:10    --------    d-----w-    C:\Users\neoktisma\AppData\Roaming\AMozilla
2013-09-08 20:22:10    --------    d-----w-    C:\Program Files (x86)\Common Files\++++sysobject++++
2013-09-08 20:22:05    --------    d-----w-    C:\Users\neoktisma\AppData\Local\Programs
2013-09-08 20:08:12    --------    d-----w-    C:\Program Files (x86)\mp3DirectCut
2013-09-08 19:51:45    --------    d-----w-    C:\Users\neoktisma\AppData\Roaming\DVD Flick
2013-09-08 19:49:34    --------    d-----w-    C:\Users\neoktisma\AppData\Local\Macromedia
2013-09-08 19:45:15    40960    ----a-w-    C:\Windows\SysWow64\ssubtmr6.dll
2013-09-08 19:45:15    36864    ----a-w-    C:\Windows\SysWow64\trayicon_handler.ocx
2013-09-08 19:45:15    28672    ----a-w-    C:\Windows\SysWow64\mousewheel.ocx
2013-09-08 19:45:15    164144    ----a-w-    C:\Windows\SysWow64\comct232.ocx
2013-09-08 19:45:14    662288    ----a-w-    C:\Windows\SysWow64\mscomct2.ocx
2013-09-08 19:45:14    609824    ----a-w-    C:\Windows\SysWow64\comctl32.ocx
2013-09-08 19:45:14    212240    ----a-w-    C:\Windows\SysWow64\richtx32.ocx
2013-09-08 19:45:14    1081616    ----a-w-    C:\Windows\SysWow64\mscomctl.ocx
2013-09-08 19:45:14    --------    d-----w-    C:\Program Files (x86)\DVD Flick
2013-09-08 19:41:31    --------    d-----w-    C:\Users\neoktisma\AppData\Roaming\avidemux
2013-09-08 19:41:10    --------    d-----w-    C:\Program Files\Avidemux 2.6 - 64bits
2013-09-07 22:59:45    --------    d-----w-    C:\Users\neoktisma\AppData\Roaming\AMPSoft
2013-09-07 22:56:48    --------    d-----w-    C:\Program Files (x86)\AMP Font Viewer
2013-09-07 21:52:56    72016    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-09-07 21:52:55    1030952    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-09-07 21:52:54    204880    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-09-07 21:52:52    65336    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-09-07 21:52:45    80816    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-09-07 21:51:20    41664    ----a-w-    C:\Windows\avastSS.scr
2013-09-07 21:51:01    --------    d-----w-    C:\Program Files\AVAST Software
2013-09-07 21:47:52    --------    d-----w-    C:\ProgramData\AVAST Software
2013-09-07 21:43:26    414632    ------w-    C:\Windows\difxapi.dll
2013-09-07 21:43:26    --------    d-----w-    C:\Program Files (x86)\VIA
2013-09-07 21:42:46    --------    d-sh--w-    C:\Windows\Installer
2013-09-07 21:27:23    319488    ----a-w-    C:\Windows\HideWin.exe
2013-09-07 16:32:17    --------    d--h--w-    C:\Program Files (x86)\Temp
2013-09-07 16:31:58    32768    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-09-07 16:31:57    757760    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2013-09-07 16:31:57    69715    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2013-09-07 16:31:57    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-09-07 16:31:57    274432    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2013-09-07 16:31:57    204800    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2013-09-07 16:31:55    331908    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2013-09-07 16:31:55    200836    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2013-09-07 15:49:16    9800    ----a-w-    C:\Windows\System32\EuGdiDrv.sys
2013-09-07 15:49:16    9160    ----a-w-    C:\Windows\SysWow64\EuGdiDrv.sys
2013-09-07 15:49:16    87112    ----a-w-    C:\Windows\SysWow64\setupempdrv03.exe
2013-09-07 15:49:16    3376640    ----a-w-    C:\Windows\System32\BootMan.exe
2013-09-07 15:49:16    2498216    ----a-w-    C:\Windows\SysWow64\BootMan.exe
2013-09-07 15:49:16    19840    ----a-w-    C:\Windows\SysWow64\EuEpmGdi.dll
2013-09-07 15:49:16    17480    ----a-w-    C:\Windows\System32\epmntdrv.sys
2013-09-07 15:49:16    16256    ----a-w-    C:\Windows\System32\EuEpmGdi.dll
2013-09-07 15:49:16    13896    ----a-w-    C:\Windows\SysWow64\epmntdrv.sys
2013-09-07 15:49:16    100936    ----a-w-    C:\Windows\System32\setupempdrvx64.exe
2013-09-07 15:49:03    --------    d-----w-    C:\Program Files (x86)\EaseUS
2013-09-07 15:46:45    9515512    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5084E8E2-B05F-4961-BEF2-07DAD0450B3B}\mpengine.dll
2013-09-07 15:46:40    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-09-07 14:32:36    --------    d-----w-    C:\Windows\Panther
2013-09-07 14:32:20    --------    d-sh--w-    C:\Boot
2013-09-07 13:59:19    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-07 13:59:19    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-07 13:47:19    --------    d-----w-    C:\Users\neoktisma\AppData\Local\ElevatedDiagnostics
.
==================== Find3M  ====================
.
2013-09-23 19:59:29    44544    ----a-w-    C:\Windows\System32\themeservice.dll
2013-09-23 19:59:27    2851328    ----a-w-    C:\Windows\System32\themeui.dll
2013-09-23 19:59:16    332288    ----a-w-    C:\Windows\System32\uxtheme.dll
.
============= FINISH:  0:29:46,58 ===============

 

 

The update.exe file keeps crashing stating that "The element Firefox has stopped working" (translated from Greek). Clicking on details, the report states (sorry for the Greek):

 

Υπογραφή προβλήματος:
  Όνομα συμβάντος προβλήματος:    BEX
  Όνομα εφαρμογής:    update.exe_Firefox
  Έκδοση εφαρμογής:    1.9.2.4448
  Χρονική σήμανση εφαρμογής:    4f563b00
  Όνομα ελαττωματικής λειτουργικής μονάδας:    js3260.dll_unloaded
  Έκδοση ελαττωματικής λειτουργικής μονάδας:    0.0.0.0
  Χρονική σήμανση ελαττωματικής λειτουργικής μονάδας:    2a425e19
  Μετατόπιση εξαίρεσης:    0363da0c
  Κωδικός εξαίρεσης:    c0000005
  Δεδομένα εξαίρεσης:    00000008
  Έκδοση λειτουργικού συστήματος:    6.1.7600.2.0.0.256.48
  Αναγνωριστικό τοπικών ρυθμίσεων:    1032
  Πρόσθετες πληροφορίες 1:    0a9e
  Πρόσθετες πληροφορίες 2:    0a9e372d3b4ad19135b953a78882e789
  Πρόσθετες πληροφορίες 3:    0a9e
  Πρόσθετες πληροφορίες 4:    0a9e372d3b4ad19135b953a78882e789

Ανάγνωση της δήλωσής μας προστασίας προσωπικών δεδομένων ενώ είστε συνδεδεμένοι:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0408

Εάν η ηλεκτρονική δήλωση απορρήτου δεν είναι διαθέσιμη, διαβάστε τη δήλωση απορρήτου χωρίς σύνδεση:
  C:\Windows\system32\el-GR\erofflps.txt

 

 

I tried viewing the data.js file, but I didn't understand anything, as it has all the words in cryptic numeric-character strings, and I don't know how to "decrypt" them :)

 

The data.js is also found also in my registry.

 

I hope this is enough of information to understand my problem.

 

Thanks in advance for any help to the right direction!

 

- -

akostas77

Attached Files


Edited by akostas77, 01 October 2013 - 05:45 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:12 AM

Posted 04 October 2013 - 09:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:12 AM

Posted 10 October 2013 - 09:41 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:12 AM

Posted 11 October 2013 - 09:40 AM

This topic has been re-opened at the request of the person who originally posted.

#5 akostas77

akostas77
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens, Greece
  • Local time:02:12 PM

Posted 11 October 2013 - 04:05 PM

Thank you for reopening the topic.

 

Here are the reports from steps you told me to follow:

 

RogueKiller

 

RogueKiller V8.7.2 _x64_ [Oct  3 2013] α?ο Tigzy
mail : tigzyRK<at>gmail<dot>com
Σχόλια : http://www.adlice.com/forum/
δικτυακός τό?ος : http://www.adlice.com/softwares/roguekiller/
Ιστολόγιο : http://tigzyrk.blogspot.com/

Λειτουργικό Σύστημα : Windows 7 (6.1.7600 ) 64 bits version
Εκκίνηση σε : Κανονικ? λειτουργία
Χρ?στης : neoktisma [Δικαιώματα Διαχειριστ?]
Λειτουργία : Σάρωση -- Ημερομηνία : 10/11/2013 01:27:47
| ARK || FAK || MBR |

¤¤¤ Κακόβουλες Διεργασίες : 0 ¤¤¤

¤¤¤ Καταχωρ?σεις μητρώου : 3 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> ΒΡΕΘΗΚΕ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ΒΡΕΘΗΚΕ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ΒΡΕΘΗΚΕ

¤¤¤ Προγραμματισμένες εργασίες : 0 ¤¤¤

¤¤¤ Έναρξη εγγραφών : 0 ¤¤¤

¤¤¤ ?ρογράμματα ?ερι?γησης στο Web : 0 ¤¤¤

¤¤¤ Συγκεκριμένα Αρχεία / Φάκελοι: ¤¤¤

¤¤¤ Πρόγραμμα Οδ?γησης : [Δεν φορτώθηκε 0x0] ¤¤¤

¤¤¤ Εξωτερικές Κυψέλες: ¤¤¤

¤¤¤ Μόλυνση :  ¤¤¤

¤¤¤ Αρχείο HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Έλεγχος MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) (Τυ?ικές μονάδες δίσκων) - ST316081 2SV SCSI Disk Device +++++
--- User ---
[MBR] 0fbc33de1e26d3d01c1abcaf7a8aac80
[BSP] b74bcc882eaf4bdff13c8d4c343b83fa : Linux MBR Code
Partition table:
0 - [ACTIVE] LINUX (0x83) [VISIBLE] Offset (sectors): 2048 | Size: 150579 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 308389886 | Size: 2046 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) (Τυ?ικές μονάδες δίσκων) - ST316081 2SV SCSI Disk Device +++++
--- User ---
[MBR] 494c13fecf64377441630b6785773430
[BSP] a726c11d97123c12356ce1f421d779bc : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Ολοκληρώθηκε : << RKreport[0]_S_10112013_012747.txt >>

 

AdwCleaner

 

# AdwCleaner v3.007 - Report created 11/10/2013 at 01:44:58
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Professional  (64 bits)
# Username : neoktisma - NEOKTISMA-WIN7
# Running from : C:\Users\neoktisma\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1112 octets] - [11/10/2013 01:37:03]
AdwCleaner[S0].txt - [1028 octets] - [11/10/2013 01:44:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1088 octets] ##########

 

Junkware Removal Tool

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Professional x64
Ran by neoktisma on ¨ 11/10/2013 at  1:51:28,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\neoktisma\AppData\Roaming\mozilla\firefox\profiles\iplv7vu7.default\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ¨ 11/10/2013 at  2:02:15,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

ComboFix

 

ComboFix 13-10-09.01 - neoktisma 11/10/2013   2:08.1.2 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1253.30.1032.18.2047.1191 [GMT 3:00]
Running from: c:\users\neoktisma\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\neoktisma\Windows7-USB-DVD-tool.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-10 to 2013-10-10  )))))))))))))))))))))))))))))))
.
.
2013-10-10 23:14 . 2013-10-10 23:14    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-10-10 23:14 . 2013-10-10 23:14    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2013-10-10 22:51 . 2013-10-10 22:51    --------    d-----w-    c:\windows\ERUNT
2013-10-10 22:36 . 2013-10-10 23:03    --------    d-----w-    C:\AdwCleaner
2013-10-10 22:22 . 2013-10-10 22:22    --------    d-----w-    c:\users\neoktisma\AppData\Roaming\FireShot
2013-10-04 22:53 . 2013-10-04 22:53    --------    d-----w-    c:\users\neoktisma\AppData\Local\Karen's Power Tools
2013-10-04 22:53 . 2013-10-07 18:51    --------    d-----w-    c:\program files (x86)\Karen's Power Tools
2013-10-04 22:52 . 2013-10-04 22:52    --------    d-----w-    c:\programdata\Karen's Power Tools
2013-10-03 21:18 . 2013-10-09 22:40    925184    ----a-w-    c:\windows\expstart.exe
2013-10-03 21:17 . 2009-07-14 01:39    2868224    ----a-w-    c:\windows\explorer.backup.exe
2013-10-03 19:41 . 2013-10-03 22:13    --------    d-----w-    c:\users\neoktisma\AppData\Roaming\ImgBurn
2013-10-03 19:27 . 2013-10-03 19:27    --------    d-----w-    c:\program files (x86)\ImgBurn
2013-09-23 19:59 . 2013-09-23 19:59    --------    d-----w-    c:\program files (x86)\UltraUXThemePatcher
2013-09-23 19:59 . 2009-07-14 01:41    44544    ----a-w-    c:\windows\system32\themeservice.dll.backup
2013-09-23 19:59 . 2009-07-14 01:41    2851328    ----a-w-    c:\windows\system32\themeui.dll.backup
2013-09-23 19:59 . 2009-07-14 01:41    332288    ----a-w-    c:\windows\system32\uxtheme.dll.backup
2013-09-23 19:58 . 2013-09-23 19:58    156556    ----a-w-    c:\users\neoktisma\UltraUXThemePatcher_2.1.exe
2013-09-22 19:42 . 2013-09-22 19:42    98304    ----a-r-    c:\users\neoktisma\AppData\Roaming\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe
2013-09-22 19:42 . 2013-09-22 19:42    --------    d-----w-    c:\users\neoktisma\AppData\Local\Apps
2013-09-19 17:21 . 2013-09-19 17:21    275360    ----a-w-    c:\windows\system32\DreamScene.dll
2013-09-19 17:21 . 2013-09-19 17:21    --------    d-----w-    c:\program files (x86)\DreamScene Seven
2013-09-17 20:13 . 2013-09-17 20:13    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight
2013-09-17 16:05 . 2013-09-17 16:05    --------    d-----w-    c:\program files (x86)\Ffmpeg For Audacity
2013-09-17 16:05 . 2013-09-17 16:05    --------    d-----w-    c:\program files (x86)\Lame For Audacity
2013-09-17 16:04 . 2013-09-22 20:14    --------    d-----w-    c:\users\neoktisma\AppData\Roaming\Audacity
2013-09-17 16:04 . 2013-09-17 16:04    --------    d-----w-    c:\program files (x86)\Audacity
2013-09-15 20:42 . 2013-09-15 20:42    --------    d-----w-    c:\windows\iz mouse2 By BlueTheme.cn
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 17:59 . 2013-09-07 13:59    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-10 17:59 . 2013-09-07 13:59    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-23 19:59 . 2009-07-13 23:54    44544    ----a-w-    c:\windows\system32\themeservice.dll
2013-09-23 19:59 . 2009-07-13 23:54    2851328    ----a-w-    c:\windows\system32\themeui.dll
2013-09-23 19:59 . 2009-07-13 23:55    332288    ----a-w-    c:\windows\system32\uxtheme.dll
2013-09-07 21:41 . 2009-11-12 08:09    1011712    ----a-w-    c:\windows\system32\VIAPropPageExt.dll
2013-09-07 21:41 . 2009-11-11 08:33    532480    ----a-w-    c:\windows\system32\VIASysFx.dll
2013-09-07 21:41 . 2009-07-29 06:36    524288    ----a-w-    c:\windows\SysWow64\VMAPO32.DLL
2013-09-07 21:41 . 2009-07-29 06:36    57856    ----a-w-    c:\windows\system32\VMPPLD64.DLL
2013-09-07 21:41 . 2009-07-29 06:36    601088    ----a-w-    c:\windows\system32\VMAPO64.DLL
2013-09-07 21:41 . 2009-07-23 13:21    72704    ----a-w-    c:\windows\system32\VMWRP64.DLL
2013-09-07 21:41 . 2009-07-23 13:20    53760    ----a-w-    c:\windows\system32\VMPPCN64.DLL
2013-09-07 21:41 . 2009-11-25 18:06    1276928    ----a-w-    c:\windows\system32\drivers\viahduaa.sys
2013-09-07 21:41 . 2009-06-01 07:10    242176    ----a-w-    c:\windows\system32\Dts2APO.dll
2013-09-07 21:41 . 2009-03-04 13:42    84992    ----a-w-    c:\windows\system32\Dts2PropPageExt.dll
2013-09-07 21:41 . 2009-01-19 18:32    76288    ----a-w-    c:\windows\system32\ViaMicArrayPropPageExt.dll
2013-09-07 21:41 . 2009-01-19 18:32    193024    ----a-w-    c:\windows\system32\ViaMicArrayAPO.dll
2013-09-07 21:41 . 2007-12-04 08:28    86016    ----a-w-    c:\windows\system32\nQPropPageExt.dll
2013-09-07 21:41 . 2007-12-04 08:28    82432    ----a-w-    c:\windows\system32\nQAPO.dll
2013-09-07 21:41 . 2013-09-07 21:43    414632    ------w-    c:\windows\difxapi.dll
2013-09-07 21:33 . 2013-09-07 21:27    319488    ----a-w-    c:\windows\HideWin.exe
2013-08-30 07:48 . 2013-09-07 21:53    378944    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-09-07 21:52    72016    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2013-09-07 21:52    64288    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-09-07 21:52    1030952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-09-07 21:52    204880    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-09-07 21:52    65336    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-09-07 21:53    33400    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-09-07 21:52    80816    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-09-07 21:51    41664    ----a-w-    c:\windows\avastSS.scr
2013-08-30 07:47 . 2013-09-07 21:52    287840    ----a-w-    c:\windows\system32\aswBoot.exe
2013-08-19 21:46 . 2013-09-07 15:46    9515512    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{5084E8E2-B05F-4961-BEF2-07DAD0450B3B}\mpengine.dll
2013-08-07 01:22 . 2013-09-07 15:46    278800    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\neoktisma\AppData\Roaming\uTorrent\uTorrent.exe" [2013-09-10 1130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EaseUS EPM tray"="c:\program files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe" [2013-03-29 2081792]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-09-07 2792448]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"TaskMngr"="wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-07 17:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47    133840    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\
FF - ExtSQL: 2013-09-08 00:51; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-09-08 23:16; feca4b87-3be4-43da-a1b1-137c24220968@jetpack; c:\users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
FF - ExtSQL: 2013-09-08 23:46; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-09-16 00:43; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2013-09-16 00:47; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2013-09-16 02:24; superstart@enjoyfreeware.org; c:\users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\superstart@enjoyfreeware.org
FF - ExtSQL: 2013-09-16 02:34; {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}; c:\users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - ExtSQL: 2013-10-11 01:15; {146f1820-2b0d-49ef-acbf-d85a6986e10c}; c:\users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi
FF - ExtSQL: 2013-10-11 01:21; {0b457cAA-602d-484a-8fe7-c1d894a011ba}; c:\users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-VIAAUD - c:\program files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe
AddRemove-Setup_is1 - c:\users\NEOKTI~1\AppData\Local\Temp\is-H64I5.tmp\rog\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-11  02:17:11
ComboFix-quarantined-files.txt  2013-10-10 23:17
.
Pre-Run: 7 Κατάλογοι 27.679.412.224 διαθέσιμα byte
Post-Run: 11 Κατάλογοι 27.638.112.256 διαθέσιμα byte
.
- - End Of File - - C8CDB6E40B69BE679DA7EDD97D83EC6B
4004072431421EB6987F1A76377D26F0

 

Note:

 

After completing all these steps update.exe is still running on the background, but the noteable thing is that it is not crashing anymore... I don't think this is good!!!

 

- -

akostas77



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:12 AM

Posted 12 October 2013 - 07:38 AM

Please run the Roguekiller tool and fix these Registry entries.
 

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> ΒΡΕΘΗΚΕ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ΒΡΕΘΗΚΕ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ΒΡΕΘΗΚΕ


They will be replaced.
===

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.list]
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
  • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

    Post back with the Malwarebytes Anti-Malware log once it's complete.
    ===

    If the Setup is still giving you problems run this on-line scan.

    Please scan your machine with ESET OnlineScan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the esetonlinebtn.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
        Save it to your Desktop.
      • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
    Post the logs for my review.

    Keep me posted.


#7 akostas77

akostas77
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens, Greece
  • Local time:02:12 PM

Posted 12 October 2013 - 04:45 PM

RogueKiller

 

RogueKiller V8.7.2 _x64_ [Oct  3 2013] α�?ο Tigzy
mail : tigzyRK<at>gmail<dot>com
Σχόλια : http://www.adlice.com/forum/
δικτυακός τό�?ος : http://www.adlice.com/softwares/roguekiller/
Ιστολόγιο : http://tigzyrk.blogspot.com/

Λειτουργικό Σύστημα : Windows 7 (6.1.7600 ) 64 bits version
Εκκίνηση σε : Κανονικ�? λειτουργία
Χρ�?στης : ############[Δικαιώματα Διαχειριστ�?]
Λειτουργία : Σάρωση -- Ημερομηνία : 10/13/2013 00:38:47
| ARK || FAK || MBR |

¤¤¤ Κακόβουλες Διεργασίες : 0 ¤¤¤

¤¤¤ Καταχωρ�?σεις μητρώου : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> ΒΡΕΘΗΚΕ
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> ΒΡΕΘΗΚΕ
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ΒΡΕΘΗΚΕ
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ΒΡΕΘΗΚΕ
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ΒΡΕΘΗΚΕ
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ΒΡΕΘΗΚΕ

¤¤¤ Προγραμματισμένες εργασίες : 0 ¤¤¤

¤¤¤ Έναρξη εγγραφών : 0 ¤¤¤

¤¤¤ �?ρογράμματα �?ερι�?γησης στο Web : 0 ¤¤¤

¤¤¤ Συγκεκριμένα Αρχεία / Φάκελοι: ¤¤¤

¤¤¤ Πρόγραμμα Οδ�?γησης : [Δεν φορτώθηκε 0x0] ¤¤¤

¤¤¤ Εξωτερικές Κυψέλες: ¤¤¤

¤¤¤ Μόλυνση :  ¤¤¤

¤¤¤ Αρχείο HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ Έλεγχος MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) (Τυ�?ικές μονάδες δίσκων) - ST316081 2SV SCSI Disk Device +++++
--- User ---
[MBR] 0fbc33de1e26d3d01c1abcaf7a8aac80
[BSP] b74bcc882eaf4bdff13c8d4c343b83fa : Linux MBR Code
Partition table:
0 - [ACTIVE] LINUX (0x83) [VISIBLE] Offset (sectors): 2048 | Size: 150579 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 308389886 | Size: 2046 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) (Τυ�?ικές μονάδες δίσκων) - ST316081 2SV SCSI Disk Device +++++
--- User ---
[MBR] 494c13fecf64377441630b6785773430
[BSP] a726c11d97123c12356ce1f421d779bc : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Ολοκληρώθηκε : << RKreport[0]_S_10132013_003847.txt >>
RKreport[0]_D_10112013_012951.txt;RKreport[0]_S_10112013_012747.txt

 

 

Security Check

 

 Results of screen317's Security Check version 0.99.74  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 11.9.900.117  
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

 

 

Malwarebytes Anti-Malware

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.12.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385

############ :: ########### [administrator]

13/10/2013 12:23:36 πμ
mbam-log-2013-10-13 (00-23-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221851
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 


Edited by akostas77, 12 October 2013 - 05:06 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:12 AM

Posted 13 October 2013 - 07:21 AM

Your RogueKiller look still showing ΒΡΕΘΗΚΕ as FOUND.

Make sure you used the Clean option.
===

After completing all these steps update.exe is still running on the background, but the noteable thing is that it is not crashing anymore... I don't think this is good!!!

As this message stopped?

===

For you added security install Windows 7 Service Pack 1 (SP1)
http://windows.microsoft.com/installwindows7sp1

===

Keep me posted.

#9 akostas77

akostas77
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens, Greece
  • Local time:02:12 PM

Posted 13 October 2013 - 09:08 AM

OK, here is the report from RogueKiller

 

RogueKiller V8.7.2 _x64_ [Oct  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : neoktisma [Admin rights]
Mode : Remove -- Date : 10/13/2013 17:02:53
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) (Τυ�?ικές μονάδες δίσκων) - ST316081 2SV SCSI Disk Device +++++
--- User ---
[MBR] 0fbc33de1e26d3d01c1abcaf7a8aac80
[BSP] b74bcc882eaf4bdff13c8d4c343b83fa : Linux MBR Code
Partition table:
0 - [ACTIVE] LINUX (0x83) [VISIBLE] Offset (sectors): 2048 | Size: 150579 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 308389886 | Size: 2046 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) (Τυ�?ικές μονάδες δίσκων) - ST316081 2SV SCSI Disk Device +++++
--- User ---
[MBR] 494c13fecf64377441630b6785773430
[BSP] a726c11d97123c12356ce1f421d779bc : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_10132013_170253.txt >>
RKreport[0]_D_10112013_012951.txt;RKreport[0]_D_10132013_004319.txt;RKreport[0]_S_10112013_012747.txt
RKreport[0]_S_10132013_003847.txt;RKreport[0]_S_10132013_160911.txt;RKreport[0]_S_10132013_162422.txt
RKreport[0]_S_10132013_165924.txt


As for the update.exe it started crashing again and after a couple of crashes it just runs in the background... doing whatever it does, for which I have no idea.


Edited by akostas77, 13 October 2013 - 09:09 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:12 AM

Posted 13 October 2013 - 10:13 AM

Let see if we can find the source.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :regfind
    update.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.[/*
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.


#11 akostas77

akostas77
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens, Greece
  • Local time:02:12 PM

Posted 13 October 2013 - 04:39 PM

SystemLook

 

SystemLook 30.07.11 by jpshortstuff
Log created at 00:37 on 14/10/2013 by neoktisma
Administrator - Elevation successful

========== regfind ==========

Searching for "update.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]
"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unse
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{66ADEA4E-B6DB-4A62-BEFE-A1AFA45F70E8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Common Files\sysobject\update.exe|Name=Firefox|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6ADC719F-BC3B-43F2-98FA-DE778A416BEE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Common Files\sysobject\update.exe|Name=Firefox|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{66ADEA4E-B6DB-4A62-BEFE-A1AFA45F70E8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Common Files\sysobject\update.exe|Name=Firefox|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6ADC719F-BC3B-43F2-98FA-DE778A416BEE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Common Files\sysobject\update.exe|Name=Firefox|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{66ADEA4E-B6DB-4A62-BEFE-A1AFA45F70E8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Common Files\sysobject\update.exe|Name=Firefox|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6ADC719F-BC3B-43F2-98FA-DE778A416BEE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Common Files\sysobject\update.exe|Name=Firefox|"

-= EOF =-



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:12 AM

Posted 14 October 2013 - 07:57 AM


Open notepad and copy/paste the text in the quote box below into it:


Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{66ADEA4E-B6DB-4A62-BEFE-A1AFA45F70E8}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6ADC719F-BC3B-43F2-98FA-DE778A416BEE}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{66ADEA4E-B6DB-4A62-BEFE-A1AFA45F70E8}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6ADC719F-BC3B-43F2-98FA-DE778A416BEE}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{66ADEA4E-B6DB-4A62-BEFE-A1AFA45F70E8}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6ADC719F-BC3B-43F2-98FA-DE778A416BEE}"=-

ClearJavaCache::
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know if the problem persists.

#13 akostas77

akostas77
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens, Greece
  • Local time:02:12 PM

Posted 14 October 2013 - 02:31 PM

ComboFix

 

ComboFix 13-10-09.01 - neoktisma 14/10/2013  20:56:19.2.2 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1253.30.1032.18.2047.1239 [GMT 3:00]
Running from: c:\users\neoktisma\Desktop\ComboFix.exe
Command switches used :: c:\users\neoktisma\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-14 to 2013-10-14  )))))))))))))))))))))))))))))))
.
.
2013-10-14 18:03 . 2013-10-14 18:03    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-10-14 18:03 . 2013-10-14 18:03    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2013-10-13 23:01 . 2013-10-13 23:09    --------    d-----w-    c:\users\neoktisma\AppData\Local\Adobe
2013-10-13 15:51 . 2004-08-17 00:40    16384    ----a-w-    c:\windows\SysWow64\FileOps.exe
2013-10-13 15:51 . 2013-10-13 15:51    --------    d-----w-    c:\windows\SysWow64\Adobe
2013-10-13 15:41 . 2013-10-13 15:41    --------    d-----w-    c:\program files (x86)\Common Files\Adobe Systems Shared
2013-10-13 15:41 . 2013-10-13 15:51    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2013-10-10 22:51 . 2013-10-10 22:51    --------    d-----w-    c:\windows\ERUNT
2013-10-10 22:36 . 2013-10-10 23:03    --------    d-----w-    C:\AdwCleaner
2013-10-10 22:22 . 2013-10-10 22:22    --------    d-----w-    c:\users\neoktisma\AppData\Roaming\FireShot
2013-10-04 22:53 . 2013-10-04 22:53    --------    d-----w-    c:\users\neoktisma\AppData\Local\Karen's Power Tools
2013-10-04 22:53 . 2013-10-07 18:51    --------    d-----w-    c:\program files (x86)\Karen's Power Tools
2013-10-04 22:52 . 2013-10-04 22:52    --------    d-----w-    c:\programdata\Karen's Power Tools
2013-10-03 21:18 . 2013-10-12 00:12    925184    ----a-w-    c:\windows\expstart.exe
2013-10-03 21:17 . 2009-07-14 01:39    2868224    ----a-w-    c:\windows\explorer.backup.exe
2013-10-03 19:41 . 2013-10-03 22:13    --------    d-----w-    c:\users\neoktisma\AppData\Roaming\ImgBurn
2013-10-03 19:27 . 2013-10-03 19:27    --------    d-----w-    c:\program files (x86)\ImgBurn
2013-09-23 19:59 . 2013-09-23 19:59    --------    d-----w-    c:\program files (x86)\UltraUXThemePatcher
2013-09-23 19:59 . 2009-07-14 01:41    44544    ----a-w-    c:\windows\system32\themeservice.dll.backup
2013-09-23 19:59 . 2009-07-14 01:41    2851328    ----a-w-    c:\windows\system32\themeui.dll.backup
2013-09-23 19:59 . 2009-07-14 01:41    332288    ----a-w-    c:\windows\system32\uxtheme.dll.backup
2013-09-23 19:58 . 2013-09-23 19:58    156556    ----a-w-    c:\users\neoktisma\UltraUXThemePatcher_2.1.exe
2013-09-22 19:42 . 2013-09-22 19:42    98304    ----a-r-    c:\users\neoktisma\AppData\Roaming\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe
2013-09-22 19:42 . 2013-09-22 19:42    --------    d-----w-    c:\users\neoktisma\AppData\Local\Apps
2013-09-19 17:21 . 2013-09-19 17:21    275360    ----a-w-    c:\windows\system32\DreamScene.dll
2013-09-19 17:21 . 2013-09-19 17:21    --------    d-----w-    c:\program files (x86)\DreamScene Seven
2013-09-17 20:13 . 2013-09-17 20:13    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight
2013-09-17 16:05 . 2013-09-17 16:05    --------    d-----w-    c:\program files (x86)\Ffmpeg For Audacity
2013-09-17 16:05 . 2013-09-17 16:05    --------    d-----w-    c:\program files (x86)\Lame For Audacity
2013-09-17 16:04 . 2013-09-22 20:14    --------    d-----w-    c:\users\neoktisma\AppData\Roaming\Audacity
2013-09-17 16:04 . 2013-09-17 16:04    --------    d-----w-    c:\program files (x86)\Audacity
2013-09-15 20:42 . 2013-09-15 20:42    --------    d-----w-    c:\windows\iz mouse2 By BlueTheme.cn
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 17:59 . 2013-09-07 13:59    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-10 17:59 . 2013-09-07 13:59    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-23 19:59 . 2009-07-13 23:54    44544    ----a-w-    c:\windows\system32\themeservice.dll
2013-09-23 19:59 . 2009-07-13 23:54    2851328    ----a-w-    c:\windows\system32\themeui.dll
2013-09-23 19:59 . 2009-07-13 23:55    332288    ----a-w-    c:\windows\system32\uxtheme.dll
2013-09-07 21:41 . 2009-11-12 08:09    1011712    ----a-w-    c:\windows\system32\VIAPropPageExt.dll
2013-09-07 21:41 . 2009-11-11 08:33    532480    ----a-w-    c:\windows\system32\VIASysFx.dll
2013-09-07 21:41 . 2009-07-29 06:36    524288    ----a-w-    c:\windows\SysWow64\VMAPO32.DLL
2013-09-07 21:41 . 2009-07-29 06:36    57856    ----a-w-    c:\windows\system32\VMPPLD64.DLL
2013-09-07 21:41 . 2009-07-29 06:36    601088    ----a-w-    c:\windows\system32\VMAPO64.DLL
2013-09-07 21:41 . 2009-07-23 13:21    72704    ----a-w-    c:\windows\system32\VMWRP64.DLL
2013-09-07 21:41 . 2009-07-23 13:20    53760    ----a-w-    c:\windows\system32\VMPPCN64.DLL
2013-09-07 21:41 . 2009-11-25 18:06    1276928    ----a-w-    c:\windows\system32\drivers\viahduaa.sys
2013-09-07 21:41 . 2009-06-01 07:10    242176    ----a-w-    c:\windows\system32\Dts2APO.dll
2013-09-07 21:41 . 2009-03-04 13:42    84992    ----a-w-    c:\windows\system32\Dts2PropPageExt.dll
2013-09-07 21:41 . 2009-01-19 18:32    76288    ----a-w-    c:\windows\system32\ViaMicArrayPropPageExt.dll
2013-09-07 21:41 . 2009-01-19 18:32    193024    ----a-w-    c:\windows\system32\ViaMicArrayAPO.dll
2013-09-07 21:41 . 2007-12-04 08:28    86016    ----a-w-    c:\windows\system32\nQPropPageExt.dll
2013-09-07 21:41 . 2007-12-04 08:28    82432    ----a-w-    c:\windows\system32\nQAPO.dll
2013-09-07 21:41 . 2013-09-07 21:43    414632    ------w-    c:\windows\difxapi.dll
2013-09-07 21:33 . 2013-09-07 21:27    319488    ----a-w-    c:\windows\HideWin.exe
2013-08-30 07:48 . 2013-09-07 21:53    378944    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-09-07 21:52    72016    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2013-09-07 21:52    64288    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-09-07 21:52    1030952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-09-07 21:52    204880    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-09-07 21:52    65336    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-09-07 21:53    33400    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-09-07 21:52    80816    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-09-07 21:51    41664    ----a-w-    c:\windows\avastSS.scr
2013-08-30 07:47 . 2013-09-07 21:52    287840    ----a-w-    c:\windows\system32\aswBoot.exe
2013-08-19 21:46 . 2013-09-07 15:46    9515512    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{5084E8E2-B05F-4961-BEF2-07DAD0450B3B}\mpengine.dll
2013-08-07 01:22 . 2013-09-07 15:46    278800    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\neoktisma\AppData\Roaming\uTorrent\uTorrent.exe" [2013-09-10 1130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EaseUS EPM tray"="c:\program files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe" [2013-03-29 2081792]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-09-07 2792448]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"TaskMngr"="wscript.exe" [2009-07-14 141824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-07 17:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47    133840    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAAUD"="c:\program files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\
FF - ExtSQL: 2013-09-08 00:51; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-09-08 23:16; feca4b87-3be4-43da-a1b1-137c24220968@jetpack; c:\users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
FF - ExtSQL: 2013-09-08 23:46; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-09-16 00:43; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2013-09-16 00:47; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2013-09-16 02:24; superstart@enjoyfreeware.org; c:\users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\superstart@enjoyfreeware.org
FF - ExtSQL: 2013-09-16 02:34; {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}; c:\users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - ExtSQL: 2013-10-11 01:15; {146f1820-2b0d-49ef-acbf-d85a6986e10c}; c:\users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi
FF - ExtSQL: 2013-10-11 01:21; {0b457cAA-602d-484a-8fe7-c1d894a011ba}; c:\users\neoktisma\AppData\Roaming\Mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Setup_is1 - c:\users\NEOKTI~1\AppData\Local\Temp\is-H64I5.tmp\rog\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-14  21:06:10
ComboFix-quarantined-files.txt  2013-10-14 18:06
ComboFix2.txt  2013-10-10 23:17
.
Pre-Run: 10 Κατάλογοι 22.073.020.416 διαθέσιμα byte
Post-Run: 11 Κατάλογοι 21.887.963.136 διαθέσιμα byte
.
- - End Of File - - FEBDA2A4C25590683BDCE8FD049AC660
4004072431421EB6987F1A76377D26F0

 

 

Update.exe is still running on the background and other times it crashes, other times it doesn't.

 

Also, Avast just blocked a URL:Mal infection which originated from js3260.dll, and tried to connect at http:(slash-slash)www(dot)topxxxwebcamsinfo(dot)com(slash). The dll resides at the same folder as update.exe.


Edited by akostas77, 14 October 2013 - 02:33 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:12 AM

Posted 15 October 2013 - 07:21 AM

Found a similar situation here.
http://forum.avast.com/index.php?topic=93246.0

Let see what we can discover.

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.

OTL_Main_Tutorial.gif
  • Select All Users.
  • Under the Custom Scan box paste this text in bold in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs DO NOT ATTACH THEM.

#15 akostas77

akostas77
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens, Greece
  • Local time:02:12 PM

Posted 15 October 2013 - 03:34 PM

OTL.txt

OTL logfile created on: 15/10/2013 11:15:10 μμ - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\neoktisma\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy
 
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,71% Memory free
4,00 Gb Paging File | 2,86 Gb Available in Paging File | 71,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 19,50 Gb Free Space | 13,09% Space Free | Partition Type: NTFS
 
Computer Name: NEOKTISMA-WIN7 | User Name: neoktisma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013/10/15 23:10:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\neoktisma\Desktop\OTL.exe
PRC - [2013/09/30 08:50:14 | 000,058,384 | ---- | M] (The Document Foundation) -- C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
PRC - [2013/09/30 08:37:46 | 000,678,400 | ---- | M] (The Document Foundation) -- C:\Program Files (x86)\LibreOffice 4\program\soffice.bin
PRC - [2013/09/11 00:40:35 | 001,130,576 | ---- | M] (BitTorrent Inc.) -- C:\Users\neoktisma\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/08/30 10:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 10:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/03/29 17:07:22 | 002,081,792 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
PRC - [2012/03/06 10:26:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Common Files\sysobject\update.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013/09/30 08:46:02 | 000,178,192 | ---- | M] () -- C:\Program Files (x86)\LibreOffice 4\program\libxslt.dll
MOD - [2013/09/30 08:46:00 | 001,008,656 | ---- | M] () -- C:\Program Files (x86)\LibreOffice 4\program\libxml2.dll
MOD - [2013/08/11 09:44:10 | 000,458,752 | ---- | M] () -- C:\Program Files (x86)\Common Files\sysobject\js3260.dll
MOD - [2012/03/06 10:26:50 | 001,014,744 | ---- | M] () -- C:\Program Files (x86)\Common Files\sysobject\js3250.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2013/08/30 10:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/10 20:59:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2013/09/08 00:41:58 | 001,276,928 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:[b]64bit:[/b] - [2013/08/30 10:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2013/08/30 10:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2013/08/30 10:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:[b]64bit:[/b] - [2013/08/30 10:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2013/08/30 10:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:[b]64bit:[/b] - [2013/08/30 10:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:[b]64bit:[/b] - [2013/08/30 10:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2013/08/30 10:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2013/03/07 09:49:18 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:[b]64bit:[/b] - [2013/03/07 09:49:18 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:[b]64bit:[/b] - [2009/07/14 04:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009/07/14 04:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 04:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009/07/14 04:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 23:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:[b]64bit:[/b] - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/03/07 09:49:20 | 000,013,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2013/03/07 09:49:20 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1364908667-3386284438-1335530998-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1364908667-3386284438-1335530998-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = el
IE - HKU\S-1-5-21-1364908667-3386284438-1335530998-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF 3C 2D CE 57 C0 CE 01  [binary data]
IE - HKU\S-1-5-21-1364908667-3386284438-1335530998-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1364908667-3386284438-1335530998-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1364908667-3386284438-1335530998-1001\..\SearchScopes\{BACBA8E1-575C-4803-9737-B01C1B9A3C48}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1364908667-3386284438-1335530998-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1497
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.3.3
FF - prefs.js..extensions.enabledAddons: superstart%40enjoyfreeware.org:6.6
FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.41
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/08 00:51:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/09/08 23:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\neoktisma\AppData\Roaming\mozilla\Extensions
[2013/10/15 02:13:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\neoktisma\AppData\Roaming\mozilla\Firefox\Profiles\iplv7vu7.default\extensions
[2013/10/11 01:21:40 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\neoktisma\AppData\Roaming\mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2013/09/16 02:34:17 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\neoktisma\AppData\Roaming\mozilla\Firefox\Profiles\iplv7vu7.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2013/09/16 02:24:20 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\neoktisma\AppData\Roaming\mozilla\Firefox\Profiles\iplv7vu7.default\extensions\superstart@enjoyfreeware.org
[2013/10/05 01:03:41 | 000,336,539 | ---- | M] () (No name found) -- C:\Users\neoktisma\AppData\Roaming\mozilla\firefox\profiles\iplv7vu7.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
[2013/10/11 01:15:35 | 000,011,318 | ---- | M] () (No name found) -- C:\Users\neoktisma\AppData\Roaming\mozilla\firefox\profiles\iplv7vu7.default\extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi
[2013/09/16 00:43:13 | 000,282,174 | ---- | M] () (No name found) -- C:\Users\neoktisma\AppData\Roaming\mozilla\firefox\profiles\iplv7vu7.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2013/10/15 02:13:24 | 000,534,870 | ---- | M] () (No name found) -- C:\Users\neoktisma\AppData\Roaming\mozilla\firefox\profiles\iplv7vu7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/10/01 23:47:45 | 000,282,570 | ---- | M] () (No name found) -- C:\Users\neoktisma\AppData\Roaming\mozilla\firefox\profiles\iplv7vu7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/10/13 00:24:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/10/13 00:24:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/08 00:51:39 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
O1 HOSTS File: ([2013/10/11 02:14:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:[b]64bit:[/b] - HKLM..\Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [TaskMngr] C:\Program Files (x86)\Common Files\sysobject\data.js ()
O4 - HKU\S-1-5-21-1364908667-3386284438-1335530998-1001..\Run: [uTorrent] C:\Users\neoktisma\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Users\neoktisma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 4.1.lnk = C:\Program Files (x86)\LibreOffice 4\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1364908667-3386284438-1335530998-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1364908667-3386284438-1335530998-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C97698D-13A0-4274-ADA3-D35EA2AF8DD2}: DhcpNameServer = 192.168.2.1
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:[b]64bit:[/b] - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/10/15 23:10:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\neoktisma\Desktop\OTL.exe
[2013/10/14 21:17:10 | 000,000,000 | ---D | C] -- C:\Users\neoktisma\AppData\Roaming\LibreOffice
[2013/10/14 21:13:39 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.1
[2013/10/14 21:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4
[2013/10/14 21:06:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/14 21:06:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/10/14 20:53:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/14 20:53:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/14 20:53:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/14 02:01:48 | 000,000,000 | ---D | C] -- C:\Users\neoktisma\Documents\Updater
[2013/10/14 02:01:29 | 000,000,000 | ---D | C] -- C:\Users\neoktisma\AppData\Local\Adobe
[2013/10/13 23:30:26 | 000,000,000 | ---D | C] -- C:\Users\neoktisma\Desktop\VoG
[2013/10/13 18:51:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013/10/13 18:42:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2013/10/13 18:41:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2013/10/13 18:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/10/13 18:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/10/13 18:41:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/10/13 18:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/10/13 17:09:25 | 000,000,000 | ---D | C] -- C:\Users\neoktisma\Desktop\Reports
[2013/10/13 00:24:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/11 02:05:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/11 02:04:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/11 01:51:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/11 01:36:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/11 01:25:44 | 000,000,000 | ---D | C] -- C:\Users\neoktisma\Desktop\RK_Quarantine
[2013/10/11 01:22:47 | 000,000,000 | ---D | C] -- C:\Users\neoktisma\AppData\Roaming\FireShot
[2013/10/11 01:08:06 | 005,131,844 | R--- | C] (Swearware) -- C:\Users\neoktisma\Desktop\ComboFix.exe
[2013/10/11 01:07:36 | 001,032,220 | ---- | C] (Thisisu) -- C:\Users\neoktisma\Desktop\JRT.exe
[2013/10/07 22:32:31 | 000,000,000 | ---D | C] -- C:\Users\neoktisma\Desktop\Fay Skardi
[2013/10/05 01:53:59 | 000,000,000 | ---D | C] -- C:\Users\neoktisma\AppData\Local\Karen's Power Tools
[2013/10/05 01:53:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Karen's Power Tools
[2013/10/05 01:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Karen's Power Tools
[2013/10/04 00:17:46 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.backup.exe
[2013/10/04 00:15:36 | 000,000,000 | ---D | C] -- C:\Users\neoktisma\Documents\Customize
[2013/10/03 22:41:52 | 000,000,000 | ---D | C] -- C:\Users\neoktisma\AppData\Roaming\ImgBurn
[2013/10/03 22:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013/10/03 22:27:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2013/10/02 00:27:47 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\neoktisma\Desktop\dds.com
[2013/09/30 09:08:56 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll
[2013/09/30 09:08:56 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll
[2013/09/23 22:59:29 | 000,000,000 | ---D | C] -- C:\Users\neoktisma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraUXThemePatcher
[2013/09/23 22:59:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraUXThemePatcher
[2013/09/23 22:59:27 | 002,851,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll.backup
[2013/09/23 22:59:15 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll.backup
[2013/09/23 22:58:40 | 000,156,556 | ---- | C] (Manuel Hoefs (Zottel)) -- C:\Users\neoktisma\UltraUXThemePatcher_2.1.exe
[2013/09/23 02:19:09 | 000,000,000 | ---D | C] -- C:\Users\neoktisma\Desktop\Dream-WMVs
[2013/09/22 22:42:48 | 000,000,000 | ---D | C] -- C:\Users\neoktisma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2013/09/22 22:42:46 | 000,000,000 | ---D | C] -- C:\Users\neoktisma\AppData\Local\Apps
[2013/09/22 21:36:02 | 000,000,000 | ---D | C] -- C:\Users\neoktisma\Desktop\yiannix
[2013/09/19 20:21:58 | 000,275,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DreamScene.dll
[2013/09/19 20:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamScene Seven
[2013/09/19 20:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DreamScene Seven
[2013/09/18 00:02:32 | 000,000,000 | ---D | C] -- C:\Users\neoktisma\Desktop\Scan-to-Print
[2013/09/17 23:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/09/17 23:13:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/09/17 19:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ffmpeg For Audacity
[2013/09/17 19:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2013/09/17 19:04:51 | 000,000,000 | ---D | C] -- C:\Users\neoktisma\AppData\Roaming\Audacity
[2013/09/17 19:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013/09/15 23:42:43 | 000,000,000 | ---D | C] -- C:\Windows\iz mouse2 By BlueTheme.cn
[3 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/10/15 23:13:32 | 000,387,265 | ---- | M] () -- C:\Users\neoktisma\Desktop\Χωρίς τίτλο.png
[2013/10/15 23:10:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\neoktisma\Desktop\OTL.exe
[2013/10/15 22:59:38 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/15 22:59:38 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/15 22:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/15 22:52:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/15 22:51:59 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/15 02:13:19 | 000,017,039 | ---- | M] () -- C:\Users\neoktisma\Desktop\Λουτράκι.ods
[2013/10/14 21:19:38 | 000,819,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/14 21:17:27 | 000,001,214 | ---- | M] () -- C:\Users\neoktisma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 4.1.lnk
[2013/10/14 00:36:01 | 000,165,376 | ---- | M] () -- C:\Users\neoktisma\Desktop\SystemLook_x64.exe
[2013/10/14 00:20:48 | 000,451,187 | ---- | M] () -- C:\Users\neoktisma\Desktop\Φόρμα κράτησης εκδρομών - Συμπληρωμένη.pdf
[2013/10/13 19:00:26 | 000,001,883 | ---- | M] () -- C:\Users\neoktisma\Desktop\Adobe Creative Suite 2.0 - INSTALL.lnk
[2013/10/13 18:42:32 | 000,001,291 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013/10/13 17:49:49 | 001,337,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/13 17:49:49 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/13 17:49:49 | 000,549,104 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2013/10/13 17:49:49 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/13 17:49:49 | 000,085,864 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2013/10/13 00:08:44 | 000,891,167 | ---- | M] () -- C:\Users\neoktisma\Desktop\SecurityCheck.exe
[2013/10/12 03:12:54 | 000,925,184 | ---- | M] () -- C:\Windows\expstart.exe
[2013/10/11 02:14:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/11 01:41:15 | 005,811,579 | ---- | M] () -- C:\Users\neoktisma\Desktop\iplv7vu7.default.7z
[2013/10/11 01:08:27 | 005,131,844 | R--- | M] (Swearware) -- C:\Users\neoktisma\Desktop\ComboFix.exe
[2013/10/11 01:07:50 | 001,048,960 | ---- | M] () -- C:\Users\neoktisma\Desktop\adwcleaner.exe
[2013/10/11 01:07:48 | 001,032,220 | ---- | M] (Thisisu) -- C:\Users\neoktisma\Desktop\JRT.exe
[2013/10/11 01:07:14 | 003,985,920 | ---- | M] () -- C:\Users\neoktisma\Desktop\RogueKillerX64.exe
[2013/10/10 20:59:31 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/10 20:59:31 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/10 00:46:28 | 000,035,441 | ---- | M] () -- C:\Users\neoktisma\Desktop\USA-CANADA Theological Institutions.gnumeric
[2013/10/03 21:17:06 | 000,976,226 | ---- | M] () -- C:\Users\neoktisma\Documents\Zyxel_NSA310_QuickStart.pdf
[2013/10/03 21:16:10 | 025,563,615 | ---- | M] () -- C:\Users\neoktisma\Documents\Zyxel_NSA310_UserGuide.pdf
[2013/10/02 00:27:57 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\neoktisma\Desktop\dds.com
[2013/09/30 23:56:13 | 000,001,212 | ---- | M] () -- C:\Users\neoktisma\Desktop\Common Files [Sysobject].lnk
[2013/09/30 09:08:56 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll
[2013/09/30 09:08:56 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll
[2013/09/23 22:59:27 | 002,851,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2013/09/23 22:59:16 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013/09/23 22:58:43 | 000,156,556 | ---- | M] (Manuel Hoefs (Zottel)) -- C:\Users\neoktisma\UltraUXThemePatcher_2.1.exe
[2013/09/19 20:42:53 | 000,001,102 | ---- | M] () -- C:\Users\neoktisma\Desktop\Βουλγάρικα.lnk
[2013/09/19 20:21:58 | 000,275,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DreamScene.dll
[2013/09/17 19:17:59 | 1000,589,712 | ---- | M] () -- C:\Users\neoktisma\Desktop\18_08_2013old_K_Dragkiotis_Xron_B_a_7_13.demuxed.m2v
[2013/09/17 19:17:59 | 061,258,752 | ---- | M] () -- C:\Users\neoktisma\Desktop\18_08_2013old_K_Dragkiotis_Xron_B_a_7_13 T80 2_0ch 256Kbps DELAY 0ms.ac3
[2013/09/16 01:40:32 | 000,001,827 | ---- | M] () -- C:\Users\neoktisma\Desktop\-.lnk
[2013/09/15 23:28:34 | 000,346,314 | RHS- | M] () -- C:\LFSIV
[2013/09/15 23:23:21 | 001,706,667 | ---- | M] () -- C:\Users\neoktisma\Windows_Loader_v2.2.1.zip
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/10/15 23:13:32 | 000,387,265 | ---- | C] () -- C:\Users\neoktisma\Desktop\Χωρίς τίτλο.png
[2013/10/14 21:17:27 | 000,001,214 | ---- | C] () -- C:\Users\neoktisma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 4.1.lnk
[2013/10/14 20:53:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/14 20:53:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/14 20:53:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/14 20:53:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/14 20:53:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/14 00:36:00 | 000,165,376 | ---- | C] () -- C:\Users\neoktisma\Desktop\SystemLook_x64.exe
[2013/10/13 23:38:40 | 000,017,039 | ---- | C] () -- C:\Users\neoktisma\Desktop\Λουτράκι.ods
[2013/10/13 23:30:20 | 000,451,187 | ---- | C] () -- C:\Users\neoktisma\Desktop\Φόρμα κράτησης εκδρομών - Συμπληρωμένη.pdf
[2013/10/13 18:54:07 | 000,002,570 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS2.lnk
[2013/10/13 18:51:06 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2013/10/13 18:49:18 | 000,001,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS2.lnk
[2013/10/13 18:45:25 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2013/10/13 18:45:25 | 000,002,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2013/10/13 18:43:39 | 000,002,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2013/10/13 18:42:32 | 000,001,291 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013/10/13 18:41:37 | 000,001,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2013/10/13 18:03:21 | 000,001,883 | ---- | C] () -- C:\Users\neoktisma\Desktop\Adobe Creative Suite 2.0 - INSTALL.lnk
[2013/10/13 00:08:22 | 000,891,167 | ---- | C] () -- C:\Users\neoktisma\Desktop\SecurityCheck.exe
[2013/10/11 01:41:08 | 005,811,579 | ---- | C] () -- C:\Users\neoktisma\Desktop\iplv7vu7.default.7z
[2013/10/11 01:07:21 | 001,048,960 | ---- | C] () -- C:\Users\neoktisma\Desktop\adwcleaner.exe
[2013/10/11 01:07:06 | 003,985,920 | ---- | C] () -- C:\Users\neoktisma\Desktop\RogueKillerX64.exe
[2013/10/10 00:46:27 | 000,035,441 | ---- | C] () -- C:\Users\neoktisma\Desktop\USA-CANADA Theological Institutions.gnumeric
[2013/10/04 00:18:30 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2013/10/03 22:27:29 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2013/10/03 21:17:04 | 000,976,226 | ---- | C] () -- C:\Users\neoktisma\Documents\Zyxel_NSA310_QuickStart.pdf
[2013/10/03 21:16:08 | 025,563,615 | ---- | C] () -- C:\Users\neoktisma\Documents\Zyxel_NSA310_UserGuide.pdf
[2013/09/30 23:56:13 | 000,001,212 | ---- | C] () -- C:\Users\neoktisma\Desktop\Common Files [Sysobject].lnk
[2013/09/19 20:42:53 | 000,001,102 | ---- | C] () -- C:\Users\neoktisma\Desktop\Βουλγάρικα.lnk
[2013/09/17 19:13:26 | 1000,589,712 | ---- | C] () -- C:\Users\neoktisma\Desktop\18_08_2013old_K_Dragkiotis_Xron_B_a_7_13.demuxed.m2v
[2013/09/17 19:13:26 | 061,258,752 | ---- | C] () -- C:\Users\neoktisma\Desktop\18_08_2013old_K_Dragkiotis_Xron_B_a_7_13 T80 2_0ch 256Kbps DELAY 0ms.ac3
[2013/09/17 19:11:02 | 017,183,137 | ---- | C] () -- C:\Users\neoktisma\Desktop\Recording-2013-08-18--10-40-02 OLD TESTAMENT.mp3
[2013/09/17 19:09:59 | 1086,547,968 | ---- | C] () -- C:\Users\neoktisma\Desktop\18_08_2013old_K_Dragkiotis_Xron_B_a_7_13.mpg
[2013/09/17 19:04:35 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013/09/16 01:38:29 | 000,001,827 | ---- | C] () -- C:\Users\neoktisma\Desktop\-.lnk
[2013/09/15 23:28:34 | 000,346,314 | RHS- | C] () -- C:\LFSIV
[2013/09/15 23:23:05 | 001,706,667 | ---- | C] () -- C:\Users\neoktisma\Windows_Loader_v2.2.1.zip
[2013/09/09 00:05:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2013/09/08 00:39:51 | 038,052,348 | ---- | C] () -- C:\Users\neoktisma\VIA_Win7-64_Win7_Vista64_Vista_XP64_XP_2K(v7700d)_Audio_Drivers.zip
[2013/09/07 18:49:16 | 002,498,216 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2013/09/07 18:49:16 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2013/09/07 18:49:16 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2013/09/07 18:49:16 | 000,013,896 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2013/09/07 18:49:16 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 04:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 04:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 04:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2013/09/09 00:05:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AMozilla
[2013/09/09 00:40:17 | 000,000,000 | ---D | M] -- C:\Users\neoktisma\AppData\Roaming\1by1
[2013/09/08 23:22:10 | 000,000,000 | ---D | M] -- C:\Users\neoktisma\AppData\Roaming\AMozilla
[2013/09/08 01:59:45 | 000,000,000 | ---D | M] -- C:\Users\neoktisma\AppData\Roaming\AMPSoft
[2013/09/22 23:14:44 | 000,000,000 | ---D | M] -- C:\Users\neoktisma\AppData\Roaming\Audacity
[2013/09/16 02:53:10 | 000,000,000 | ---D | M] -- C:\Users\neoktisma\AppData\Roaming\avidemux
[2013/09/10 01:55:16 | 000,000,000 | ---D | M] -- C:\Users\neoktisma\AppData\Roaming\Dexclock
[2013/10/11 01:22:47 | 000,000,000 | ---D | M] -- C:\Users\neoktisma\AppData\Roaming\FireShot
[2013/10/04 01:13:10 | 000,000,000 | ---D | M] -- C:\Users\neoktisma\AppData\Roaming\ImgBurn
[2013/10/14 21:17:10 | 000,000,000 | ---D | M] -- C:\Users\neoktisma\AppData\Roaming\LibreOffice
[2013/09/09 00:21:33 | 000,000,000 | ---D | M] -- C:\Users\neoktisma\AppData\Roaming\mp3DirectCut
[2013/09/09 00:52:20 | 000,000,000 | ---D | M] -- C:\Users\neoktisma\AppData\Roaming\PotPlayerMini64
[2013/10/15 23:23:48 | 000,000,000 | ---D | M] -- C:\Users\neoktisma\AppData\Roaming\uTorrent
[2013/10/02 02:18:07 | 000,000,000 | ---D | M] -- C:\Users\neoktisma\AppData\Roaming\WinFF
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2009/07/14 04:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2009/07/14 04:40:01 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2009/07/14 04:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2009/07/14 04:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2009/07/14 04:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:[b]64bit:[/b] - [2009/07/14 04:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 04:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2009/07/14 04:40:13 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2009/07/14 04:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2009/07/14 04:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2009/07/14 04:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 04:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2009/07/14 04:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2009/07/14 04:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 04:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:10 | 000,500,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2009/07/14 04:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 04:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:52 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2009/07/14 04:39:44 | 000,558,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:[b]64bit:[/b] - [2009/07/14 04:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2009/07/14 04:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:53 | 000,343,552 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:53 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2009/07/14 04:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:54 | 000,235,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:54 | 000,369,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/14 04:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2009/07/14 04:41:53 | 001,104,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:55 | 000,316,416 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 04:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2013/09/23 22:59:29 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:53 | 000,208,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2009/07/14 04:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2009/07/14 04:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:[b]64bit:[/b] - [2009/07/14 04:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:56 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:56 | 000,578,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2009/07/14 04:39:21 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2009/07/14 04:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:58 | 002,418,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2009/07/14 04:40:32 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:[b]64bit:[/b] - [2009/07/14 04:41:56 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2009/07/14 04:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe
[2009/07/14 04:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/07/14 04:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\erdnt\cache86\explorer.exe
[2009/07/14 04:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe
[2009/07/14 04:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
 
[color=#A23BEC]< MD5 for: SERVICES  >[/color]
[2009/06/11 00:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
[color=#A23BEC]< MD5 for: SERVICES.EXE  >[/color]
[2009/07/14 04:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/14 04:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 04:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
[color=#A23BEC]< MD5 for: SERVICES.EXE.MUI  >[/color]
[2009/07/14 12:11:21 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5FFB6A441A1CA12DF3B280CFCF153DB9 -- C:\Windows\SysNative\el-GR\services.exe.mui
[2009/07/14 12:11:21 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5FFB6A441A1CA12DF3B280CFCF153DB9 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_c59790583fdd9131\services.exe.mui
 
[color=#A23BEC]< MD5 for: SERVICES.LNK  >[/color]
[2009/07/14 07:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 07:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
[color=#A23BEC]< MD5 for: SERVICES.MOF  >[/color]
[2009/06/10 23:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 23:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
[color=#A23BEC]< MD5 for: SERVICES.MSC  >[/color]
[2009/06/10 23:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/06/11 00:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/06/10 23:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/06/11 00:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/14 12:11:18 | 000,092,794 | ---- | M] () MD5=986A55E3C6B948BD2809C14D0FBB6825 -- C:\Windows\SysNative\el-GR\services.msc
[2009/07/14 12:11:23 | 000,092,794 | ---- | M] () MD5=986A55E3C6B948BD2809C14D0FBB6825 -- C:\Windows\SysWOW64\el-GR\services.msc
[2009/07/14 12:11:18 | 000,092,794 | ---- | M] () MD5=986A55E3C6B948BD2809C14D0FBB6825 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_ffd9604416472b24\services.msc
[2009/07/14 12:11:23 | 000,092,794 | ---- | M] () MD5=986A55E3C6B948BD2809C14D0FBB6825 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_a3bac4c05de9b9ee\services.msc
 
[color=#A23BEC]< MD5 for: SERVICES.PTXML  >[/color]
[2009/07/13 23:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 23:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
[color=#A23BEC]< MD5 for: SERVICES.RDB  >[/color]
[2013/09/30 05:13:56 | 000,007,851 | ---- | M] () MD5=0806588AE99A22FE3ECA33AB1DF26D49 -- C:\Program Files (x86)\LibreOffice 4\URE\misc\services.rdb
[2013/09/30 08:43:24 | 000,183,343 | ---- | M] () MD5=325AF7E5657F32CBF9412FEA6960A3A2 -- C:\Program Files (x86)\LibreOffice 4\program\services\services.rdb
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2009/07/14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 04:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/14 04:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 04:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2009/07/14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe
[2009/07/14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 04:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe
[2009/07/14 04:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 04:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2009/07/14 04:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\erdnt\cache64\winlogon.exe
[2009/07/14 04:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009/07/14 04:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< End of report >

EXTRAS.txt

OTL Extras logfile created on: 15/10/2013 11:15:10 μμ - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\neoktisma\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy
 
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,71% Memory free
4,00 Gb Paging File | 2,86 Gb Available in Paging File | 71,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 19,50 Gb Free Space | 13,09% Space Free | Partition Type: NTFS
 
Computer Name: NEOKTISMA-WIN7 | User Name: neoktisma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1364908667-3386284438-1335530998-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F59D462-BC7B-4282-8D74-C463DC90EB90}" = lport=137 | protocol=17 | dir=in | app=system | 
"{10EBAD9C-3CE9-4ED7-AEA9-87F985AFB7AF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1776A56C-C247-41F3-AB00-D6DC184CE0B2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1CA09AC0-E3E4-4690-8C94-E23E94B91A29}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2546F224-4FAF-470B-9A84-31FE18CC3F30}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2554AC94-AD9A-4F60-8B4D-B2A2C66195BB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{31EB5072-7733-457E-AC1A-47E499F7223E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{558BEB41-C49A-46D2-8363-133BD23E5572}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7EB62759-9A9E-460B-9EC4-39790AFCD758}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8E5B5D75-302B-4D14-B824-554508CA6DAE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{91648E0E-4658-44A2-BCAA-4214C688B739}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BC400FE9-80DA-4AB0-8B93-C1953FBB75E0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CE9B8835-9FB4-43E2-B9D2-5D5F8DBDF8FE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D2B379B8-20D4-48EE-A195-AC60BD61B378}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D6F4474A-C7D1-40D4-BB5B-F1F9AA532955}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{DFF0A4CA-80A3-45A4-AACC-3CBD4C0D4A1A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E5047319-A64B-401E-8F67-5BE1A85CED48}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E5EBD6A9-94F0-45C1-BE36-29827E248857}" = rport=445 | protocol=6 | dir=out | app=system | 
"{ECA4B92F-034D-432F-B427-CD99666C099C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EF05B53A-C7DD-4389-A349-72B01C5BA105}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F3F7A3DE-4316-43B0-AF38-BCC4E3C5CDBF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08D21484-054C-4DEC-BC39-14792D62A045}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0A8B6C83-35F6-44DD-9C6A-77C2A6CBCE41}" = protocol=6 | dir=out | app=system | 
"{13383B00-9ABD-40E2-B2E6-36F6D16BC2E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{19B16035-3772-4B6C-BFFE-2ED2FE7B431E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1D3977C5-E795-4D06-8A0F-277556F151BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{25E01E1B-653D-4493-B63E-364A4F474E62}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3628C6E0-E52C-4F00-9F72-8044C6BEFE23}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4BF34AFE-3002-4837-BAB4-C2B37E73CB8E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5332785F-08CC-4D2B-93E2-6860BBF7411D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{62D2A83F-F3D0-439F-B439-6D7460E9447A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{62D4B11C-2380-43B9-903D-2C0DB0B698AE}" = protocol=6 | dir=in | app=c:\users\neoktisma\appdata\roaming\utorrent\utorrent.exe | 
"{7666046D-C2CD-4E92-9EDD-903C9317E673}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7B4AC248-6E38-49E4-95FA-854A734BAD85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E89777C-ABF5-4CF6-97E7-EBDDA05F589D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AAB0D8EA-46F2-4AC4-99E8-538090CB3F7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C13B12CB-9CC4-41CC-A04F-69E501633DEF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C1475839-8E3E-4401-8802-E90036EAB81B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D62F21C4-72B1-4C85-A823-F613B007A670}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DA57D660-7CD8-4BFC-BCFF-A22020E4CE06}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E117732E-5DBF-42BF-B557-B09FD3D4A59B}" = protocol=17 | dir=in | app=c:\users\neoktisma\appdata\roaming\utorrent\utorrent.exe | 
"{FFC65797-11C9-4BD7-9EC3-4D95D691162D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{FC6797C4-04A3-4F46-9F81-A00F13FDF2CC}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{3E88AB91-1948-4517-A263-4558636BC138}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"PotPlayer64" = Daum PotPlayer 1.5.39659 x64 Edition
"WinFF_is1" = WinFF 1.5.2 64 bit (Codename EMMA)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2367FAB6-057A-4973-875F-F57F7BBBA363}_is1" = DreamScene Seven version 1.6
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{DD3CB916-F91A-41B9-B276-CAC090E91021}" = LibreOffice 4.1.2.3
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AMP Font Viewer" = AMP Font Viewer
"Audacity_is1" = Audacity 2.0.4
"avast" = avast! Free Antivirus
"Avidemux 2.6 - 64bits (64-bit)" = Avidemux 2.6 - 64bits
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EaseUS Partition Master_is1" = EaseUS Partition Master 9.2.2
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Διαχειριστής Συσκευών Πλατφόρμας
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware έκδοση 1.75.0.1300
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"Setup_is1" = 2.1.2.3
"UltraUXThemePatcher" = UltraUXThemePatcher
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1364908667-3386284438-1335530998-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dexclock" = Dexclock
"uTorrent" = µTorrent
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 14/10/2013 2:24:54 μμ | Computer Name = neoktisma-Win7 | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής update.exe_Firefox, έκδοση 1.9.2.4448,
 χρονική σήμανση 0x4f563b00  Όνομα ελαττωματικής λειτουργικής μονάδας js3260.dll_unloaded,
 έκδοση 0.0.0.0, χρονική σήμανση 0x2a425e19  Κωδικός εξαίρεσης: 0xc0000005  Μετατόπιση
 σφάλματος: 0x03a6da0c  Αναγνωριστικό ελαττωματικής διεργασίας: 0xc3c  Χρόνος έναρξης
 ελαττωματικής εφαρμογής: 0x01cec90a92bd8289  Διαδρομή ελαττωματικής εφαρμογής: C:\Program
 Files (x86)\Common Files\sysobject\update.exe  Διαδρομή ελλατωματικής λειτουργικής
 μονάδας:js3260.dll  Αναγνωριστικό αναφοράς:eb7201a7-34fd-11e3-93b6-00252278f5a6
 
Error - 14/10/2013 2:27:39 μμ | Computer Name = neoktisma-Win7 | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής update.exe_Firefox, έκδοση 1.9.2.4448,
 χρονική σήμανση 0x4f563b00  Όνομα ελαττωματικής λειτουργικής μονάδας js3260.dll_unloaded,
 έκδοση 0.0.0.0, χρονική σήμανση 0x2a425e19  Κωδικός εξαίρεσης: 0xc0000005  Μετατόπιση
 σφάλματος: 0x039cda0c  Αναγνωριστικό ελαττωματικής διεργασίας: 0xb1c  Χρόνος έναρξης
 ελαττωματικής εφαρμογής: 0x01cec90ad3035f42  Διαδρομή ελαττωματικής εφαρμογής: C:\Program
 Files (x86)\Common Files\sysobject\update.exe  Διαδρομή ελλατωματικής λειτουργικής
 μονάδας:js3260.dll  Αναγνωριστικό αναφοράς:4e34f4a6-34fe-11e3-93b6-00252278f5a6
 
Error - 15/10/2013 4:05:57 μμ | Computer Name = neoktisma-Win7 | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής update.exe_Firefox, έκδοση 1.9.2.4448,
 χρονική σήμανση 0x4f563b00  Όνομα ελαττωματικής λειτουργικής μονάδας js3260.dll_unloaded,
 έκδοση 0.0.0.0, χρονική σήμανση 0x2a425e19  Κωδικός εξαίρεσης: 0xc0000005  Μετατόπιση
 σφάλματος: 0x0388d8f0  Αναγνωριστικό ελαττωματικής διεργασίας: 0xaf8  Χρόνος έναρξης
 ελαττωματικής εφαρμογής: 0x01cec9e1e5f0c8cc  Διαδρομή ελαττωματικής εφαρμογής: C:\Program
 Files (x86)\Common Files\sysobject\update.exe  Διαδρομή ελλατωματικής λειτουργικής
 μονάδας:js3260.dll  Αναγνωριστικό αναφοράς:33919705-35d5-11e3-a160-00252278f5a6
 
Error - 15/10/2013 4:06:16 μμ | Computer Name = neoktisma-Win7 | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής update.exe_Firefox, έκδοση 1.9.2.4448,
 χρονική σήμανση 0x4f563b00  Όνομα ελαττωματικής λειτουργικής μονάδας js3260.dll_unloaded,
 έκδοση 0.0.0.0, χρονική σήμανση 0x2a425e19  Κωδικός εξαίρεσης: 0xc0000005  Μετατόπιση
 σφάλματος: 0x03dbda0c  Αναγνωριστικό ελαττωματικής διεργασίας: 0x424  Χρόνος έναρξης
 ελαττωματικής εφαρμογής: 0x01cec9e1f9dcb4ef  Διαδρομή ελαττωματικής εφαρμογής: C:\Program
 Files (x86)\Common Files\sysobject\update.exe  Διαδρομή ελλατωματικής λειτουργικής
 μονάδας:js3260.dll  Αναγνωριστικό αναφοράς:3f1bbec1-35d5-11e3-a160-00252278f5a6
 
Error - 15/10/2013 4:06:39 μμ | Computer Name = neoktisma-Win7 | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής update.exe_Firefox, έκδοση 1.9.2.4448,
 χρονική σήμανση 0x4f563b00  Όνομα ελαττωματικής λειτουργικής μονάδας js3260.dll_unloaded,
 έκδοση 0.0.0.0, χρονική σήμανση 0x2a425e19  Κωδικός εξαίρεσης: 0xc0000005  Μετατόπιση
 σφάλματος: 0x039cda0c  Αναγνωριστικό ελαττωματικής διεργασίας: 0x47c  Χρόνος έναρξης
 ελαττωματικής εφαρμογής: 0x01cec9e2056ba15f  Διαδρομή ελαττωματικής εφαρμογής: C:\Program
 Files (x86)\Common Files\sysobject\update.exe  Διαδρομή ελλατωματικής λειτουργικής
 μονάδας:js3260.dll  Αναγνωριστικό αναφοράς:4cdaf3cf-35d5-11e3-a160-00252278f5a6
 
Error - 15/10/2013 4:06:57 μμ | Computer Name = neoktisma-Win7 | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής update.exe_Firefox, έκδοση 1.9.2.4448,
 χρονική σήμανση 0x4f563b00  Όνομα ελαττωματικής λειτουργικής μονάδας js3260.dll_unloaded,
 έκδοση 0.0.0.0, χρονική σήμανση 0x2a425e19  Κωδικός εξαίρεσης: 0xc0000005  Μετατόπιση
 σφάλματος: 0x03c5da0c  Αναγνωριστικό ελαττωματικής διεργασίας: 0xa90  Χρόνος έναρξης
 ελαττωματικής εφαρμογής: 0x01cec9e21323af5f  Διαδρομή ελαττωματικής εφαρμογής: C:\Program
 Files (x86)\Common Files\sysobject\update.exe  Διαδρομή ελλατωματικής λειτουργικής
 μονάδας:js3260.dll  Αναγνωριστικό αναφοράς:575ed8de-35d5-11e3-a160-00252278f5a6
 
Error - 15/10/2013 4:07:15 μμ | Computer Name = neoktisma-Win7 | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής update.exe_Firefox, έκδοση 1.9.2.4448,
 χρονική σήμανση 0x4f563b00  Όνομα ελαττωματικής λειτουργικής μονάδας js3260.dll_unloaded,
 έκδοση 0.0.0.0, χρονική σήμανση 0x2a425e19  Κωδικός εξαίρεσης: 0xc0000005  Μετατόπιση
 σφάλματος: 0x0315da0c  Αναγνωριστικό ελαττωματικής διεργασίας: 0xd8c  Χρόνος έναρξης
 ελαττωματικής εφαρμογής: 0x01cec9e21daebb7c  Διαδρομή ελαττωματικής εφαρμογής: C:\Program
 Files (x86)\Common Files\sysobject\update.exe  Διαδρομή ελλατωματικής λειτουργικής
 μονάδας:js3260.dll  Αναγνωριστικό αναφοράς:624e2de6-35d5-11e3-a160-00252278f5a6
 
Error - 15/10/2013 4:07:34 μμ | Computer Name = neoktisma-Win7 | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής update.exe_Firefox, έκδοση 1.9.2.4448,
 χρονική σήμανση 0x4f563b00  Όνομα ελαττωματικής λειτουργικής μονάδας js3260.dll_unloaded,
 έκδοση 0.0.0.0, χρονική σήμανση 0x2a425e19  Κωδικός εξαίρεσης: 0xc0000005  Μετατόπιση
 σφάλματος: 0x0317da0c  Αναγνωριστικό ελαττωματικής διεργασίας: 0xeec  Χρόνος έναρξης
 ελαττωματικής εφαρμογής: 0x01cec9e22896e976  Διαδρομή ελαττωματικής εφαρμογής: C:\Program
 Files (x86)\Common Files\sysobject\update.exe  Διαδρομή ελλατωματικής λειτουργικής
 μονάδας:js3260.dll  Αναγνωριστικό αναφοράς:6dc7a52b-35d5-11e3-a160-00252278f5a6
 
Error - 15/10/2013 4:07:53 μμ | Computer Name = neoktisma-Win7 | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής update.exe_Firefox, έκδοση 1.9.2.4448,
 χρονική σήμανση 0x4f563b00  Όνομα ελαττωματικής λειτουργικής μονάδας js3260.dll_unloaded,
 έκδοση 0.0.0.0, χρονική σήμανση 0x2a425e19  Κωδικός εξαίρεσης: 0xc0000005  Μετατόπιση
 σφάλματος: 0x0334da0c  Αναγνωριστικό ελαττωματικής διεργασίας: 0xf44  Χρόνος έναρξης
 ελαττωματικής εφαρμογής: 0x01cec9e23412c315  Διαδρομή ελαττωματικής εφαρμογής: C:\Program
 Files (x86)\Common Files\sysobject\update.exe  Διαδρομή ελλατωματικής λειτουργικής
 μονάδας:js3260.dll  Αναγνωριστικό αναφοράς:78c52229-35d5-11e3-a160-00252278f5a6
 
Error - 15/10/2013 4:08:11 μμ | Computer Name = neoktisma-Win7 | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής update.exe_Firefox, έκδοση 1.9.2.4448,
 χρονική σήμανση 0x4f563b00  Όνομα ελαττωματικής λειτουργικής μονάδας js3260.dll_unloaded,
 έκδοση 0.0.0.0, χρονική σήμανση 0x2a425e19  Κωδικός εξαίρεσης: 0xc0000005  Μετατόπιση
 σφάλματος: 0x046bda0c  Αναγνωριστικό ελαττωματικής διεργασίας: 0x370  Χρόνος έναρξης
 ελαττωματικής εφαρμογής: 0x01cec9e23f06b6ab  Διαδρομή ελαττωματικής εφαρμογής: C:\Program
 Files (x86)\Common Files\sysobject\update.exe  Διαδρομή ελλατωματικής λειτουργικής
 μονάδας:js3260.dll  Αναγνωριστικό αναφοράς:83c50180-35d5-11e3-a160-00252278f5a6
 
[ System Events ]
Error - 10/10/2013 7:11:57 μμ | Computer Name = neoktisma-Win7 | Source = Service Control Manager | ID = 7030
Description = Η υπηρεσία PEVSystemStart έχει σημανθεί ως υπηρεσία αλληλεπίδρασης.
  Όμως οι ρυθμίσεις του συστήματος δεν επιτρέπουν τις αλληλεπιδραστικές υπηρεσίες.
  Αυτή η υπηρεσία ίσως να μην λειτουργεί σωστά.
 
Error - 10/10/2013 7:14:09 μμ | Computer Name = neoktisma-Win7 | Source = Application Popup | ID = 1060
Description = Εμποδίστηκε η φόρτωση του \??\C:\ComboFix\catchme.sys επειδή δεν είναι
 συμβατή με αυτό το σύστημα. Επικοινωνήστε με τον προμηθευτή σας για μια συμβατή
 έκδοση του προγράμματος οδήγησης.
 
Error - 10/10/2013 7:14:54 μμ | Computer Name = neoktisma-Win7 | Source = Service Control Manager | ID = 7030
Description = Η υπηρεσία PEVSystemStart έχει σημανθεί ως υπηρεσία αλληλεπίδρασης.
  Όμως οι ρυθμίσεις του συστήματος δεν επιτρέπουν τις αλληλεπιδραστικές υπηρεσίες.
  Αυτή η υπηρεσία ίσως να μην λειτουργεί σωστά.
 
Error - 10/10/2013 7:25:27 μμ | Computer Name = neoktisma-Win7 | Source = DCOM | ID = 10010
Description = 
 
Error - 11/10/2013 8:23:26 μμ | Computer Name = neoktisma-Win7 | Source = DCOM | ID = 10010
Description = 
 
Error - 14/10/2013 2:00:08 μμ | Computer Name = neoktisma-Win7 | Source = Service Control Manager | ID = 7030
Description = Η υπηρεσία PEVSystemStart έχει σημανθεί ως υπηρεσία αλληλεπίδρασης.
  Όμως οι ρυθμίσεις του συστήματος δεν επιτρέπουν τις αλληλεπιδραστικές υπηρεσίες.
  Αυτή η υπηρεσία ίσως να μην λειτουργεί σωστά.
 
Error - 14/10/2013 2:03:27 μμ | Computer Name = neoktisma-Win7 | Source = Service Control Manager | ID = 7030
Description = Η υπηρεσία PEVSystemStart έχει σημανθεί ως υπηρεσία αλληλεπίδρασης.
  Όμως οι ρυθμίσεις του συστήματος δεν επιτρέπουν τις αλληλεπιδραστικές υπηρεσίες.
  Αυτή η υπηρεσία ίσως να μην λειτουργεί σωστά.
 
Error - 14/10/2013 4:53:47 μμ | Computer Name = neoktisma-Win7 | Source = NetBT | ID = 4321
Description = Δεν ήταν δυνατή η καταχώρηση του ονόματος "WORKGROUP      :1d" στη
 διασύνδεση με διεύθυνση IP 192.168.2.6.  Ο υπολογιστής με διεύθυνση IP 192.168.2.7
 δεν επέτρεψε την απόκτηση του ονόματος από  αυτόν τον υπολογιστή.
 
 
< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users