Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post virus n error loading problem
Go to first new post Clearing of Viruses leading to system er ...
Go to first new post Browser & other programs running slo ...
Go to first new post Files keep deleting themselves! NEED HEL ...
Go to first new post Unable to run malware programs, Proxy Se ...
Go to first new post hijack this logfile
Go to first new post After virus: CMD loads before desktop
Go to first new post Windows 8 running slowly
Go to first new post Windows Update not working
Go to first new post Trojan virus
Go to first new post RunDLL error on startup after virus remo ...
Go to first new post NtAlpcCo... virus HELP PLEASE!
Go to first new post v-39.net top arcae hits
Go to first new post Please check my log...Computer running S ...
Go to first new post Computer running slowly
Search Search
Search for:
Tech Support Guy Forums > > >

Solved: Babylon redirect IE, Firefox, Toolbar, Hotmail spam virus. all connected?


(!)

Reply
Page 2 of 2 1 2
lexefx's Avatar
Computer Specs
Member with 13 posts.
THREAD STARTER
  
Join Date: Jun 2012
Location: South Bend Indiana
Experience: Beginner
14-Jun-2012, 09:45 AM #16
Looks like that was an old OTL log. I don't think I saved the new one, sorry. Please advise
lexefx's Avatar
Computer Specs
Member with 13 posts.
THREAD STARTER
  
Join Date: Jun 2012
Location: South Bend Indiana
Experience: Beginner
14-Jun-2012, 10:08 AM #17
re-ran OTL not sure if this will help

OTL logfile created on: 6/14/2012 9:53:41 AM - Run 3
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\alex mouroulis\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.07 Mb Total Physical Memory | 144.33 Mb Available Physical Memory | 28.24% Memory free
1.22 Gb Paging File | 0.67 Gb Available in Paging File | 55.21% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 20.71 Gb Free Space | 55.58% Space Free | Partition Type: NTFS
Drive F: | 74.53 Gb Total Space | 33.08 Gb Free Space | 44.39% Space Free | Partition Type: NTFS

Computer Name: LEXEFXDESKTOP | User Name: lexefx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/09 13:06:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex mouroulis\Desktop\OTL.exe
PRC - [2012/06/06 21:54:45 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/28 17:16:37 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/03/27 05:09:24 | 000,421,736 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2009/10/16 16:08:52 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdwcoms.exe
PRC - [2009/10/16 16:08:40 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdwserv.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2009/05/11 11:47:06 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmon.exe
PRC - [2009/05/11 11:47:04 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmsdmon.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/17 18:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 04:58:57 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ffeeaf9 6c7bc4f08de893caeb85164a3\System.Windows.Forms.ni.dll
MOD - [2012/06/13 04:57:35 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\45a637a2f296c b927008ee3bebe4d9f5\System.Drawing.ni.dll
MOD - [2012/06/06 21:54:44 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/10 04:00:14 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\2b3c052 a804d2c78cfeba3f37c7771be\System.Configuration.ni.dll
MOD - [2012/05/10 03:54:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\8171059286d46a3a1 d8d4d9693f7674b\System.Xml.ni.dll
MOD - [2012/05/10 03:43:16 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f116eef17c58f0dad8204 cf73696ecf6\System.ni.dll
MOD - [2012/05/10 03:37:14 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0e6fe5404c8a0a6e852 b6984b7cf3f9c\mscorlib.ni.dll
MOD - [2012/05/05 02:31:08 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/16 15:55:04 | 000,155,648 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdwdrpp.dll
MOD - [2009/10/16 15:39:42 | 000,188,416 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdwdatr.dll
MOD - [2009/10/16 15:39:26 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdwcats.dll
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LvApi11\LvApi11.dll
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2009/08/19 15:33:58 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\lxdwcaps.dll
MOD - [2009/08/19 15:33:54 | 001,036,288 | ---- | M] () -- C:\WINDOWS\system32\lxdwdrs.dll
MOD - [2009/07/16 15:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
MOD - [2009/07/16 15:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
MOD - [2009/07/16 15:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
MOD - [2009/07/16 15:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\SDL.dll
MOD - [2009/07/16 15:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtxml4.dll
MOD - [2009/07/16 15:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
MOD - [2009/07/16 15:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtsql4.dll
MOD - [2009/07/16 15:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
MOD - [2009/07/16 15:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
MOD - [2009/07/16 15:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
MOD - [2009/07/16 15:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
MOD - [2009/07/16 15:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\phonon4.dll
MOD - [2009/05/11 11:47:06 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmon.exe
MOD - [2009/05/11 11:47:04 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmsdmon.exe
MOD - [2009/05/11 10:43:46 | 000,081,920 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwcaps.dll
MOD - [2009/05/11 10:43:36 | 000,380,928 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwscw.dll
MOD - [2009/05/11 10:43:35 | 001,036,288 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwdrs.dll
MOD - [2009/05/11 10:31:56 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwcnv4.dll
MOD - [2008/05/27 03:36:57 | 000,036,864 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\app4r.monitor.core.dll
MOD - [2008/05/27 03:36:57 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\app4r.monitor.common.dll
MOD - [2008/05/27 03:35:58 | 000,065,536 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\app4r.devmons.mcmdevmon.dll
MOD - [2008/05/09 10:52:36 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\lxdwcnv4.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/25 04:53:10 | 000,012,288 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/06 21:54:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/05 02:31:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/10/16 16:08:52 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxdwcoms.exe -- (lxdw_device)
SRV - [2009/10/16 16:08:40 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe -- (lxdwCATSCustConnectService)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010/02/17 20:17:38 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 22:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001/08/17 08:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 08:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 08:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 08:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 08:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [1997/12/22 21:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://housecall.trendmicro.com/
IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\..\SearchScopes,DefaultScope = {6F969D16-00AE-4B8D-9792-43D687C7CEE5}
IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\..\SearchScopes\{6F969D16-00AE-4B8D-9792-43D687C7CEE5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer: source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\alex mouroulis\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/06 21:54:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/11 17:49:01 | 000,000,000 | ---D | M]

[2009/05/10 02:34:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alex mouroulis\Application Data\Mozilla\Extensions
[2012/06/11 13:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alex mouroulis\Application Data\Mozilla\Firefox\Profiles\x6vvt8g4.default\extensions
[2010/04/27 06:37:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\alex mouroulis\Application Data\Mozilla\Firefox\Profiles\x6vvt8g4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/13 08:42:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/11 14:01:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012/06/13 08:42:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/06/11 13:52:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/06/06 21:54:45 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googlerigi nalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:ins tantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\alex mouroulis\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [lxdwamon] C:\Program Files\Lexmark 7600 Series\lxdwamon.exe ()
O4 - HKLM..\Run: [lxdwmon.exe] C:\Program Files\Lexmark 7600 Series\lxdwmon.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1229272821-113007714-1708537768-1004..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1229272821-113007714-1708537768-1004..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\alex mouroulis\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/ho...vex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1241918822448 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36B53A9B-4336-4CAA-B058-E2DDC24A50F6}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/09 21:18:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{06b2c102-8c5b-11e0-abfb-000475c35a0a}\Shell - "" = AutoRun
O33 - MountPoints2\{06b2c102-8c5b-11e0-abfb-000475c35a0a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{06b2c102-8c5b-11e0-abfb-000475c35a0a}\Shell\AutoRun\command - "" = G:\KODAK_Software_Downloader.exe
O33 - MountPoints2\{49d74d0b-8dc4-11de-9a36-000475c35a0a}\Shell\AutoRun\command - "" = H:\RACE-K~1\RACE-K~1.exe
O33 - MountPoints2\{49d74d0b-8dc4-11de-9a36-000475c35a0a}\Shell\open\command - "" = H:\RACE-K~1\RACE-K~1.exe
O33 - MountPoints2\{725df16d-5ede-11de-9a22-000475c35a0a}\Shell - "" = AutoRun
O33 - MountPoints2\{725df16d-5ede-11de-9a22-000475c35a0a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{725df16d-5ede-11de-9a22-000475c35a0a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e84c3689-6698-11de-9a23-000475c35a0a}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/13 10:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/13 10:17:52 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\alex mouroulis\Desktop\esetsmartinstaller_enu.exe
[2012/06/13 08:42:44 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/06/13 08:42:44 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/06/13 08:42:44 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/06/13 01:43:52 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/12 22:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex mouroulis\Application Data\Malwarebytes
[2012/06/12 22:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/12 22:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/06/12 22:04:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/12 22:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/12 19:36:30 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\alex mouroulis\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/11 17:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/06/11 14:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/11 14:00:30 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/06/11 14:00:21 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/06/11 13:29:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/11 08:56:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/06/11 08:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/06/10 18:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2012/06/10 06:39:42 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/06/10 06:39:42 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/06/09 13:08:14 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/06/09 13:06:56 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\alex mouroulis\Desktop\OTL.exe
[2012/06/09 13:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/07 20:02:41 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\alex mouroulis\Desktop\dds.com
[2012/06/07 19:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/06/07 19:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex mouroulis\Start Menu\Programs\HiJackThis
[2012/05/31 09:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/03/27 05:09:30 | 000,293,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2012/03/27 05:09:24 | 000,421,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2012/03/27 05:09:24 | 000,124,776 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesMiniPlayer.dll
[2012/03/27 05:09:22 | 000,156,520 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2012/03/27 05:09:20 | 000,402,792 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2012/03/27 05:09:16 | 009,777,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2012/03/27 05:09:06 | 021,006,696 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2012/03/27 05:09:02 | 003,029,528 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2012/03/27 05:09:02 | 000,797,208 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2012/03/27 05:09:02 | 000,649,576 | ---- | C] (Apple Inc.) -- C:\Program Files\iPodUpdaterExt.dll
[2012/03/27 05:09:02 | 000,281,112 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2012/03/27 05:09:02 | 000,240,152 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2012/03/06 20:44:32 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx
[2011/10/26 17:01:40 | 043,835,456 | ---- | C] (Apple Inc.) -- C:\Program Files\iPodVoiceOver.dll

========== Files - Modified Within 30 Days ==========

[2012/06/14 09:37:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/14 09:31:21 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/14 09:21:02 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-113007714-1708537768-1004UA.job
[2012/06/14 09:11:46 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/14 09:01:22 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/14 09:01:21 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
[2012/06/14 09:01:17 | 000,013,062 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/14 09:00:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/14 09:00:40 | 535,969,792 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/14 09:00:40 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 17:21:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-113007714-1708537768-1004Core.job
[2012/06/13 10:18:04 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\alex mouroulis\Desktop\esetsmartinstaller_enu.exe
[2012/06/13 04:45:35 | 000,502,678 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 04:45:35 | 000,086,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 03:27:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/12 22:09:05 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\SystemLook.exe
[2012/06/12 22:06:01 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/12 22:06:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/12 19:42:14 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\alex mouroulis\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/11 21:39:10 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/11 21:39:08 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\Google Chrome.lnk
[2012/06/11 08:54:19 | 000,000,843 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\ERUNT.lnk
[2012/06/09 23:15:36 | 000,003,971 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\attach.zip
[2012/06/09 22:35:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/09 13:06:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex mouroulis\Desktop\OTL.exe
[2012/06/09 13:05:07 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/06/07 20:03:45 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\erh3wq3q.exe
[2012/06/07 20:02:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\alex mouroulis\Desktop\dds.com
[2012/06/07 19:57:44 | 000,002,002 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\HiJackThis.lnk
[2012/06/07 19:13:41 | 000,015,382 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\556159_10150940228321614_2132695160_n.jpg
[2012/06/05 14:45:48 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2012/05/31 09:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/31 09:15:05 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/31 09:15:05 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/16 11:08:26 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll

========== Files Created - No Company Name ==========

[2012/06/12 22:08:34 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\SystemLook.exe
[2012/06/12 22:06:01 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/12 22:06:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/11 17:49:04 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/11 08:54:19 | 000,000,843 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\ERUNT.lnk
[2012/06/09 23:15:36 | 000,003,971 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\attach.zip
[2012/06/09 13:14:35 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/09 13:05:07 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/06/09 13:04:34 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/07 20:03:45 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\erh3wq3q.exe
[2012/06/07 19:57:44 | 000,002,002 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\HiJackThis.lnk
[2012/06/07 19:13:40 | 000,015,382 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\556159_10150940228321614_2132695160_n.jpg
[2012/06/05 14:45:47 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2012/05/31 09:15:05 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/31 09:15:05 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/31 09:15:05 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/06 20:43:04 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2012/02/15 20:09:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/04/09 17:40:31 | 000,402,023 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\census.cache
[2011/04/09 17:37:28 | 000,160,574 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\ars.cache

========== LOP Check ==========

[2010/04/03 23:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Facebook
[2010/12/29 08:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\FinalTorrent
[2011/01/18 06:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\FreeFileViewer
[2010/01/18 23:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\ImgBurn
[2012/04/28 13:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Leadertech
[2009/08/11 21:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Lexmark Productivity Studio
[2009/05/10 15:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Windows Desktop Search
[2009/05/10 22:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Windows Search
[2011/08/14 11:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 7600 Series
[2010/04/07 12:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/06 09:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/10 22:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/06/14 09:01:21 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\Free File Viewer Update Checker.job

========== Purity Check ==========



< End of report >
mambass's Avatar
Malware Removal Specialist with 141 posts.
  
Join Date: Apr 2008
Experience: Advanced
14-Jun-2012, 02:47 PM #18
Hi lexefx,

Quote:
Originally Posted by lexefx
Did I not run chkdsk correctly?
You're doing a good job. The task with title " Check Hard Disk For Errors " performs a scan but does not attempt to repair anything. The task with title Repair Hard Drive Errors attempts to fix errors that are found. It appears that the first attempt to fix cleared up all but one index problem. We'll try the sequence again below in the hopes that it can resolve all problems.

Quote:
Originally Posted by lexefx
I did not stick around to watch it run.
I wouldn't either – it takes a long time to run.

I believe that we've removed Babylon from your system. Please let me know if you feel otherwise.

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.
  1. Repair Hard Drive Errors
    Note: This task will require that you reboot your system. Chkdsk will then run upon reboot and you will not be able to use your computer until it has completed which may take several hours depending on a number of factors. Therefore you should only perform this task when you can afford to have your computer down for a prolonged period of time.

    1. Click Start > All Programs > Accessories > Command Prompt. A Command Prompt window will open.
    2. In the command window, type the command shown below and then press the Enter key. Be sure to include a space between chkdsk and /r.
      Code:
      chkdsk /r
    3. Type the letter Y and press the Enter key when asked if you would like to schedule this volume to be checked the next time the system restarts.
    4. Reboot (restart) your computer.
    5. Chkdsk will run when your computer is rebooting before you can log on.
    6. If possible, write down and include in your reply any messages related to errors, bad sectors detected or repairs that were performed. You can include the first 10 or so if more than 10 messages of a particular type are displayed.
    7. Allow the program to run until completion, at which point you can log in.

  2. Check Hard Disk For Errors
    1. Delete the current checkhd.txt file on your Desktop.
    2. Click Start > Run and then copy/paste the following command into the box (do not include the word "Code:") and click OK:
      Code:
      cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"
    3. A blank command window will open on your desktop, then close in a few minutes. This is normal.
    4. A file and icon named checkhd.txt should appear on your Desktop. Please post the contents of this file in your reply.

  3. Run a Scan with OTL
    1. Double-click the OTL icon on your Desktop to run the program.
    2. Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList <-- Be sure to select this option
    3. Make sure all other windows are closed so that it can run uninterrupted.
    4. Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan won't take long.
    5. When the scan completes, it will open two notepad windows. OTL.Txt will be displayed and Extras.Txt will be minimized. These are saved in the same location as OTL. (desktop)
    6. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the checkhd.txt log.
  3. The contents of the OTL.txt and Extras.txt logs.


mambass
__________________
Graduate of Malware Removal University - You too can train to help others
lexefx's Avatar
Computer Specs
Member with 13 posts.
THREAD STARTER
  
Join Date: Jun 2012
Location: South Bend Indiana
Experience: Beginner
14-Jun-2012, 09:00 PM #19
Hi Mambass,

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...

Errors found. CHKDSK cannot continue in read-only mode.

OTL logfile created on: 6/14/2012 8:38:02 PM - Run 4
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\alex mouroulis\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.07 Mb Total Physical Memory | 144.06 Mb Available Physical Memory | 28.19% Memory free
1.22 Gb Paging File | 0.70 Gb Available in Paging File | 57.31% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 20.67 Gb Free Space | 55.47% Space Free | Partition Type: NTFS
Drive F: | 74.53 Gb Total Space | 33.08 Gb Free Space | 44.39% Space Free | Partition Type: NTFS

Computer Name: LEXEFXDESKTOP | User Name: lexefx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/09 13:06:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex mouroulis\Desktop\OTL.exe
PRC - [2012/06/06 21:54:45 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/28 17:16:37 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/03/27 05:09:24 | 000,421,736 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2009/10/16 16:08:52 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdwcoms.exe
PRC - [2009/10/16 16:08:40 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdwserv.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2009/05/11 11:47:06 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmon.exe
PRC - [2009/05/11 11:47:04 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmsdmon.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/17 18:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 04:58:57 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ffeeaf9 6c7bc4f08de893caeb85164a3\System.Windows.Forms.ni.dll
MOD - [2012/06/13 04:57:35 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\45a637a2f296c b927008ee3bebe4d9f5\System.Drawing.ni.dll
MOD - [2012/06/06 21:54:44 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/10 04:00:14 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\2b3c052 a804d2c78cfeba3f37c7771be\System.Configuration.ni.dll
MOD - [2012/05/10 03:54:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\8171059286d46a3a1 d8d4d9693f7674b\System.Xml.ni.dll
MOD - [2012/05/10 03:43:16 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f116eef17c58f0dad8204 cf73696ecf6\System.ni.dll
MOD - [2012/05/10 03:37:14 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0e6fe5404c8a0a6e852 b6984b7cf3f9c\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/16 15:55:04 | 000,155,648 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdwdrpp.dll
MOD - [2009/10/16 15:39:42 | 000,188,416 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdwdatr.dll
MOD - [2009/10/16 15:39:26 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdwcats.dll
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LvApi11\LvApi11.dll
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2009/08/19 15:33:58 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\lxdwcaps.dll
MOD - [2009/08/19 15:33:54 | 001,036,288 | ---- | M] () -- C:\WINDOWS\system32\lxdwdrs.dll
MOD - [2009/07/16 15:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
MOD - [2009/07/16 15:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
MOD - [2009/07/16 15:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
MOD - [2009/07/16 15:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\SDL.dll
MOD - [2009/07/16 15:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtxml4.dll
MOD - [2009/07/16 15:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
MOD - [2009/07/16 15:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtsql4.dll
MOD - [2009/07/16 15:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
MOD - [2009/07/16 15:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
MOD - [2009/07/16 15:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
MOD - [2009/07/16 15:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
MOD - [2009/07/16 15:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\phonon4.dll
MOD - [2009/05/11 11:47:06 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmon.exe
MOD - [2009/05/11 11:47:04 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmsdmon.exe
MOD - [2009/05/11 10:43:46 | 000,081,920 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwcaps.dll
MOD - [2009/05/11 10:43:36 | 000,380,928 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwscw.dll
MOD - [2009/05/11 10:43:35 | 001,036,288 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwdrs.dll
MOD - [2009/05/11 10:31:56 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwcnv4.dll
MOD - [2008/05/27 03:36:57 | 000,036,864 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\app4r.monitor.core.dll
MOD - [2008/05/27 03:36:57 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\app4r.monitor.common.dll
MOD - [2008/05/27 03:35:58 | 000,065,536 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\app4r.devmons.mcmdevmon.dll
MOD - [2008/05/09 10:52:36 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\lxdwcnv4.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/25 04:53:10 | 000,012,288 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/06 21:54:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/05 02:31:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/10/16 16:08:52 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxdwcoms.exe -- (lxdw_device)
SRV - [2009/10/16 16:08:40 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe -- (lxdwCATSCustConnectService)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010/02/17 20:17:38 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 22:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001/08/17 08:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 08:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 08:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 08:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 08:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [1997/12/22 21:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://housecall.trendmicro.com/
IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\..\SearchScopes,DefaultScope = {6F969D16-00AE-4B8D-9792-43D687C7CEE5}
IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\..\SearchScopes\{6F969D16-00AE-4B8D-9792-43D687C7CEE5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer: source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\alex mouroulis\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/06 21:54:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/11 17:49:01 | 000,000,000 | ---D | M]

[2009/05/10 02:34:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alex mouroulis\Application Data\Mozilla\Extensions
[2012/06/11 13:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alex mouroulis\Application Data\Mozilla\Firefox\Profiles\x6vvt8g4.default\extensions
[2010/04/27 06:37:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\alex mouroulis\Application Data\Mozilla\Firefox\Profiles\x6vvt8g4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/13 08:42:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/11 14:01:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012/06/13 08:42:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/06/11 13:52:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/06/06 21:54:45 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googlerigi nalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:ins tantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\alex mouroulis\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [lxdwamon] C:\Program Files\Lexmark 7600 Series\lxdwamon.exe ()
O4 - HKLM..\Run: [lxdwmon.exe] C:\Program Files\Lexmark 7600 Series\lxdwmon.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1229272821-113007714-1708537768-1004..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1229272821-113007714-1708537768-1004..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\alex mouroulis\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/ho...vex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1241918822448 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36B53A9B-4336-4CAA-B058-E2DDC24A50F6}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/09 21:18:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{06b2c102-8c5b-11e0-abfb-000475c35a0a}\Shell - "" = AutoRun
O33 - MountPoints2\{06b2c102-8c5b-11e0-abfb-000475c35a0a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{06b2c102-8c5b-11e0-abfb-000475c35a0a}\Shell\AutoRun\command - "" = G:\KODAK_Software_Downloader.exe
O33 - MountPoints2\{49d74d0b-8dc4-11de-9a36-000475c35a0a}\Shell\AutoRun\command - "" = H:\RACE-K~1\RACE-K~1.exe
O33 - MountPoints2\{49d74d0b-8dc4-11de-9a36-000475c35a0a}\Shell\open\command - "" = H:\RACE-K~1\RACE-K~1.exe
O33 - MountPoints2\{725df16d-5ede-11de-9a22-000475c35a0a}\Shell - "" = AutoRun
O33 - MountPoints2\{725df16d-5ede-11de-9a22-000475c35a0a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{725df16d-5ede-11de-9a22-000475c35a0a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e84c3689-6698-11de-9a23-000475c35a0a}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/13 10:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/13 10:17:52 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\alex mouroulis\Desktop\esetsmartinstaller_enu.exe
[2012/06/13 08:42:44 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/06/13 08:42:44 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/06/13 08:42:44 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/06/13 01:43:52 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/12 22:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex mouroulis\Application Data\Malwarebytes
[2012/06/12 22:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/12 22:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/06/12 22:04:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/12 22:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/12 19:36:30 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\alex mouroulis\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/11 17:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/06/11 14:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/11 14:00:30 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/06/11 14:00:21 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/06/11 13:29:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/11 08:56:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/06/11 08:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/06/10 18:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2012/06/10 06:39:42 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/06/10 06:39:42 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/06/09 13:08:14 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/06/09 13:06:56 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\alex mouroulis\Desktop\OTL.exe
[2012/06/09 13:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/07 20:02:41 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\alex mouroulis\Desktop\dds.com
[2012/06/07 19:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/06/07 19:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex mouroulis\Start Menu\Programs\HiJackThis
[2012/05/31 09:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/03/27 05:09:30 | 000,293,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2012/03/27 05:09:24 | 000,421,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2012/03/27 05:09:24 | 000,124,776 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesMiniPlayer.dll
[2012/03/27 05:09:22 | 000,156,520 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2012/03/27 05:09:20 | 000,402,792 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2012/03/27 05:09:16 | 009,777,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2012/03/27 05:09:06 | 021,006,696 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2012/03/27 05:09:02 | 003,029,528 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2012/03/27 05:09:02 | 000,797,208 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2012/03/27 05:09:02 | 000,649,576 | ---- | C] (Apple Inc.) -- C:\Program Files\iPodUpdaterExt.dll
[2012/03/27 05:09:02 | 000,281,112 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2012/03/27 05:09:02 | 000,240,152 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2012/03/06 20:44:32 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx
[2011/10/26 17:01:40 | 043,835,456 | ---- | C] (Apple Inc.) -- C:\Program Files\iPodVoiceOver.dll

========== Files - Modified Within 30 Days ==========

[2012/06/14 20:37:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/14 20:31:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/14 20:21:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-113007714-1708537768-1004UA.job
[2012/06/14 18:37:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/14 18:27:48 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/14 18:15:09 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
[2012/06/14 18:15:07 | 000,013,062 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/14 18:14:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/14 18:14:06 | 535,969,792 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/14 09:00:40 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 17:21:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-113007714-1708537768-1004Core.job
[2012/06/13 10:18:04 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\alex mouroulis\Desktop\esetsmartinstaller_enu.exe
[2012/06/13 04:45:35 | 000,502,678 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 04:45:35 | 000,086,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 03:27:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/12 22:09:05 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\SystemLook.exe
[2012/06/12 22:06:01 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/12 22:06:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/12 19:42:14 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\alex mouroulis\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/11 21:39:10 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/11 21:39:08 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\Google Chrome.lnk
[2012/06/11 08:54:19 | 000,000,843 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\ERUNT.lnk
[2012/06/09 23:15:36 | 000,003,971 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\attach.zip
[2012/06/09 22:35:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/09 13:06:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex mouroulis\Desktop\OTL.exe
[2012/06/09 13:05:07 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/06/07 20:03:45 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\erh3wq3q.exe
[2012/06/07 20:02:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\alex mouroulis\Desktop\dds.com
[2012/06/07 19:57:44 | 000,002,002 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\HiJackThis.lnk
[2012/06/07 19:13:41 | 000,015,382 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\556159_10150940228321614_2132695160_n.jpg
[2012/06/05 14:45:48 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2012/05/31 09:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/31 09:15:05 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/31 09:15:05 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/16 11:08:26 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll

========== Files Created - No Company Name ==========

[2012/06/12 22:08:34 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\SystemLook.exe
[2012/06/12 22:06:01 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/12 22:06:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/11 17:49:04 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/11 08:54:19 | 000,000,843 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\ERUNT.lnk
[2012/06/09 23:15:36 | 000,003,971 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\attach.zip
[2012/06/09 13:14:35 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/09 13:05:07 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/06/09 13:04:34 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/07 20:03:45 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\erh3wq3q.exe
[2012/06/07 19:57:44 | 000,002,002 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\HiJackThis.lnk
[2012/06/07 19:13:40 | 000,015,382 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\556159_10150940228321614_2132695160_n.jpg
[2012/06/05 14:45:47 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2012/05/31 09:15:05 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/31 09:15:05 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/31 09:15:05 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/06 20:43:04 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2012/02/15 20:09:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/04/09 17:40:31 | 000,402,023 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\census.cache
[2011/04/09 17:37:28 | 000,160,574 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\ars.cache

========== LOP Check ==========

[2010/04/03 23:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Facebook
[2010/12/29 08:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\FinalTorrent
[2011/01/18 06:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\FreeFileViewer
[2010/01/18 23:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\ImgBurn
[2012/04/28 13:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Leadertech
[2009/08/11 21:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Lexmark Productivity Studio
[2009/05/10 15:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Windows Desktop Search
[2009/05/10 22:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Windows Search
[2011/08/14 11:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 7600 Series
[2010/04/07 12:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/06 09:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/10 22:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/06/14 18:15:09 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\Free File Viewer Update Checker.job

========== Purity Check ==========



< End of report >

still dragging but better.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
mambass's Avatar
Malware Removal Specialist with 141 posts.
  
Join Date: Apr 2008
Experience: Advanced
15-Jun-2012, 07:30 PM #20
Hi lexefx,

Since OTL isn't showing any application events related to Chkdsk activity, I'm thinking that Chkdsk's warning is a false positive. If you like, you can follow the instructions in the article here to look at your Event Viewer to see if you can find any logged errors. Should you find any errors, those should be taken seriously as a possibility of pending disk failure.

Your computer appears to be clear of malware. Good job. :thumbup:

Please stay with me a bit longer because there are a few important things that we still need to do to cleanup and make sure that you don't get infected again.

Please print these instructions because you will need to close this browser window in a step below.
  1. Perform a Custom Fix with OTL
    1. Right-click the OTL icon on your Desktop and select Run As Administrator to run the program.
    2. In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :processes
killallprocesses
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]
[CLEARALLRESTOREPOINTS]
    3. Close all running applications other than OTL.
    4. Click the Run Fix button at the top.
    5. Let the program run unhindered and reboot the PC when it is done.
    6. When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    7. There's no need to post to log.

  2. Cleanup with OTL
    1. Close all windows/applications.
    2. Double-click the OTL on your Desktop.
    3. Click the CleanUp button in the OTL window. The cleanup will begin after which a dialog will be displayed indicating that a reboot is required.
    4. Click the OK button in the message window. The system will reboot.

  3. Stay clean
    The important thing now is to actively do things that will help keep you from getting infected in the future.
    1. Keep Antivirus and applications updated
      This is the MOST IMPORTANT thing that you can do to keep from becoming infected.
      • Keep Microsoft products up-to-date with the latest security patches. Either
        • Enable some level of Automatic Updates
          • Click Start > Control Panel. The Control Panel window will be displayed.
          • Double-click the System icon/entry. The System Properties window will be displayed.
          • Click the Automatic Updates tab.
          • Select the option which best fits your needs.
        • Or use Internet Explorer (not Firefox) to visit the Microsoft Update site on a regular basis.

      • I personally use and recommend the free Secunia Personal Software Inspector (PSI). This program will keep you aware of software that is installed on your computer that contains security vulnerabilities for which security patches exist. I have mine set to automatically scan my computer weekly.

      • All updates are important but pay particular attention to updates for all browsers as well as Microsoft, Java and Adobe products. These are widely-used products that Malware writers frequently target.

    2. Read and stay informed!

      To help minimize the chances of becoming re-infected, please read.
      Computer Security - a short guide to staying safer online

      If your computer is running slowly after your clean up, please read.
      What to do if your Computer is running slowly


I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!


mambass
__________________
Graduate of Malware Removal University - You too can train to help others
lexefx's Avatar
Computer Specs
Member with 13 posts.
THREAD STARTER
  
Join Date: Jun 2012
Location: South Bend Indiana
Experience: Beginner
17-Jun-2012, 06:35 PM #21
Hi Mambass,

Thanks for all your help! what should I do as ongoing maintenance? What tools that I now have, should I use?
mambass's Avatar
Malware Removal Specialist with 141 posts.
  
Join Date: Apr 2008
Experience: Advanced
17-Jun-2012, 07:01 PM #22
Hi lexefx,

Quote:
Thanks for all your help!
You're welcome.

Quote:
what should I do as ongoing maintenance?
I rely on Secunia PSI to keep me aware of security patches that are available for the software that's installed on my computer. That's about the only maintenance work that needs to be done. Staying on top of the security patches is essential to protecting your system.

Quote:
What tools that I now have, should I use?
The Computer Security - a short guide to staying safer online thread identifies a number of tools that can be used to help keep you secure. Use the ones that fit your needs.

Do you have any other questions?

mambass
__________________
Graduate of Malware Removal University - You too can train to help others
lexefx's Avatar
Computer Specs
Member with 13 posts.
THREAD STARTER
  
Join Date: Jun 2012
Location: South Bend Indiana
Experience: Beginner
18-Jun-2012, 09:13 AM #23
Thanks for all your help! Your a great asset to this forum!
mambass's Avatar
Malware Removal Specialist with 141 posts.
  
Join Date: Apr 2008
Experience: Advanced
18-Jun-2012, 09:15 AM #24
I appreciate the kind words.

Take care.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 2 of 2 1 2
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

Tags
babylon toolbar, firefox redirect, hotmail spam virus, ie redirect

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 07:47 PM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑