Hello everyone
Thank you for taking the time to look at this and any help you may offer.
I followed some detailed procedure I found to fix some problems I was facing with my laptop. It is an outdated post, 2009, but seemed pretty well thought out and the best I found in an initial hasty search. The procedure which I followed was CC Cleaner, Ad Aware, Spybot Search and Destroy, MalwareBytes Anti-Malware, virus scan (I used online Karspersky, Panda, Bitdefender, and also ESET, AVG and Windows Security Essentials and I also scanned with Norton Security Scan that I already had) and then Hijack This. Finally it suggested I post the logs of Hijack This and of some other of the suggested procedures to a forum, and so I ended up here. I saw here in the instructions for posting requested logs to run DDS and post this instead and so I did. The laptop is 64-bit so I did not use GMER.
It is asked to put in detail the indications that there is a problem with the laptop, so here they are:
(1) Chrome was getting slow, YouTube videos especially. I do not know if it was a one-off occurrence but a YouTube video had the background all black and as I was passing the mouse over the dark background the images and comments underneath showed up (this happened after I had run the above checks and Trojan was already in quarantine),
(2) I started getting some ad banners in Facebook and at the top of the page of Twitter, with an indication they were not their ads still there at least on Twitter after the procedure followed,
(3) As I am trying to move down some busy pages in Chrome, I am being pushed up to the top of the page repetitively until the page was fully loaded,
(4) Turning on the computer, on the black screen before entering windows, I am (still) getting the following message:
Checking file system on C. Your file system is NTFS. One of your disks needs to be checked for consistency. You may cancel the disk check but it is strongly recommend that you continue. (And without me doing anything) Disk checking has been cancelled.
(5) I had just gotten a day before into some Tumblr pages to see what it was all about and due to the adult content in some I suspected I had put myself in trouble.
(6) As the alien advertisements in Facebook have been there from before, I also thought of VLC Player I downloaded at some point to be able to watch Supernatural on hxxp://www.tubeplus.me. There were a lot of pop ups when I was choosing an episode to watch by certain hosts, e.g. novamov.com opens some lp.usaftis.org with steps to follow to get a green card. Movshare.net opens a pop up bet365.com. Vidxen.com has a banner in front of the movie asking to type the word seen and submit to start the video to help them fight abusers and automated views, etc. I assume that tubeplus.me or certain hosts there, are problematic as Malwarebytes blocked it, but still unsure if the VLC Player add-on is not good either. Incidentally, if you know any other trustworthy site to watch such series, PLEASE ENLIGHTEN! :smile:
(7) The browsers arrows to move back and forward do not work properly and I need to right click on the arrow and then select from the drop down list the page I want to move to. This has also been happening a while now. In addition it seems that there are a lot more repetitions of the pages I visited in the back arrow drop down list than my actual activity.
(8) When I try to send some email from outlook (using my account from a domain we have a family website registered), to a new recipient with account on specific servers such as yahoo.com, I get a popup box saying:
«The server you are connected to is using a security certificate that cannot be verified. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. [View Cetrificate ] Do you want to continue using this server [Yes] [No]».
Clicking on View Certificate I get «Certificate Information. This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities Store. Issued to: vps.kivotos.net. Issued by: vps.kivotos.net» (which was at the time my providers server).
(9) After I followed the procedure suggested it became clear I had a problem, as Ad-Aware found and put on quarantine a Trojan Horse: Trojan.Win32.Generic!BT. Probably there are more issues. It may be irrelevant, but after the procedure, whenever I was shutting the pc off, I would notice some popup messages in the quick launch area saying that Windows Essential Security and Ad-Aware were both turned off. However, I reinstalled Windows Essential Security and did an adjustment with Ad-Aware and it seems that this is ok now.
(10) I am pushing a link on a page (e.g. login button on forums.techguy.org page) and a separate window pops up saying I won an ipad, etc. An example of such gift giving site is prizegiveawayclub.com and when trying to close it, it prompts an extra pop up that asks to confirm to leave the page.
(11) I have noticed some issues with Facebook which I am not aware if they are Facebook glitches, or related to my laptop problems, such as seeing say 20 likes under a post and when I click on them a list of only say 5 people appears. Incidentally this got temporarily fixed after I run Ad-Aware, before it reverted back to the problem after restarting the laptop. Another problem with Facebook that persists is when I am trying to search people. Where we get a drop down list of people with some name, when I press show more results 0 results come out, not even those in the drop down list.
(12) At some point when I opened 3-4 simultaneous YouTube tabs in Chrome, the computer pretty much froze. I tried to open the Task Manager (Ctrl-Alt-Delete) and after a while with a black screen I got the following message:
«Failure to display security and shut down options: The login process was unable to display security and logon options when CNTRL+ALT+DELETE was pressed. If the operating system does not respond press ESC or restart the computer using the power switch».
With a lot of patience and a bit of praying :smile: I tried this again and after a long delay I managed to get to the Task Manager. There were a lot of Chrome.exe*32 processes (much more than the tabs I had open, and then some other processes took most memory and I list them in case any of these is not legitimate: dmw.exe, toaster.exe*32, CCC.exe (Catalyst Control Center Host Application), Adaware.exe, Adawarebp.exe, testhost.exe (Host Process for Windows Test), and a bunch of wmpnscfg.exe (Windows media Player network sharing service configuration) Windows media player was not on.. I decided to stop CCC.exe, soon after the wmpnscfg.exe disappeared and the computer came back to speed. Later at night, MOM.exe made me wonder if it was some "cousin" of CCC.exe.
(13) Same thing happened the last time I turned the laptop on, right after I turned it on. I did not run any scans the previous day and used the internet (Facebook, Twitter, Google, Youtube) and outlook. I had to turn the computer off and on from the power button 3 times, before I figured to request Task Manager to open immediately after windows started, so that it did not get the chance to freeze first. I deleted again CCC.exe, MOM.exe, but it did little good. Somehow, I managed to start the sequence of CCleaner, which was drugging but finally managed to finish the task and then on things got easier and I run again Adaware, Spybot, Malwarebytes and Kaspersky. Three processes that I noticed in Task Manager having no username or description and which I could not erase, were atieclxx.exe, csrss.exe and winlogon.exe. Are all these legitimate?
(14) It is a long while that I receive a lot of spam, offering Viagra etc. I am often receiving spam from my own email address. I guess this may be a different issue if at some point in the past I entered some infected site or replied to some email I shouldnt have, and that my email address is already in some spammers list. IS THERE ANY WAY TO STOP THIS FROM HAPPENING OTHER THAN CHANGING MY EMAIL ADDRESS? Is there any real problem if I dont?
(15) In Word 7, the ribbon got minimized without making such a selection.
(16) Outlook opens on its own after startup, without me requesting it to.
(17) Chrome seems to be giving more problems that IE. I tried to view a list of my transactions with a bank online from Chrome and it would only show two entries from a period that had plenty more. When I tried the same in IE, I got the right list.
Please note that most of the above were done or noticed about a month ago, at which time I had to leave the laptop off on the side due to other pressing priorities initially and no access to the net later. I only turned it on again today to complete this process.
My laptop info is:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 4
RAM: 3958 Mb
Graphics Card: ATI Mobility Radeon HD 5470, 1024 Mb
Hard Drives: C: Total - 461838 MB, Free - 142465 MB;
Motherboard: Dell Inc., 03C6YH
Antivirus: Lavasoft Ad-Aware, Updated and Enabled
I should note that at present and for at least a couple more months, most of my stuff is in storage. My system etc disks are there and not easily accessible. I keep updating my documents etc, in my external disk but there is not enough space there to do a full system backup. I need a clarification related to this, IF POSSIBLE PLEASE ADVICE if I risk contaminating the external disk, given the present laptop issues, if I keep saving in it my documents, pictures, outlook personal folders and chrome favorites.
So at the end is the log of the procedure of DDS, and attached the second log, as it is advised. I hope I did this right.
In addition, I have the logs for the following procedures I already followed, so please let me know if you need me to post any of them: Screen317, Hijack This, Kaspersky Virus Removal Report, Kaspersky Security Scan detailed report, MalwareBytes Anti-Malware, Ad-Aware, an XML and an HTML document both named avz_sysinfo with the system analysis produced by Kaspersky Virus Removal ToolAVG, ESET, Windows SecurityEssentials did not find anything and I do not recall Panda or Bitdefender finding anything more than Kaspersky.
So, please let me know if you would like the log of any of the above as a second step.
Furthermore, it is recommended as initial steps by the administrators of some forums to also do the following checks: (Backup using Erunt), OTL, aswMBR, TDSS Killer, Rooter, LockSearch, CKScanner, WVCheck, OTM. There are also suggestions to use Rootkit Revealer 1.71, F-Secure Internet Security 2012, Microsoft Widows Malicious Software Tool, SuperAntiSpyware, Windows Defender, A-Squared Anti-Malware, Spyware Terminator, DrWeb-CureIt, SpywareBlaster, SpywareGuard, and Windows 7 Repair tool, Speedy PC Pro Repair Tool. If you need me to run or avoid - any of these please advice.
Please note that as I do not have access to internet where I am, I will check if there is some feedback sometime next week. If you want me to send you a message so you do not have to keep checking when I got your feedback please let me know.
Thank you thank you thank you
Giorgos
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by George Rossos at 4:10:50 on 2012-08-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1033.18.3959.1327 [GMT 3:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Iconix eMailID\OutlookClient\IconixOutlookUpdaterService.exe
C:\Program Files (x86)\Common Files\Iconix\IconixService.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\WINDOWS\WindowsMobile\wmdc.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~2\AD-AWA~1\AdAware.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: IconixBHOClass Class: {761233b6-f228-49e4-8f6b-668499d4e55a} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\George Rossos\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [<NO NAME>]
uRun: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
uRun: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
StartupFolder: C:\Users\GEORGE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&ξαγωγή στο Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Αποστολή εικόνας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Αποστολή σελίδας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{ADA05CBF-B438-4AD7-A342-D82EA0E0D984} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: IconixBHOClass Class: {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
BHO-X64: Norton Safe Web Lite BHO - No File
TB-X64: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 Spyware Info | Spyware Info | spyware software | spyware program | protection spyware
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;C:\windows\system32\drivers\pavboot64.sys --> C:\windows\system32\drivers\pavboot64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 ccSet_NST;Norton Safe Web Lite Settings Manager;C:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys --> C:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [?]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-4-2 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\windows\system32\drivers\LMIRfsDriver.sys --> C:\windows\system32\drivers\LMIRfsDriver.sys [?]
R2 sbapifs;sbapifs;C:\windows\system32\DRIVERS\sbapifs.sys --> C:\windows\system32\DRIVERS\sbapifs.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 BcmVWL;Broadcom Virtual Wireless;C:\windows\system32\DRIVERS\bcmvwl64.sys --> C:\windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 sbhips;sbhips;C:\windows\system32\drivers\sbhips.sys --> C:\windows\system32\drivers\sbhips.sys [?]
.
=============== Created Last 30 ================
.
2012-08-17 10:42:33 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DDB35CA-0461-49D6-B250-AC1536B9297A}\offreg.dll
2012-08-17 10:28:09 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{12F6B891-0D3E-41B3-83A0-F11E0040CABF}\gapaengine.dll
2012-08-17 10:28:05 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DDB35CA-0461-49D6-B250-AC1536B9297A}\mpengine.dll
2012-08-17 10:26:14 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-08-17 00:13:53 388096 ----a-r- C:\Users\George Rossos\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-16 23:44:29 1402880 ----a-w- C:\Users\George Rossos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.msi
2012-08-16 17:37:17 -------- d-----w- C:\Users\George Rossos\AppData\Roaming\ESET
2012-08-16 17:37:17 -------- d-----w- C:\Users\George Rossos\AppData\Local\ESET
2012-08-16 16:35:26 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-08-16 16:35:26 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-08-16 03:15:29 -------- d-----w- C:\Program Files (x86)\AVG
2012-08-16 03:13:19 -------- d--h--w- C:\ProgramData\Common Files
2012-08-16 03:13:19 -------- d-----w- C:\ProgramData\MFAData
2012-08-16 00:08:45 552960 ----a-w- C:\windows\System32\drivers\bthport.sys
2012-08-16 00:05:31 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-08-15 20:02:20 33800 ----a-w- C:\windows\System32\drivers\pavboot64.sys
2012-08-15 20:02:11 -------- d-----w- C:\Program Files (x86)\Panda Security
2012-08-15 19:54:13 -------- d-----w- C:\Users\George Rossos\AppData\Roaming\QuickScan
2012-08-15 18:29:38 503808 ----a-w- C:\windows\System32\srcore.dll
2012-08-15 18:29:36 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2012-08-15 18:29:25 751104 ----a-w- C:\windows\System32\win32spl.dll
2012-08-15 18:29:23 559104 ----a-w- C:\windows\System32\spoolsv.exe
2012-08-15 18:29:23 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
2012-08-15 18:29:20 67072 ----a-w- C:\windows\splwow64.exe
2012-08-15 18:29:17 59392 ----a-w- C:\windows\System32\browcli.dll
2012-08-15 18:29:17 136704 ----a-w- C:\windows\System32\browser.dll
2012-08-15 18:29:13 41984 ----a-w- C:\windows\SysWow64\browcli.dll
2012-08-15 18:29:06 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-08-15 18:28:59 956928 ----a-w- C:\windows\System32\localspl.dll
2012-08-15 18:22:16 -------- d-----w- C:\Users\George Rossos\AppData\Roaming\Malwarebytes
2012-08-15 13:52:35 -------- d-----w- C:\Users\George Rossos\AppData\Local\adaware
2012-08-15 13:52:27 60536 ----a-w- C:\windows\System32\drivers\sbhips.sys
2012-08-15 13:52:27 57976 ----a-w- C:\windows\System32\drivers\sbredrv.sys
2012-08-15 13:52:27 45936 ----a-w- C:\windows\System32\sbbd.exe
2012-08-15 13:52:20 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-08-15 13:52:03 -------- d-----w- C:\Users\George Rossos\AppData\Local\Downloaded Installations
2012-08-15 13:51:32 -------- d-----w- C:\Users\George Rossos\AppData\Local\adawarebp
2012-08-15 13:51:30 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-08-15 13:51:25 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-08-15 13:51:20 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-08-15 13:50:05 -------- d-----w- C:\Users\George Rossos\AppData\Roaming\Ad-Aware Antivirus
2012-08-15 00:29:47 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-15 00:29:47 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-12 16:13:50 -------- d-----w- C:\Users\George Rossos\AppData\Local\CRE
2012-08-12 16:13:39 -------- d-----w- C:\Program Files (x86)\Conduit
2012-08-12 16:13:37 -------- d-----w- C:\Users\George Rossos\AppData\Local\Conduit
2012-08-12 16:13:35 -------- d-----w- C:\Program Files (x86)\uTorrentControl2
2012-08-11 08:19:14 167048 ----a-w- C:\windows\System32\drivers\NSTx64\0200000.010\ccSetx64.sys
2012-08-11 08:19:09 -------- d-----w- C:\windows\System32\drivers\NSTx64\0200000.010
2012-08-11 08:19:09 -------- d-----w- C:\windows\System32\drivers\NSTx64
2012-08-11 08:19:09 -------- d-----w- C:\Program Files (x86)\Norton Safe Web Lite
2012-08-08 13:22:46 -------- d-----w- C:\Users\George Rossos\AppData\Local\{D8B3E063-BD4B-402C-93F9-437F90B8E61A}
2012-08-08 12:55:33 -------- d-----w- C:\Users\George Rossos\AppData\Roaming\Iconix
2012-08-08 12:55:33 -------- d-----w- C:\ProgramData\Iconix
2012-08-08 12:55:07 -------- d-----w- C:\Program Files (x86)\Common Files\Iconix
2012-08-08 12:55:03 -------- d-----w- C:\Program Files (x86)\Iconix
2012-08-08 12:54:09 -------- d-----w- C:\Users\George Rossos\AppData\Roaming\eMail ID-OL
2012-08-08 12:54:09 -------- d-----w- C:\ProgramData\eMail ID-OL
2012-08-08 12:53:53 -------- d-----w- C:\Program Files (x86)\Iconix eMailID
2012-08-08 12:49:02 -------- d-----w- C:\Program Files (x86)\DownloadManager
2012-08-08 12:47:50 -------- d-----w- C:\Program Files (x86)\SearchYa!
2012-08-08 12:45:32 -------- d-----w- C:\windows\en
2012-08-08 12:43:19 57280 ----a-w- C:\windows\System32\drivers\fssfltr.sys
2012-08-08 12:42:03 77656 ----a-w- C:\windows\System32\XAPOFX1_5.dll
2012-08-08 12:42:03 74072 ----a-w- C:\windows\SysWow64\XAPOFX1_5.dll
2012-08-08 12:42:03 527192 ----a-w- C:\windows\SysWow64\XAudio2_7.dll
2012-08-08 12:42:03 518488 ----a-w- C:\windows\System32\XAudio2_7.dll
2012-08-08 12:42:02 276832 ----a-w- C:\windows\System32\d3dx11_43.dll
2012-08-08 12:42:02 2526056 ----a-w- C:\windows\System32\D3DCompiler_43.dll
2012-08-08 12:42:02 248672 ----a-w- C:\windows\SysWow64\d3dx11_43.dll
2012-08-08 12:42:02 2106216 ----a-w- C:\windows\SysWow64\D3DCompiler_43.dll
2012-08-08 12:41:26 5563840 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f684591f1cd756207\skydrivesetup.exe
2012-08-08 12:41:26 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2012-08-08 12:41:23 -------- d-----r- C:\Users\George Rossos\SkyDrive
2012-08-08 12:41:08 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2012-08-08 12:40:15 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f4a0c4fa1cd756205\DXSETUP.exe
2012-08-08 12:40:15 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f4a0c4fa1cd756205\dsetup32.dll
2012-08-08 12:40:14 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f4a0c4fa1cd756205\DSETUP.dll
2012-08-08 12:40:12 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f3a794441cd756204\DSETUP.dll
2012-08-08 12:40:12 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f3a794441cd756204\DXSETUP.exe
2012-08-08 12:40:12 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f3a794441cd756204\dsetup32.dll
2012-08-08 12:39:58 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eb44d9951cd756201\DSETUP.dll
2012-08-08 12:39:58 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eb44d9951cd756201\DXSETUP.exe
2012-08-08 12:39:58 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eb44d9951cd756201\dsetup32.dll
2012-08-08 10:53:11 -------- d-----w- C:\Users\George Rossos\AppData\Local\{3525C511-8F33-4732-985E-19EEC4B7957F}
2012-08-08 10:53:00 -------- d-----w- C:\Users\George Rossos\AppData\Local\{B678CBE6-6DD4-4B3F-A35E-3997A0C1B6BE}
2012-08-07 22:39:26 -------- d-----w- C:\Users\George Rossos\AppData\Local\{7D7504F8-75A9-4CDF-869F-2A2A87ADD9BE}
2012-08-07 10:38:18 -------- d-----w- C:\Users\George Rossos\AppData\Local\{43ADA7F5-FAE8-4294-9EAC-328E33984F2D}
2012-08-07 10:38:02 -------- d-----w- C:\Users\George Rossos\AppData\Local\{6FD3D4E0-6476-4E49-BB00-8FDB4B81AD75}
2012-08-06 22:32:33 -------- d-----w- C:\Users\George Rossos\AppData\Local\{743F852A-6CE5-4CCE-B4BD-B59F21CD45DB}
2012-08-06 10:31:56 -------- d-----w- C:\Users\George Rossos\AppData\Local\{9DB9FDD2-DA22-4576-80E6-659FE0513773}
2012-08-06 10:31:33 -------- d-----w- C:\Users\George Rossos\AppData\Local\{B70D54F0-489F-4B89-A56F-3CE0F5794903}
2012-08-05 22:31:08 -------- d-----w- C:\Users\George Rossos\AppData\Local\{9028066C-AA8C-4350-A74F-BDDF82CE2AE0}
2012-08-05 22:30:46 -------- d-----w- C:\Users\George Rossos\AppData\Local\{D3A6757E-2925-4501-B09E-461F2DA0CA51}
2012-08-05 10:30:04 -------- d-----w- C:\Users\George Rossos\AppData\Local\{00F7C79A-AC68-4E81-8FAE-491471BD8DE1}
2012-08-05 10:29:51 -------- d-----w- C:\Users\George Rossos\AppData\Local\{CAC517D7-1437-42EE-894D-AE9E164F4BAA}
2012-08-04 22:16:30 -------- d-----w- C:\Users\George Rossos\AppData\Local\{D0A33E9F-C5AB-4756-86C8-F779142BE3D9}
2012-08-04 10:15:53 -------- d-----w- C:\Users\George Rossos\AppData\Local\{F9554322-7C54-4F8E-BB9B-E9E41034DE28}
2012-08-04 10:15:30 -------- d-----w- C:\Users\George Rossos\AppData\Local\{0032AA92-7A4D-4D3E-9970-11388F6CEE39}
2012-08-03 23:58:53 -------- d-----w- C:\ProgramData\Codec
2012-08-03 22:15:05 -------- d-----w- C:\Users\George Rossos\AppData\Local\{8284F6B9-EBBA-424C-ABA5-F6E33CA27A70}
2012-08-03 22:14:43 -------- d-----w- C:\Users\George Rossos\AppData\Local\{AE9105E1-3839-4135-9F18-AECDC81AA171}
2012-08-03 10:14:29 -------- d-----w- C:\Users\George Rossos\AppData\Local\{67150ED7-7F8C-47B0-9243-4679367405C2}
2012-08-03 10:14:07 -------- d-----w- C:\Users\George Rossos\AppData\Local\{7AD05646-F670-4BC9-A16E-CCCBAD764F0C}
2012-08-02 22:13:42 -------- d-----w- C:\Users\George Rossos\AppData\Local\{4050E636-1A77-447C-BC93-AADDDBAD03DE}
2012-08-02 10:13:06 -------- d-----w- C:\Users\George Rossos\AppData\Local\{A543DBD2-27E7-4802-B5B0-ECA787C8A2B5}
2012-08-02 10:12:44 -------- d-----w- C:\Users\George Rossos\AppData\Local\{273D75A7-3C08-46C9-8DC8-303271078FBD}
2012-08-01 22:12:17 -------- d-----w- C:\Users\George Rossos\AppData\Local\{12367BA3-73A6-4AAD-92B8-506AA13B90E2}
2012-08-01 10:11:41 -------- d-----w- C:\Users\George Rossos\AppData\Local\{556A346F-C7ED-4C6B-B4F1-451FC40C2F54}
2012-08-01 10:11:19 -------- d-----w- C:\Users\George Rossos\AppData\Local\{FFB14555-CAA8-45CD-BC9C-458A77036A95}
2012-07-31 22:10:54 -------- d-----w- C:\Users\George Rossos\AppData\Local\{EBD82A01-82D8-4D10-BE90-A633D47D2313}
2012-07-31 22:10:43 -------- d-----w- C:\Users\George Rossos\AppData\Local\{5E39AB3C-3F10-40E7-B9E5-C2609402E79C}
2012-07-31 10:10:29 -------- d-----w- C:\Users\George Rossos\AppData\Local\{3837CE1C-BFC3-447C-AB1B-B91DF655266A}
2012-07-31 10:10:07 -------- d-----w- C:\Users\George Rossos\AppData\Local\{D3A2C572-1A09-42BC-A26E-4114E7809FD0}
2012-07-30 22:09:42 -------- d-----w- C:\Users\George Rossos\AppData\Local\{E97AC75D-40B3-488D-A774-E65E2D315A2B}
2012-07-30 22:09:20 -------- d-----w- C:\Users\George Rossos\AppData\Local\{354647CC-76CF-4208-97D6-267BDA5C2618}
2012-07-30 10:09:06 -------- d-----w- C:\Users\George Rossos\AppData\Local\{63DC50E6-3F54-468B-BF12-B77FC68FA520}
2012-07-30 10:08:44 -------- d-----w- C:\Users\George Rossos\AppData\Local\{02BFF66F-982C-422C-B68C-93891AF22CD7}
2012-07-29 22:08:18 -------- d-----w- C:\Users\George Rossos\AppData\Local\{88F7D99C-A0E8-4EEF-BB02-0B1F879FF7C1}
2012-07-29 22:07:56 -------- d-----w- C:\Users\George Rossos\AppData\Local\{6049EEDB-E9FA-4AFD-B497-C3F1856E4E2D}
2012-07-29 12:16:14 -------- d-----w- C:\Program Files (x86)\Common Files\PCSuite
2012-07-29 12:15:44 -------- d-----w- C:\Program Files (x86)\PC Connectivity Solution
2012-07-29 11:43:33 -------- d-----w- C:\Users\George Rossos\AppData\Local\NokiaAccount
2012-07-29 10:07:07 -------- d-----w- C:\Users\George Rossos\AppData\Local\{501D60EE-F930-4865-A4A4-A9F79DF07FC2}
2012-07-29 10:06:51 -------- d-----w- C:\Users\George Rossos\AppData\Local\{BF779C5C-AC22-430E-86A7-3733D3DBC7D4}
2012-07-28 21:55:14 -------- d-----w- C:\Users\George Rossos\AppData\Local\{FCCA04DA-6226-4C44-A1BB-80E41AD1EC74}
2012-07-28 09:54:37 -------- d-----w- C:\Users\George Rossos\AppData\Local\{E6655BAC-D52A-456C-9DC9-0E3C20FCB6CE}
2012-07-28 09:54:14 -------- d-----w- C:\Users\George Rossos\AppData\Local\{31E7DEFC-EB18-4483-9C9D-BA8C60AFD410}
2012-07-28 00:09:02 57792 ----a-w- C:\windows\SysWow64\sirenacm.dll
2012-07-27 23:54:00 321472 ----a-w- C:\windows\WLXPGSS.SCR
2012-07-27 21:53:46 -------- d-----w- C:\Users\George Rossos\AppData\Local\{96658EA1-E436-4E76-8E8A-A53FE634E64D}
2012-07-27 21:53:24 -------- d-----w- C:\Users\George Rossos\AppData\Local\{8D8D88B6-3893-4188-9D1E-97522E11EC03}
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-07-27 09:52:50 -------- d-----w- C:\Users\George Rossos\AppData\Local\{F2686F5F-0FA7-478F-B703-0E1F4EB307B3}
2012-07-27 09:52:38 -------- d-----w- C:\Users\George Rossos\AppData\Local\{1FF7E1F2-7C47-40D9-8881-5B1DB7D05E3A}
2012-07-26 21:22:25 -------- d-----w- C:\Users\George Rossos\AppData\Local\{2B2E164C-04B9-4B8A-9E94-4D3D700CA84D}
2012-07-26 16:08:06 862664 ----a-w- C:\windows\SysWow64\msvcr110.dll
2012-07-26 16:08:06 534480 ----a-w- C:\windows\SysWow64\msvcp110.dll
2012-07-26 16:08:06 251864 ----a-w- C:\windows\SysWow64\vccorlib110.dll
2012-07-26 16:08:06 153536 ----a-w- C:\windows\SysWow64\atl110.dll
2012-07-26 16:08:06 115656 ----a-w- C:\windows\SysWow64\vcomp110.dll
2012-07-26 12:22:10 828872 ----a-w- C:\windows\System32\msvcr110.dll
2012-07-26 12:22:10 661448 ----a-w- C:\windows\System32\msvcp110.dll
2012-07-26 12:22:10 354264 ----a-w- C:\windows\System32\vccorlib110.dll
2012-07-26 12:22:10 177096 ----a-w- C:\windows\System32\atl110.dll
2012-07-26 12:22:10 124360 ----a-w- C:\windows\System32\vcomp110.dll
2012-07-26 09:21:49 -------- d-----w- C:\Users\George Rossos\AppData\Local\{1E40FE22-4FE7-4C5A-A9D4-DED345B5A687}
2012-07-26 09:21:27 -------- d-----w- C:\Users\George Rossos\AppData\Local\{80C8B017-C30E-4171-839D-C86A9D9A08F2}
2012-07-25 21:21:00 -------- d-----w- C:\Users\George Rossos\AppData\Local\{35EFCC34-6720-41F6-B271-BAE6A2266265}
2012-07-25 21:20:37 -------- d-----w- C:\Users\George Rossos\AppData\Local\{4B9B082E-41D7-41DF-8876-780FFBCB1841}
2012-07-25 09:20:13 -------- d-----w- C:\Users\George Rossos\AppData\Local\{6FADCB67-A7FA-4B0F-856D-4E3DAAD6630C}
2012-07-25 09:19:49 -------- d-----w- C:\Users\George Rossos\AppData\Local\{16B15911-ECA6-4631-B52D-95B8B7E1E073}
2012-07-24 21:16:33 -------- d-----w- C:\Users\George Rossos\AppData\Local\{2B9F73FA-E4F3-4849-A7D1-2F0EFB00C7AE}
2012-07-24 09:15:43 -------- d-----w- C:\Users\George Rossos\AppData\Local\{B168E7BE-F2A1-4DC3-9884-C4608562DE7C}
2012-07-24 09:15:20 -------- d-----w- C:\Users\George Rossos\AppData\Local\{E6ECB504-326B-46B4-B953-8B7DBA609F11}
2012-07-23 12:02:37 -------- d-----w- C:\Users\George Rossos\AppData\Local\{53C0C7CE-CE1D-447F-8CFD-5CCE7A0FE9B4}
2012-07-23 12:02:12 -------- d-----w- C:\Users\George Rossos\AppData\Local\{0FEA7B4B-7F36-440E-9227-A54FC42D5D0B}
2012-07-23 00:01:47 -------- d-----w- C:\Users\George Rossos\AppData\Local\{39F22AF5-C0B8-4A59-8B4B-33235FE2B404}
2012-07-23 00:01:25 -------- d-----w- C:\Users\George Rossos\AppData\Local\{B9A7CDC5-C327-4986-86AF-A0EF4834ACFB}
2012-07-22 12:01:11 -------- d-----w- C:\Users\George Rossos\AppData\Local\{196E555E-98D5-4E64-974A-94B49FBF54EF}
2012-07-22 12:00:49 -------- d-----w- C:\Users\George Rossos\AppData\Local\{C2234FBB-EEC5-4CAE-8ED4-EC26151890CB}
2012-07-22 00:00:22 -------- d-----w- C:\Users\George Rossos\AppData\Local\{AA74B35E-81BE-4209-B2BA-85C12BFC8C7F}
2012-07-22 00:00:00 -------- d-----w- C:\Users\George Rossos\AppData\Local\{E0CBBCB7-DACE-4B81-8E45-B1394B4ABF36}
2012-07-21 11:59:46 -------- d-----w- C:\Users\George Rossos\AppData\Local\{3F501130-3E1B-4DF7-A9DC-613623B97DC2}
2012-07-21 11:59:24 -------- d-----w- C:\Users\George Rossos\AppData\Local\{3B40DA73-3620-47EE-A3A6-F3278F2F961E}
2012-07-20 23:58:57 -------- d-----w- C:\Users\George Rossos\AppData\Local\{DDBCC3C0-0ADB-47CB-8E2E-F6DE91A36406}
2012-07-20 11:58:21 -------- d-----w- C:\Users\George Rossos\AppData\Local\{BB6E551C-1875-48B0-AB83-9A60B4F3898A}
2012-07-20 11:57:58 -------- d-----w- C:\Users\George Rossos\AppData\Local\{277CA7CF-F645-4A4B-9F7E-EBE018C3BF5E}
2012-07-19 23:57:32 -------- d-----w- C:\Users\George Rossos\AppData\Local\{3A35633F-0239-4E63-A10B-9B6B9B1EE557}
2012-07-19 23:57:10 -------- d-----w- C:\Users\George Rossos\AppData\Local\{D53E22A5-A38D-41D2-8610-03DE8AC102C5}
2012-07-19 17:34:25 -------- d-----w- C:\PFiles
2012-07-19 11:56:56 -------- d-----w- C:\Users\George Rossos\AppData\Local\{DE073A6E-39B7-470F-AB20-86ABE3019D99}
2012-07-19 11:56:34 -------- d-----w- C:\Users\George Rossos\AppData\Local\{1C8A0D7F-0D39-449D-AA5D-D866BB0B183D}
.
==================== Find3M ====================
.
2012-08-15 12:42:32 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 12:42:31 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-17 12:14:44 253184 ----a-w- C:\windows\System32\LIVESSP.DLL
2012-07-17 11:49:00 209648 ----a-w- C:\windows\SysWow64\LIVESSP.DLL
2012-07-11 19:33:42 87488 ----a-w- C:\windows\System32\LMIRfsClientNP.dll
2012-07-11 19:33:42 80800 ----a-w- C:\windows\System32\LMIinit.dll
2012-07-11 19:33:42 34720 ----a-w- C:\windows\System32\LMIport.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-20 17:32:26 39424 ----a-w- C:\windows\System32\udefrag.exe
2012-06-20 17:32:22 7168 ----a-w- C:\windows\System32\hibernate4win.exe
2012-06-20 17:32:20 12800 ----a-w- C:\windows\System32\bootexctrl.exe
2012-06-20 17:32:18 31232 ----a-w- C:\windows\System32\wgx.dll
2012-06-20 17:32:06 204288 ----a-w- C:\windows\System32\lua5.1a.dll
2012-06-20 17:31:54 62464 ----a-w- C:\windows\System32\udefrag.dll
2012-06-20 17:31:52 99328 ----a-w- C:\windows\System32\zenwinx.dll
2012-06-20 17:31:50 168448 ----a-w- C:\windows\System32\defrag_native.exe
2012-06-14 13:15:41 955840 ----a-w- C:\windows\System32\npdeployJava1.dll
2012-06-14 13:15:41 839096 ----a-w- C:\windows\System32\deployJava1.dll
2012-06-11 08:33:46 26112 ----a-w- C:\windows\System32\drivers\pccsmcfdx64.sys
2012-06-06 17:59:42 1070152 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 12:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 12:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-03-20 20:17:44 378 ----a-w- C:\Program Files (x86)\temp995.bat
.
============= FINISH: 4:12:34,75 ===============
Thank you for taking the time to look at this and any help you may offer.
I followed some detailed procedure I found to fix some problems I was facing with my laptop. It is an outdated post, 2009, but seemed pretty well thought out and the best I found in an initial hasty search. The procedure which I followed was CC Cleaner, Ad Aware, Spybot Search and Destroy, MalwareBytes Anti-Malware, virus scan (I used online Karspersky, Panda, Bitdefender, and also ESET, AVG and Windows Security Essentials and I also scanned with Norton Security Scan that I already had) and then Hijack This. Finally it suggested I post the logs of Hijack This and of some other of the suggested procedures to a forum, and so I ended up here. I saw here in the instructions for posting requested logs to run DDS and post this instead and so I did. The laptop is 64-bit so I did not use GMER.
It is asked to put in detail the indications that there is a problem with the laptop, so here they are:
(1) Chrome was getting slow, YouTube videos especially. I do not know if it was a one-off occurrence but a YouTube video had the background all black and as I was passing the mouse over the dark background the images and comments underneath showed up (this happened after I had run the above checks and Trojan was already in quarantine),
(2) I started getting some ad banners in Facebook and at the top of the page of Twitter, with an indication they were not their ads still there at least on Twitter after the procedure followed,
(3) As I am trying to move down some busy pages in Chrome, I am being pushed up to the top of the page repetitively until the page was fully loaded,
(4) Turning on the computer, on the black screen before entering windows, I am (still) getting the following message:
Checking file system on C. Your file system is NTFS. One of your disks needs to be checked for consistency. You may cancel the disk check but it is strongly recommend that you continue. (And without me doing anything) Disk checking has been cancelled.
(5) I had just gotten a day before into some Tumblr pages to see what it was all about and due to the adult content in some I suspected I had put myself in trouble.
(6) As the alien advertisements in Facebook have been there from before, I also thought of VLC Player I downloaded at some point to be able to watch Supernatural on hxxp://www.tubeplus.me. There were a lot of pop ups when I was choosing an episode to watch by certain hosts, e.g. novamov.com opens some lp.usaftis.org with steps to follow to get a green card. Movshare.net opens a pop up bet365.com. Vidxen.com has a banner in front of the movie asking to type the word seen and submit to start the video to help them fight abusers and automated views, etc. I assume that tubeplus.me or certain hosts there, are problematic as Malwarebytes blocked it, but still unsure if the VLC Player add-on is not good either. Incidentally, if you know any other trustworthy site to watch such series, PLEASE ENLIGHTEN! :smile:
(7) The browsers arrows to move back and forward do not work properly and I need to right click on the arrow and then select from the drop down list the page I want to move to. This has also been happening a while now. In addition it seems that there are a lot more repetitions of the pages I visited in the back arrow drop down list than my actual activity.
(8) When I try to send some email from outlook (using my account from a domain we have a family website registered), to a new recipient with account on specific servers such as yahoo.com, I get a popup box saying:
«The server you are connected to is using a security certificate that cannot be verified. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. [View Cetrificate ] Do you want to continue using this server [Yes] [No]».
Clicking on View Certificate I get «Certificate Information. This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities Store. Issued to: vps.kivotos.net. Issued by: vps.kivotos.net» (which was at the time my providers server).
(9) After I followed the procedure suggested it became clear I had a problem, as Ad-Aware found and put on quarantine a Trojan Horse: Trojan.Win32.Generic!BT. Probably there are more issues. It may be irrelevant, but after the procedure, whenever I was shutting the pc off, I would notice some popup messages in the quick launch area saying that Windows Essential Security and Ad-Aware were both turned off. However, I reinstalled Windows Essential Security and did an adjustment with Ad-Aware and it seems that this is ok now.
(10) I am pushing a link on a page (e.g. login button on forums.techguy.org page) and a separate window pops up saying I won an ipad, etc. An example of such gift giving site is prizegiveawayclub.com and when trying to close it, it prompts an extra pop up that asks to confirm to leave the page.
(11) I have noticed some issues with Facebook which I am not aware if they are Facebook glitches, or related to my laptop problems, such as seeing say 20 likes under a post and when I click on them a list of only say 5 people appears. Incidentally this got temporarily fixed after I run Ad-Aware, before it reverted back to the problem after restarting the laptop. Another problem with Facebook that persists is when I am trying to search people. Where we get a drop down list of people with some name, when I press show more results 0 results come out, not even those in the drop down list.
(12) At some point when I opened 3-4 simultaneous YouTube tabs in Chrome, the computer pretty much froze. I tried to open the Task Manager (Ctrl-Alt-Delete) and after a while with a black screen I got the following message:
«Failure to display security and shut down options: The login process was unable to display security and logon options when CNTRL+ALT+DELETE was pressed. If the operating system does not respond press ESC or restart the computer using the power switch».
With a lot of patience and a bit of praying :smile: I tried this again and after a long delay I managed to get to the Task Manager. There were a lot of Chrome.exe*32 processes (much more than the tabs I had open, and then some other processes took most memory and I list them in case any of these is not legitimate: dmw.exe, toaster.exe*32, CCC.exe (Catalyst Control Center Host Application), Adaware.exe, Adawarebp.exe, testhost.exe (Host Process for Windows Test), and a bunch of wmpnscfg.exe (Windows media Player network sharing service configuration) Windows media player was not on.. I decided to stop CCC.exe, soon after the wmpnscfg.exe disappeared and the computer came back to speed. Later at night, MOM.exe made me wonder if it was some "cousin" of CCC.exe.
(13) Same thing happened the last time I turned the laptop on, right after I turned it on. I did not run any scans the previous day and used the internet (Facebook, Twitter, Google, Youtube) and outlook. I had to turn the computer off and on from the power button 3 times, before I figured to request Task Manager to open immediately after windows started, so that it did not get the chance to freeze first. I deleted again CCC.exe, MOM.exe, but it did little good. Somehow, I managed to start the sequence of CCleaner, which was drugging but finally managed to finish the task and then on things got easier and I run again Adaware, Spybot, Malwarebytes and Kaspersky. Three processes that I noticed in Task Manager having no username or description and which I could not erase, were atieclxx.exe, csrss.exe and winlogon.exe. Are all these legitimate?
(14) It is a long while that I receive a lot of spam, offering Viagra etc. I am often receiving spam from my own email address. I guess this may be a different issue if at some point in the past I entered some infected site or replied to some email I shouldnt have, and that my email address is already in some spammers list. IS THERE ANY WAY TO STOP THIS FROM HAPPENING OTHER THAN CHANGING MY EMAIL ADDRESS? Is there any real problem if I dont?
(15) In Word 7, the ribbon got minimized without making such a selection.
(16) Outlook opens on its own after startup, without me requesting it to.
(17) Chrome seems to be giving more problems that IE. I tried to view a list of my transactions with a bank online from Chrome and it would only show two entries from a period that had plenty more. When I tried the same in IE, I got the right list.
Please note that most of the above were done or noticed about a month ago, at which time I had to leave the laptop off on the side due to other pressing priorities initially and no access to the net later. I only turned it on again today to complete this process.
My laptop info is:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 4
RAM: 3958 Mb
Graphics Card: ATI Mobility Radeon HD 5470, 1024 Mb
Hard Drives: C: Total - 461838 MB, Free - 142465 MB;
Motherboard: Dell Inc., 03C6YH
Antivirus: Lavasoft Ad-Aware, Updated and Enabled
I should note that at present and for at least a couple more months, most of my stuff is in storage. My system etc disks are there and not easily accessible. I keep updating my documents etc, in my external disk but there is not enough space there to do a full system backup. I need a clarification related to this, IF POSSIBLE PLEASE ADVICE if I risk contaminating the external disk, given the present laptop issues, if I keep saving in it my documents, pictures, outlook personal folders and chrome favorites.
So at the end is the log of the procedure of DDS, and attached the second log, as it is advised. I hope I did this right.
In addition, I have the logs for the following procedures I already followed, so please let me know if you need me to post any of them: Screen317, Hijack This, Kaspersky Virus Removal Report, Kaspersky Security Scan detailed report, MalwareBytes Anti-Malware, Ad-Aware, an XML and an HTML document both named avz_sysinfo with the system analysis produced by Kaspersky Virus Removal ToolAVG, ESET, Windows SecurityEssentials did not find anything and I do not recall Panda or Bitdefender finding anything more than Kaspersky.
So, please let me know if you would like the log of any of the above as a second step.
Furthermore, it is recommended as initial steps by the administrators of some forums to also do the following checks: (Backup using Erunt), OTL, aswMBR, TDSS Killer, Rooter, LockSearch, CKScanner, WVCheck, OTM. There are also suggestions to use Rootkit Revealer 1.71, F-Secure Internet Security 2012, Microsoft Widows Malicious Software Tool, SuperAntiSpyware, Windows Defender, A-Squared Anti-Malware, Spyware Terminator, DrWeb-CureIt, SpywareBlaster, SpywareGuard, and Windows 7 Repair tool, Speedy PC Pro Repair Tool. If you need me to run or avoid - any of these please advice.
Please note that as I do not have access to internet where I am, I will check if there is some feedback sometime next week. If you want me to send you a message so you do not have to keep checking when I got your feedback please let me know.
Thank you thank you thank you
Giorgos
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by George Rossos at 4:10:50 on 2012-08-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1033.18.3959.1327 [GMT 3:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Iconix eMailID\OutlookClient\IconixOutlookUpdaterService.exe
C:\Program Files (x86)\Common Files\Iconix\IconixService.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\WINDOWS\WindowsMobile\wmdc.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~2\AD-AWA~1\AdAware.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\George Rossos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: IconixBHOClass Class: {761233b6-f228-49e4-8f6b-668499d4e55a} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\George Rossos\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [<NO NAME>]
uRun: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
uRun: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
StartupFolder: C:\Users\GEORGE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&ξαγωγή στο Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Αποστολή εικόνας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Αποστολή σελίδας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{ADA05CBF-B438-4AD7-A342-D82EA0E0D984} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: IconixBHOClass Class: {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
BHO-X64: Norton Safe Web Lite BHO - No File
TB-X64: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 Spyware Info | Spyware Info | spyware software | spyware program | protection spyware
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;C:\windows\system32\drivers\pavboot64.sys --> C:\windows\system32\drivers\pavboot64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 ccSet_NST;Norton Safe Web Lite Settings Manager;C:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys --> C:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [?]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-4-2 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\windows\system32\drivers\LMIRfsDriver.sys --> C:\windows\system32\drivers\LMIRfsDriver.sys [?]
R2 sbapifs;sbapifs;C:\windows\system32\DRIVERS\sbapifs.sys --> C:\windows\system32\DRIVERS\sbapifs.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 BcmVWL;Broadcom Virtual Wireless;C:\windows\system32\DRIVERS\bcmvwl64.sys --> C:\windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 sbhips;sbhips;C:\windows\system32\drivers\sbhips.sys --> C:\windows\system32\drivers\sbhips.sys [?]
.
=============== Created Last 30 ================
.
2012-08-17 10:42:33 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DDB35CA-0461-49D6-B250-AC1536B9297A}\offreg.dll
2012-08-17 10:28:09 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{12F6B891-0D3E-41B3-83A0-F11E0040CABF}\gapaengine.dll
2012-08-17 10:28:05 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DDB35CA-0461-49D6-B250-AC1536B9297A}\mpengine.dll
2012-08-17 10:26:14 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-08-17 00:13:53 388096 ----a-r- C:\Users\George Rossos\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-16 23:44:29 1402880 ----a-w- C:\Users\George Rossos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.msi
2012-08-16 17:37:17 -------- d-----w- C:\Users\George Rossos\AppData\Roaming\ESET
2012-08-16 17:37:17 -------- d-----w- C:\Users\George Rossos\AppData\Local\ESET
2012-08-16 16:35:26 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-08-16 16:35:26 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-08-16 03:15:29 -------- d-----w- C:\Program Files (x86)\AVG
2012-08-16 03:13:19 -------- d--h--w- C:\ProgramData\Common Files
2012-08-16 03:13:19 -------- d-----w- C:\ProgramData\MFAData
2012-08-16 00:08:45 552960 ----a-w- C:\windows\System32\drivers\bthport.sys
2012-08-16 00:05:31 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-08-15 20:02:20 33800 ----a-w- C:\windows\System32\drivers\pavboot64.sys
2012-08-15 20:02:11 -------- d-----w- C:\Program Files (x86)\Panda Security
2012-08-15 19:54:13 -------- d-----w- C:\Users\George Rossos\AppData\Roaming\QuickScan
2012-08-15 18:29:38 503808 ----a-w- C:\windows\System32\srcore.dll
2012-08-15 18:29:36 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2012-08-15 18:29:25 751104 ----a-w- C:\windows\System32\win32spl.dll
2012-08-15 18:29:23 559104 ----a-w- C:\windows\System32\spoolsv.exe
2012-08-15 18:29:23 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
2012-08-15 18:29:20 67072 ----a-w- C:\windows\splwow64.exe
2012-08-15 18:29:17 59392 ----a-w- C:\windows\System32\browcli.dll
2012-08-15 18:29:17 136704 ----a-w- C:\windows\System32\browser.dll
2012-08-15 18:29:13 41984 ----a-w- C:\windows\SysWow64\browcli.dll
2012-08-15 18:29:06 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-08-15 18:28:59 956928 ----a-w- C:\windows\System32\localspl.dll
2012-08-15 18:22:16 -------- d-----w- C:\Users\George Rossos\AppData\Roaming\Malwarebytes
2012-08-15 13:52:35 -------- d-----w- C:\Users\George Rossos\AppData\Local\adaware
2012-08-15 13:52:27 60536 ----a-w- C:\windows\System32\drivers\sbhips.sys
2012-08-15 13:52:27 57976 ----a-w- C:\windows\System32\drivers\sbredrv.sys
2012-08-15 13:52:27 45936 ----a-w- C:\windows\System32\sbbd.exe
2012-08-15 13:52:20 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-08-15 13:52:03 -------- d-----w- C:\Users\George Rossos\AppData\Local\Downloaded Installations
2012-08-15 13:51:32 -------- d-----w- C:\Users\George Rossos\AppData\Local\adawarebp
2012-08-15 13:51:30 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-08-15 13:51:25 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-08-15 13:51:20 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-08-15 13:50:05 -------- d-----w- C:\Users\George Rossos\AppData\Roaming\Ad-Aware Antivirus
2012-08-15 00:29:47 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-15 00:29:47 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-12 16:13:50 -------- d-----w- C:\Users\George Rossos\AppData\Local\CRE
2012-08-12 16:13:39 -------- d-----w- C:\Program Files (x86)\Conduit
2012-08-12 16:13:37 -------- d-----w- C:\Users\George Rossos\AppData\Local\Conduit
2012-08-12 16:13:35 -------- d-----w- C:\Program Files (x86)\uTorrentControl2
2012-08-11 08:19:14 167048 ----a-w- C:\windows\System32\drivers\NSTx64\0200000.010\ccSetx64.sys
2012-08-11 08:19:09 -------- d-----w- C:\windows\System32\drivers\NSTx64\0200000.010
2012-08-11 08:19:09 -------- d-----w- C:\windows\System32\drivers\NSTx64
2012-08-11 08:19:09 -------- d-----w- C:\Program Files (x86)\Norton Safe Web Lite
2012-08-08 13:22:46 -------- d-----w- C:\Users\George Rossos\AppData\Local\{D8B3E063-BD4B-402C-93F9-437F90B8E61A}
2012-08-08 12:55:33 -------- d-----w- C:\Users\George Rossos\AppData\Roaming\Iconix
2012-08-08 12:55:33 -------- d-----w- C:\ProgramData\Iconix
2012-08-08 12:55:07 -------- d-----w- C:\Program Files (x86)\Common Files\Iconix
2012-08-08 12:55:03 -------- d-----w- C:\Program Files (x86)\Iconix
2012-08-08 12:54:09 -------- d-----w- C:\Users\George Rossos\AppData\Roaming\eMail ID-OL
2012-08-08 12:54:09 -------- d-----w- C:\ProgramData\eMail ID-OL
2012-08-08 12:53:53 -------- d-----w- C:\Program Files (x86)\Iconix eMailID
2012-08-08 12:49:02 -------- d-----w- C:\Program Files (x86)\DownloadManager
2012-08-08 12:47:50 -------- d-----w- C:\Program Files (x86)\SearchYa!
2012-08-08 12:45:32 -------- d-----w- C:\windows\en
2012-08-08 12:43:19 57280 ----a-w- C:\windows\System32\drivers\fssfltr.sys
2012-08-08 12:42:03 77656 ----a-w- C:\windows\System32\XAPOFX1_5.dll
2012-08-08 12:42:03 74072 ----a-w- C:\windows\SysWow64\XAPOFX1_5.dll
2012-08-08 12:42:03 527192 ----a-w- C:\windows\SysWow64\XAudio2_7.dll
2012-08-08 12:42:03 518488 ----a-w- C:\windows\System32\XAudio2_7.dll
2012-08-08 12:42:02 276832 ----a-w- C:\windows\System32\d3dx11_43.dll
2012-08-08 12:42:02 2526056 ----a-w- C:\windows\System32\D3DCompiler_43.dll
2012-08-08 12:42:02 248672 ----a-w- C:\windows\SysWow64\d3dx11_43.dll
2012-08-08 12:42:02 2106216 ----a-w- C:\windows\SysWow64\D3DCompiler_43.dll
2012-08-08 12:41:26 5563840 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f684591f1cd756207\skydrivesetup.exe
2012-08-08 12:41:26 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2012-08-08 12:41:23 -------- d-----r- C:\Users\George Rossos\SkyDrive
2012-08-08 12:41:08 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2012-08-08 12:40:15 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f4a0c4fa1cd756205\DXSETUP.exe
2012-08-08 12:40:15 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f4a0c4fa1cd756205\dsetup32.dll
2012-08-08 12:40:14 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f4a0c4fa1cd756205\DSETUP.dll
2012-08-08 12:40:12 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f3a794441cd756204\DSETUP.dll
2012-08-08 12:40:12 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f3a794441cd756204\DXSETUP.exe
2012-08-08 12:40:12 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f3a794441cd756204\dsetup32.dll
2012-08-08 12:39:58 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eb44d9951cd756201\DSETUP.dll
2012-08-08 12:39:58 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eb44d9951cd756201\DXSETUP.exe
2012-08-08 12:39:58 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eb44d9951cd756201\dsetup32.dll
2012-08-08 10:53:11 -------- d-----w- C:\Users\George Rossos\AppData\Local\{3525C511-8F33-4732-985E-19EEC4B7957F}
2012-08-08 10:53:00 -------- d-----w- C:\Users\George Rossos\AppData\Local\{B678CBE6-6DD4-4B3F-A35E-3997A0C1B6BE}
2012-08-07 22:39:26 -------- d-----w- C:\Users\George Rossos\AppData\Local\{7D7504F8-75A9-4CDF-869F-2A2A87ADD9BE}
2012-08-07 10:38:18 -------- d-----w- C:\Users\George Rossos\AppData\Local\{43ADA7F5-FAE8-4294-9EAC-328E33984F2D}
2012-08-07 10:38:02 -------- d-----w- C:\Users\George Rossos\AppData\Local\{6FD3D4E0-6476-4E49-BB00-8FDB4B81AD75}
2012-08-06 22:32:33 -------- d-----w- C:\Users\George Rossos\AppData\Local\{743F852A-6CE5-4CCE-B4BD-B59F21CD45DB}
2012-08-06 10:31:56 -------- d-----w- C:\Users\George Rossos\AppData\Local\{9DB9FDD2-DA22-4576-80E6-659FE0513773}
2012-08-06 10:31:33 -------- d-----w- C:\Users\George Rossos\AppData\Local\{B70D54F0-489F-4B89-A56F-3CE0F5794903}
2012-08-05 22:31:08 -------- d-----w- C:\Users\George Rossos\AppData\Local\{9028066C-AA8C-4350-A74F-BDDF82CE2AE0}
2012-08-05 22:30:46 -------- d-----w- C:\Users\George Rossos\AppData\Local\{D3A6757E-2925-4501-B09E-461F2DA0CA51}
2012-08-05 10:30:04 -------- d-----w- C:\Users\George Rossos\AppData\Local\{00F7C79A-AC68-4E81-8FAE-491471BD8DE1}
2012-08-05 10:29:51 -------- d-----w- C:\Users\George Rossos\AppData\Local\{CAC517D7-1437-42EE-894D-AE9E164F4BAA}
2012-08-04 22:16:30 -------- d-----w- C:\Users\George Rossos\AppData\Local\{D0A33E9F-C5AB-4756-86C8-F779142BE3D9}
2012-08-04 10:15:53 -------- d-----w- C:\Users\George Rossos\AppData\Local\{F9554322-7C54-4F8E-BB9B-E9E41034DE28}
2012-08-04 10:15:30 -------- d-----w- C:\Users\George Rossos\AppData\Local\{0032AA92-7A4D-4D3E-9970-11388F6CEE39}
2012-08-03 23:58:53 -------- d-----w- C:\ProgramData\Codec
2012-08-03 22:15:05 -------- d-----w- C:\Users\George Rossos\AppData\Local\{8284F6B9-EBBA-424C-ABA5-F6E33CA27A70}
2012-08-03 22:14:43 -------- d-----w- C:\Users\George Rossos\AppData\Local\{AE9105E1-3839-4135-9F18-AECDC81AA171}
2012-08-03 10:14:29 -------- d-----w- C:\Users\George Rossos\AppData\Local\{67150ED7-7F8C-47B0-9243-4679367405C2}
2012-08-03 10:14:07 -------- d-----w- C:\Users\George Rossos\AppData\Local\{7AD05646-F670-4BC9-A16E-CCCBAD764F0C}
2012-08-02 22:13:42 -------- d-----w- C:\Users\George Rossos\AppData\Local\{4050E636-1A77-447C-BC93-AADDDBAD03DE}
2012-08-02 10:13:06 -------- d-----w- C:\Users\George Rossos\AppData\Local\{A543DBD2-27E7-4802-B5B0-ECA787C8A2B5}
2012-08-02 10:12:44 -------- d-----w- C:\Users\George Rossos\AppData\Local\{273D75A7-3C08-46C9-8DC8-303271078FBD}
2012-08-01 22:12:17 -------- d-----w- C:\Users\George Rossos\AppData\Local\{12367BA3-73A6-4AAD-92B8-506AA13B90E2}
2012-08-01 10:11:41 -------- d-----w- C:\Users\George Rossos\AppData\Local\{556A346F-C7ED-4C6B-B4F1-451FC40C2F54}
2012-08-01 10:11:19 -------- d-----w- C:\Users\George Rossos\AppData\Local\{FFB14555-CAA8-45CD-BC9C-458A77036A95}
2012-07-31 22:10:54 -------- d-----w- C:\Users\George Rossos\AppData\Local\{EBD82A01-82D8-4D10-BE90-A633D47D2313}
2012-07-31 22:10:43 -------- d-----w- C:\Users\George Rossos\AppData\Local\{5E39AB3C-3F10-40E7-B9E5-C2609402E79C}
2012-07-31 10:10:29 -------- d-----w- C:\Users\George Rossos\AppData\Local\{3837CE1C-BFC3-447C-AB1B-B91DF655266A}
2012-07-31 10:10:07 -------- d-----w- C:\Users\George Rossos\AppData\Local\{D3A2C572-1A09-42BC-A26E-4114E7809FD0}
2012-07-30 22:09:42 -------- d-----w- C:\Users\George Rossos\AppData\Local\{E97AC75D-40B3-488D-A774-E65E2D315A2B}
2012-07-30 22:09:20 -------- d-----w- C:\Users\George Rossos\AppData\Local\{354647CC-76CF-4208-97D6-267BDA5C2618}
2012-07-30 10:09:06 -------- d-----w- C:\Users\George Rossos\AppData\Local\{63DC50E6-3F54-468B-BF12-B77FC68FA520}
2012-07-30 10:08:44 -------- d-----w- C:\Users\George Rossos\AppData\Local\{02BFF66F-982C-422C-B68C-93891AF22CD7}
2012-07-29 22:08:18 -------- d-----w- C:\Users\George Rossos\AppData\Local\{88F7D99C-A0E8-4EEF-BB02-0B1F879FF7C1}
2012-07-29 22:07:56 -------- d-----w- C:\Users\George Rossos\AppData\Local\{6049EEDB-E9FA-4AFD-B497-C3F1856E4E2D}
2012-07-29 12:16:14 -------- d-----w- C:\Program Files (x86)\Common Files\PCSuite
2012-07-29 12:15:44 -------- d-----w- C:\Program Files (x86)\PC Connectivity Solution
2012-07-29 11:43:33 -------- d-----w- C:\Users\George Rossos\AppData\Local\NokiaAccount
2012-07-29 10:07:07 -------- d-----w- C:\Users\George Rossos\AppData\Local\{501D60EE-F930-4865-A4A4-A9F79DF07FC2}
2012-07-29 10:06:51 -------- d-----w- C:\Users\George Rossos\AppData\Local\{BF779C5C-AC22-430E-86A7-3733D3DBC7D4}
2012-07-28 21:55:14 -------- d-----w- C:\Users\George Rossos\AppData\Local\{FCCA04DA-6226-4C44-A1BB-80E41AD1EC74}
2012-07-28 09:54:37 -------- d-----w- C:\Users\George Rossos\AppData\Local\{E6655BAC-D52A-456C-9DC9-0E3C20FCB6CE}
2012-07-28 09:54:14 -------- d-----w- C:\Users\George Rossos\AppData\Local\{31E7DEFC-EB18-4483-9C9D-BA8C60AFD410}
2012-07-28 00:09:02 57792 ----a-w- C:\windows\SysWow64\sirenacm.dll
2012-07-27 23:54:00 321472 ----a-w- C:\windows\WLXPGSS.SCR
2012-07-27 21:53:46 -------- d-----w- C:\Users\George Rossos\AppData\Local\{96658EA1-E436-4E76-8E8A-A53FE634E64D}
2012-07-27 21:53:24 -------- d-----w- C:\Users\George Rossos\AppData\Local\{8D8D88B6-3893-4188-9D1E-97522E11EC03}
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-07-27 09:52:50 -------- d-----w- C:\Users\George Rossos\AppData\Local\{F2686F5F-0FA7-478F-B703-0E1F4EB307B3}
2012-07-27 09:52:38 -------- d-----w- C:\Users\George Rossos\AppData\Local\{1FF7E1F2-7C47-40D9-8881-5B1DB7D05E3A}
2012-07-26 21:22:25 -------- d-----w- C:\Users\George Rossos\AppData\Local\{2B2E164C-04B9-4B8A-9E94-4D3D700CA84D}
2012-07-26 16:08:06 862664 ----a-w- C:\windows\SysWow64\msvcr110.dll
2012-07-26 16:08:06 534480 ----a-w- C:\windows\SysWow64\msvcp110.dll
2012-07-26 16:08:06 251864 ----a-w- C:\windows\SysWow64\vccorlib110.dll
2012-07-26 16:08:06 153536 ----a-w- C:\windows\SysWow64\atl110.dll
2012-07-26 16:08:06 115656 ----a-w- C:\windows\SysWow64\vcomp110.dll
2012-07-26 12:22:10 828872 ----a-w- C:\windows\System32\msvcr110.dll
2012-07-26 12:22:10 661448 ----a-w- C:\windows\System32\msvcp110.dll
2012-07-26 12:22:10 354264 ----a-w- C:\windows\System32\vccorlib110.dll
2012-07-26 12:22:10 177096 ----a-w- C:\windows\System32\atl110.dll
2012-07-26 12:22:10 124360 ----a-w- C:\windows\System32\vcomp110.dll
2012-07-26 09:21:49 -------- d-----w- C:\Users\George Rossos\AppData\Local\{1E40FE22-4FE7-4C5A-A9D4-DED345B5A687}
2012-07-26 09:21:27 -------- d-----w- C:\Users\George Rossos\AppData\Local\{80C8B017-C30E-4171-839D-C86A9D9A08F2}
2012-07-25 21:21:00 -------- d-----w- C:\Users\George Rossos\AppData\Local\{35EFCC34-6720-41F6-B271-BAE6A2266265}
2012-07-25 21:20:37 -------- d-----w- C:\Users\George Rossos\AppData\Local\{4B9B082E-41D7-41DF-8876-780FFBCB1841}
2012-07-25 09:20:13 -------- d-----w- C:\Users\George Rossos\AppData\Local\{6FADCB67-A7FA-4B0F-856D-4E3DAAD6630C}
2012-07-25 09:19:49 -------- d-----w- C:\Users\George Rossos\AppData\Local\{16B15911-ECA6-4631-B52D-95B8B7E1E073}
2012-07-24 21:16:33 -------- d-----w- C:\Users\George Rossos\AppData\Local\{2B9F73FA-E4F3-4849-A7D1-2F0EFB00C7AE}
2012-07-24 09:15:43 -------- d-----w- C:\Users\George Rossos\AppData\Local\{B168E7BE-F2A1-4DC3-9884-C4608562DE7C}
2012-07-24 09:15:20 -------- d-----w- C:\Users\George Rossos\AppData\Local\{E6ECB504-326B-46B4-B953-8B7DBA609F11}
2012-07-23 12:02:37 -------- d-----w- C:\Users\George Rossos\AppData\Local\{53C0C7CE-CE1D-447F-8CFD-5CCE7A0FE9B4}
2012-07-23 12:02:12 -------- d-----w- C:\Users\George Rossos\AppData\Local\{0FEA7B4B-7F36-440E-9227-A54FC42D5D0B}
2012-07-23 00:01:47 -------- d-----w- C:\Users\George Rossos\AppData\Local\{39F22AF5-C0B8-4A59-8B4B-33235FE2B404}
2012-07-23 00:01:25 -------- d-----w- C:\Users\George Rossos\AppData\Local\{B9A7CDC5-C327-4986-86AF-A0EF4834ACFB}
2012-07-22 12:01:11 -------- d-----w- C:\Users\George Rossos\AppData\Local\{196E555E-98D5-4E64-974A-94B49FBF54EF}
2012-07-22 12:00:49 -------- d-----w- C:\Users\George Rossos\AppData\Local\{C2234FBB-EEC5-4CAE-8ED4-EC26151890CB}
2012-07-22 00:00:22 -------- d-----w- C:\Users\George Rossos\AppData\Local\{AA74B35E-81BE-4209-B2BA-85C12BFC8C7F}
2012-07-22 00:00:00 -------- d-----w- C:\Users\George Rossos\AppData\Local\{E0CBBCB7-DACE-4B81-8E45-B1394B4ABF36}
2012-07-21 11:59:46 -------- d-----w- C:\Users\George Rossos\AppData\Local\{3F501130-3E1B-4DF7-A9DC-613623B97DC2}
2012-07-21 11:59:24 -------- d-----w- C:\Users\George Rossos\AppData\Local\{3B40DA73-3620-47EE-A3A6-F3278F2F961E}
2012-07-20 23:58:57 -------- d-----w- C:\Users\George Rossos\AppData\Local\{DDBCC3C0-0ADB-47CB-8E2E-F6DE91A36406}
2012-07-20 11:58:21 -------- d-----w- C:\Users\George Rossos\AppData\Local\{BB6E551C-1875-48B0-AB83-9A60B4F3898A}
2012-07-20 11:57:58 -------- d-----w- C:\Users\George Rossos\AppData\Local\{277CA7CF-F645-4A4B-9F7E-EBE018C3BF5E}
2012-07-19 23:57:32 -------- d-----w- C:\Users\George Rossos\AppData\Local\{3A35633F-0239-4E63-A10B-9B6B9B1EE557}
2012-07-19 23:57:10 -------- d-----w- C:\Users\George Rossos\AppData\Local\{D53E22A5-A38D-41D2-8610-03DE8AC102C5}
2012-07-19 17:34:25 -------- d-----w- C:\PFiles
2012-07-19 11:56:56 -------- d-----w- C:\Users\George Rossos\AppData\Local\{DE073A6E-39B7-470F-AB20-86ABE3019D99}
2012-07-19 11:56:34 -------- d-----w- C:\Users\George Rossos\AppData\Local\{1C8A0D7F-0D39-449D-AA5D-D866BB0B183D}
.
==================== Find3M ====================
.
2012-08-15 12:42:32 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 12:42:31 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-17 12:14:44 253184 ----a-w- C:\windows\System32\LIVESSP.DLL
2012-07-17 11:49:00 209648 ----a-w- C:\windows\SysWow64\LIVESSP.DLL
2012-07-11 19:33:42 87488 ----a-w- C:\windows\System32\LMIRfsClientNP.dll
2012-07-11 19:33:42 80800 ----a-w- C:\windows\System32\LMIinit.dll
2012-07-11 19:33:42 34720 ----a-w- C:\windows\System32\LMIport.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-20 17:32:26 39424 ----a-w- C:\windows\System32\udefrag.exe
2012-06-20 17:32:22 7168 ----a-w- C:\windows\System32\hibernate4win.exe
2012-06-20 17:32:20 12800 ----a-w- C:\windows\System32\bootexctrl.exe
2012-06-20 17:32:18 31232 ----a-w- C:\windows\System32\wgx.dll
2012-06-20 17:32:06 204288 ----a-w- C:\windows\System32\lua5.1a.dll
2012-06-20 17:31:54 62464 ----a-w- C:\windows\System32\udefrag.dll
2012-06-20 17:31:52 99328 ----a-w- C:\windows\System32\zenwinx.dll
2012-06-20 17:31:50 168448 ----a-w- C:\windows\System32\defrag_native.exe
2012-06-14 13:15:41 955840 ----a-w- C:\windows\System32\npdeployJava1.dll
2012-06-14 13:15:41 839096 ----a-w- C:\windows\System32\deployJava1.dll
2012-06-11 08:33:46 26112 ----a-w- C:\windows\System32\drivers\pccsmcfdx64.sys
2012-06-06 17:59:42 1070152 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 12:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 12:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-03-20 20:17:44 378 ----a-w- C:\Program Files (x86)\temp995.bat
.
============= FINISH: 4:12:34,75 ===============