Log on to site takes me to add additional info spoof page

Hello,
I have been trying to deal with a problem on my laptop for quite some time. I’ll try to explain simply as I am not advanced computer tech.
This is what happens. I have a router at home which I connect with ethernet onto my laptop. I’ve had the modem for quite some time. As I was browsing a site Avast warned me that a trojan was trying to get through. Before I had a chance to close the window I noticed on the task bar some file was installing.Nothing I recognized and I couldn’t stop it. I then kept getting the blue screen of death, couldn’t restart or shut the computer properly. I couldn’t get on sites without an add additional information bogus page getting in the way. Malware bytes and Avast came up with nothing.
I had the laptop checked by a technician who said it was a virus and that he removed it. He recommended to format drive c. It was a bit expensive so I said I will do it myself, which I did.

Now, no more Blue screen of death. I was able to log on to sites without the bogus page popping up.
It’s been a few days now that it’s happening again.Everytime I try to get on sites that I have to log on particularly Ebay, Paypal I can log on but then I still get taken to a page that asks for additional information, credit card numbers and expiration dates etc. Obviously something is wrong. The address bar and secure icons tell me I’m on the correct secure sites but logic tells me otherwise. This is true for IE8 and Mozilla.
The strange part is that if I use another router at work for example or a hotspot I can log on without the bogus addional info page.
If I connect a desk top or another laptop to my home’s router I can also log on without a problem.

I’ve narrowed it to my laptop and my home router as the problem. Is there anything I can do to do to correct this problem?
Malware bytes, microsoft security essentials have not found any viruses or anything else.

Any help is greatly appreciated.

Thank you in advance!

Have you tried going into your router and seeing that nothing has been changed? (proxys, etc?). although that would be more the work of a local hacker than of a virus.

If you laptop works fine in other scenarios consistently, then it’s something to do with how your router is working with your laptop.

Maybe contact your ISP, they might be able to help (or see if a different router would stop these pages)

Yes I called my ISP but they say the router is fine. The thing is this doesn’t happen all the time. I can log on certain times and then all of a sudden I am asked to log on again and the bogus page appears after I enter username and password. This morning I logged on fine, then it happened again so I shut the computer off. When I opened it again it was fine. So it’s an on and off thing. Very annoying and I don’t know where to look. I just did another malwarebytes scan and it says all clean.

This maybe an infection of Win32:Expiro. Avast 5 should cure this virus.

http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_EXPIRO.A&VSect=T

That sounds possible. I downloaded avast 5 and did a full system scan. Nothing showed up. No infected files…

This happened again today while I was using the internet connection at work. So it must be something on my computer and nothing to do with the router.
It was fine all day until I had to restart my computer. I tried to open Mozilla but it crashed. I opened IE and tried to log on to a site and I got the bogus page again. I closed the browser and did a malwarbytes quick scan. It found this:
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.

and said to restart computer. I did but when I got on again Mozilla won’t open and IE doesn’t let me get passed the bogus page for the site I want to enter. I redid a quick scan but it didn’t find anything else.
Any tips as to what I should do next?

I am also having this problem now. Everytime I turn on my laptop I get a warning that windows firewall has been turned off.
I turn it on but the next time i open the computer it’s off again?

Can anyone tell me if Avast 5.0.462 turns off windows firewall?
Is it something else?

Avast does not turn off the firewall

I would suspect an infected router , or you have visited a dodgy site

Download OTL to your Desktop

[]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[
]Under the Custom Scan box paste this in

[b]netsvcs
%SYSTEMDRIVE%*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32*.dll /lockedfiles
%systemroot%\Tasks*.job /lockedfiles
%systemroot%\system32\drivers*.sys /lockedfiles /all
%systemroot%\System32\config*.sav

[/b]

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Hi Essexboy,
Thank you very much for your reply. I am sorry I didn’t see it until today.
I read your topic with logs to assist in cleaning malware and also posted a topic at geekstogo.
http://www.geekstogo.com/forum/Have-my-browsers-been-hijacked-t273559.html&st=15
Idtate has helped me remove one infection. He noticed another one and we are working on that right now.

I will post the logs you requested.I also have a HAMeb log which detected an MBR rootkit infection.
Idtate suggested that I run Helpasst_mebroot_fix.exe but I can’t get it to work. I try to run it but it gives me a small blue screen that says please wait and then it disappears. I left it for 2 hours and I don’t see anything happening. I am not sure if the infection is not letting it run.

Thank you again for replying to my topic.

OTL logfile created on: 12/4/2010 7:30:22 μμ - Run 7
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Alexandra\Τα έγγραφά μου\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

1.022,00 Mb Total Physical Memory | 529,00 Mb Available Physical Memory | 52,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 22,37 Gb Free Space | 60,04% Space Free | Partition Type: NTFS
Drive D: | 48,91 Gb Total Space | 39,59 Gb Free Space | 80,94% Space Free | Partition Type: NTFS
Drive E: | 6,99 Gb Total Space | 2,40 Gb Free Space | 34,28% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: *****
Current User Name: Alexandra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/07 01:49:50 | 000,561,664 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Alexandra\Τα έγγραφά μου\Downloads\OTL.exe
PRC - [2010/04/03 13:39:50 | 000,039,408 | ---- | M] (Google Inc.) – C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/03/09 13:24:10 | 002,769,336 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/03/09 13:24:08 | 000,040,384 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/12/08 21:04:34 | 001,324,400 | ---- | M] (Sony Corporation) – C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) – C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 19:30:35 | 001,038,336 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe
PRC - [2005/06/17 17:54:12 | 000,143,360 | ---- | M] (Sony Corporation) – C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
PRC - [2005/06/15 11:17:44 | 000,167,936 | ---- | M] (Sony Corporation) – C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/06/15 11:17:44 | 000,135,168 | ---- | M] (Sony Corporation) – C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/06/15 11:17:38 | 000,270,336 | ---- | M] (Sony Corporation) – C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/06/03 01:49:40 | 000,372,809 | ---- | M] (Intel Corporation ) – C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/06/03 01:47:44 | 000,086,016 | ---- | M] (Intel Corporation) – C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/06/03 01:46:28 | 000,139,264 | ---- | M] (Intel Corporation) – C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/05/20 17:41:42 | 000,153,600 | ---- | M] (Sony Corporation) – C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2005/05/15 05:51:24 | 000,184,320 | ---- | M] (Sony Corporation) – C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2005/03/03 21:47:18 | 000,483,328 | ---- | M] (Adobe Systems Inc.) – C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () – C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () – C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2004/07/06 14:15:38 | 000,040,960 | R— | M] (Utimaco Safeware AG) – C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
PRC - [2004/02/20 14:12:34 | 000,032,768 | ---- | M] (Sony Corporation) – C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2003/11/07 11:21:28 | 000,114,688 | ---- | M] (Alps Electric Co., Ltd.) – C:\Program Files\Apoint\Apoint.exe
PRC - [2003/02/26 05:08:42 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) – C:\Program Files\Apoint\ApntEx.exe
PRC - [2002/03/14 16:46:58 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) – C:\WINDOWS\system32\ico.exe

========== Modules (SafeList) ==========

MOD - [2010/04/07 01:49:50 | 000,561,664 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Alexandra\Τα έγγραφά μου\Downloads\OTL.exe
MOD - [2009/05/24 22:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) – C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2009/03/06 04:33:26 | 000,961,888 | ---- | M] (Microsoft Corporation) – C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2009/02/12 15:19:38 | 000,178,040 | ---- | M] (Microsoft Corporation) – C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) – C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2008/10/25 11:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) – C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
MOD - [2008/10/24 21:15:54 | 000,626,688 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
MOD - [2008/10/24 21:15:54 | 000,096,256 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
MOD - [2008/04/14 19:29:35 | 000,586,240 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\mlang.dll
MOD - [2008/04/14 19:29:22 | 000,060,416 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\cabinet.dll
MOD - [2008/04/13 20:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\rsaenh.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/03/09 13:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Web Scanner)
SRV - [2010/03/09 13:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Mail Scanner)
SRV - [2010/03/09 13:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Antivirus)
SRV - [2009/12/08 21:04:34 | 000,673,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] – C:\Program Files\Sony\VAIO Update 5\VUAgent.exe – (VUAgent)
SRV - [2005/06/17 19:04:48 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] – C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe – (VAIO Entertainment Task Scheduler)
SRV - [2005/06/17 17:54:12 | 000,143,360 | ---- | M] (Sony Corporation) [On_Demand | Running] – C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe – (VAIO Entertainment Aggregation and Control Service)
SRV - [2005/06/15 11:17:46 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] – C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe – (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/06/15 11:17:44 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] – C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe – (VzCdbSvc)
SRV - [2005/06/15 11:17:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] – C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe – (VzFw)
SRV - [2005/06/15 11:17:38 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] – C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe – (Vcsw)
SRV - [2005/06/07 09:58:28 | 001,851,392 | ---- | M] (Sony Corporation) [On_Demand | Stopped] – C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe – (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/06/07 03:44:10 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] – C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe – (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/06/07 03:38:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] – C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe – (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/06/07 03:37:14 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] – C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe – (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/06/07 01:32:54 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] – C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe – (MSCSPTISRV)
SRV - [2005/06/07 01:28:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] – C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe – (PACSPTISVR)
SRV - [2005/06/07 01:22:34 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] – C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe – (SPTISRV)
SRV - [2005/06/03 05:21:00 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] – C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe – (SSScsiSV)
SRV - [2005/06/03 01:49:40 | 000,372,809 | ---- | M] (Intel Corporation ) [Auto | Running] – C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe – (S24EventMonitor)
SRV - [2005/06/03 01:47:44 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] – C:\Program Files\Intel\Wireless\Bin\EvtEng.exe – (EvtEng)
SRV - [2005/06/03 01:46:28 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] – C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe – (RegSrvc)
SRV - [2005/05/20 17:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] – C:\Program Files\Sony\VAIO Event Service\VESMgr.exe – (VAIO Event Service)
SRV - [2005/04/05 13:06:36 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] – C:\Program Files\Sony\Image Converter 2\IcVzMon.exe – (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () [Auto | Running] – C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe – (AdobeActiveFileMonitor)
SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Auto | Running] – C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe – (PhotoshopElementsDeviceConnect)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF - prefs.js…browser.startup.homepage: “http://www.ebay.com/
FF - prefs.js…extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 22:04:22 | 000,000,000 | —D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/11 20:20:06 | 000,000,000 | —D | M]

[2010/04/02 22:04:44 | 000,000,000 | —D | M] – C:\Documents and Settings\Alexandra\Application Data\Mozilla\Extensions
[2010/04/12 02:11:25 | 000,000,000 | —D | M] – C:\Documents and Settings\Alexandra\Application Data\Mozilla\Firefox\Profiles\j9f4m1dd.default\extensions
[2010/04/07 14:07:31 | 000,000,000 | —D | M] (Google Toolbar for Firefox) – C:\Documents and Settings\Alexandra\Application Data\Mozilla\Firefox\Profiles\j9f4m1dd.default\extensions{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/12 02:11:25 | 000,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 19:56:49 | 000,001,538 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 19:56:50 | 000,000,947 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 19:56:50 | 000,000,769 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 19:56:50 | 000,001,135 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/09/07 15:00:00 | 000,000,944 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM…\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM…\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM…\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM…\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM…\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM…\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM…\Run: [VAIO Update 5] C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki… - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Έξυπνη επιλογή HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe ()
O9 - Extra ‘Tools’ menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe ()
O15 - HKCU..Trusted Domains: sony-europe.com (* in Αξιόπιστες τοποθεσίες)
O15 - HKCU..Trusted Domains: sonystyle-europe.com (* in Αξιόπιστες τοποθεσίες)
O15 - HKCU..Trusted Domains: vaio-link.com (* in Αξιόπιστες τοποθεσίες)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Τρέχουσα αρχική σελίδα) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1280x800.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/07/20 12:01:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [ NTFS ]
O32 - AutoRun File - [2005/01/28 09:39:16 | 000,045,056 | R— | M] (Sony Digital Netowrk Applications, Inc.) - E:\autorun.exe – [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk ) - File not found
O35 - HKLM..comfile [open] – “%1” %

O35 - HKLM..exefile [open] – “%1” %*
O37 - HKLM.…com [@ = comfile] – “%1” %*
O37 - HKLM.…exe [@ = exefile] – “%1” %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/12 13:03:55 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Application Data\Windows Search
[2010/04/11 23:46:01 | 000,278,016 | ---- | C] (SteelWerX) – C:\WINDOWS\swreg.exe
[2010/04/11 20:20:38 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/11 20:20:37 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Java
[2010/04/11 20:19:45 | 000,000,000 | —D | C] – C:\Program Files\Java
[2010/04/11 20:16:45 | 000,000,000 | —D | C] – C:\Sun
[2010/04/11 18:56:15 | 000,000,000 | --SD | C] – C:\ComboFix
[2010/04/11 18:41:24 | 000,000,000 | --SD | M] – C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/11 11:38:10 | 000,000,000 | -HSD | C] – C:\RECYCLER
[2010/04/10 20:08:14 | 000,000,000 | —D | C] – C:\WINDOWS\Sun
[2010/04/10 14:03:30 | 000,000,000 | —D | C] – C:\WINDOWS\temp
[2010/04/09 21:22:42 | 000,000,000 | —D | C] – C:\WINDOWS\Minidump
[2010/04/09 21:09:47 | 000,000,000 | RHSD | C] – C:\cmdcons
[2010/04/09 18:55:01 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Application Data\Sun
[2010/04/09 17:50:24 | 000,000,000 | —D | M] – C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/09 17:49:06 | 000,000,000 | —D | C] – C:\WINDOWS\Prefetch
[2010/04/09 17:33:13 | 000,000,000 | —D | C] – C:\WINDOWS\l2schemas
[2010/04/09 17:33:12 | 000,000,000 | —D | C] – C:\WINDOWS\System32\el
[2010/04/09 17:33:12 | 000,000,000 | —D | C] – C:\WINDOWS\System32\bits
[2010/04/09 17:22:53 | 000,000,000 | —D | C] – C:\WINDOWS\network diagnostic
[2010/04/09 17:17:48 | 000,000,000 | -H-D | C] – C:\WINDOWS$NtServicePackUninstall$
[2010/04/09 17:17:46 | 000,000,000 | —D | C] – C:\WINDOWS\EHome
[2010/04/09 17:07:52 | 000,000,000 | —D | C] – C:\Update
[2010/04/08 13:05:21 | 000,000,000 | —D | C] – C:\WINDOWS\ERDNT
[2010/04/08 13:03:49 | 000,000,000 | —D | C] – C:\Program Files\ERUNT
[2010/04/07 14:45:10 | 000,000,000 | —D | C] – C:\WINDOWS\pss
[2010/04/06 19:59:01 | 000,162,640 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/06 19:59:01 | 000,019,024 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/06 19:58:59 | 000,023,376 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/06 19:58:58 | 000,046,672 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/06 19:58:55 | 000,100,432 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/06 19:58:55 | 000,094,800 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/06 19:58:55 | 000,028,880 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/06 19:58:28 | 000,153,184 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\aswBoot.exe
[2010/04/06 19:58:28 | 000,038,848 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\avastSS.scr
[2010/04/06 19:58:14 | 000,000,000 | —D | C] – C:\Program Files\Alwil Software
[2010/04/06 19:58:14 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/06 11:13:19 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Application Data\HP
[2010/04/06 11:09:09 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/04/06 10:43:09 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/04/06 10:43:09 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\HP
[2010/04/06 10:42:42 | 000,000,000 | —D | C] – C:\Program Files\Hewlett-Packard
[2010/04/06 10:42:35 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Hewlett-Packard
[2010/04/06 10:42:14 | 000,000,000 | —D | C] – C:\Program Files\Common Files\HP
[2010/04/06 10:40:41 | 000,000,000 | —D | C] – C:\Program Files\HP
[2010/04/06 10:40:24 | 000,000,000 | —D | C] – C:\Config.Msi
[2010/04/06 10:21:30 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/04/06 10:20:10 | 000,000,000 | —D | C] – C:\WINDOWS\System32\DRVSTORE
[2010/04/04 23:18:23 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Application Data\U3
[2010/04/04 22:30:08 | 000,000,000 | —D | C] – C:\Program Files\7-Zip
[2010/04/04 02:17:53 | 000,000,000 | —D | C] – C:\WINDOWS\ServicePackFiles
[2010/04/04 02:16:08 | 000,000,000 | —D | C] – C:\Program Files\MSXML 4.0
[2010/04/03 14:57:09 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Local Settings\Application Data\PCHealth
[2010/04/03 14:54:20 | 000,000,000 | —D | M] – C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/04/03 14:37:05 | 000,000,000 | —D | M] – C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/04/03 14:33:08 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/04/03 13:45:07 | 000,000,000 | —D | M] – C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/03 13:45:00 | 000,000,000 | —D | M] – C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/04/03 13:45:00 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Local Settings\Application Data\Temp
[2010/04/03 13:40:21 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Application Data\Google
[2010/04/03 13:39:43 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Google
[2010/04/03 13:37:46 | 000,000,000 | -HSD | C] – C:\Documents and Settings\Alexandra\PrivacIE
[2010/04/03 13:24:42 | 000,000,000 | -HSD | C] – C:\Documents and Settings\Alexandra\IETldCache
[2010/04/03 13:22:20 | 000,000,000 | —D | C] – C:\WINDOWS\ie8updates
[2010/04/03 13:21:43 | 000,000,000 | —D | C] – C:\WINDOWS\WBEM
[2010/04/03 13:20:20 | 000,000,000 | -H-D | C] – C:\WINDOWS\ie8
[2010/04/03 12:37:44 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Local Settings\Application Data\Identities
[2010/04/03 12:37:39 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Application Data\Windows Desktop Search
[2010/04/03 12:33:36 | 000,000,000 | —D | C] – C:\Program Files\Windows Desktop Search
[2010/04/03 12:33:35 | 000,000,000 | —D | C] – C:\WINDOWS\System32\GroupPolicy
[2010/04/03 12:33:35 | 000,000,000 | —D | C] – C:\WINDOWS\System32\el-GR
[2010/04/03 12:06:07 | 000,000,000 | —D | C] – C:\Program Files\MSBuild
[2010/04/03 12:05:33 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Visual Studio
[2010/04/03 12:05:33 | 000,000,000 | —D | C] – C:\Program Files\Common Files\DESIGNER
[2010/04/03 11:58:07 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Local Settings\Application Data\Microsoft Help
[2010/04/03 11:57:45 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/04/03 10:38:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/03 10:38:17 | 000,020,824 | ---- | C] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/03 10:38:17 | 000,000,000 | —D | C] – C:\Program Files\Malwarebytes’ Anti-Malware
[2010/04/03 06:54:38 | 000,000,000 | -HSD | C] – C:\System Volume Information
[2010/04/03 01:56:49 | 000,000,000 | —D | C] – C:\WINDOWS\System32\PreInstall
[2010/04/02 23:45:54 | 000,000,000 | —D | C] – C:\Program Files\Windows Live Safety Center
[2010/04/02 22:43:12 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Application Data\Malwarebytes
[2010/04/02 22:43:02 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/02 22:40:58 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Τα έγγραφά μου\Downloads
[2010/04/02 22:04:21 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Local Settings\Application Data\Mozilla
[2010/04/02 22:04:21 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Application Data\Mozilla
[2010/04/02 22:04:12 | 000,000,000 | —D | C] – C:\Program Files\Mozilla Firefox
[2010/04/02 21:28:41 | 000,000,000 | —D | C] – C:\WINDOWS\SHELLNEW
[2010/04/02 21:28:10 | 000,000,000 | R–D | C] – C:\MSOCache
[2010/04/02 21:27:13 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Office
[2010/04/02 21:25:49 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Works

[2010/04/02 21:24:30 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Local Settings\Application Data\Adobe
[2010/04/02 21:23:41 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Documents\Adobe PDF
[2010/04/02 21:20:21 | 000,000,000 | —D | C] – C:\Program Files\Microsoft SQL Server
[2010/04/02 21:19:03 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
[2010/04/02 21:18:56 | 000,000,000 | —D | C] – C:\Program Files\Moodlogic HTML
[2010/04/02 21:18:49 | 000,000,000 | —D | C] – C:\Program Files\MoodLogic
[2010/04/02 21:18:05 | 000,061,440 | ---- | C] (QSound Labs, Inc.) – C:\WINDOWS\System32\SonyAIwo.dll
[2010/04/02 21:18:05 | 000,052,736 | ---- | C] (QSound Labs, Inc.) – C:\WINDOWS\System32\SonyAIds.dll
[2010/04/02 21:18:05 | 000,042,496 | ---- | C] (QSound Labs, Inc.) – C:\WINDOWS\System32\SonyAIwd.dll
[2010/04/02 21:17:25 | 000,757,760 | ---- | C] (Gracenote) – C:\WINDOWS\System32\CDDBUI.dll
[2010/04/02 21:17:24 | 000,630,784 | ---- | C] (Gracenote (formerly CDDB, Inc.)) – C:\WINDOWS\System32\CDDBControl.dll
[2010/04/02 21:15:10 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Sonic Shared
[2010/04/02 21:12:20 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\ImageConverter2
[2010/04/02 21:09:47 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Application Data\Macromedia
[2010/04/02 21:09:47 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Application Data\Identities
[2010/04/02 21:09:47 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Application Data\Adobe
[2010/04/02 21:09:46 | 000,000,000 | --SD | C] – C:\Documents and Settings\Alexandra\Application Data\Microsoft
[2010/04/02 21:09:46 | 000,000,000 | RH-D | C] – C:\Documents and Settings\Alexandra\SendTo
[2010/04/02 21:09:46 | 000,000,000 | RH-D | C] – C:\Documents and Settings\Alexandra\Recent
[2010/04/02 21:09:46 | 000,000,000 | RH-D | C] – C:\Documents and Settings\Alexandra\Application Data
[2010/04/02 21:09:46 | 000,000,000 | R–D | C] – C:\Documents and Settings\Alexandra\Τα έγγραφά μου
[2010/04/02 21:09:46 | 000,000,000 | R–D | C] – C:\Documents and Settings\Alexandra\Τα έγγραφά μου\Οι εικόνες μου
[2010/04/02 21:09:46 | 000,000,000 | R–D | C] – C:\Documents and Settings\Alexandra\Τα έγγραφά μου\Η μουσική μου
[2010/04/02 21:09:46 | 000,000,000 | R–D | C] – C:\Documents and Settings\Alexandra\Start Menu
[2010/04/02 21:09:46 | 000,000,000 | R–D | C] – C:\Documents and Settings\Alexandra\Favorites
[2010/04/02 21:09:46 | 000,000,000 | -HSD | C] – C:\Documents and Settings\Alexandra\Cookies
[2010/04/02 21:09:46 | 000,000,000 | -H-D | C] – C:\Documents and Settings\Alexandra\Templates
[2010/04/02 21:09:46 | 000,000,000 | -H-D | C] – C:\Documents and Settings\Alexandra\PrintHood
[2010/04/02 21:09:46 | 000,000,000 | -H-D | C] – C:\Documents and Settings\Alexandra\NetHood
[2010/04/02 21:09:46 | 000,000,000 | -H-D | C] – C:\Documents and Settings\Alexandra\Local Settings
[2010/04/02 21:09:46 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Επιφάνεια εργασίας
[2010/04/02 21:09:46 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Application Data\Symantec
[2010/04/02 21:09:46 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Application Data\Sony Corporation
[2010/04/02 21:09:46 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Local Settings\Application Data\Microsoft
[2010/04/02 21:09:46 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Local Settings\Application Data\Google
[2010/04/02 21:09:46 | 000,000,000 | —D | C] – C:\Documents and Settings\Alexandra\Local Settings\Application Data{3248F0A6-6813-11D6-A77B-00B0D0150030}
[2010/04/02 21:08:25 | 000,000,000 | —D | C] – C:\Program Files\Συντομεύσεις προγραμμάτων
[2010/04/02 21:07:43 | 000,000,000 | —D | C] – C:\WINDOWS\System32\SoftwareDistribution
[2005/07/20 12:01:14 | 000,000,000 | --SD | M] – C:\Documents and Settings\NetworkService\Application Data\Microsoft
[1 C:\WINDOWS\System32*.tmp files → C:\WINDOWS\System32*.tmp → ]
[1 C:\WINDOWS*.tmp files → C:\WINDOWS*.tmp → ]

========== Files - Modified Within 14 Days ==========

[2010/04/12 18:50:00 | 000,000,890 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/12 14:48:44 | 000,022,745 | ---- | M] () – C:\WINDOWS\System32\nvapps.xml
[2010/04/12 14:46:50 | 000,000,886 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/12 14:46:47 | 000,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT
[2010/04/12 14:46:39 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat
[2010/04/12 14:46:36 | 1072,156,672 | -HS- | M] () – C:\hiberfil.sys
[2010/04/12 14:17:05 | 004,718,592 | -H-- | M] () – C:\Documents and Settings\Alexandra\NTUSER.DAT
[2010/04/12 14:16:51 | 000,000,178 | -HS- | M] () – C:\Documents and Settings\Alexandra\ntuser.ini
[2010/04/12 13:17:42 | 000,001,158 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl
[2010/04/12 13:08:46 | 000,000,000 | ---- | M] () – C:\Documents and Settings\Alexandra\Y9Y9
[2010/04/12 13:04:57 | 000,000,608 | ---- | M] () – C:\WINDOWS\win.ini
[2010/04/12 13:04:57 | 000,000,281 | RHS- | M] () – C:\boot.ini
[2010/04/12 13:04:57 | 000,000,227 | ---- | M] () – C:\WINDOWS\system.ini
[2010/04/12 08:28:02 | 004,844,864 | -H-- | M] () – C:\Documents and Settings\Alexandra\Local Settings\Application Data\IconCache.db
[2010/04/12 02:05:15 | 000,489,288 | ---- | M] () – C:\Documents and Settings\Alexandra\Επιφάνεια εργασίας\HelpAsst_mebroot_fix.exe
[2010/04/11 18:36:01 | 000,001,864 | ---- | M] () – C:\Documents and Settings\Alexandra\Επιφάνεια εργασίας\Adobe Photoshop Elements 3.0 (2).lnk
[2010/04/11 11:11:00 | 000,004,608 | ---- | M] () – C:\Documents and Settings\Alexandra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/10 09:57:52 | 000,001,374 | ---- | M] () – C:\WINDOWS\imsins.BAK
[2010/04/09 17:55:14 | 000,904,958 | ---- | M] () – C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/09 17:55:14 | 000,441,750 | ---- | M] () – C:\WINDOWS\System32\perfh008.dat
[2010/04/09 17:55:14 | 000,332,672 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat
[2010/04/09 17:55:14 | 000,073,540 | ---- | M] () – C:\WINDOWS\System32\perfc008.dat
[2010/04/09 17:55:14 | 000,048,718 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat
[2010/04/09 17:53:14 | 000,076,008 | ---- | M] () – C:\Documents and Settings\Alexandra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/09 17:50:47 | 000,316,640 | ---- | M] () – C:\WINDOWS\WMSysPr9.prx
[2010/04/09 17:47:59 | 000,295,664 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/09 17:22:09 | 000,252,256 | RHS- | M] () – C:\ntldr
[2010/04/09 16:50:05 | 000,000,211 | ---- | M] () – C:\Boot.bak
[2010/04/08 13:03:52 | 000,000,615 | ---- | M] () – C:\Documents and Settings\Alexandra\Επιφάνεια εργασίας\NTREGOPT.lnk
[2010/04/08 13:03:52 | 000,000,596 | ---- | M] () – C:\Documents and Settings\Alexandra\Επιφάνεια εργασίας\ERUNT.lnk
[2010/04/08 10:05:08 | 000,000,603 | ---- | M] () – C:\Documents and Settings\Alexandra\Επιφάνεια εργασίας\Συντόμευση για το OTL.lnk
[2010/04/06 19:59:02 | 000,001,704 | ---- | M] () – C:\Documents and Settings\All Users\Επιφάνεια εργασίας\avast! Free Antivirus.lnk
[2010/04/06 19:58:56 | 000,003,023 | ---- | M] () – C:\WINDOWS\System32\CONFIG.NT
[2010/04/06 19:23:17 | 000,076,919 | ---- | M] () – C:\Documents and Settings\Alexandra\Τα έγγραφά μου\IP route table.docx
[2010/04/06 11:08:43 | 000,178,284 | ---- | M] () – C:\WINDOWS\hpoins28.dat
[2010/04/06 10:59:13 | 000,000,059 | ---- | M] () – C:\WINDOWS\WININIT.INI
[2010/04/06 10:46:39 | 000,001,862 | ---- | M] () – C:\Documents and Settings\All Users\Επιφάνεια εργασίας\HP Photosmart Essential 2.5.lnk
[2010/04/06 10:45:34 | 000,001,986 | ---- | M] () – C:\Documents and Settings\All Users\Επιφάνεια εργασίας\Shop for HP Supplies.lnk
[2010/04/06 10:44:12 | 000,001,812 | ---- | M] () – C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\HP Digital Imaging Monitor.lnk
[2010/04/06 10:43:28 | 000,000,866 | ---- | M] () – C:\Documents and Settings\All Users\Επιφάνεια εργασίας\Κέντρο λειτουργιών HP.lnk
[2010/04/03 18:15:44 | 000,000,162 | -H-- | M] () – C:\Documents and Settings\Alexandra\Τα έγγραφά μου~$Hello.docx
[2010/04/03 12:33:52 | 000,001,827 | ---- | M] () – C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Windows Search.lnk
[2010/04/03 10:38:22 | 000,000,700 | ---- | M] () – C:\Documents and Settings\All Users\Επιφάνεια εργασίας\Malwarebytes’ Anti-Malware.lnk
[2010/04/02 22:04:24 | 000,000,000 | ---- | M] () – C:\WINDOWS\nsreg.dat
[2010/04/02 22:04:16 | 000,001,606 | ---- | M] () – C:\Documents and Settings\All Users\Επιφάνεια εργασίας\Mozilla Firefox.lnk
[2010/04/02 21:33:11 | 000,001,386 | ---- | M] () – C:\WINDOWS\System32\SNYSPLST.OEM
[2010/04/02 21:33:11 | 000,000,028 | ---- | M] () – C:\WINDOWS\System32\SNYINST.OEM
[2010/04/02 21:33:07 | 000,031,184 | ---- | M] () – C:\WINDOWS\System32\Snyres.oem
[2010/04/02 21:30:05 | 000,000,376 | ---- | M] () – C:\WINDOWS\ODBC.INI
[2010/04/02 21:08:37 | 000,000,164 | ---- | M] () – C:\WINDOWS\System32$winnt$.inf
[2010/04/02 21:08:35 | 000,262,144 | ---- | M] () – C:\Documents and Settings\All Users\NTUSER.DAT
[2010/04/02 21:08:32 | 000,000,000 | RH-- | M] () – C:\WINDOWS\System32\drivers\Sony_VGN-FS315S.mrk
[1 C:\WINDOWS\System32*.tmp files → C:\WINDOWS\System32*.tmp → ]
[1 C:\WINDOWS*.tmp files → C:\WINDOWS*.tmp → ]

========== Files Created - No Company Name ==========

[2010/04/12 13:08:46 | 000,000,000 | ---- | C] () – C:\Documents and Settings\Alexandra\Y9Y9
[2010/04/12 13:04:57 | 000,001,827 | ---- | C] () – C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Windows Search.lnk
[2010/04/12 13:04:57 | 000,001,812 | ---- | C] () – C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\HP Digital Imaging Monitor.lnk
[2010/04/12 11:57:30 | 1072,156,672 | -HS- | C] () – C:\hiberfil.sys
[2010/04/12 02:05:13 | 000,489,288 | ---- | C] () – C:\Documents and Settings\Alexandra\Επιφάνεια εργασίας\HelpAsst_mebroot_fix.exe
[2010/04/11 23:46:01 | 000,082,944 | ---- | C] () – C:\WINDOWS\sed.exe
[2010/04/11 23:46:01 | 000,077,312 | ---- | C] () – C:\WINDOWS\mbr.exe
[2010/04/11 18:36:01 | 000,001,864 | ---- | C] () – C:\Documents and Settings\Alexandra\Επιφάνεια εργασίας\Adobe Photoshop Elements 3.0 (2).lnk
[2010/04/09 21:09:53 | 000,000,211 | ---- | C] () – C:\Boot.bak
[2010/04/09 21:09:49 | 000,260,272 | ---- | C] () – C:\cmldr
[2010/04/08 13:03:52 | 000,000,615 | ---- | C] () – C:\Documents and Settings\Alexandra\Επιφάνεια εργασίας\NTREGOPT.lnk
[2010/04/08 13:03:52 | 000,000,596 | ---- | C] () – C:\Documents and Settings\Alexandra\Επιφάνεια εργασίας\ERUNT.lnk
[2010/04/08 10:05:08 | 000,000,603 | ---- | C] () – C:\Documents and Settings\Alexandra\Επιφάνεια εργασίας\Συντόμευση για το OTL.lnk
[2010/04/06 19:59:02 | 000,001,704 | ---- | C] () – C:\Documents and Settings\All Users\Επιφάνεια εργασίας\avast! Free Antivirus.lnk
[2010/04/06 19:19:00 | 000,076,919 | ---- | C] () – C:\Documents and Settings\Alexandra\Τα έγγραφά μου\IP route table.docx
[2010/04/06 10:46:39 | 000,001,862 | ---- | C] () – C:\Documents and Settings\All Users\Επιφάνεια εργασίας\HP Photosmart Essential 2.5.lnk
[2010/04/06 10:45:34 | 000,001,986 | ---- | C] () – C:\Documents and Settings\All Users\Επιφάνεια εργασίας\Shop for HP Supplies.lnk
[2010/04/06 10:43:28 | 000,000,866 | ---- | C] () – C:\Documents and Settings\All Users\Επιφάνεια εργασίας\Κέντρο λειτουργιών HP.lnk
[2010/04/06 10:21:30 | 000,178,284 | ---- | C] () – C:\WINDOWS\hpoins28.dat
[2010/04/06 10:21:30 | 000,001,137 | ---- | C] () – C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/04/06 10:21:30 | 000,000,932 | ---- | C] () – C:\WINDOWS\hpomdl28.dat
[2010/04/05 20:15:37 | 000,004,608 | ---- | C] () – C:\Documents and Settings\Alexandra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/03 18:15:44 | 000,000,162 | -H-- | C] () – C:\Documents and Settings\Alexandra\Τα έγγραφά μου~$Hello.docx
[2010/04/03 13:40:06 | 000,000,890 | ---- | C] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/03 13:40:06 | 000,000,886 | ---- | C] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/03 12:45:24 | 000,067,866 | ---- | C] () – C:\WINDOWS\System32\drivers\netwlan5.img
[2010/04/03 12:45:12 | 000,129,045 | ---- | C] () – C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/04/03 12:43:21 | 000,064,352 | ---- | C] () – C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/04/03 10:38:22 | 000,000,700 | ---- | C] () – C:\Documents and Settings\All Users\Επιφάνεια εργασίας\Malwarebytes’ Anti-Malware.lnk
[2010/04/02 22:04:24 | 000,000,000 | ---- | C] () – C:\WINDOWS\nsreg.dat
[2010/04/02 22:04:16 | 000,001,606 | ---- | C] () – C:\Documents and Settings\All Users\Επιφάνεια εργασίας\Mozilla Firefox.lnk
[2010/04/02 21:30:09 | 000,000,836 | ---- | C] () – C:\Documents and Settings\All Users\Επιφάνεια εργασίας\Microsoft Office 2003 Edition 60 Day Trial.lnk
[2010/04/02 21:30:05 | 000,000,376 | ---- | C] () – C:\WINDOWS\ODBC.INI
[2010/04/02 21:15:55 | 000,000,059 | ---- | C] () – C:\WINDOWS\WININIT.INI
[2010/04/02 21:14:07 | 000,019,968 | ---- | C] () – C:\WINDOWS\System32\Cpuinf32.dll
[2010/04/02 21:09:46 | 000,000,178 | -HS- | C] () – C:\Documents and Settings\Alexandra\ntuser.ini
[2010/04/02 21:09:45 | 004,718,592 | -H-- | C] () – C:\Documents and Settings\Alexandra\NTUSER.DAT
[2010/04/02 21:09:45 | 000,001,024 | -H-- | C] () – C:\Documents and Settings\Alexandra\ntuser.dat.LOG
[2010/04/02 21:08:34 | 000,262,144 | ---- | C] () – C:\Documents and Settings\All Users\NTUSER.DAT
[2010/04/02 21:08:34 | 000,001,024 | -H-- | C] () – C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/04/02 21:08:32 | 000,000,000 | RH-- | C] () – C:\WINDOWS\System32\drivers\Sony_VGN-FS315S.mrk
[2008/05/26 22:22:52 | 000,017,986 | ---- | C] () – C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 22:22:50 | 000,022,822 | ---- | C] () – C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 22:22:48 | 000,017,066 | ---- | C] () – C:\WINDOWS\System32\gsrvctr.ini
[2005/07/20 15:31:11 | 000,000,061 | ---- | C] () – C:\WINDOWS\smscfg.ini
[2005/07/20 14:40:20 | 000,204,800 | ---- | C] () – C:\WINDOWS\System32\IVIresizeW7.dll
[2005/07/20 14:40:20 | 000,200,704 | ---- | C] () – C:\WINDOWS\System32\IVIresizeA6.dll
[2005/07/20 14:40:20 | 000,192,512 | ---- | C] () – C:\WINDOWS\System32\IVIresizeP6.dll
[2005/07/20 14:40:20 | 000,192,512 | ---- | C] () – C:\WINDOWS\System32\IVIresizeM6.dll
[2005/07/20 14:40:20 | 000,188,416 | ---- | C] () – C:\WINDOWS\System32\IVIresizePX.dll
[2005/07/20 14:40:20 | 000,020,480 | ---- | C] () – C:\WINDOWS\System32\IVIresize.dll
[2005/07/20 14:38:24 | 000,000,000 | ---- | C] () – C:\WINDOWS\VAIOUpdt.INI
[2005/07/20 05:48:10 | 000,003,560 | ---- | C] () – C:\WINDOWS\System32\oeminfo.ini
[2005/06/15 10:59:58 | 000,000,000 | ---- | C] () – C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2010/04/03 12:37:39 | 000,000,000 | —D | M] – C:\Documents and Settings\Alexandra\Application Data\Windows Desktop Search
[2010/04/12 13:03:55 | 000,000,000 | —D | M] – C:\Documents and Settings\Alexandra\Application Data\Windows Search
[2010/04/06 19:58:14 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\Alwil Software

========== Purity Check ==========

========== Custom Scans ==========

< * >
[2005/07/20 12:01:22 | 000,000,000 | ---- | M] () – \AUTOEXEC.BAT
[2010/04/09 16:50:05 | 000,000,211 | ---- | M] () – \Boot.bak
[2010/04/12 13:04:57 | 000,000,281 | RHS- | M] () – \boot.ini
[2004/09/07 15:00:00 | 000,004,952 | RHS- | M] () – \Bootfont.bin
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () – \cmldr
[2010/04/10 14:03:28 | 000,027,048 | ---- | M] () – \ComboFix.txt
[2005/07/20 12:01:22 | 000,000,000 | ---- | M] () – \CONFIG.SYS
[2010/04/12 10:48:26 | 000,000,110 | ---- | M] () – \HelpAsst.log
[2010/04/12 14:46:36 | 1072,156,672 | -HS- | M] () –
[2005/07/20 12:01:22 | 000,000,000 | RHS- | M] () – \IO.SYS
[2005/07/20 12:01:22 | 000,000,000 | RHS- | M] () – \MSDOS.SYS
[2004/09/07 15:00:00 | 000,047,564 | RHS- | M] () – \NTDETECT.COM
[2010/04/09 17:22:09 | 000,252,256 | RHS- | M] () – \ntldr
[2010/04/12 14:46:34 | 1610,612,736 | -HS- | M] () –

< >

< %SYSTEMDRIVE%*.* >
[2005/07/20 12:01:22 | 000,000,000 | ---- | M] () – C:\AUTOEXEC.BAT
[2010/04/09 16:50:05 | 000,000,211 | ---- | M] () – C:\Boot.bak
[2010/04/12 13:04:57 | 000,000,281 | RHS- | M] () – C:\boot.ini
[2004/09/07 15:00:00 | 000,004,952 | RHS- | M] () – C:\Bootfont.bin
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () – C:\cmldr
[2010/04/10 14:03:28 | 000,027,048 | ---- | M] () – C:\ComboFix.txt
[2005/07/20 12:01:22 | 000,000,000 | ---- | M] () – C:\CONFIG.SYS
[2010/04/12 10:48:26 | 000,000,110 | ---- | M] () – C:\HelpAsst.log
[2010/04/12 14:46:36 | 1072,156,672 | -HS- | M] () – C:\hiberfil.sys
[2005/07/20 12:01:22 | 000,000,000 | RHS- | M] () – C:\IO.SYS
[2005/07/20 12:01:22 | 000,000,000 | RHS- | M] () – C:\MSDOS.SYS
[2004/09/07 15:00:00 | 000,047,564 | RHS- | M] () – C:\NTDETECT.COM
[2010/04/09 17:22:09 | 000,252,256 | RHS- | M] () – C:\ntldr
[2010/04/12 14:46:34 | 1610,612,736 | -HS- | M] () – C:\pagefile.sys

< MD5 for: AGP440.SYS >
[2004/09/07 15:00:00 | 018,809,921 | ---- | M] () .cab file – C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/04/09 17:17:44 | 023,920,796 | ---- | M] () .cab file – C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/09/07 15:00:00 | 018,809,921 | R— | M] () .cab file – C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/04/09 17:17:44 | 023,920,796 | ---- | M] () .cab file – C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/04/09 17:17:44 | 023,920,796 | ---- | M] () .cab file – C:\WINDOWS\SoftwareDistribution\Download\67ecbb9d4e2b8d6d2ddfe246f53c1e67\sp3.cab:AGP440.sys
[2008/04/13 21:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 – C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 21:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 – C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 21:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 – C:\WINDOWS\SoftwareDistribution\Download\67ecbb9d4e2b8d6d2ddfe246f53c1e67\agp440.sys
[2008/04/13 21:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 – C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/09/07 15:00:00 | 018,809,921 | ---- | M] () .cab file – C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/04/09 17:17:44 | 023,920,796 | ---- | M] () .cab file – C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/09/07 15:00:00 | 018,809,921 | R— | M] () .cab file – C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/04/09 17:17:44 | 023,920,796 | ---- | M] () .cab file – C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/04/09 17:17:44 | 023,920,796 | ---- | M] () .cab file – C:\WINDOWS\SoftwareDistribution\Download\67ecbb9d4e2b8d6d2ddfe246f53c1e67\sp3.cab:atapi.sys
[2008/04/13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 – C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 – C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 – C:\WINDOWS\SoftwareDistribution\Download\67ecbb9d4e2b8d6d2ddfe246f53c1e67\atapi.sys
[2008/04/13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 – C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 – C:\WINDOWS$NtServicePackUninstall$\atapi.sys
[2004/09/07 15:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 – C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/09/07 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6C85C5FC9D14B07E21A7D3EA8861CD93 – C:\WINDOWS$NtServicePackUninstall$\eventlog.dll
[2008/04/14 19:29:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=D863F2C887B64521B8E734E062BA79F2 – C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 19:29:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=D863F2C887B64521B8E734E062BA79F2 – C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 19:29:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=D863F2C887B64521B8E734E062BA79F2 – C:\WINDOWS\SoftwareDistribution\Download\67ecbb9d4e2b8d6d2ddfe246f53c1e67\eventlog.dll
[2008/04/14 19:29:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=D863F2C887B64521B8E734E062BA79F2 – C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 19:29:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=017BBF0DA6278CF8F278C30ADC6FB8CB – C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 19:29:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=017BBF0DA6278CF8F278C30ADC6FB8CB – C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 19:29:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=017BBF0DA6278CF8F278C30ADC6FB8CB – C:\WINDOWS\SoftwareDistribution\Download\67ecbb9d4e2b8d6d2ddfe246f53c1e67\netlogon.dll
[2008/04/14 19:29:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=017BBF0DA6278CF8F278C30ADC6FB8CB – C:\WINDOWS\system32\netlogon.dll
[2009/02/06 21:46:44 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=32CBC973DA3D2D9625050FF46C9EB691 – C:\WINDOWS$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 21:46:44 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=32CBC973DA3D2D9625050FF46C9EB691 – C:\WINDOWS$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 21:46:44 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=32CBC973DA3D2D9625050FF46C9EB691 – C:\WINDOWS\SoftwareDistribution\Download\4c27214a5100a441e91783ea7365269a\SP2QFE\netlogon.dll
[2009/02/06 21:46:44 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=32CBC973DA3D2D9625050FF46C9EB691 – C:\WINDOWS\SoftwareDistribution\Download\8ed3cbfbf478837c4c6a740c30a2d70f\SP2QFE\netlogon.dll
[2004/09/07 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E57F2E449533D8943D432720958A3706 – C:\WINDOWS$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/09/07 15:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=1BF213CBF53F8EE3B833EF9C70D3DC6D – C:\WINDOWS$NtServicePackUninstall$\scecli.dll
[2008/04/14 19:29:55 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=790E8153E8B872542D19BB7F0C0FBFD8 – C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 19:29:55 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=790E8153E8B872542D19BB7F0C0FBFD8 – C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 19:29:55 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=790E8153E8B872542D19BB7F0C0FBFD8 – C:\WINDOWS\SoftwareDistribution\Download\67ecbb9d4e2b8d6d2ddfe246f53c1e67\scecli.dll
[2008/04/14 19:29:55 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=790E8153E8B872542D19BB7F0C0FBFD8 – C:\WINDOWS\system32\scecli.dll

< %systemroot%*. /mp /s >

< %systemroot%\system32*.dll /lockedfiles >
[1 C:\WINDOWS\system32*.tmp files → C:\WINDOWS\system32*.tmp → ]

< %systemroot%\Tasks*.job /lockedfiles >

< %systemroot%\system32\drivers*.sys /lockedfiles /all >

< %systemroot%\System32\config*.sav >
[2005/07/20 14:53:10 | 000,094,208 | ---- | M] () – C:\WINDOWS\system32\config\default.sav
[2005/07/20 14:53:10 | 000,643,072 | ---- | M] () – C:\WINDOWS\system32\config\software.sav
[2005/07/20 14:53:10 | 000,421,888 | ---- | M] () – C:\WINDOWS\system32\config\system.sav
< End of report >

OTL Extras logfile created on: 7/4/2010 2:02:17 πμ - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Alexandra\Τα έγγραφά μου\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

1.022,00 Mb Total Physical Memory | 179,00 Mb Available Physical Memory | 18,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 20,84 Gb Free Space | 55,94% Space Free | Partition Type: NTFS
Drive D: | 48,91 Gb Total Space | 40,54 Gb Free Space | 82,89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 14,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FA461EB3F0D14EA
Current User Name: Alexandra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes<extension>]
.html [@ = FirefoxHTML] – C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========