Solved Problem with redirection of home page, unwanted search engine

This time it worked (lucky me!!).. Here is the log file:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-10 00:09:39
-----------------------------
00:09:39.713 OS Version: Windows 6.1.7601 Service Pack 1
00:09:39.713 Number of processors: 2 586 0x170A
00:09:39.728 ComputerName: SOKRATIS-LAPTOP UserName: Sokratis
00:09:41.117 Initialize success
00:13:37.849 AVAST engine defs: 11110901
00:14:05.352 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:14:05.367 Disk 0 Vendor: ST9500325AS 0001SDM1 Size: 476940MB BusType: 11
00:14:07.473 Disk 0 MBR read successfully
00:14:07.473 Disk 0 MBR scan
00:14:07.489 Disk 0 Windows 7 default MBR code
00:14:07.505 Disk 0 scanning sectors +976773120
00:14:07.863 Disk 0 scanning C:\Windows\system32\drivers
00:14:28.034 Service scanning
00:14:29.672 Modules scanning
00:14:38.939 Disk 0 trace - called modules:
00:14:38.954 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
00:14:38.970 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8696e030]
00:14:38.970 3 CLASSPNP.SYS[8bb9d59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86896338]
00:14:40.935 AVAST engine scan C:\Windows
00:14:48.408 AVAST engine scan C:\Windows\system32
00:17:25.235 AVAST engine scan C:\Windows\system32\drivers
00:17:45.827 AVAST engine scan C:\Users\Sokratis
00:24:42.068 AVAST engine scan C:\ProgramData
00:26:03.891 Scan finished successfully
00:26:25.887 Disk 0 MBR has been saved successfully to "C:\Users\Sokratis\Desktop\MBR.dat"
00:26:25.887 The log file has been saved successfully to "C:\Users\Sokratis\Desktop\aswMBR.txt"
 
It looks good.

Delete your Combofix file, download fresh one and post new log.
 
You said in your first post to always inform you if something has changed. Here is what I noticed: from time to time I open IE to see if anything has changed there (I think I mentioned I use firefox, but both are infected). So now I opened IE and although home page is still "apype.com" I got a message saying that "an unknown programm wishes to change the default search engine to "google-feed.net" (www.smartwebsearch.net)" Allow or not allow.. I didn't have the time to click on not allow, but now that I go to search engines "google-feed.net" is there but is not the default search engine anymore!! Is this some kind of progress?

Anyway, I will remove it once again (from firefox too) and let you know what happens..
 
"google-feed.net" (www.smartwebsearch.net)" is our culprit but the problem is that after removing it it comes back so something else must be triggering it.
 
Once again, you're right. Everthing's back messed up (both in firefox and IE).

Before I asked for your help, I did a little google search to figure out how I got this. And I found many people complaining that they had the same problem after they downloaded some sort of youtube downloader. Because I had downloaded a couple of these, I instantly uninstalled all of them.

Now, with all the reports, I noticed that in C:\appdata there is a dir 'Youtubedownloader.org' and in there among other files there is a BrowserStarPage.dll file. I don't say it's relevant, but I just noticed, so I thought I should mention it.

And here is the combofix log:

ComboFix 11-11-09.02 - Sokratis 10/11/2011 0:48.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1032.18.3037.1863 [GMT 2:00]
Running from: c:\users\Sokratis\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))
.
.
2011-11-09 22:55 . 2011-11-09 22:55 -------- d-----w- c:\users\turbo-x\AppData\Local\temp
2011-11-09 22:55 . 2011-11-09 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-09 21:27 . 2011-11-09 21:27 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F3E62AC-850E-4B4E-80D2-FD1B6FBDA72E}\offreg.dll
2011-11-09 18:24 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:24 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 18:24 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 06:14 . 2011-11-09 06:14 -------- d-----w- C:\_OTL
2011-11-08 09:54 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F3E62AC-850E-4B4E-80D2-FD1B6FBDA72E}\mpengine.dll
2011-11-07 17:28 . 2011-11-07 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-07 17:28 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-05 12:50 . 2011-11-05 12:50 -------- d-----w- c:\users\Sokratis\AppData\Roaming\Malwarebytes
2011-11-05 12:50 . 2011-11-05 12:50 -------- d-----w- c:\programdata\Malwarebytes
2011-10-31 14:03 . 2011-10-31 14:04 -------- d-----w- c:\users\Sokratis\AppData\Roaming\DVDVideoSoft
2011-10-31 13:42 . 2002-01-05 12:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-10-31 13:26 . 2011-10-31 13:26 -------- d-----w- c:\program files\YoutubeDownloader.org
2011-10-29 10:19 . 2011-11-05 10:33 -------- d-----w- c:\users\Sokratis\AppData\Local\FileServe Manager
2011-10-29 10:19 . 2011-11-05 10:33 -------- d-----w- c:\program files\FileServe Manager
2011-10-29 10:19 . 2011-10-29 10:19 -------- d-----w- c:\programdata\FileServe Limited
2011-10-29 10:16 . 2011-10-29 10:16 -------- d-----w- c:\programdata\Web Installer
2011-10-25 06:31 . 2011-10-25 06:31 -------- d-----w- c:\program files\Common Files\Java
2011-10-24 12:29 . 2011-10-24 12:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 12:29 . 2011-10-24 12:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-12 18:47 . 2011-10-12 18:47 -------- d-----w- c:\program files\iPod
2011-10-12 18:46 . 2011-10-12 18:47 -------- d-----w- c:\program files\iTunes
2011-10-12 18:42 . 2011-10-12 18:42 -------- d-----w- c:\program files\Bonjour
2011-10-12 07:00 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 07:00 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 07:00 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 07:00 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 08:51 . 2011-05-28 09:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 02:06 . 2010-06-02 20:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-30 20:05 . 2011-08-30 20:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 20:05 . 2011-08-30 20:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 20:05 . 2011-08-30 20:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 20:05 . 2011-08-30 20:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-09-29 07:08 . 2011-11-05 18:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"NTServiceManager"="c:\program files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe" [2011-07-01 436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-25 1537320]
"HotkeyOSD Software"="c:\program files\Hotkey\HotKey.exe" [2008-07-16 1351680]
"BisonHK"="c:\program files\BisonCam\BisonHK.exe" [2009-06-09 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-24 2145000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-04 843776]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"eTMonitor"="c:\program files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe" [2009-12-31 230752]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [2008-07-29 34472]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 netw5v32;Πρόγραμμα οδήγησης προσαρμογέα Intel(R) Wireless WiFi Link 5000 Series για Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
R3 SiSGbeLH;Πρόγραμμα οδήγησης NDIS 6.0 συσκευής SiS191/SiS190 Ethernet;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Υπηρεσία Τεχνολογιών ενεργοποίησης των Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-01 1343400]
R3 WSDPrintDevice;Υποστήριξη εκτυπώσεων WSD μέσω UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 WSDScan;Υποστήριξη σάρωσης WSD μέσω UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-24 114984]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-24 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-24 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-24 96896]
S2 eTSrv;ETOKSRV;c:\program files\Aladdin\eToken\PKIClient\x32\eTSrv.exe [2009-12-31 12640]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 PowerBiosServer;PowerBiosServer;c:\program files\Hotkey\PowerBiosServer.exe [2008-07-10 36864]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-03-12 113504]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-06-15 47360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.smartwebsearch.net/index.php?from=3
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Sokratis\AppData\Roaming\Mozilla\Firefox\Profiles\owfdzacx.default\
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-10 00:57:33
ComboFix-quarantined-files.txt 2011-11-09 22:57
ComboFix2.txt 2011-11-08 10:52
ComboFix3.txt 2011-11-07 15:28
.
Pre-Run: 12 Κατάλογοι 178.012.397.568 διαθέσιμα byte
Post-Run: 13 Κατάλογοι 178.037.182.464 διαθέσιμα byte
.
- - End Of File - - 40E7CE26D27B0BE7BAC8AFE8177DE991
 
Please, don't hate me, but it's almost 2:00am here and I have a 3year old daughter who will wake up in less that 5 hours; I really need to get some sleep..

I will check the posts for further instructions first thing in the morning..

Thanks for not giving up on this, can't imagine how gratefull I am!! :)
 
Not a problem :)
We'll fix it...

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box
  • Click OK
Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
FireFox::
FF - ProfilePath - c:\users\Sokratis\AppData\Roaming\Mozilla\Firefox\Profiles\owfdzacx.default \
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3

Folder::
c:\program files\YoutubeDownloader.org

DDS::
uStart Page = hxxp://www.smartwebsearch.net/index.php?from=3

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NTServiceManager"=-


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Ok, I run ComboFix with script (it asked to update to newest version, said yes) and here is the log file.
A quick question: Have you yet, by any chance, identified the threat? Meaning is this a simple adware, or is it sort of a virus/trojan/whatever that will put my passwords for bank accounts, etc in stake? Because I haven't taken any measures yet and I don't know if I should access all these accounts from the laptop.
 
And by mistake, no log file posted :eek: Here we go again:

ComboFix 11-11-10.01 - Sokratis 10/11/2011 10:53:13.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1032.18.3037.1943 [GMT 2:00]
Running from: c:\users\Sokratis\Desktop\ComboFix.exe
Command switches used :: c:\users\Sokratis\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\YoutubeDownloader.org
c:\program files\YoutubeDownloader.org\YoutubeDownloader\BrowserStartPage.dll
c:\program files\YoutubeDownloader.org\YoutubeDownloader\config.dat
c:\program files\YoutubeDownloader.org\YoutubeDownloader\InstallHelper.exe
c:\program files\YoutubeDownloader.org\YoutubeDownloader\RegSetup.exe
c:\program files\YoutubeDownloader.org\YoutubeDownloader\selfupdate.exe
c:\program files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-10 to 2011-11-10 )))))))))))))))))))))))))))))))
.
.
2011-11-10 09:13 . 2011-11-10 09:13 -------- d-----w- c:\users\Sokratis\AppData\Local\temp
2011-11-10 09:13 . 2011-11-10 09:13 -------- d-----w- c:\users\turbo-x\AppData\Local\temp
2011-11-10 09:13 . 2011-11-10 09:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-10 07:56 . 2011-11-10 07:56 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F3E62AC-850E-4B4E-80D2-FD1B6FBDA72E}\offreg.dll
2011-11-09 18:24 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:24 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 18:24 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 06:14 . 2011-11-09 06:14 -------- d-----w- C:\_OTL
2011-11-08 09:54 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F3E62AC-850E-4B4E-80D2-FD1B6FBDA72E}\mpengine.dll
2011-11-07 17:28 . 2011-11-07 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-07 17:28 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-05 12:50 . 2011-11-05 12:50 -------- d-----w- c:\users\Sokratis\AppData\Roaming\Malwarebytes
2011-11-05 12:50 . 2011-11-05 12:50 -------- d-----w- c:\programdata\Malwarebytes
2011-10-31 14:03 . 2011-10-31 14:04 -------- d-----w- c:\users\Sokratis\AppData\Roaming\DVDVideoSoft
2011-10-31 13:42 . 2002-01-05 12:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-10-29 10:19 . 2011-11-05 10:33 -------- d-----w- c:\users\Sokratis\AppData\Local\FileServe Manager
2011-10-29 10:19 . 2011-11-05 10:33 -------- d-----w- c:\program files\FileServe Manager
2011-10-29 10:19 . 2011-10-29 10:19 -------- d-----w- c:\programdata\FileServe Limited
2011-10-29 10:16 . 2011-10-29 10:16 -------- d-----w- c:\programdata\Web Installer
2011-10-25 06:31 . 2011-10-25 06:31 -------- d-----w- c:\program files\Common Files\Java
2011-10-24 12:29 . 2011-10-24 12:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 12:29 . 2011-10-24 12:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-12 18:47 . 2011-10-12 18:47 -------- d-----w- c:\program files\iPod
2011-10-12 18:46 . 2011-10-12 18:47 -------- d-----w- c:\program files\iTunes
2011-10-12 18:42 . 2011-10-12 18:42 -------- d-----w- c:\program files\Bonjour
2011-10-12 07:00 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 07:00 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 07:00 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 07:00 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 08:51 . 2011-05-28 09:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 02:06 . 2010-06-02 20:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-30 20:05 . 2011-08-30 20:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 20:05 . 2011-08-30 20:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 20:05 . 2011-08-30 20:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 20:05 . 2011-08-30 20:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-09-29 07:08 . 2011-11-05 18:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-25 1537320]
"HotkeyOSD Software"="c:\program files\Hotkey\HotKey.exe" [2008-07-16 1351680]
"BisonHK"="c:\program files\BisonCam\BisonHK.exe" [2009-06-09 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-24 2145000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-04 843776]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"eTMonitor"="c:\program files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe" [2009-12-31 230752]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [2008-07-29 34472]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 netw5v32;Πρόγραμμα οδήγησης προσαρμογέα Intel(R) Wireless WiFi Link 5000 Series για Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
R3 SiSGbeLH;Πρόγραμμα οδήγησης NDIS 6.0 συσκευής SiS191/SiS190 Ethernet;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Υπηρεσία Τεχνολογιών ενεργοποίησης των Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-01 1343400]
R3 WSDPrintDevice;Υποστήριξη εκτυπώσεων WSD μέσω UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 WSDScan;Υποστήριξη σάρωσης WSD μέσω UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-24 114984]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-24 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-24 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-24 96896]
S2 eTSrv;ETOKSRV;c:\program files\Aladdin\eToken\PKIClient\x32\eTSrv.exe [2009-12-31 12640]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 PowerBiosServer;PowerBiosServer;c:\program files\Hotkey\PowerBiosServer.exe [2008-07-10 36864]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-03-12 113504]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-06-15 47360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Sokratis\AppData\Roaming\Mozilla\Firefox\Profiles\owfdzacx.default\
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-10 11:15:35
ComboFix-quarantined-files.txt 2011-11-10 09:15
ComboFix2.txt 2011-11-09 22:57
ComboFix3.txt 2011-11-08 10:52
ComboFix4.txt 2011-11-07 15:28
.
Pre-Run: 12 Κατάλογοι 178.730.418.176 διαθέσιμα byte
Post-Run: 13 Κατάλογοι 178.661.867.520 διαθέσιμα byte
.
- - End Of File - - 96712628E1A044084B4BECBB8FDD8442
 
Another thing: I know you asked not to install/update anything as long as the cleaning process hasn't finished, but firefox updated itself (to ver 8) and by that removed some addons (java addons I think). Sorry, I forgot to uncheck "apply new updates without asking"!!
 
Something changed in IE again. Home page changed to default msn page (no apype.com) and although I can see in search engines tab "google-feed.net" when I click on it I cannot choose remove, it's not activated.

As for firefox I have manually removed everything (home page, search engine) and I'm waiting to see if they will change back..
 
I know I may sound too optimistic, but I think you've got it!!

Since this morning that I changed home page to blank and removed "google-feed.net" from search engines, nothing has changed back!! Firefox is working excellent. I think IE looks good too, although, as I mentioned above, I can see "google-feed.net" in search engines, but I cannot remove it; it's not activated.
And the strange dir "youtubedownloader.org" is gone..

I even rebooted, still everything seems ok :)
 
Fresh OTL log file:

OTL logfile created on: 10/11/2011 8:24:18 μμ - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sokratis\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

2,97 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 69,89% Memory free
5,93 Gb Paging File | 4,91 Gb Available in Paging File | 82,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,46 Gb Total Space | 165,65 Gb Free Space | 35,59% Space Free | Partition Type: NTFS

Computer Name: SOKRATIS-LAPTOP | User Name: Sokratis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/08 23:58:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sokratis\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/03/21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/24 19:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/03/24 19:31:00 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/12/31 09:17:32 | 000,230,752 | ---- | M] (Aladdin Knowledge Systems, Ltd.) -- C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe
PRC - [2009/12/31 09:17:24 | 000,012,640 | ---- | M] (Aladdin Knowledge Systems, Ltd.) -- C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe
PRC - [2009/06/09 16:03:16 | 000,077,824 | ---- | M] (mychat) -- C:\Program Files\BisonCam\BisonHK.exe
PRC - [2009/04/07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/07/16 13:24:20 | 001,351,680 | ---- | M] () -- C:\Program Files\Hotkey\Hotkey.exe
PRC - [2008/07/10 14:04:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Hotkey\PowerBiosServer.exe
PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/12/17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 10:07:16 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3796b55e377311245\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/12 09:35:38 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MOD - [2011/10/12 09:35:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 09:35:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 09:35:04 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 09:34:49 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 09:34:43 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/03/12 14:45:32 | 000,135,168 | ---- | M] () -- C:\PROGRA~1\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL
MOD - [2009/02/18 21:57:54 | 000,028,672 | ---- | M] () -- C:\Program Files\BisonCam\KBHookDLL.dll
MOD - [2008/11/21 12:58:42 | 000,057,344 | ---- | M] () -- C:\PROGRA~1\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll
MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2008/07/16 13:24:20 | 001,351,680 | ---- | M] () -- C:\Program Files\Hotkey\Hotkey.exe
MOD - [2007/03/29 14:11:10 | 000,217,088 | ---- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\QtXml4.dll
MOD - [2007/03/27 19:06:46 | 000,131,072 | R--- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\plugins\imageformats\qjpeg1.dll
MOD - [2007/03/27 19:04:00 | 005,529,600 | R--- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\QtGui4.dll
MOD - [2007/03/27 19:04:00 | 001,466,368 | R--- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/06/01 19:02:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/24 19:39:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/03/24 19:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/12/31 09:17:24 | 000,012,640 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Auto | Running] -- C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe -- (eTSrv)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008/07/10 14:04:14 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2007/12/17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/03/31 02:13:28 | 000,379,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2010/03/24 19:33:56 | 000,096,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2010/03/24 19:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/24 19:23:54 | 000,133,512 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2009/07/25 23:12:08 | 001,182,320 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009/07/14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 02:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/07/14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 00:02:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Πρόγραμμα οδήγησης προσαρμογέα Intel(R)
DRV - [2009/03/12 10:11:12 | 000,113,504 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/02/10 16:38:00 | 007,547,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/29 15:40:04 | 000,048,296 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aksifdh.sys -- (AKSIFDH)
DRV - [2008/07/29 15:40:04 | 000,034,472 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksup.sys -- (AKSUP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://gr.msn.com/?mkt=el-gr&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = el-GR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D 9C F5 8F 8D 9F CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "google-feed.net"
FF - prefs.js..browser.search.selectedEngine: "GoogleFeed.net"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://smartwebsearch.net/results.php?q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 11:36:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/02 20:15:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/06/01 18:55:49 | 000,000,000 | ---D | M]

[2011/11/05 20:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sokratis\AppData\Roaming\mozilla\Extensions
[2011/11/05 20:18:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sokratis\AppData\Roaming\mozilla\Firefox\Profiles\owfdzacx.default\extensions
[2011/11/05 20:18:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sokratis\AppData\Roaming\mozilla\Firefox\Profiles\owfdzacx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/10 11:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/06/01 17:36:32 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/10/25 06:42:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\SOKRATIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OWFDZACX.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\SOKRATIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OWFDZACX.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2011/11/10 11:36:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/29 03:27:38 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 03:27:38 | 000,000,760 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/29 03:27:38 | 000,001,219 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-el.xml

O1 HOSTS File: ([2011/11/10 11:13:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BisonHK] C:\Program Files\BisonCam\BisonHK.exe (mychat)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [eTMonitor] C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe (Aladdin Knowledge Systems, Ltd.)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotkeyOSD Software] C:\Program Files\Hotkey\HotKey.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6773B106-CEB4-45A4-BFEA-1B79D2F3067A}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 11:15:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/10 11:15:37 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Local\temp
[2011/11/10 00:44:45 | 004,287,988 | R--- | C] (Swearware) -- C:\Users\Sokratis\Desktop\ComboFix.exe
[2011/11/10 00:08:28 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Sokratis\Desktop\aswMBR.exe
[2011/11/09 18:14:09 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\Desktop\GooredFix Backups
[2011/11/09 18:13:22 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Sokratis\Desktop\GooredFix.exe
[2011/11/09 08:14:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/08 23:57:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sokratis\Desktop\OTL.exe
[2011/11/08 11:58:15 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\Desktop\cleaning tools
[2011/11/07 19:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/07 19:28:20 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/07 19:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/07 17:18:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/07 17:18:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/07 17:18:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/07 17:16:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/07 17:16:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/05 20:10:50 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\Mozilla
[2011/11/05 17:16:17 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\Desktop\diagoras
[2011/11/05 14:50:39 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\Malwarebytes
[2011/11/05 14:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/02 20:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/02 20:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/31 16:03:58 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoft
[2011/10/31 16:03:51 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/10/31 15:42:09 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\Documents\DVDVideoSoft
[2011/10/29 12:19:21 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Local\FileServe Manager
[2011/10/29 12:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\FileServe Manager
[2011/10/29 12:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\FileServe Limited
[2011/10/29 12:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Web Installer
[2011/10/25 08:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/12 20:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/12 20:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/12 20:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/12 20:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/15 09:55:29 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Sokratis\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/11/10 18:32:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/10 17:36:35 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 17:36:35 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 17:28:59 | 2388,303,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/10 11:41:01 | 000,001,107 | ---- | M] () -- C:\Users\Sokratis\Application Data\Microsoft\Internet Explorer\Quick Launch\Εκκίνηση του Microsoft Office Outlook.lnk
[2011/11/10 11:13:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/10 10:51:11 | 004,287,988 | R--- | M] (Swearware) -- C:\Users\Sokratis\Desktop\ComboFix.exe
[2011/11/10 00:26:25 | 000,000,512 | ---- | M] () -- C:\Users\Sokratis\Desktop\MBR.dat
[2011/11/10 00:08:37 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Sokratis\Desktop\aswMBR.exe
[2011/11/09 23:23:45 | 000,029,428 | ---- | M] () -- C:\Users\Sokratis\Desktop\OriginalMessage.eml
[2011/11/09 22:48:42 | 000,289,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/09 22:32:46 | 000,001,205 | ---- | M] () -- C:\Users\Sokratis\Desktop\cmd.lnk
[2011/11/09 22:27:48 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/09 22:27:48 | 000,559,960 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2011/11/09 22:27:48 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/09 22:27:48 | 000,089,586 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2011/11/09 18:13:23 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Sokratis\Desktop\GooredFix.exe
[2011/11/08 23:58:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sokratis\Desktop\OTL.exe
[2011/11/08 16:40:45 | 000,080,820 | ---- | M] () -- C:\Users\Sokratis\Desktop\Ika_payment001.jpg
[2011/11/08 12:12:54 | 286,003,328 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/31 17:03:25 | 004,525,314 | ---- | M] () -- C:\Users\Sokratis\Desktop\Stoys pente anemous.mp3
[2011/10/29 13:37:14 | 005,999,297 | ---- | M] () -- C:\Users\Sokratis\Desktop\Pittbull VS. Kitten.wmv
[2011/10/12 20:47:37 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/11/10 00:26:25 | 000,000,512 | ---- | C] () -- C:\Users\Sokratis\Desktop\MBR.dat
[2011/11/09 22:32:36 | 000,001,205 | ---- | C] () -- C:\Users\Sokratis\Desktop\cmd.lnk
[2011/11/08 16:40:45 | 000,080,820 | ---- | C] () -- C:\Users\Sokratis\Desktop\Ika_payment001.jpg
[2011/11/07 17:18:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/07 17:18:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/07 17:18:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/07 17:18:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/07 17:18:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/05 20:10:31 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/31 17:03:04 | 004,525,314 | ---- | C] () -- C:\Users\Sokratis\Desktop\Stoys pente anemous.mp3
[2011/10/29 13:36:52 | 005,999,297 | ---- | C] () -- C:\Users\Sokratis\Desktop\Pittbull VS. Kitten.wmv
[2011/10/12 20:47:37 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/10 05:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/03/21 22:13:17 | 000,004,096 | -H-- | C] () -- C:\Users\Sokratis\AppData\Local\keyfile3.drm
[2011/03/15 23:34:25 | 000,009,350 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\Τιμές οριοθετημένες με κόμματα (Windows).EML
[2011/01/03 20:08:07 | 000,038,450 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\Τιμές οριοθετημένες με κόμματα (Windows).ADR
[2010/08/04 22:20:42 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/08/04 22:20:42 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/08/04 22:20:42 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/08/04 22:20:42 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/08/04 22:20:42 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/08/04 22:20:42 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/08/04 22:20:42 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/08/04 22:20:42 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/08/04 22:20:42 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/08/04 22:20:42 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/08/04 22:20:42 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/08/04 22:20:42 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/08/04 22:20:42 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/08/04 22:20:42 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/08/04 22:20:42 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/08/04 22:20:42 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/08/04 22:20:42 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/08/04 22:20:42 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/08/04 22:20:42 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/06/15 09:55:29 | 000,007,887 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\pcouffin.cat
[2010/06/15 09:55:29 | 000,001,144 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\pcouffin.inf
[2010/06/01 18:07:01 | 000,000,380 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/01 17:38:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/01 17:27:00 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/06/01 17:27:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/06/01 17:26:54 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/01 17:26:53 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/06/01 17:26:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/25 00:23:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/03/25 00:23:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/11/26 18:48:43 | 000,000,228 | ---- | C] () -- C:\Windows\OEM.ini
[2009/11/26 18:48:42 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/10/02 18:01:39 | 000,369,984 | ---- | C] () -- C:\Windows\System32\perfi008.dat
[2009/10/02 18:01:38 | 000,559,960 | ---- | C] () -- C:\Windows\System32\perfh008.dat
[2009/10/02 18:01:38 | 000,089,586 | ---- | C] () -- C:\Windows\System32\perfc008.dat
[2009/10/02 18:01:38 | 000,045,182 | ---- | C] () -- C:\Windows\System32\perfd008.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,289,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/04/24 14:47:04 | 000,005,697 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/04/28 20:38:45 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\AnvSoft
[2011/01/17 17:51:20 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Big Fish Games
[2010/10/07 12:33:04 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Dragon Altar Games
[2011/10/31 16:04:00 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoft
[2011/10/31 16:03:52 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/10/07 15:03:41 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Enki Games
[2011/09/26 14:43:06 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Epson
[2010/10/25 18:03:06 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\IronCode
[2010/10/11 12:35:09 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Mutant Arcade
[2011/05/16 18:43:50 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\PlayFirst
[2010/06/02 22:08:31 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\PMS
[2010/10/10 16:38:23 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\PoBros
[2011/03/21 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Rovio
[2011/03/10 14:53:04 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\TeamViewer
[2010/10/05 14:25:23 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Vogat Interactive
[2011/03/18 20:33:45 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Vso
[2010/11/22 15:32:48 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Windows Live Writer
[2011/08/09 13:35:15 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1081 bytes -> C:\Users\Sokratis\Desktop\OriginalMessage.eml:OECustomProperty

< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    FF - prefs.js..browser.search.defaultenginename: "google-feed.net"
    FF - prefs.js..browser.search.selectedEngine: "GoogleFeed.net"
    FF - prefs.js..browser.startup.homepage: "about:home"
    FF - prefs.js..keyword.URL: "http://smartwebsearch.net/results.php?q="
    @Alternate Data Stream - 1081 bytes -> C:\Users\Sokratis\Desktop\OriginalMessage.eml:OECustomProperty
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
 
OTL with Run/Fix log:

All processes killed
========== OTL ==========
Prefs.js: "google-feed.net" removed from browser.search.defaultenginename
Prefs.js: "GoogleFeed.net" removed from browser.search.selectedEngine
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: "http://smartwebsearch.net/results.php?q=" removed from keyword.URL
ADS C:\Users\Sokratis\Desktop\OriginalMessage.eml:OECustomProperty deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sokratis
->Temp folder emptied: 4055 bytes
->Temporary Internet Files folder emptied: 4464020 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 102341097 bytes
->Flash cache emptied: 1429 bytes

User: turbo-x
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4104 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 102,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Sokratis
->Flash cache emptied: 0 bytes

User: turbo-x
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11102011_205651

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
OTL wit Quick Scan:

OTL logfile created on: 10/11/2011 9:01:08 μμ - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sokratis\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

2,97 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 62,29% Memory free
5,93 Gb Paging File | 4,75 Gb Available in Paging File | 80,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,46 Gb Total Space | 165,75 Gb Free Space | 35,61% Space Free | Partition Type: NTFS

Computer Name: SOKRATIS-LAPTOP | User Name: Sokratis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/08 23:58:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sokratis\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/03/21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/24 19:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/03/24 19:31:00 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/12/31 09:17:32 | 000,230,752 | ---- | M] (Aladdin Knowledge Systems, Ltd.) -- C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe
PRC - [2009/12/31 09:17:24 | 000,012,640 | ---- | M] (Aladdin Knowledge Systems, Ltd.) -- C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe
PRC - [2009/06/09 16:03:16 | 000,077,824 | ---- | M] (mychat) -- C:\Program Files\BisonCam\BisonHK.exe
PRC - [2009/06/04 23:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/04/07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/07/16 13:24:20 | 001,351,680 | ---- | M] () -- C:\Program Files\Hotkey\Hotkey.exe
PRC - [2008/07/10 14:04:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Hotkey\PowerBiosServer.exe
PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/12/17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 10:07:16 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3796b55e377311245\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/12 09:35:38 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MOD - [2011/10/12 09:35:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 09:35:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 09:35:04 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 09:34:49 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 09:34:43 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/07/14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/03/12 14:45:32 | 000,135,168 | ---- | M] () -- C:\PROGRA~1\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL
MOD - [2009/02/18 21:57:54 | 000,028,672 | ---- | M] () -- C:\Program Files\BisonCam\KBHookDLL.dll
MOD - [2008/11/21 12:58:42 | 000,057,344 | ---- | M] () -- C:\PROGRA~1\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll
MOD - [2008/07/16 13:24:20 | 001,351,680 | ---- | M] () -- C:\Program Files\Hotkey\Hotkey.exe
MOD - [2007/03/29 14:11:10 | 000,217,088 | ---- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\QtXml4.dll
MOD - [2007/03/27 19:06:46 | 000,131,072 | R--- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\plugins\imageformats\qjpeg1.dll
MOD - [2007/03/27 19:04:00 | 005,529,600 | R--- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\QtGui4.dll
MOD - [2007/03/27 19:04:00 | 001,466,368 | R--- | M] () -- C:\Program Files\Aladdin\eToken\PKIClient\x32\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/06/01 19:02:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/24 19:39:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/03/24 19:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/12/31 09:17:24 | 000,012,640 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Auto | Running] -- C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe -- (eTSrv)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008/07/10 14:04:14 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2007/12/17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/03/31 02:13:28 | 000,379,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2010/03/24 19:33:56 | 000,096,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2010/03/24 19:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/24 19:23:54 | 000,133,512 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2009/07/25 23:12:08 | 001,182,320 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009/07/14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 02:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/07/14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 00:02:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Πρόγραμμα οδήγησης προσαρμογέα Intel(R)
DRV - [2009/03/12 10:11:12 | 000,113,504 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/02/10 16:38:00 | 007,547,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/29 15:40:04 | 000,048,296 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aksifdh.sys -- (AKSIFDH)
DRV - [2008/07/29 15:40:04 | 000,034,472 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksup.sys -- (AKSUP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://gr.msn.com/?mkt=el-gr&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = el-GR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D 9C F5 8F 8D 9F CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 11:36:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/02 20:15:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/06/01 18:55:49 | 000,000,000 | ---D | M]

[2011/11/05 20:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sokratis\AppData\Roaming\mozilla\Extensions
[2011/11/05 20:18:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sokratis\AppData\Roaming\mozilla\Firefox\Profiles\owfdzacx.default\extensions
[2011/11/05 20:18:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sokratis\AppData\Roaming\mozilla\Firefox\Profiles\owfdzacx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/10 11:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/06/01 17:36:32 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/10/25 06:42:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\SOKRATIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OWFDZACX.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\SOKRATIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OWFDZACX.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2011/11/10 11:36:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/29 03:27:38 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 03:27:38 | 000,000,760 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/29 03:27:38 | 000,001,219 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-el.xml

O1 HOSTS File: ([2011/11/10 11:13:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BisonHK] C:\Program Files\BisonCam\BisonHK.exe (mychat)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [eTMonitor] C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe (Aladdin Knowledge Systems, Ltd.)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotkeyOSD Software] C:\Program Files\Hotkey\HotKey.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AF60B41-BD08-4D7B-84A5-B18C5115C8EC}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6773B106-CEB4-45A4-BFEA-1B79D2F3067A}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 11:15:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/10 11:15:37 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Local\temp
[2011/11/10 00:44:45 | 004,287,988 | R--- | C] (Swearware) -- C:\Users\Sokratis\Desktop\ComboFix.exe
[2011/11/10 00:08:28 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Sokratis\Desktop\aswMBR.exe
[2011/11/09 18:14:09 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\Desktop\GooredFix Backups
[2011/11/09 18:13:22 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Sokratis\Desktop\GooredFix.exe
[2011/11/09 08:14:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/08 23:57:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sokratis\Desktop\OTL.exe
[2011/11/08 11:58:15 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\Desktop\cleaning tools
[2011/11/07 19:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/07 19:28:20 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/07 19:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/07 17:18:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/07 17:18:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/07 17:18:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/07 17:16:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/07 17:16:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/05 20:10:50 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\Mozilla
[2011/11/05 17:16:17 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\Desktop\diagoras
[2011/11/05 14:50:39 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\Malwarebytes
[2011/11/05 14:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/02 20:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/02 20:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/31 16:03:58 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoft
[2011/10/31 16:03:51 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/10/31 15:42:09 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\Documents\DVDVideoSoft
[2011/10/29 12:19:21 | 000,000,000 | ---D | C] -- C:\Users\Sokratis\AppData\Local\FileServe Manager
[2011/10/29 12:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\FileServe Manager
[2011/10/29 12:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\FileServe Limited
[2011/10/29 12:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Web Installer
[2011/10/25 08:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/12 20:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/12 20:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/12 20:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/12 20:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/15 09:55:29 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Sokratis\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/11/10 20:58:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/10 20:57:56 | 2388,303,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/10 20:56:52 | 000,029,428 | ---- | M] () -- C:\Users\Sokratis\Desktop\OriginalMessage.eml
[2011/11/10 17:36:35 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 17:36:35 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 11:41:01 | 000,001,107 | ---- | M] () -- C:\Users\Sokratis\Application Data\Microsoft\Internet Explorer\Quick Launch\Εκκίνηση του Microsoft Office Outlook.lnk
[2011/11/10 11:13:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/10 10:51:11 | 004,287,988 | R--- | M] (Swearware) -- C:\Users\Sokratis\Desktop\ComboFix.exe
[2011/11/10 00:26:25 | 000,000,512 | ---- | M] () -- C:\Users\Sokratis\Desktop\MBR.dat
[2011/11/10 00:08:37 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Sokratis\Desktop\aswMBR.exe
[2011/11/09 22:48:42 | 000,289,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/09 22:32:46 | 000,001,205 | ---- | M] () -- C:\Users\Sokratis\Desktop\cmd.lnk
[2011/11/09 22:27:48 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/09 22:27:48 | 000,559,960 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2011/11/09 22:27:48 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/09 22:27:48 | 000,089,586 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2011/11/09 18:13:23 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Sokratis\Desktop\GooredFix.exe
[2011/11/08 23:58:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sokratis\Desktop\OTL.exe
[2011/11/08 16:40:45 | 000,080,820 | ---- | M] () -- C:\Users\Sokratis\Desktop\Ika_payment001.jpg
[2011/11/08 12:12:54 | 286,003,328 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/31 17:03:25 | 004,525,314 | ---- | M] () -- C:\Users\Sokratis\Desktop\Stoys pente anemous.mp3
[2011/10/29 13:37:14 | 005,999,297 | ---- | M] () -- C:\Users\Sokratis\Desktop\Pittbull VS. Kitten.wmv
[2011/10/12 20:47:37 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/11/10 00:26:25 | 000,000,512 | ---- | C] () -- C:\Users\Sokratis\Desktop\MBR.dat
[2011/11/09 22:32:36 | 000,001,205 | ---- | C] () -- C:\Users\Sokratis\Desktop\cmd.lnk
[2011/11/08 16:40:45 | 000,080,820 | ---- | C] () -- C:\Users\Sokratis\Desktop\Ika_payment001.jpg
[2011/11/07 17:18:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/07 17:18:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/07 17:18:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/07 17:18:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/07 17:18:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/05 20:10:31 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/31 17:03:04 | 004,525,314 | ---- | C] () -- C:\Users\Sokratis\Desktop\Stoys pente anemous.mp3
[2011/10/29 13:36:52 | 005,999,297 | ---- | C] () -- C:\Users\Sokratis\Desktop\Pittbull VS. Kitten.wmv
[2011/10/12 20:47:37 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/10 05:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/03/21 22:13:17 | 000,004,096 | -H-- | C] () -- C:\Users\Sokratis\AppData\Local\keyfile3.drm
[2011/03/15 23:34:25 | 000,009,350 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\Τιμές οριοθετημένες με κόμματα (Windows).EML
[2011/01/03 20:08:07 | 000,038,450 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\Τιμές οριοθετημένες με κόμματα (Windows).ADR
[2010/08/04 22:20:42 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/08/04 22:20:42 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/08/04 22:20:42 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/08/04 22:20:42 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/08/04 22:20:42 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/08/04 22:20:42 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/08/04 22:20:42 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/08/04 22:20:42 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/08/04 22:20:42 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/08/04 22:20:42 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/08/04 22:20:42 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/08/04 22:20:42 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/08/04 22:20:42 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/08/04 22:20:42 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/08/04 22:20:42 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/08/04 22:20:42 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/08/04 22:20:42 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/08/04 22:20:42 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/08/04 22:20:42 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/06/15 09:55:29 | 000,007,887 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\pcouffin.cat
[2010/06/15 09:55:29 | 000,001,144 | ---- | C] () -- C:\Users\Sokratis\AppData\Roaming\pcouffin.inf
[2010/06/01 18:07:01 | 000,000,380 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/01 17:38:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/01 17:27:00 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/06/01 17:27:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/06/01 17:26:54 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/01 17:26:53 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/06/01 17:26:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/25 00:23:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/03/25 00:23:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/11/26 18:48:43 | 000,000,228 | ---- | C] () -- C:\Windows\OEM.ini
[2009/11/26 18:48:42 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/10/02 18:01:39 | 000,369,984 | ---- | C] () -- C:\Windows\System32\perfi008.dat
[2009/10/02 18:01:38 | 000,559,960 | ---- | C] () -- C:\Windows\System32\perfh008.dat
[2009/10/02 18:01:38 | 000,089,586 | ---- | C] () -- C:\Windows\System32\perfc008.dat
[2009/10/02 18:01:38 | 000,045,182 | ---- | C] () -- C:\Windows\System32\perfd008.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,289,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/04/24 14:47:04 | 000,005,697 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/04/28 20:38:45 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\AnvSoft
[2011/01/17 17:51:20 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Big Fish Games
[2010/10/07 12:33:04 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Dragon Altar Games
[2011/10/31 16:04:00 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoft
[2011/10/31 16:03:52 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/10/07 15:03:41 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Enki Games
[2011/09/26 14:43:06 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Epson
[2010/10/25 18:03:06 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\IronCode
[2010/10/11 12:35:09 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Mutant Arcade
[2011/05/16 18:43:50 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\PlayFirst
[2010/06/02 22:08:31 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\PMS
[2010/10/10 16:38:23 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\PoBros
[2011/03/21 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Rovio
[2011/03/10 14:53:04 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\TeamViewer
[2010/10/05 14:25:23 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Vogat Interactive
[2011/03/18 20:33:45 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Vso
[2010/11/22 15:32:48 | 000,000,000 | ---D | M] -- C:\Users\Sokratis\AppData\Roaming\Windows Live Writer
[2011/08/09 13:35:15 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1081 bytes -> C:\Users\Sokratis\Desktop\OriginalMessage.eml:OECustomProperty

< End of report >
 
Yes, I think I can. I also opened IE, went through options to search engines, and this time I was able to remove "google-feed.net". And firefox is working great all day..
 
Cool beans :)

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Security Check log:

Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

ESET NOD32 Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 29
Adobe Flash Player 11.0.1.152
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````
 
Ok, so TFC produced no log. ESET log follows:

C:\marilena\tools\VSOCXTDVD4.0.12.327.rar a variant of Win32/Keygen.AS application deleted - quarantined
C:\marilena\tools\ConvertXtoDVD\Keygen.rar a variant of Win32/Keygen.AS application deleted - quarantined
C:\marilena\tools\nero8\Nero 8 Ultra Edition 8.3.2.1 English Full\Nero-8.3.2.1_eng_trial.exe Win32/Toolbar.AskSBar application deleted - quarantined


Should I check "uninstall application on close" or do we still need it?
 
You can uninstall it.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Run OTL, log file follows. Moving on with removing all the rest..

So far so good; everything looks super, even better than it used to be (should be after all this cleanup!!)

I hope I didn't bother you that much with my problem; thanx again for taking the time to deal with this, I very much appreciate it :)


OTL log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sokratis
->Temp folder emptied: 2375 bytes
->Temporary Internet Files folder emptied: 391695 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38211571 bytes
->Flash cache emptied: 456 bytes

User: turbo-x
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4096 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 37,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Sokratis
->Flash cache emptied: 0 bytes

User: turbo-x
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 11102011_233644

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Back