also @ TechSpot: Exploit allows command prompt to launch at Windows 7 login screen

TechSpot

TechSpot News Products Downloads Forums

Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Solved] Problem with redirection of home page, unwanted search engine

Discussion in 'Virus and Malware Removal' started by malou35, Nov 7, 2011.

Page 1 of 3

malou35 Newcomer, in training

Hallo, I have a laptop with Win 7 32bit and I use Firefox as a browser. Due to something I downloaded (not exactly sure what, maybe YouTube downloader or something) my home page keeps changing to "apype.com" and there is a new search engine added "google-feed.net", which I cannot get rid of. I also noticed that same thing happend to IE, although I rarely use it.
I tried a couple of antivirus but nothing came up. I have this laptop for personal use mainly, but I also use it for internet banking, managing pypal account, etc.
So I have to be sure if this is a trojan/malware etc in order to act accordingly.
I did a little google search and saw that you people take over when any other action has failed. So maybe you can do your magic here too?
Thanks in advance for your help.
Following the log files which you request in your guide.

Malwarebytes Anti-Malware log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8107

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7/11/2011 7:33:35 μμ
mbam-log-2011-11-07 (19-33-35).txt

Scan type: Quick scan
Objects scanned: 181073
Time elapsed: 3 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

gmer log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-07 20:13:58
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0001SDM1
Running: cozg9oy5.exe; Driver: C:\Users\Sokratis\AppData\Local\Temp\agldruog.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 83479349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834B2D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x91C35320, 0x3EEAF7, 0xE8000020]
init C:\Windows\system32\DRIVERS\aksifdh.sys entry point in "init" section [0x926DE090]
PAGE peauth.sys 9441FB9B 72 Bytes [0E, EA, 5B, EC, 2D, 6E, 84, ...]
PAGE peauth.sys 9441FBEC 111 Bytes [67, 3B, EA, 24, 49, 1C, 3D, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2040] kernel32.dll!SetUnhandledExceptionFilter 7626F4FB 4 Bytes [C2, 04, 00, 00]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[1488] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1488] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1488] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1488] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3272] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3272] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3272] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3272] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7574FFF6] C:\Windows\system32\apphelp.dll (Βιβλιοθήκη προγράμματος-πελάτη συμβατότητας εφαρμογών/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Χρόνος εκτέλεσης πλαισίου προγράμματος οδήγησης λειτουργίας πυρήνα/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Χρόνος εκτέλεσης πλαισίου προγράμματος οδήγησης λειτουργίας πυρήνα/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2022\3\xbb\3µ\3\xb3\3Ί\3Δ\3\xae\3Β\3 \0S\0i\0S\0001\09\0001\0 \0E\0t\0h\0e\0r\0n\0e\0t 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3 \0\xb1\3Γ\3Ν\3Α\3Ό\3\xb1\3Δ\3Ώ\3Ε\3 \0\x384\3Ή\3Ί\3Δ\3Ν\3Ώ\3Ε\3 \0U\0S\0B\0 \0R\0e\0a\0l\0t\0e\0k\0 \0R\0T\0L\08\0001\08\0007\0B\0 \08\0000\0002\0.\0001\0001\0b\0/\0g\0 \0005\0004\0M\0b\0p\0s\0 \0002\0.\0000 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0\x384\3Ή\3Ώ\3Η\3\xad\3Δ\3µ\3Ε\3Γ\3\xb7\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0T\0e\0r\0e\0d\0o 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa3\3Ε\3Γ\3Ί\3µ\3Ε\3\xae\3 \0B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0(\0ΐ\3Α\3Ώ\3Γ\3Ι\3ΐ\3Ή\3Ί\3Μ\3 \0\x384\3\x2015\3Ί\3Δ\3Ε\3Ώ\3) 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0I\0S\0A\0T\0A\0P 1?2?4?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001c7b525a01
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\x2022\3\xbb\3µ\3\xb3\3Ί\3Δ\3\xae\3Β\3 \0S\0i\0S\0001\09\0001\0 \0E\0t\0h\0e\0r\0n\0e\0t 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3 \0\xb1\3Γ\3Ν\3Α\3Ό\3\xb1\3Δ\3Ώ\3Ε\3 \0\x384\3Ή\3Ί\3Δ\3Ν\3Ώ\3Ε\3 \0U\0S\0B\0 \0R\0e\0a\0l\0t\0e\0k\0 \0R\0T\0L\08\0001\08\0007\0B\0 \08\0000\0002\0.\0001\0001\0b\0/\0g\0 \0005\0004\0M\0b\0p\0s\0 \0002\0.\0000 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0\x384\3Ή\3Ώ\3Η\3\xad\3Δ\3µ\3Ε\3Γ\3\xb7\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0T\0e\0r\0e\0d\0o 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa3\3Ε\3Γ\3Ί\3µ\3Ε\3\xae\3 \0B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0(\0ΐ\3Α\3Ώ\3Γ\3Ι\3ΐ\3Ή\3Ί\3Μ\3 \0\x384\3\x2015\3Ί\3Δ\3Ε\3Ώ\3) 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xa0\3Α\3Ώ\3Γ\3\xb1\3Α\3Ό\3Ώ\3\xb3\3\xad\3\xb1\3Β\3 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0I\0S\0A\0T\0A\0P 1?2?4?
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001c7b525a01 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

DDS logs:

dds log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Sokratis at 20:17:33 on 2011-11-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1032.18.3037.1867 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\Hotkey\PowerBiosServer.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hotkey\Hotkey.exe
C:\Program Files\BisonCam\BisonHK.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.smartwebsearch.net/index.php?from=3
uInternet Settings,ProxyOverride = *.local
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [NTServiceManager] c:\program files\youtubedownloader.org\youtubedownloader\YoutubeDownloader Updater.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HotkeyOSD Software] "c:\program files\hotkey\HotKey.exe"
mRun: [BisonHK] c:\program files\bisoncam\BisonHK.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [eTMonitor] "c:\program files\aladdin\etoken\pkiclient\x32\PKIMonitor.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL
Trusted Zone: eurobank.gr\ebanking
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC}\350756564645F6573686146333235423 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC}\37F647F637 : DhcpNameServer = 195.170.0.1 195.170.2.2
TCP: Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC}\66F6870216E676C6169637 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC}\D4162796C6F657723702960586F6E656 : DhcpNameServer = 94.143.177.166 195.167.65.194
TCP: Interfaces\{6773B106-CEB4-45A4-BFEA-1B79D2F3067A} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sokratis\appdata\roaming\mozilla\firefox\profiles\owfdzacx.default\
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-3-24 133512]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-24 810120]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-3-24 96896]
R2 eTSrv;ETOKSRV;c:\program files\aladdin\etoken\pkiclient\x32\eTSrv.exe [2009-12-31 12640]
R2 PowerBiosServer;PowerBiosServer;c:\program files\hotkey\PowerBiosServer.exe [2009-11-26 36864]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-11-2 113504]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 379904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [2010-8-28 34472]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-10 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 netw5v32;Πρόγραμμα οδήγησης προσαρμογέα Intel(R) Wireless WiFi Link 5000 Series για Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 SiSGbeLH;Πρόγραμμα οδήγησης NDIS 6.0 συσκευής SiS191/SiS190 Ethernet;c:\windows\system32\drivers\SiSGB6.sys [2009-6-10 48128]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-9 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 WatAdminSvc;Υπηρεσία Τεχνολογιών ενεργοποίησης των Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-1 1343400]
S3 WSDPrintDevice;Υποστήριξη εκτυπώσεων WSD μέσω UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S3 WSDScan;Υποστήριξη σάρωσης WSD μέσω UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
.
=============== Created Last 30 ================
.
2011-11-07 17:28:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-07 17:28:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-07 17:08:23 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7760abba-310b-4ec4-8b3d-6e6238b17dd7}\offreg.dll
2011-11-07 15:28:54 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-07 15:18:05 98816 ----a-w- c:\windows\sed.exe
2011-11-07 15:18:05 518144 ----a-w- c:\windows\SWREG.exe
2011-11-07 15:18:05 256000 ----a-w- c:\windows\PEV.exe
2011-11-07 15:18:05 208896 ----a-w- c:\windows\MBR.exe
2011-11-05 12:50:39 -------- d-----w- c:\users\sokratis\appdata\roaming\Malwarebytes
2011-11-05 12:50:34 -------- d-----w- c:\programdata\Malwarebytes
2011-11-04 09:58:06 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7760abba-310b-4ec4-8b3d-6e6238b17dd7}\mpengine.dll
2011-10-31 14:03:58 -------- d-----w- c:\users\sokratis\appdata\roaming\DVDVideoSoft
2011-10-31 14:03:51 -------- d-----w- c:\users\sokratis\appdata\roaming\DVDVideoSoftIEHelpers
2011-10-31 13:42:09 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-10-31 13:26:55 -------- d-----w- c:\program files\YoutubeDownloader.org
2011-10-29 10:19:21 -------- d-----w- c:\users\sokratis\appdata\local\FileServe Manager
2011-10-29 10:19:00 -------- d-----w- c:\programdata\FileServe Limited
2011-10-29 10:19:00 -------- d-----w- c:\program files\FileServe Manager
2011-10-29 10:16:45 -------- d-----w- c:\programdata\Web Installer
2011-10-24 12:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 12:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-12 18:47:00 -------- d-----w- c:\program files\iPod
2011-10-12 18:46:58 -------- d-----w- c:\program files\iTunes
2011-10-12 18:42:52 -------- d-----w- c:\program files\Bonjour
2011-10-12 07:00:52 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 07:00:52 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 07:00:50 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 07:00:50 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 07:00:48 2334720 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2011-10-07 08:51:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 02:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-30 20:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 20:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 20:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 20:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
============= FINISH: 20:18:10,57 ===============

attach.log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/6/2010 2:25:25 πμ
System Uptime: 7/11/2011 7:05:54 μμ (1 hours ago)
.
Motherboard: CLEVO Co. | | M740TU/M760TU/W7X0TUN
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | U2E1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 465 GiB total, 167,686 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Storage
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STORAGE&REV_1.00#7&18062011&0&4C4A4A593030373080&0#
Manufacturer: EPSON
Name: E:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STORAGE&REV_1.00#7&18062011&0&4C4A4A593030373080&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Συλλογή φωτογραφιών του Windows Live
Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Client Profile
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9 - Greek
Any Video Converter 3.2.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
BisonCam
Bonjour
ConvertHelper 2.2
ConvertXtoDVD 4.0.12.327
D3DX10
DivX Setup
Epson Easy Photo Print 2
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON PX810FW Series Printer Uninstall
EPSON Scan
Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Manual
EpsonNet Print
EpsonNet Setup
ESET NOD32 Antivirus
eToken PKI Client 5.1 SP1
Hotkey
iTunes
Java Auto Updater
Java(TM) 6 Update 29
JDownloader
Junk Mail filter update
K-Lite Codec Pack 5.7.0 (Full)
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile ELL Language Pack
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Mozilla Firefox 7.0.1 (x86 el)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
NVIDIA Drivers
PS3 Media Server
QuickTime
Security Update for Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype Toolbars
Skype™ 4.2
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== End Of File ===========================

malou35, Nov 7, 2011

#1
Broni Malware Annihilator
Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:

On completion of the scan click "Save log", save it to your desktop and post in your next reply:

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Broni, Nov 7, 2011

#2
malou35 Newcomer, in training

Goodmorning Broni!! Thanx for dealing with this, I very much appreciate it!! Will run what you asked and come back with the results..

malou35, Nov 8, 2011

#3
malou35 Newcomer, in training

Sorry to keep you waiting, but I'm facing a problem. Downloaded aswMBR and tried to run it. It asked for update Avast (which I did) and then I started the scan. The laptop rebooted (blue screen) and of course I don't have a log file. The only thing I saw before the blue screen dissapeared, was something about a driver.

I will continue with ComboFix, should I rerun aswMBR?

malou35, Nov 8, 2011

#4
malou35 Newcomer, in training

And here is the ComboFix log:

ComboFix 11-11-08.01 - Sokratis 08/11/2011 12:43:36.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1032.18.3037.1964 [GMT 2:00]
Running from: c:\users\Sokratis\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-08 to 2011-11-08 )))))))))))))))))))))))))))))))
.
.
2011-11-08 10:50 . 2011-11-08 10:50 -------- d-----w- c:\users\turbo-x\AppData\Local\temp
2011-11-08 10:50 . 2011-11-08 10:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-08 10:07 . 2011-11-08 10:15 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F3E62AC-850E-4B4E-80D2-FD1B6FBDA72E}\offreg.dll
2011-11-08 09:54 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F3E62AC-850E-4B4E-80D2-FD1B6FBDA72E}\mpengine.dll
2011-11-07 17:28 . 2011-11-07 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-07 17:28 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-05 12:50 . 2011-11-05 12:50 -------- d-----w- c:\users\Sokratis\AppData\Roaming\Malwarebytes
2011-11-05 12:50 . 2011-11-05 12:50 -------- d-----w- c:\programdata\Malwarebytes
2011-10-31 14:03 . 2011-10-31 14:04 -------- d-----w- c:\users\Sokratis\AppData\Roaming\DVDVideoSoft
2011-10-31 13:42 . 2002-01-05 12:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-10-31 13:26 . 2011-10-31 13:26 -------- d-----w- c:\program files\YoutubeDownloader.org
2011-10-29 10:19 . 2011-11-05 10:33 -------- d-----w- c:\users\Sokratis\AppData\Local\FileServe Manager
2011-10-29 10:19 . 2011-11-05 10:33 -------- d-----w- c:\program files\FileServe Manager
2011-10-29 10:19 . 2011-10-29 10:19 -------- d-----w- c:\programdata\FileServe Limited
2011-10-29 10:16 . 2011-10-29 10:16 -------- d-----w- c:\programdata\Web Installer
2011-10-25 06:31 . 2011-10-25 06:31 -------- d-----w- c:\program files\Common Files\Java
2011-10-24 12:29 . 2011-10-24 12:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 12:29 . 2011-10-24 12:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-12 18:47 . 2011-10-12 18:47 -------- d-----w- c:\program files\iPod
2011-10-12 18:46 . 2011-10-12 18:47 -------- d-----w- c:\program files\iTunes
2011-10-12 18:42 . 2011-10-12 18:42 -------- d-----w- c:\program files\Bonjour
2011-10-12 07:00 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 07:00 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 07:00 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 07:00 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 07:00 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 08:51 . 2011-05-28 09:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 02:06 . 2010-06-02 20:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-30 20:05 . 2011-08-30 20:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 20:05 . 2011-08-30 20:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 20:05 . 2011-08-30 20:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 20:05 . 2011-08-30 20:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-09-29 07:08 . 2011-11-05 18:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"NTServiceManager"="c:\program files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe" [2011-07-01 436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-25 1537320]
"HotkeyOSD Software"="c:\program files\Hotkey\HotKey.exe" [2008-07-16 1351680]
"BisonHK"="c:\program files\BisonCam\BisonHK.exe" [2009-06-09 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-24 2145000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-04 843776]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"eTMonitor"="c:\program files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe" [2009-12-31 230752]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [2008-07-29 34472]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 netw5v32;Πρόγραμμα οδήγησης προσαρμογέα Intel(R) Wireless WiFi Link 5000 Series για Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 SiSGbeLH;Πρόγραμμα οδήγησης NDIS 6.0 συσκευής SiS191/SiS190 Ethernet;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Υπηρεσία Τεχνολογιών ενεργοποίησης των Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-01 1343400]
R3 WSDPrintDevice;Υποστήριξη εκτυπώσεων WSD μέσω UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 WSDScan;Υποστήριξη σάρωσης WSD μέσω UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-24 114984]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-24 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-24 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-24 96896]
S2 eTSrv;ETOKSRV;c:\program files\Aladdin\eToken\PKIClient\x32\eTSrv.exe [2009-12-31 12640]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 PowerBiosServer;PowerBiosServer;c:\program files\Hotkey\PowerBiosServer.exe [2008-07-10 36864]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-03-12 113504]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-06-15 47360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.smartwebsearch.net/index.php?from=3
uInternet Settings,ProxyOverride = *.local
Trusted Zone: eurobank.gr\ebanking
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Sokratis\AppData\Roaming\Mozilla\Firefox\Profiles\owfdzacx.default\
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-08 12:52:13
ComboFix-quarantined-files.txt 2011-11-08 10:52
ComboFix2.txt 2011-11-07 15:28
.
Pre-Run: 11 Κατάλογοι 180.416.819.200 διαθέσιμα byte
Post-Run: 12 Κατάλογοι 180.457.185.280 διαθέσιμα byte
.
- - End Of File - - 06F39F0CB22DC5BF9D86139E2F1AB471

Awaiting for further instractions..

malou35, Nov 8, 2011

#5
Broni Malware Annihilator
I believe I can see where your problem is.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Nov 8, 2011

#6
malou35 Newcomer, in training

Hi again. Can't imagine how gratefull I am for your help.

And just to inform you, if at some point you reply and I don't get back to you for a couple of hours, it will be due to time difference. Did I mention that I am from Athens, Greece? So local time here 0:20am..

Here are the logs..

OTL.txt

OTL logfile created on: 8/11/2011 11:59:49 μμ - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sokratis\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

2,97 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,97% Memory free
5,93 Gb Paging File | 4,76 Gb Available in Paging File | 80,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,46 Gb Total Space | 167,76 Gb Free Space | 36,04% Space Free | Partition Type: NTFS

Computer Name: SOKRATIS-LAPTOP | User Name: Sokratis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/08 23:58:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sokratis\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/01 15:45:16 | 000,436,224 | ---- | M] () -- C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
PRC - [2011/03/21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/24 19:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/03/24 19:31:00 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/12/31 09:17:32 | 000,230,752 | ---- | M] (Aladdin Knowledge Systems, Ltd.) -- C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe
PRC - [2009/12/31 09:17:24 | 000,012,640 | ---- | M] (Aladdin Knowledge Systems, Ltd.) -- C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe
PRC - [2009/07/14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\program files\windows defender\MpCmdRun.exe
PRC - [2009/06/09 16:03:16 | 000,077,824 | ---- | M] (mychat) -- C:\Program Files\BisonCam\BisonHK.exe
PRC - [2009/06/04 23:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/04/07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/07/16 13:24:20 | 001,351,680 | ---- | M] () -- C:\Program Files\Hotkey\Hotkey.exe
PRC - [2008/07/10 14:04:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Hotkey\PowerBiosServer.exe
PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/12 10:07:16 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3796b55e377311245\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/12 09:35:38 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MOD - [2011/10/12 09:35:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 09:35:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 09:35:04 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 09:34:49 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 09:34:43 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/01 15:45:16 | 000,436,224 | ---- | M] () -- C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/05 03:52:14 | 000,294,912 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_el_b77a5c561934e089\System.resources.dll
MOD - [2009/03/12 14:45:32 | 000,135,168 | ---- | M] () -- C:\PROGRA~1\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL
MOD - [2009/02/18 21:57:54 | 000,028,672 | ---- | M] () -- C:\Program Files\BisonCam\KBHookDLL.dll
MOD - [2008/11/21 12:58:42 | 000,057,344 | ---- | M] () -- C:\PROGRA~1\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll
MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2008/07/16 13:24:20 | 001,351,680 | ---- | M] () -- C:\Program Files\Hotkey\Hotkey.exe
MOD - [2007/03/29 14:11:10 | 000,217,088 | ---- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\QtXml4.dll
MOD - [2007/03/27 19:06:46 | 000,131,072 | R--- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\plugins\imageformats\qjpeg1.dll
MOD - [2007/03/27 19:04:00 | 005,529,600 | R--- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\QtGui4.dll
MOD - [2007/03/27 19:04:00 | 001,466,368 | R--- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\QtCore4.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/06/01 19:02:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/24 19:39:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/03/24 19:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/12/31 09:17:24 | 000,012,640 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Auto | Running] -- C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe -- (eTSrv)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008/07/10 14:04:14 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2007/12/17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/03/31 02:13:28 | 000,379,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2010/03/24 19:33:56 | 000,096,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2010/03/24 19:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/24 19:23:54 | 000,133,512 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2009/07/25 23:12:08 | 001,182,320 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009/07/14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 02:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/07/14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 00:02:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Πρόγραμμα οδήγησης προσαρμογέα Intel(R)
DRV - [2009/03/12 10:11:12 | 000,113,504 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/02/10 16:38:00 | 007,547,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/29 15:40:04 | 000,048,296 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aksifdh.sys -- (AKSIFDH)
DRV - [2008/07/29 15:40:04 | 000,034,472 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksup.sys -- (AKSUP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3028291350-1350807994-1600926026-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.smartwebsearch.net/index.php?from=3
IE - HKU\S-1-5-21-3028291350-1350807994-1600926026-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = el-GR
IE - HKU\S-1-5-21-3028291350-1350807994-1600926026-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 79 96 9A 3D 9A CC 01 [binary data]
IE - HKU\S-1-5-21-3028291350-1350807994-1600926026-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3028291350-1350807994-1600926026-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "google-feed.net"
FF - prefs.js..browser.search.selectedEngine: "GoogleFeed.net"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.smartwebsearch.net/index.php?from=3"
FF - prefs.js..keyword.URL: "http://smartwebsearch.net/results.php?q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/05 20:10:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/02 20:15:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/06/01 18:55:49 | 000,000,000 | ---D | M]

[2011/11/05 20:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sokratis\AppData\Roaming\mozilla\Extensions
[2011/11/05 20:18:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sokratis\AppData\Roaming\mozilla\Firefox\Profiles\owfdzacx.default\extensions
[2011/11/05 20:18:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sokratis\AppData\Roaming\mozilla\Firefox\Profiles\owfdzacx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/08 23:43:34 | 000,002,126 | ---- | M] () -- C:\Users\Sokratis\AppData\Roaming\Mozilla\Firefox\Profiles\owfdzacx.default\searchplugins\GoogleFeed.xml
[2011/11/05 20:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/06/01 17:36:32 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/02 22:06:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/27 10:55:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/18 18:05:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/12 14:51:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/21 12:52:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/24 12:46:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/25 06:42:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\SOKRATIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OWFDZACX.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\SOKRATIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OWFDZACX.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2011/09/29 09:08:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/29 03:27:38 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 03:27:38 | 000,000,760 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/29 03:27:38 | 000,001,219 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-el.xml

O1 HOSTS File: ([2011/11/07 17:26:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BisonHK] C:\Program Files\BisonCam\BisonHK.exe (mychat)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [eTMonitor] C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe (Aladdin Knowledge Systems, Ltd.)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotkeyOSD Software] C:\Program Files\Hotkey\HotKey.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-3028291350-1350807994-1600926026-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-3028291350-1350807994-1600926026-1001..\Run: [NTServiceManager] C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3028291350-1350807994-1600926026-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3028291350-1350807994-1600926026-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3028291350-1350807994-1600926026-1001\..Trusted Domains: eurobank.gr ([ebanking] https in Αξιόπιστες τοποθεσίες)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6773B106-CEB4-45A4-BFEA-1B79D2F3067A}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/08 23:57:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sokratis\Desktop\OTL.exe
[2011/11/08 12:51:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/08 12:06:18 | 004,285,205 | R--- | C] (Swearware) -- C:\Users\Sokratis\Desktop\ComboFix.exe
[2011/11/08 11:58:15 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\Desktop\cleaning tools
[2011/11/08 11:57:57 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Sokratis\Desktop\aswMBR.exe
[2011/11/07 19:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/07 19:28:20 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/07 19:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/07 17:18:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/07 17:18:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/07 17:18:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/07 17:16:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/07 17:16:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/05 20:10:50 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\Mozilla
[2011/11/05 17:16:17 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\Desktop\diagoras
[2011/11/05 14:50:39 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\Malwarebytes
[2011/11/05 14:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/02 20:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/02 20:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/31 16:03:58 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoft
[2011/10/31 16:03:51 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/10/31 15:42:09 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\Documents\DVDVideoSoft
[2011/10/31 15:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\YoutubeDownloader.org
[2011/10/29 12:19:21 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Local\FileServe Manager
[2011/10/29 12:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\FileServe Manager
[2011/10/29 12:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\FileServe Limited
[2011/10/29 12:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Web Installer
[2011/10/25 08:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/12 20:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/12 20:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/12 20:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/12 20:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/15 09:55:29 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Sokratis\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/11/08 23:58:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sokratis\Desktop\OTL.exe
[2011/11/08 19:30:11 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/08 19:30:11 | 000,559,960 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2011/11/08 19:30:11 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/08 19:30:11 | 000,089,586 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2011/11/08 16:40:45 | 000,080,820 | ---- | M] () -- C:\Users\Sokratis\Desktop\Ika_payment001.jpg
[2011/11/08 12:20:22 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 12:20:22 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 12:12:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/08 12:12:54 | 286,003,328 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/08 12:12:50 | 2388,303,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/08 12:06:56 | 004,285,205 | R--- | M] (Swearware) -- C:\Users\Sokratis\Desktop\ComboFix.exe
[2011/11/08 11:57:59 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Sokratis\Desktop\aswMBR.exe
[2011/11/07 17:26:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/31 17:03:25 | 004,525,314 | ---- | M] () -- C:\Users\Sokratis\Desktop\Stoys pente anemous.mp3
[2011/10/29 13:37:14 | 005,999,297 | ---- | M] () -- C:\Users\Sokratis\Desktop\Pittbull VS. Kitten.wmv
[2011/10/13 13:21:57 | 000,001,107 | ---- | M] () -- C:\Users\Sokratis\Application Data\Microsoft\Internet Explorer\Quick Launch\Εκκίνηση του Microsoft Office Outlook.lnk
[2011/10/12 20:47:37 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/12 09:33:48 | 000,289,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/11/08 16:40:45 | 000,080,820 | ---- | C] () -- C:\Users\Sokratis\Desktop\Ika_payment001.jpg
[2011/11/07 17:18:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/07 17:18:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/07 17:18:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/07 17:18:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/07 17:18:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/05 20:10:31 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/31 17:03:04 | 004,525,314 | ---- | C] () -- C:\Users\Sokratis\Desktop\Stoys pente anemous.mp3
[2011/10/29 13:36:52 | 005,999,297 | ---- | C] () -- C:\Users\Sokratis\Desktop\Pittbull VS. Kitten.wmv
[2011/10/12 20:47:37 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/10 05:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/03/21 22:13:17 | 000,004,096 | -H-- | C] () -- C:\Users\Sokratis\AppData\Local\keyfile3.drm
[2011/03/15 23:34:25 | 000,009,350 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\Τιμές οριοθετημένες με κόμματα (Windows).EML
[2011/01/03 20:08:07 | 000,038,450 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\Τιμές οριοθετημένες με κόμματα (Windows).ADR
[2010/08/04 22:20:42 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/08/04 22:20:42 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/08/04 22:20:42 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/08/04 22:20:42 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/08/04 22:20:42 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/08/04 22:20:42 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/08/04 22:20:42 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/08/04 22:20:42 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/08/04 22:20:42 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/08/04 22:20:42 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/08/04 22:20:42 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/08/04 22:20:42 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/08/04 22:20:42 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/08/04 22:20:42 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/08/04 22:20:42 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/08/04 22:20:42 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/08/04 22:20:42 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/08/04 22:20:42 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/08/04 22:20:42 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/06/15 09:55:29 | 000,007,887 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\pcouffin.cat
[2010/06/15 09:55:29 | 000,001,144 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\pcouffin.inf
[2010/06/01 18:07:01 | 000,000,380 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/01 17:38:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/01 17:27:00 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/06/01 17:27:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/06/01 17:26:54 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/01 17:26:53 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/06/01 17:26:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/25 00:23:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/03/25 00:23:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/11/26 18:48:43 | 000,000,228 | ---- | C] () -- C:\Windows\OEM.ini
[2009/11/26 18:48:42 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/10/02 18:01:39 | 000,369,984 | ---- | C] () -- C:\Windows\System32\perfi008.dat
[2009/10/02 18:01:38 | 000,559,960 | ---- | C] () -- C:\Windows\System32\perfh008.dat
[2009/10/02 18:01:38 | 000,089,586 | ---- | C] () -- C:\Windows\System32\perfc008.dat
[2009/10/02 18:01:38 | 000,045,182 | ---- | C] () -- C:\Windows\System32\perfd008.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,289,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/04/24 14:47:04 | 000,005,697 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/04/28 20:38:45 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\AnvSoft
[2011/01/17 17:51:20 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Big Fish Games
[2010/10/07 12:33:04 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Dragon Altar Games
[2011/10/31 16:04:00 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoft
[2011/10/31 16:03:52 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/10/07 15:03:41 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Enki Games
[2011/09/26 14:43:06 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Epson
[2010/10/25 18:03:06 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\IronCode
[2010/10/11 12:35:09 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Mutant Arcade
[2011/05/16 18:43:50 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\PlayFirst
[2010/06/02 22:08:31 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\PMS
[2010/10/10 16:38:23 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\PoBros
[2011/03/21 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Rovio
[2011/03/10 14:53:04 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\TeamViewer
[2010/10/05 14:25:23 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Vogat Interactive
[2011/03/18 20:33:45 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Vso
[2010/11/22 15:32:48 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Windows Live Writer
[2010/12/15 13:07:51 | 000,000,000 | ---D | M] -- C:\Users\turbo-x\AppData\Roaming\Epson
[2011/08/09 13:35:15 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/11/08 12:52:13 | 000,011,259 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/06/25 16:23:09 | 000,000,000 | ---- | M] () -- C:\exit_c-g.jpg
[2010/06/25 16:23:09 | 000,000,000 | ---- | M] () -- C:\exit_o-g.jpg
[2011/11/08 12:12:50 | 2388,303,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/25 16:23:09 | 000,000,000 | ---- | M] () -- C:\home_c-g.jpg
[2010/06/25 16:23:09 | 000,000,000 | ---- | M] () -- C:\home_o-g.jpg
[2011/05/16 18:41:05 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2011/11/08 12:12:55 | 3184,406,528 | -HS- | M] () -- C:\pagefile.sys
[2010/03/05 18:13:24 | 000,087,977 | ---- | M] () -- C:\Quality Test Turbo-X.mht
[2010/06/25 16:23:09 | 000,000,000 | ---- | M] () -- C:\save_c-g.jpg
[2010/06/25 16:23:09 | 000,000,000 | ---- | M] () -- C:\save_o-g.jpg
[2010/06/25 16:23:09 | 000,000,000 | ---- | M] () -- C:\uk_c.bmp
[2010/06/25 16:23:09 | 000,000,000 | ---- | M] () -- C:\uk_o.bmp

< %systemroot%\Fonts\*.com >
[2009/07/14 06:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 23:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
[2010/11/20 14:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/13 15:11:54 | 000,000,221 | -HS- | M] () -- C:\Users\Sokratis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/11/08 11:57:59 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Sokratis\Desktop\aswMBR.exe
[2011/11/08 12:06:56 | 004,285,205 | R--- | M] (Swearware) -- C:\Users\Sokratis\Desktop\ComboFix.exe
[2011/11/08 23:58:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sokratis\Desktop\OTL.exe
[2010/10/03 19:40:39 | 031,982,264 | ---- | M] (Acresso Software Inc. ) -- C:\Users\Sokratis\Desktop\PfS50WebUp-L209-E.exe
[2011/05/15 18:58:28 | 000,928,768 | ---- | M] () -- C:\Users\Sokratis\Desktop\Pirate-1005.exe
[2011/01/03 17:57:54 | 003,514,656 | ---- | M] () -- C:\Users\Sokratis\Desktop\TeamViewer_Setup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2003/09/22 15:36:46 | 000,013,448 | ---- | M] () -- C:\Windows\M3000Twn.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 23:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/03/09 12:41:47 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/03/09 12:41:47 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2010/12/07 14:07:46 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2010/12/07 14:07:47 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/03/09 12:41:47 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/03/09 12:49:41 | 000,000,402 | -HS- | M] () -- C:\Users\Sokratis\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 143 bytes -> C:\Users\Sokratis\AppData\Roaming\Τιμές οριοθετημένες με κόμματα (Windows).EML:OECustomProperty
@Alternate Data Stream - 1081 bytes -> C:\Users\Sokratis\Desktop\OriginalMessage.eml:OECustomProperty

< End of report >

PS: If there is any important info in all those files that is written in Greek, let me know to translate it for you. Although I usually install the english version of applications, Windows are greek, so this might be a bit of a problem to you..

malou35, Nov 8, 2011

#7
malou35 Newcomer, in training

And the next one:

Extras.txt

OTL Extras logfile created on: 8/11/2011 11:59:49 μμ - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sokratis\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

2,97 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,97% Memory free
5,93 Gb Paging File | 4,76 Gb Available in Paging File | 80,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,46 Gb Total Space | 167,76 Gb Free Space | 36,04% Space Free | Partition Type: NTFS

Computer Name: SOKRATIS-LAPTOP | User Name: Sokratis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3028291350-1350807994-1600926026-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08B857DF-E6F9-4283-853A-4F329CC09A4F}" = ESET NOD32 Antivirus
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3909BE71-2D8F-42D2-BA46-3831B60CFD0F}" = eToken PKI Client 5.1 SP1
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3ABC7CFA-A6F5-3870-A59C-B856DA1DA4F4}" = Microsoft .NET Framework 4 Client Profile ELL Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{402B502A-4735-4B03-B38F-1640CD3C531B}" = Windows Live Sync
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = BisonCam
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7485492C-CD85-43CA-A4A7-ABD665BB66CE}" = Windows Live Family Safety
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110408-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1032-7B44-A90000000001}" = Adobe Reader 9 - Greek
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6D5CB84-0E6E-4E69-B300-C690B6911032}" = Nero 8
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.2.2
"DivX Setup.divx.com" = DivX Setup
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON PX810FW Series" = EPSON PX810FW Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW User’s Guide" = Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Manual
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ELL Language Pack" = Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 7.0.1 (x86 el)" = Mozilla Firefox 7.0.1 (x86 el)
"NVIDIA Drivers" = NVIDIA Drivers
"PS3 Media Server" = PS3 Media Server
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/10/2011 2:14:30 μμ | Computer Name = Sokratis-Laptop | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής explorer.exe, έκδοση 6.1.7601.17567,
χρονική σήμανση 0x4d6727a7 Όνομα ελαττωματικής λειτουργικής μονάδας DivXMFSource.dll,
έκδοση 1.0.0.72, χρονική σήμανση 0x4cffcf66 Κωδικός εξαίρεσης: 0xc0000005 Μετατόπιση
σφάλματος: 0x0009b890 Αναγνωριστικό ελαττωματικής διεργασίας: 0x122c Χρόνος έναρξης
ελαττωματικής εφαρμογής: 0x01cc851ceff6bb4c Διαδρομή ελαττωματικής εφαρμογής: C:\Windows\explorer.exe
Διαδρομή
ελλατωματικής λειτουργικής μονάδας:C:\Program Files\DivX\DivX Plus Media Foundation
Components\DivXMFSource.dll Αναγνωριστικό αναφοράς:32b615ca-f110-11e0-a86b-0090f59e4c58

Error - 7/10/2011 2:14:47 μμ | Computer Name = Sokratis-Laptop | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής explorer.exe, έκδοση 6.1.7601.17567,
χρονική σήμανση 0x4d6727a7 Όνομα ελαττωματικής λειτουργικής μονάδας DivXMFSource.dll,
έκδοση 1.0.0.72, χρονική σήμανση 0x4cffcf66 Κωδικός εξαίρεσης: 0xc0000005 Μετατόπιση
σφάλματος: 0x0009b890 Αναγνωριστικό ελαττωματικής διεργασίας: 0x47c Χρόνος έναρξης
ελαττωματικής εφαρμογής: 0x01cc851cf731e197 Διαδρομή ελαττωματικής εφαρμογής: C:\Windows\explorer.exe
Διαδρομή
ελλατωματικής λειτουργικής μονάδας:C:\Program Files\DivX\DivX Plus Media Foundation
Components\DivXMFSource.dll Αναγνωριστικό αναφοράς:3d1b37b1-f110-11e0-a86b-0090f59e4c58

Error - 7/10/2011 2:15:04 μμ | Computer Name = Sokratis-Laptop | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής explorer.exe, έκδοση 6.1.7601.17567,
χρονική σήμανση 0x4d6727a7 Όνομα ελαττωματικής λειτουργικής μονάδας DivXMFSource.dll,
έκδοση 1.0.0.72, χρονική σήμανση 0x4cffcf66 Κωδικός εξαίρεσης: 0xc0000005 Μετατόπιση
σφάλματος: 0x0009b890 Αναγνωριστικό ελαττωματικής διεργασίας: 0x10fc Χρόνος έναρξης
ελαττωματικής εφαρμογής: 0x01cc851d0359c8b8 Διαδρομή ελαττωματικής εφαρμογής: C:\Windows\explorer.exe
Διαδρομή
ελλατωματικής λειτουργικής μονάδας:C:\Program Files\DivX\DivX Plus Media Foundation
Components\DivXMFSource.dll Αναγνωριστικό αναφοράς:4741c90e-f110-11e0-a86b-0090f59e4c58

Error - 7/10/2011 2:15:27 μμ | Computer Name = Sokratis-Laptop | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής explorer.exe, έκδοση 6.1.7601.17567,
χρονική σήμανση 0x4d6727a7 Όνομα ελαττωματικής λειτουργικής μονάδας MSVCR80.dll,
έκδοση 8.0.50727.4940, χρονική σήμανση 0x4ca2b271 Κωδικός εξαίρεσης: 0xc0000005 Μετατόπιση
σφάλματος: 0x0001537a Αναγνωριστικό ελαττωματικής διεργασίας: 0xce0 Χρόνος έναρξης
ελαττωματικής εφαρμογής: 0x01cc851d0c77bfd5 Διαδρομή ελαττωματικής εφαρμογής: C:\Windows\explorer.exe
Διαδρομή
ελλατωματικής λειτουργικής μονάδας:C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
Αναγνωριστικό
αναφοράς:548f48bb-f110-11e0-a86b-0090f59e4c58

Error - 7/10/2011 2:17:22 μμ | Computer Name = Sokratis-Laptop | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής explorer.exe, έκδοση 6.1.7601.17567,
χρονική σήμανση 0x4d6727a7 Όνομα ελαττωματικής λειτουργικής μονάδας DivXMFSource.dll,
έκδοση 1.0.0.72, χρονική σήμανση 0x4cffcf66 Κωδικός εξαίρεσης: 0xc0000005 Μετατόπιση
σφάλματος: 0x0009b890 Αναγνωριστικό ελαττωματικής διεργασίας: 0xb74 Χρόνος έναρξης
ελαττωματικής εφαρμογής: 0x01cc851d194649a6 Διαδρομή ελαττωματικής εφαρμογής: C:\Windows\explorer.exe
Διαδρομή
ελλατωματικής λειτουργικής μονάδας:C:\Program Files\DivX\DivX Plus Media Foundation
Components\DivXMFSource.dll Αναγνωριστικό αναφοράς:9963286a-f110-11e0-a86b-0090f59e4c58

Error - 7/10/2011 2:28:20 μμ | Computer Name = Sokratis-Laptop | Source = Application Error | ID = 1000
Description = Όνομα ελαττωματικής εφαρμογής Explorer.EXE, έκδοση 6.1.7601.17567,
χρονική σήμανση 0x4d6727a7 Όνομα ελαττωματικής λειτουργικής μονάδας MSVCR80.dll,
έκδοση 8.0.50727.4940, χρονική σήμανση 0x4ca2b271 Κωδικός εξαίρεσης: 0xc0000005 Μετατόπιση
σφάλματος: 0x0001537a Αναγνωριστικό ελαττωματικής διεργασίας: 0x934 Χρόνος έναρξης
ελαττωματικής εφαρμογής: 0x01cc851e22ce6121 Διαδρομή ελαττωματικής εφαρμογής: C:\Windows\Explorer.EXE
Διαδρομή
ελλατωματικής λειτουργικής μονάδας:C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
Αναγνωριστικό
αναφοράς:214f9bc9-f112-11e0-a6c0-0090f59e4c58

Error - 8/10/2011 3:28:31 πμ | Computer Name = Sokratis-Laptop | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 8/10/2011 3:28:31 πμ | Computer Name = Sokratis-Laptop | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 8/10/2011 8:56:17 πμ | Computer Name = Sokratis-Laptop | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 8/10/2011 8:56:17 πμ | Computer Name = Sokratis-Laptop | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

[ System Events ]
Error - 8/11/2011 6:42:03 πμ | Computer Name = Sokratis-Laptop | Source = Service Control Manager | ID = 7034
Description = Η λειτουργία της υπηρεσίας EPSON V3 Service4(01) τερματίστηκε αναπάντεχα.
Αυτό συνέβη 1 φορά(ές).

Error - 8/11/2011 6:42:58 πμ | Computer Name = Sokratis-Laptop | Source = Service Control Manager | ID = 7030
Description = Η υπηρεσία PEVSystemStart έχει σημανθεί ως υπηρεσία αλληλεπίδρασης.
Όμως οι ρυθμίσεις του συστήματος δεν επιτρέπουν τις αλληλεπιδραστικές υπηρεσίες.
Αυτή η υπηρεσία ίσως να μην λειτουργεί σωστά.

Error - 8/11/2011 6:43:34 πμ | Computer Name = Sokratis-Laptop | Source = atapi | ID = 262155
Description = Το πρόγραμμα οδήγησης εντόπισε ένα σφάλμα ελεγκτή στο "\Device\Ide\IdePort0".

Error - 8/11/2011 6:43:34 πμ | Computer Name = Sokratis-Laptop | Source = atapi | ID = 262155
Description = Το πρόγραμμα οδήγησης εντόπισε ένα σφάλμα ελεγκτή στο "\Device\Ide\IdePort0".

Error - 8/11/2011 6:47:51 πμ | Computer Name = Sokratis-Laptop | Source = Service Control Manager | ID = 7030
Description = Η υπηρεσία PEVSystemStart έχει σημανθεί ως υπηρεσία αλληλεπίδρασης.
Όμως οι ρυθμίσεις του συστήματος δεν επιτρέπουν τις αλληλεπιδραστικές υπηρεσίες.
Αυτή η υπηρεσία ίσως να μην λειτουργεί σωστά.

Error - 8/11/2011 6:50:22 πμ | Computer Name = Sokratis-Laptop | Source = Service Control Manager | ID = 7030
Description = Η υπηρεσία PEVSystemStart έχει σημανθεί ως υπηρεσία αλληλεπίδρασης.
Όμως οι ρυθμίσεις του συστήματος δεν επιτρέπουν τις αλληλεπιδραστικές υπηρεσίες.
Αυτή η υπηρεσία ίσως να μην λειτουργεί σωστά.

Error - 8/11/2011 6:50:24 πμ | Computer Name = Sokratis-Laptop | Source = atapi | ID = 262155
Description = Το πρόγραμμα οδήγησης εντόπισε ένα σφάλμα ελεγκτή στο "\Device\Ide\IdePort0".

Error - 8/11/2011 6:50:24 πμ | Computer Name = Sokratis-Laptop | Source = atapi | ID = 262155
Description = Το πρόγραμμα οδήγησης εντόπισε ένα σφάλμα ελεγκτή στο "\Device\Ide\IdePort0".

Error - 8/11/2011 6:50:24 πμ | Computer Name = Sokratis-Laptop | Source = atapi | ID = 262155
Description = Το πρόγραμμα οδήγησης εντόπισε ένα σφάλμα ελεγκτή στο "\Device\Ide\IdePort0".

Error - 8/11/2011 6:50:25 πμ | Computer Name = Sokratis-Laptop | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =

< End of report >

malou35, Nov 8, 2011

#8

Broni Malware Annihilator

Hello in Greece

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
IE - HKU\S-1-5-21-3028291350-1350807994-1600926026-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.smartwebsearch.net/index.php?from=3
FF - prefs.js..browser.startup.homepage: "http://www.smartwebsearch.net/index.php?from=3"
FF - prefs.js..keyword.URL: "http://smartwebsearch.net/results.php?q="
FF - prefs.js..browser.search.defaultenginename: "google-feed.net"
FF - prefs.js..browser.search.selectedEngine: "GoogleFeed.net"
[2011/11/08 23:43:34 | 000,002,126 | ---- | M] () -- C:\Users\Sokratis\AppData\Roaming\Mozilla\Firefox\Profiles\owfdzacx.default \searchplugins\GoogleFeed.xml
O15 - HKU\S-1-5-21-3028291350-1350807994-1600926026-1001\..Trusted Domains: eurobank.gr ([ebanking] https in Αξιόπιστες τοποθεσίες)
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 143 bytes -> C:\Users\Sokratis\AppData\Roaming\Τιμές οριοθετημένες με κόμματα (Windows).EML:OECustomProperty
@Alternate Data Stream - 1081 bytes -> C:\Users\Sokratis\Desktop\OriginalMessage.eml:OECustomProperty

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

Broni, Nov 8, 2011

#9

malou35 Newcomer, in training

So, I run OTL, rebooted, here is the log.

By the way, I know I'm not an expert, but I saw in the log file, that it deleted/changed some things from Firefox and IE. Still nothing looks better in Firefox (search engine and start page remain).

OTL log:

All processes killed
========== OTL ==========
HKU\S-1-5-21-3028291350-1350807994-1600926026-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "http://www.smartwebsearch.net/index.php?from=3" removed from browser.startup.homepage
Prefs.js: "http://smartwebsearch.net/results.php?q=" removed from keyword.URL
Prefs.js: "google-feed.net" removed from browser.search.defaultenginename
Prefs.js: "GoogleFeed.net" removed from browser.search.selectedEngine
File C:\Users\Sokratis\AppData\Roaming\Mozilla\Firefox\Profiles\owfdzacx.default \searchplugins\GoogleFeed.xml not found.
Registry key HKEY_USERS\S-1-5-21-3028291350-1350807994-1600926026-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\eurobank.gr\ebanking\ deleted successfully.
ADS C:\ProgramData\TEMP:8E5EA40F deleted successfully.
ADS C:\Users\Sokratis\AppData\Roaming\Τιμές οριοθετημένες με κόμματα (Windows).EML:OECustomProperty deleted successfully.
ADS C:\Users\Sokratis\Desktop\OriginalMessage.eml:OECustomProperty deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sokratis
->Temp folder emptied: 214222 bytes
->Temporary Internet Files folder emptied: 9208353 bytes
->Java cache emptied: 410004 bytes
->FireFox cache emptied: 241756251 bytes
->Flash cache emptied: 69336 bytes

User: turbo-x
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8991862 bytes
->FireFox cache emptied: 25014870 bytes
->Flash cache emptied: 434 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4340 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 272,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Sokratis
->Flash cache emptied: 0 bytes

User: turbo-x
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 11092011_081412

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

malou35, Nov 9, 2011

#10
Broni Malware Annihilator
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.

To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).

When prompted to run the scan, click Yes.

GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Broni, Nov 9, 2011

#11
malou35 Newcomer, in training

I was really quick, wasn't I? But I can't take all the credits, GooredFix finished in just a couple of seconds!! Here is the log file:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 18:14 on 09/11/2011 (Sokratis)
Firefox version 7.0.1 (el)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:10 05/11/2011]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [15:36 01/06/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [20:06 02/06/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [08:55 27/08/2010]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [16:05 18/10/2010]
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [12:51 12/01/2011]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [10:52 21/02/2011]
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [10:46 24/06/2011]
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [04:42 25/10/2011]

C:\Users\Sokratis\Application Data\Mozilla\Firefox\Profiles\owfdzacx.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [18:18 05/11/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-

malou35, Nov 9, 2011

#12
Broni Malware Annihilator

Post fresh OTL log.
No custom script needed, just "Quick scan".

Broni, Nov 9, 2011

#13
malou35 Newcomer, in training

Here is the log from OTL. Just to be clear, I didn't check "scan all users" this time. If I should have, let me know to run it again..

OTL logfile created on: 9/11/2011 9:00:42 μμ - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sokratis\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

2,97 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 63,07% Memory free
5,93 Gb Paging File | 4,74 Gb Available in Paging File | 79,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,46 Gb Total Space | 165,95 Gb Free Space | 35,65% Space Free | Partition Type: NTFS

Computer Name: SOKRATIS-LAPTOP | User Name: Sokratis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/08 23:58:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sokratis\Desktop\OTL.exe
PRC - [2011/10/03 04:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/01 15:45:16 | 000,436,224 | ---- | M] () -- C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
PRC - [2011/03/21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/24 19:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/03/24 19:31:00 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/12/31 09:17:32 | 000,230,752 | ---- | M] (Aladdin Knowledge Systems, Ltd.) -- C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe
PRC - [2009/12/31 09:17:24 | 000,012,640 | ---- | M] (Aladdin Knowledge Systems, Ltd.) -- C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe
PRC - [2009/06/09 16:03:16 | 000,077,824 | ---- | M] (mychat) -- C:\Program Files\BisonCam\BisonHK.exe
PRC - [2009/06/04 23:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/04/07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/07/16 13:24:20 | 001,351,680 | ---- | M] () -- C:\Program Files\Hotkey\Hotkey.exe
PRC - [2008/07/10 14:04:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Hotkey\PowerBiosServer.exe
PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/12/17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/12 10:07:16 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3796b55e377311245\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/12 09:35:38 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MOD - [2011/10/12 09:35:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 09:35:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 09:35:04 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 09:34:49 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 09:34:43 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/01 15:45:16 | 000,436,224 | ---- | M] () -- C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/03/12 14:45:32 | 000,135,168 | ---- | M] () -- C:\PROGRA~1\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL
MOD - [2009/02/18 21:57:54 | 000,028,672 | ---- | M] () -- C:\Program Files\BisonCam\KBHookDLL.dll
MOD - [2008/11/21 12:58:42 | 000,057,344 | ---- | M] () -- C:\PROGRA~1\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll
MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2008/07/16 13:24:20 | 001,351,680 | ---- | M] () -- C:\Program Files\Hotkey\Hotkey.exe
MOD - [2007/03/29 14:11:10 | 000,217,088 | ---- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\QtXml4.dll
MOD - [2007/03/27 19:06:46 | 000,131,072 | R--- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\plugins\imageformats\qjpeg1.dll
MOD - [2007/03/27 19:04:00 | 005,529,600 | R--- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\QtGui4.dll
MOD - [2007/03/27 19:04:00 | 001,466,368 | R--- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\QtCore4.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/06/01 19:02:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/24 19:39:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/03/24 19:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/12/31 09:17:24 | 000,012,640 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Auto | Running] -- C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe -- (eTSrv)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008/07/10 14:04:14 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2007/12/17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService)

========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/03/31 02:13:28 | 000,379,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2010/03/24 19:33:56 | 000,096,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2010/03/24 19:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/24 19:23:54 | 000,133,512 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2009/07/25 23:12:08 | 001,182,320 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009/07/14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 02:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/07/14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 00:02:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Πρόγραμμα οδήγησης προσαρμογέα Intel(R)
DRV - [2009/03/12 10:11:12 | 000,113,504 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/02/10 16:38:00 | 007,547,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/29 15:40:04 | 000,048,296 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aksifdh.sys -- (AKSIFDH)
DRV - [2008/07/29 15:40:04 | 000,034,472 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksup.sys -- (AKSUP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.smartwebsearch.net/index.php?from=3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = el-GR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 79 96 9A 3D 9A CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "google-feed.net"
FF - prefs.js..browser.search.selectedEngine: "GoogleFeed.net"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.smartwebsearch.net/index.php?from=3"
FF - prefs.js..keyword.URL: "http://smartwebsearch.net/results.php?q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/05 20:10:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/02 20:15:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/06/01 18:55:49 | 000,000,000 | ---D | M]

[2011/11/05 20:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sokratis\AppData\Roaming\mozilla\Extensions
[2011/11/05 20:18:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sokratis\AppData\Roaming\mozilla\Firefox\Profiles\owfdzacx.default\extensions
[2011/11/05 20:18:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sokratis\AppData\Roaming\mozilla\Firefox\Profiles\owfdzacx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/09 20:53:17 | 000,002,126 | ---- | M] () -- C:\Users\Sokratis\AppData\Roaming\Mozilla\Firefox\Profiles\owfdzacx.default\searchplugins\GoogleFeed.xml
[2011/11/05 20:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/06/01 17:36:32 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/02 22:06:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/27 10:55:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/18 18:05:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/12 14:51:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/21 12:52:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/24 12:46:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/25 06:42:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\SOKRATIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OWFDZACX.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\SOKRATIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OWFDZACX.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2011/09/29 09:08:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/29 03:27:38 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 03:27:38 | 000,000,760 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/29 03:27:38 | 000,001,219 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-el.xml

O1 HOSTS File: ([2011/11/07 17:26:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BisonHK] C:\Program Files\BisonCam\BisonHK.exe (mychat)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [eTMonitor] C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe (Aladdin Knowledge Systems, Ltd.)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotkeyOSD Software] C:\Program Files\Hotkey\HotKey.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [NTServiceManager] C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6773B106-CEB4-45A4-BFEA-1B79D2F3067A}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/09 18:14:09 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\Desktop\GooredFix Backups
[2011/11/09 18:13:22 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Sokratis\Desktop\GooredFix.exe
[2011/11/09 08:14:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/08 23:57:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sokratis\Desktop\OTL.exe
[2011/11/08 12:51:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/08 12:06:18 | 004,285,205 | R--- | C] (Swearware) -- C:\Users\Sokratis\Desktop\ComboFix.exe
[2011/11/08 11:58:15 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\Desktop\cleaning tools
[2011/11/07 19:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/07 19:28:20 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/07 19:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/07 17:18:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/07 17:18:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/07 17:18:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/07 17:16:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/07 17:16:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/05 20:10:50 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\Mozilla
[2011/11/05 17:16:17 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\Desktop\diagoras
[2011/11/05 14:50:39 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\Malwarebytes
[2011/11/05 14:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/02 20:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/02 20:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/31 16:03:58 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoft
[2011/10/31 16:03:51 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/10/31 15:42:09 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\Documents\DVDVideoSoft
[2011/10/31 15:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\YoutubeDownloader.org
[2011/10/29 12:19:21 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Local\FileServe Manager
[2011/10/29 12:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\FileServe Manager
[2011/10/29 12:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\FileServe Limited
[2011/10/29 12:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Web Installer
[2011/10/25 08:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/12 20:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/12 20:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/12 20:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/12 20:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/15 09:55:29 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Sokratis\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/11/09 18:13:23 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Sokratis\Desktop\GooredFix.exe
[2011/11/09 14:36:53 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/09 14:36:53 | 000,559,960 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2011/11/09 14:36:53 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/09 14:36:53 | 000,089,586 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2011/11/09 08:59:33 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/09 08:59:33 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/09 08:52:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/09 08:52:10 | 2388,303,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/09 08:14:18 | 000,029,428 | ---- | M] () -- C:\Users\Sokratis\Desktop\OriginalMessage.eml
[2011/11/08 23:58:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sokratis\Desktop\OTL.exe
[2011/11/08 16:40:45 | 000,080,820 | ---- | M] () -- C:\Users\Sokratis\Desktop\Ika_payment001.jpg
[2011/11/08 12:12:54 | 286,003,328 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/08 12:06:56 | 004,285,205 | R--- | M] (Swearware) -- C:\Users\Sokratis\Desktop\ComboFix.exe
[2011/11/07 17:26:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/31 17:03:25 | 004,525,314 | ---- | M] () -- C:\Users\Sokratis\Desktop\Stoys pente anemous.mp3
[2011/10/29 13:37:14 | 005,999,297 | ---- | M] () -- C:\Users\Sokratis\Desktop\Pittbull VS. Kitten.wmv
[2011/10/13 13:21:57 | 000,001,107 | ---- | M] () -- C:\Users\Sokratis\Application Data\Microsoft\Internet Explorer\Quick Launch\Εκκίνηση του Microsoft Office Outlook.lnk
[2011/10/12 20:47:37 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/12 09:33:48 | 000,289,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/11/08 16:40:45 | 000,080,820 | ---- | C] () -- C:\Users\Sokratis\Desktop\Ika_payment001.jpg
[2011/11/07 17:18:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/07 17:18:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/07 17:18:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/07 17:18:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/07 17:18:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/05 20:10:31 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/31 17:03:04 | 004,525,314 | ---- | C] () -- C:\Users\Sokratis\Desktop\Stoys pente anemous.mp3
[2011/10/29 13:36:52 | 005,999,297 | ---- | C] () -- C:\Users\Sokratis\Desktop\Pittbull VS. Kitten.wmv
[2011/10/12 20:47:37 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/10 05:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/03/21 22:13:17 | 000,004,096 | -H-- | C] () -- C:\Users\Sokratis\AppData\Local\keyfile3.drm
[2011/03/15 23:34:25 | 000,009,350 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\Τιμές οριοθετημένες με κόμματα (Windows).EML
[2011/01/03 20:08:07 | 000,038,450 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\Τιμές οριοθετημένες με κόμματα (Windows).ADR
[2010/08/04 22:20:42 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/08/04 22:20:42 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/08/04 22:20:42 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/08/04 22:20:42 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/08/04 22:20:42 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/08/04 22:20:42 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/08/04 22:20:42 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/08/04 22:20:42 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/08/04 22:20:42 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/08/04 22:20:42 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/08/04 22:20:42 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/08/04 22:20:42 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/08/04 22:20:42 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/08/04 22:20:42 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/08/04 22:20:42 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/08/04 22:20:42 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/08/04 22:20:42 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/08/04 22:20:42 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/08/04 22:20:42 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/06/15 09:55:29 | 000,007,887 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\pcouffin.cat
[2010/06/15 09:55:29 | 000,001,144 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\pcouffin.inf
[2010/06/01 18:07:01 | 000,000,380 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/01 17:38:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/01 17:27:00 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/06/01 17:27:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/06/01 17:26:54 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/01 17:26:53 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/06/01 17:26:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/25 00:23:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/03/25 00:23:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/11/26 18:48:43 | 000,000,228 | ---- | C] () -- C:\Windows\OEM.ini
[2009/11/26 18:48:42 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/10/02 18:01:39 | 000,369,984 | ---- | C] () -- C:\Windows\System32\perfi008.dat
[2009/10/02 18:01:38 | 000,559,960 | ---- | C] () -- C:\Windows\System32\perfh008.dat
[2009/10/02 18:01:38 | 000,089,586 | ---- | C] () -- C:\Windows\System32\perfc008.dat
[2009/10/02 18:01:38 | 000,045,182 | ---- | C] () -- C:\Windows\System32\perfd008.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,289,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/04/24 14:47:04 | 000,005,697 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/04/28 20:38:45 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\AnvSoft
[2011/01/17 17:51:20 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Big Fish Games
[2010/10/07 12:33:04 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Dragon Altar Games
[2011/10/31 16:04:00 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoft
[2011/10/31 16:03:52 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/10/07 15:03:41 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Enki Games
[2011/09/26 14:43:06 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Epson
[2010/10/25 18:03:06 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\IronCode
[2010/10/11 12:35:09 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Mutant Arcade
[2011/05/16 18:43:50 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\PlayFirst
[2010/06/02 22:08:31 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\PMS
[2010/10/10 16:38:23 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\PoBros
[2011/03/21 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Rovio
[2011/03/10 14:53:04 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\TeamViewer
[2010/10/05 14:25:23 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Vogat Interactive
[2011/03/18 20:33:45 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Vso
[2010/11/22 15:32:48 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Windows Live Writer
[2011/08/09 13:35:15 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 1081 bytes -> C:\Users\Sokratis\Desktop\OriginalMessage.eml:OECustomProperty

< End of report >

malou35, Nov 9, 2011

#14

Broni Malware Annihilator

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.smartwebsearch.net/index.php?from=3
FF - prefs.js..browser.search.defaultenginename: "google-feed.net"
FF - prefs.js..browser.search.selectedEngine: "GoogleFeed.net"
FF - prefs.js..browser.startup.homepage: "http://www.smartwebsearch.net/index.php?from=3"
FF - prefs.js..keyword.URL: "http://smartwebsearch.net/results.php?q="
[2011/11/09 20:53:17 | 000,002,126 | ---- | M] () -- C:\Users\Sokratis\AppData\Roaming\Mozilla\Firefox\Profiles\owfdzacx.default \searchplugins\GoogleFeed.xml

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

Broni, Nov 9, 2011

#15

malou35 Newcomer, in training

Log from OTL wit Run Fix:

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "google-feed.net" removed from browser.search.defaultenginename
Prefs.js: "GoogleFeed.net" removed from browser.search.selectedEngine
Prefs.js: "http://www.smartwebsearch.net/index.php?from=3" removed from browser.startup.homepage
Prefs.js: "http://smartwebsearch.net/results.php?q=" removed from keyword.URL
File C:\Users\Sokratis\AppData\Roaming\Mozilla\Firefox\Profiles\owfdzacx.default \searchplugins\GoogleFeed.xml not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sokratis
->Temp folder emptied: 195561 bytes
->Temporary Internet Files folder emptied: 832861 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 98115680 bytes
->Flash cache emptied: 841 bytes

User: turbo-x
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4712 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 95,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Sokratis
->Flash cache emptied: 0 bytes

User: turbo-x
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 11092011_213522

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

malou35, Nov 9, 2011

#16
malou35 Newcomer, in training

Just to inform you, although redirection of home page is still there, it takes now more time to load.

Log from OTL Quick Scan:

OTL logfile created on: 9/11/2011 9:41:38 μμ - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sokratis\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

2,97 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,72% Memory free
5,93 Gb Paging File | 4,71 Gb Available in Paging File | 79,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,46 Gb Total Space | 166,04 Gb Free Space | 35,67% Space Free | Partition Type: NTFS

Computer Name: SOKRATIS-LAPTOP | User Name: Sokratis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/08 23:58:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sokratis\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/01 15:45:16 | 000,436,224 | ---- | M] () -- C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
PRC - [2011/03/21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/24 19:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/03/24 19:31:00 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/12/31 09:17:32 | 000,230,752 | ---- | M] (Aladdin Knowledge Systems, Ltd.) -- C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe
PRC - [2009/12/31 09:17:24 | 000,012,640 | ---- | M] (Aladdin Knowledge Systems, Ltd.) -- C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe
PRC - [2009/06/09 16:03:16 | 000,077,824 | ---- | M] (mychat) -- C:\Program Files\BisonCam\BisonHK.exe
PRC - [2009/06/04 23:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/04/07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/07/16 13:24:20 | 001,351,680 | ---- | M] () -- C:\Program Files\Hotkey\Hotkey.exe
PRC - [2008/07/10 14:04:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Hotkey\PowerBiosServer.exe
PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/12/17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/12 10:07:16 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3796b55e377311245\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/12 09:35:38 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MOD - [2011/10/12 09:35:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 09:35:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 09:35:04 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 09:34:49 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 09:34:43 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/01 15:45:16 | 000,436,224 | ---- | M] () -- C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/07/14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/03/12 14:45:32 | 000,135,168 | ---- | M] () -- C:\PROGRA~1\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL
MOD - [2009/02/18 21:57:54 | 000,028,672 | ---- | M] () -- C:\Program Files\BisonCam\KBHookDLL.dll
MOD - [2008/11/21 12:58:42 | 000,057,344 | ---- | M] () -- C:\PROGRA~1\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll
MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2008/07/16 13:24:20 | 001,351,680 | ---- | M] () -- C:\Program Files\Hotkey\Hotkey.exe
MOD - [2007/03/29 14:11:10 | 000,217,088 | ---- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\QtXml4.dll
MOD - [2007/03/27 19:06:46 | 000,131,072 | R--- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\plugins\imageformats\qjpeg1.dll
MOD - [2007/03/27 19:04:00 | 005,529,600 | R--- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\QtGui4.dll
MOD - [2007/03/27 19:04:00 | 001,466,368 | R--- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\QtCore4.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/06/01 19:02:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/24 19:39:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/03/24 19:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/12/31 09:17:24 | 000,012,640 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Auto | Running] -- C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe -- (eTSrv)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008/07/10 14:04:14 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2007/12/17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService)

========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/03/31 02:13:28 | 000,379,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2010/03/24 19:33:56 | 000,096,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2010/03/24 19:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/24 19:23:54 | 000,133,512 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2009/07/25 23:12:08 | 001,182,320 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009/07/14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 02:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/07/14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 00:02:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Πρόγραμμα οδήγησης προσαρμογέα Intel(R)
DRV - [2009/03/12 10:11:12 | 000,113,504 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/02/10 16:38:00 | 007,547,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/29 15:40:04 | 000,048,296 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aksifdh.sys -- (AKSIFDH)
DRV - [2008/07/29 15:40:04 | 000,034,472 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksup.sys -- (AKSUP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.smartwebsearch.net/index.php?from=3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = el-GR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 79 96 9A 3D 9A CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.defaultenginename: "google-feed.net"
FF - prefs.js..keyword.URL: "http://smartwebsearch.net/results.php?q="
FF - prefs.js..browser.search.selectedEngine: "GoogleFeed.net"
FF - prefs.js..browser.startup.homepage: "http://www.smartwebsearch.net/index.php?from=3"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/05 20:10:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/02 20:15:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/06/01 18:55:49 | 000,000,000 | ---D | M]

[2011/11/05 20:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sokratis\AppData\Roaming\mozilla\Extensions
[2011/11/05 20:18:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sokratis\AppData\Roaming\mozilla\Firefox\Profiles\owfdzacx.default\extensions
[2011/11/05 20:18:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sokratis\AppData\Roaming\mozilla\Firefox\Profiles\owfdzacx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/09 21:39:32 | 000,002,126 | ---- | M] () -- C:\Users\Sokratis\AppData\Roaming\Mozilla\Firefox\Profiles\owfdzacx.default\searchplugins\GoogleFeed.xml
[2011/11/05 20:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/06/01 17:36:32 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/02 22:06:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/27 10:55:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/18 18:05:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/12 14:51:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/21 12:52:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/24 12:46:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/25 06:42:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\SOKRATIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OWFDZACX.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\SOKRATIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OWFDZACX.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2011/09/29 09:08:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/29 03:27:38 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 03:27:38 | 000,000,760 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/29 03:27:38 | 000,001,219 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-el.xml

O1 HOSTS File: ([2011/11/07 17:26:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BisonHK] C:\Program Files\BisonCam\BisonHK.exe (mychat)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [eTMonitor] C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe (Aladdin Knowledge Systems, Ltd.)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotkeyOSD Software] C:\Program Files\Hotkey\HotKey.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [NTServiceManager] C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6773B106-CEB4-45A4-BFEA-1B79D2F3067A}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/09 18:14:09 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\Desktop\GooredFix Backups
[2011/11/09 18:13:22 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Sokratis\Desktop\GooredFix.exe
[2011/11/09 08:14:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/08 23:57:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sokratis\Desktop\OTL.exe
[2011/11/08 12:51:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/08 12:06:18 | 004,285,205 | R--- | C] (Swearware) -- C:\Users\Sokratis\Desktop\ComboFix.exe
[2011/11/08 11:58:15 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\Desktop\cleaning tools
[2011/11/07 19:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/07 19:28:20 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/07 19:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/07 17:18:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/07 17:18:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/07 17:18:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/07 17:16:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/07 17:16:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/05 20:10:50 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\Mozilla
[2011/11/05 17:16:17 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\Desktop\diagoras
[2011/11/05 14:50:39 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\Malwarebytes
[2011/11/05 14:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/02 20:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/02 20:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/31 16:03:58 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoft
[2011/10/31 16:03:51 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/10/31 15:42:09 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\Documents\DVDVideoSoft
[2011/10/31 15:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\YoutubeDownloader.org
[2011/10/29 12:19:21 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Local\FileServe Manager
[2011/10/29 12:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\FileServe Manager
[2011/10/29 12:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\FileServe Limited
[2011/10/29 12:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Web Installer
[2011/10/25 08:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/12 20:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/12 20:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/12 20:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/12 20:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/15 09:55:29 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Sokratis\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/11/09 21:38:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/09 21:38:36 | 2388,303,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/09 18:13:23 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Sokratis\Desktop\GooredFix.exe
[2011/11/09 14:36:53 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/09 14:36:53 | 000,559,960 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2011/11/09 14:36:53 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/09 14:36:53 | 000,089,586 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2011/11/09 08:59:33 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/09 08:59:33 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/09 08:14:18 | 000,029,428 | ---- | M] () -- C:\Users\Sokratis\Desktop\OriginalMessage.eml
[2011/11/08 23:58:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sokratis\Desktop\OTL.exe
[2011/11/08 16:40:45 | 000,080,820 | ---- | M] () -- C:\Users\Sokratis\Desktop\Ika_payment001.jpg
[2011/11/08 12:12:54 | 286,003,328 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/08 12:06:56 | 004,285,205 | R--- | M] (Swearware) -- C:\Users\Sokratis\Desktop\ComboFix.exe
[2011/11/07 17:26:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/31 17:03:25 | 004,525,314 | ---- | M] () -- C:\Users\Sokratis\Desktop\Stoys pente anemous.mp3
[2011/10/29 13:37:14 | 005,999,297 | ---- | M] () -- C:\Users\Sokratis\Desktop\Pittbull VS. Kitten.wmv
[2011/10/13 13:21:57 | 000,001,107 | ---- | M] () -- C:\Users\Sokratis\Application Data\Microsoft\Internet Explorer\Quick Launch\Εκκίνηση του Microsoft Office Outlook.lnk
[2011/10/12 20:47:37 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/12 09:33:48 | 000,289,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/11/08 16:40:45 | 000,080,820 | ---- | C] () -- C:\Users\Sokratis\Desktop\Ika_payment001.jpg
[2011/11/07 17:18:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/07 17:18:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/07 17:18:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/07 17:18:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/07 17:18:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/05 20:10:31 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/31 17:03:04 | 004,525,314 | ---- | C] () -- C:\Users\Sokratis\Desktop\Stoys pente anemous.mp3
[2011/10/29 13:36:52 | 005,999,297 | ---- | C] () -- C:\Users\Sokratis\Desktop\Pittbull VS. Kitten.wmv
[2011/10/12 20:47:37 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/10 05:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/03/21 22:13:17 | 000,004,096 | -H-- | C] () -- C:\Users\Sokratis\AppData\Local\keyfile3.drm
[2011/03/15 23:34:25 | 000,009,350 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\Τιμές οριοθετημένες με κόμματα (Windows).EML
[2011/01/03 20:08:07 | 000,038,450 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\Τιμές οριοθετημένες με κόμματα (Windows).ADR
[2010/08/04 22:20:42 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/08/04 22:20:42 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/08/04 22:20:42 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/08/04 22:20:42 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/08/04 22:20:42 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/08/04 22:20:42 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/08/04 22:20:42 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/08/04 22:20:42 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/08/04 22:20:42 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/08/04 22:20:42 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/08/04 22:20:42 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/08/04 22:20:42 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/08/04 22:20:42 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/08/04 22:20:42 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/08/04 22:20:42 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/08/04 22:20:42 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/08/04 22:20:42 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/08/04 22:20:42 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/08/04 22:20:42 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/06/15 09:55:29 | 000,007,887 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\pcouffin.cat
[2010/06/15 09:55:29 | 000,001,144 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\pcouffin.inf
[2010/06/01 18:07:01 | 000,000,380 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/01 17:38:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/01 17:27:00 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/06/01 17:27:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/06/01 17:26:54 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/01 17:26:53 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/06/01 17:26:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/25 00:23:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/03/25 00:23:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/11/26 18:48:43 | 000,000,228 | ---- | C] () -- C:\Windows\OEM.ini
[2009/11/26 18:48:42 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/10/02 18:01:39 | 000,369,984 | ---- | C] () -- C:\Windows\System32\perfi008.dat
[2009/10/02 18:01:38 | 000,559,960 | ---- | C] () -- C:\Windows\System32\perfh008.dat
[2009/10/02 18:01:38 | 000,089,586 | ---- | C] () -- C:\Windows\System32\perfc008.dat
[2009/10/02 18:01:38 | 000,045,182 | ---- | C] () -- C:\Windows\System32\perfd008.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,289,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/04/24 14:47:04 | 000,005,697 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/04/28 20:38:45 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\AnvSoft
[2011/01/17 17:51:20 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Big Fish Games
[2010/10/07 12:33:04 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Dragon Altar Games
[2011/10/31 16:04:00 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoft
[2011/10/31 16:03:52 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/10/07 15:03:41 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Enki Games
[2011/09/26 14:43:06 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Epson
[2010/10/25 18:03:06 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\IronCode
[2010/10/11 12:35:09 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Mutant Arcade
[2011/05/16 18:43:50 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\PlayFirst
[2010/06/02 22:08:31 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\PMS
[2010/10/10 16:38:23 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\PoBros
[2011/03/21 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Rovio
[2011/03/10 14:53:04 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\TeamViewer
[2010/10/05 14:25:23 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Vogat Interactive
[2011/03/18 20:33:45 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Vso
[2010/11/22 15:32:48 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Windows Live Writer
[2011/08/09 13:35:15 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 1081 bytes -> C:\Users\Sokratis\Desktop\OriginalMessage.eml:OECustomProperty

< End of report >

malou35, Nov 9, 2011

#17
Broni Malware Annihilator
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (Vista and Windows 7 users: while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"

Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer.

NOTE. You may need to re-check your router security settings, as described HERE

====================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL FF - prefs.js..browser.search.defaultenginename: "google-feed.net" FF - prefs.js..keyword.URL: "http://smartwebsearch.net/results.php?q=" FF - prefs.js..browser.search.selectedEngine: "GoogleFeed.net" FF - prefs.js..browser.startup.homepage: "http://www.smartwebsearch.net/index.php?from=3" IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.smartwebsearch.net/index.php?from=3 [2011/11/09 21:39:32 | 000,002,126 | ---- | M] () -- C:\Users\Sokratis\AppData\Roaming\Mozilla\Firefox\Profiles\owfdzacx.default \searchplugins\GoogleFeed.xml @Alternate Data Stream - 1081 bytes -> C:\Users\Sokratis\Desktop\OriginalMessage.eml:OECustomProperty :Services :Reg :Files :Commands [purity] [emptytemp] [emptyflash] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
Broni, Nov 9, 2011

#18
malou35 Newcomer, in training

Sorry for the delay. I had some issues (1) with the dns client service (greek windows, so I had to find it in the services, it's dnscache) and (2) had some problems reseting the router, finally I did it!!

Here is the first log from OTL:

All processes killed
========== OTL ==========
Prefs.js: "google-feed.net" removed from browser.search.defaultenginename
Prefs.js: "http://smartwebsearch.net/results.php?q=" removed from keyword.URL
Prefs.js: "GoogleFeed.net" removed from browser.search.selectedEngine
Prefs.js: "http://www.smartwebsearch.net/index.php?from=3" removed from browser.startup.homepage
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
File C:\Users\Sokratis\AppData\Roaming\Mozilla\Firefox\Profiles\owfdzacx.default \searchplugins\GoogleFeed.xml not found.
ADS C:\Users\Sokratis\Desktop\OriginalMessage.eml:OECustomProperty deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sokratis
->Temp folder emptied: 75903 bytes
->Temporary Internet Files folder emptied: 68979 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22504598 bytes
->Flash cache emptied: 611 bytes

User: turbo-x
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11096 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 22,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Sokratis
->Flash cache emptied: 0 bytes

User: turbo-x
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 11092011_232343

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

malou35, Nov 9, 2011

#19
Broni Malware Annihilator

OK. Give me fresh OTL log.

Broni, Nov 9, 2011

#20

(You must log in or sign up to reply here.)

Page 1 of 3

TechSpot | Technology News and Analysis
Copyright © 1998-2012, TechSpot, Inc.
Forum software by XenForo™
TechSpot is a registered trademark
All Rights Reserved