1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Babylon redirect IE, Firefox, Toolbar, Hotmail spam virus. all connected?

Discussion in 'Virus & Other Malware Removal' started by lexefx, Jun 7, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. lexefx

    lexefx Thread Starter

    Joined:
    Jun 7, 2012
    Messages:
    13
    Looks like that was an old OTL log. I don't think I saved the new one, sorry. Please advise
     
  2. lexefx

    lexefx Thread Starter

    Joined:
    Jun 7, 2012
    Messages:
    13
    re-ran OTL not sure if this will help

    OTL logfile created on: 6/14/2012 9:53:41 AM - Run 3
    OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\alex mouroulis\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.07 Mb Total Physical Memory | 144.33 Mb Available Physical Memory | 28.24% Memory free
    1.22 Gb Paging File | 0.67 Gb Available in Paging File | 55.21% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 20.71 Gb Free Space | 55.58% Space Free | Partition Type: NTFS
    Drive F: | 74.53 Gb Total Space | 33.08 Gb Free Space | 44.39% Space Free | Partition Type: NTFS

    Computer Name: LEXEFXDESKTOP | User Name: lexefx | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/09 13:06:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex mouroulis\Desktop\OTL.exe
    PRC - [2012/06/06 21:54:45 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2012/04/28 17:16:37 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
    PRC - [2012/03/27 05:09:24 | 000,421,736 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2009/10/16 16:08:52 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdwcoms.exe
    PRC - [2009/10/16 16:08:40 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdwserv.exe
    PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
    PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
    PRC - [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
    PRC - [2009/05/11 11:47:06 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmon.exe
    PRC - [2009/05/11 11:47:04 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmsdmon.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2001/08/17 18:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/13 04:58:57 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ffeeaf96c7bc4f08de893caeb85164a3\System.Windows.Forms.ni.dll
    MOD - [2012/06/13 04:57:35 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\45a637a2f296cb927008ee3bebe4d9f5\System.Drawing.ni.dll
    MOD - [2012/06/06 21:54:44 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2012/05/10 04:00:14 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\2b3c052a804d2c78cfeba3f37c7771be\System.Configuration.ni.dll
    MOD - [2012/05/10 03:54:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\8171059286d46a3a1d8d4d9693f7674b\System.Xml.ni.dll
    MOD - [2012/05/10 03:43:16 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f116eef17c58f0dad8204cf73696ecf6\System.ni.dll
    MOD - [2012/05/10 03:37:14 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0e6fe5404c8a0a6e852b6984b7cf3f9c\mscorlib.ni.dll
    MOD - [2012/05/05 02:31:08 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/10/16 15:55:04 | 000,155,648 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdwdrpp.dll
    MOD - [2009/10/16 15:39:42 | 000,188,416 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdwdatr.dll
    MOD - [2009/10/16 15:39:26 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdwcats.dll
    MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    MOD - [2009/10/14 13:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LvApi11\LvApi11.dll
    MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
    MOD - [2009/08/19 15:33:58 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\lxdwcaps.dll
    MOD - [2009/08/19 15:33:54 | 001,036,288 | ---- | M] () -- C:\WINDOWS\system32\lxdwdrs.dll
    MOD - [2009/07/16 15:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
    MOD - [2009/07/16 15:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
    MOD - [2009/07/16 15:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
    MOD - [2009/07/16 15:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\SDL.dll
    MOD - [2009/07/16 15:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtxml4.dll
    MOD - [2009/07/16 15:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
    MOD - [2009/07/16 15:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtsql4.dll
    MOD - [2009/07/16 15:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
    MOD - [2009/07/16 15:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
    MOD - [2009/07/16 15:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
    MOD - [2009/07/16 15:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
    MOD - [2009/07/16 15:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\phonon4.dll
    MOD - [2009/05/11 11:47:06 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmon.exe
    MOD - [2009/05/11 11:47:04 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmsdmon.exe
    MOD - [2009/05/11 10:43:46 | 000,081,920 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwcaps.dll
    MOD - [2009/05/11 10:43:36 | 000,380,928 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwscw.dll
    MOD - [2009/05/11 10:43:35 | 001,036,288 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwdrs.dll
    MOD - [2009/05/11 10:31:56 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwcnv4.dll
    MOD - [2008/05/27 03:36:57 | 000,036,864 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\app4r.monitor.core.dll
    MOD - [2008/05/27 03:36:57 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\app4r.monitor.common.dll
    MOD - [2008/05/27 03:35:58 | 000,065,536 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\app4r.devmons.mcmdevmon.dll
    MOD - [2008/05/09 10:52:36 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\lxdwcnv4.dll
    MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2008/03/25 04:53:10 | 000,012,288 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2012/06/06 21:54:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/05/05 02:31:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2009/10/16 16:08:52 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxdwcoms.exe -- (lxdw_device)
    SRV - [2009/10/16 16:08:40 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe -- (lxdwCATSCustConnectService)
    SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2010/02/17 20:17:38 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2009/04/30 22:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
    DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2001/08/17 08:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
    DRV - [2001/08/17 08:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
    DRV - [2001/08/17 08:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
    DRV - [2001/08/17 08:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
    DRV - [2001/08/17 08:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
    DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
    DRV - [1997/12/22 21:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://housecall.trendmicro.com/
    IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\..\SearchScopes,DefaultScope = {6F969D16-00AE-4B8D-9792-43D687C7CEE5}
    IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\..\SearchScopes\{6F969D16-00AE-4B8D-9792-43D687C7CEE5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "about:home"


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\alex mouroulis\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/06 21:54:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/11 17:49:01 | 000,000,000 | ---D | M]

    [2009/05/10 02:34:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alex mouroulis\Application Data\Mozilla\Extensions
    [2012/06/11 13:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alex mouroulis\Application Data\Mozilla\Firefox\Profiles\x6vvt8g4.default\extensions
    [2010/04/27 06:37:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\alex mouroulis\Application Data\Mozilla\Firefox\Profiles\x6vvt8g4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/06/13 08:42:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/06/11 14:01:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
    [2012/06/13 08:42:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012/06/11 13:52:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2012/06/06 21:54:45 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\alex mouroulis\Application Data\Facebook\npfbplugin_1_0_3.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

    O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    O4 - HKLM..\Run: [lxdwamon] C:\Program Files\Lexmark 7600 Series\lxdwamon.exe ()
    O4 - HKLM..\Run: [lxdwmon.exe] C:\Program Files\Lexmark 7600 Series\lxdwmon.exe ()
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
    O4 - HKU\S-1-5-21-1229272821-113007714-1708537768-1004..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-1229272821-113007714-1708537768-1004..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
    O4 - Startup: C:\Documents and Settings\alex mouroulis\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241918822448 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36B53A9B-4336-4CAA-B058-E2DDC24A50F6}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/05/09 21:18:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{06b2c102-8c5b-11e0-abfb-000475c35a0a}\Shell - "" = AutoRun
    O33 - MountPoints2\{06b2c102-8c5b-11e0-abfb-000475c35a0a}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{06b2c102-8c5b-11e0-abfb-000475c35a0a}\Shell\AutoRun\command - "" = G:\KODAK_Software_Downloader.exe
    O33 - MountPoints2\{49d74d0b-8dc4-11de-9a36-000475c35a0a}\Shell\AutoRun\command - "" = H:\RACE-K~1\RACE-K~1.exe
    O33 - MountPoints2\{49d74d0b-8dc4-11de-9a36-000475c35a0a}\Shell\open\command - "" = H:\RACE-K~1\RACE-K~1.exe
    O33 - MountPoints2\{725df16d-5ede-11de-9a22-000475c35a0a}\Shell - "" = AutoRun
    O33 - MountPoints2\{725df16d-5ede-11de-9a22-000475c35a0a}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{725df16d-5ede-11de-9a22-000475c35a0a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{e84c3689-6698-11de-9a23-000475c35a0a}\Shell\AutoRun\command - "" = G:\setupSNK.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/13 10:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/06/13 10:17:52 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\alex mouroulis\Desktop\esetsmartinstaller_enu.exe
    [2012/06/13 08:42:44 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2012/06/13 08:42:44 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2012/06/13 08:42:44 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2012/06/13 01:43:52 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
    [2012/06/12 22:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex mouroulis\Application Data\Malwarebytes
    [2012/06/12 22:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/06/12 22:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/06/12 22:04:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/06/12 22:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/06/12 19:36:30 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\alex mouroulis\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/06/11 17:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2012/06/11 14:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/06/11 14:00:30 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2012/06/11 14:00:21 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
    [2012/06/11 13:29:16 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/06/11 08:56:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/06/11 08:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2012/06/10 18:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [2012/06/10 06:39:42 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
    [2012/06/10 06:39:42 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
    [2012/06/09 13:08:14 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2012/06/09 13:06:56 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\alex mouroulis\Desktop\OTL.exe
    [2012/06/09 13:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/06/07 20:02:41 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\alex mouroulis\Desktop\dds.com
    [2012/06/07 19:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2012/06/07 19:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex mouroulis\Start Menu\Programs\HiJackThis
    [2012/05/31 09:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/03/27 05:09:30 | 000,293,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
    [2012/03/27 05:09:24 | 000,421,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
    [2012/03/27 05:09:24 | 000,124,776 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesMiniPlayer.dll
    [2012/03/27 05:09:22 | 000,156,520 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
    [2012/03/27 05:09:20 | 000,402,792 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
    [2012/03/27 05:09:16 | 009,777,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
    [2012/03/27 05:09:06 | 021,006,696 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
    [2012/03/27 05:09:02 | 003,029,528 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
    [2012/03/27 05:09:02 | 000,797,208 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
    [2012/03/27 05:09:02 | 000,649,576 | ---- | C] (Apple Inc.) -- C:\Program Files\iPodUpdaterExt.dll
    [2012/03/27 05:09:02 | 000,281,112 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
    [2012/03/27 05:09:02 | 000,240,152 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
    [2012/03/06 20:44:32 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx
    [2011/10/26 17:01:40 | 043,835,456 | ---- | C] (Apple Inc.) -- C:\Program Files\iPodVoiceOver.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/06/14 09:37:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/14 09:31:21 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/06/14 09:21:02 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-113007714-1708537768-1004UA.job
    [2012/06/14 09:11:46 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2012/06/14 09:01:22 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/14 09:01:21 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
    [2012/06/14 09:01:17 | 000,013,062 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/06/14 09:00:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/06/14 09:00:40 | 535,969,792 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/14 09:00:40 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/06/13 17:21:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-113007714-1708537768-1004Core.job
    [2012/06/13 10:18:04 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\alex mouroulis\Desktop\esetsmartinstaller_enu.exe
    [2012/06/13 04:45:35 | 000,502,678 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/06/13 04:45:35 | 000,086,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/06/13 03:27:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/06/12 22:09:05 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\SystemLook.exe
    [2012/06/12 22:06:01 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/06/12 22:06:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/12 19:42:14 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\alex mouroulis\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/06/11 21:39:10 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/06/11 21:39:08 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\Google Chrome.lnk
    [2012/06/11 08:54:19 | 000,000,843 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\ERUNT.lnk
    [2012/06/09 23:15:36 | 000,003,971 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\attach.zip
    [2012/06/09 22:35:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/06/09 13:06:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex mouroulis\Desktop\OTL.exe
    [2012/06/09 13:05:07 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2012/06/07 20:03:45 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\erh3wq3q.exe
    [2012/06/07 20:02:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\alex mouroulis\Desktop\dds.com
    [2012/06/07 19:57:44 | 000,002,002 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\HiJackThis.lnk
    [2012/06/07 19:13:41 | 000,015,382 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\556159_10150940228321614_2132695160_n.jpg
    [2012/06/05 14:45:48 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2012/05/31 09:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
    [2012/05/31 09:15:05 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/05/31 09:15:05 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2012/05/16 11:08:26 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll

    ========== Files Created - No Company Name ==========

    [2012/06/12 22:08:34 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\SystemLook.exe
    [2012/06/12 22:06:01 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/06/12 22:06:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/11 17:49:04 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2012/06/11 08:54:19 | 000,000,843 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\ERUNT.lnk
    [2012/06/09 23:15:36 | 000,003,971 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\attach.zip
    [2012/06/09 13:14:35 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2012/06/09 13:05:07 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
    [2012/06/09 13:04:34 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/06/07 20:03:45 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\erh3wq3q.exe
    [2012/06/07 19:57:44 | 000,002,002 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\HiJackThis.lnk
    [2012/06/07 19:13:40 | 000,015,382 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\556159_10150940228321614_2132695160_n.jpg
    [2012/06/05 14:45:47 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2012/05/31 09:15:05 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/05/31 09:15:05 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/05/31 09:15:05 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2012/03/06 20:43:04 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
    [2012/02/15 20:09:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/04/09 17:40:31 | 000,402,023 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\census.cache
    [2011/04/09 17:37:28 | 000,160,574 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\ars.cache

    ========== LOP Check ==========

    [2010/04/03 23:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Facebook
    [2010/12/29 08:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\FinalTorrent
    [2011/01/18 06:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\FreeFileViewer
    [2010/01/18 23:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\ImgBurn
    [2012/04/28 13:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Leadertech
    [2009/08/11 21:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Lexmark Productivity Studio
    [2009/05/10 15:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Windows Desktop Search
    [2009/05/10 22:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Windows Search
    [2011/08/14 11:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 7600 Series
    [2010/04/07 12:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/10/06 09:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/05/10 22:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2012/06/14 09:01:21 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\Free File Viewer Update Checker.job

    ========== Purity Check ==========



    < End of report >
     
  3. mambass

    mambass Malware Specialist

    Joined:
    Apr 11, 2008
    Messages:
    141
    Hi lexefx, :)

    You're doing a good job. The task with title " Check Hard Disk For Errors " performs a scan but does not attempt to repair anything. The task with title Repair Hard Drive Errors attempts to fix errors that are found. It appears that the first attempt to fix cleared up all but one index problem. We'll try the sequence again below in the hopes that it can resolve all problems.

    I wouldn't either – it takes a long time to run. :D

    I believe that we've removed Babylon from your system. Please let me know if you feel otherwise.

    Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

    • Repair Hard Drive Errors
      Note: This task will require that you reboot your system. Chkdsk will then run upon reboot and you will not be able to use your computer until it has completed which may take several hours depending on a number of factors. Therefore you should only perform this task when you can afford to have your computer down for a prolonged period of time.

      1. Click Start > All Programs > Accessories > Command Prompt. A Command Prompt window will open.
      2. In the command window, type the command shown below and then press the Enter key. Be sure to include a space between chkdsk and /r.
        Code:
        chkdsk /r
      3. Type the letter Y and press the Enter key when asked if you would like to schedule this volume to be checked the next time the system restarts.
      4. Reboot (restart) your computer.
      5. Chkdsk will run when your computer is rebooting before you can log on.
      6. If possible, write down and include in your reply any messages related to errors, bad sectors detected or repairs that were performed. You can include the first 10 or so if more than 10 messages of a particular type are displayed.
      7. Allow the program to run until completion, at which point you can log in.

    • Check Hard Disk For Errors
      1. Delete the current checkhd.txt file on your Desktop.
      2. Click Start > Run and then copy/paste the following command into the box (do not include the word "Code:") and click OK:
        Code:
        cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"
      3. A blank command window will open on your desktop, then close in a few minutes. This is normal.
      4. A file and icon named checkhd.txt should appear on your Desktop. Please post the contents of this file in your reply.

    • Run a Scan with OTL
      1. Double-click the OTL icon on your Desktop to run the program.
      2. Check the boxes labeled :
        • Scan All Users
        • LOP check
        • Purity check
        • Extra Registry > Use SafeList <-- Be sure to select this option
      3. Make sure all other windows are closed so that it can run uninterrupted.
      4. Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan won't take long.
      5. When the scan completes, it will open two notepad windows. OTL.Txt will be displayed and Extras.Txt will be minimized. These are saved in the same location as OTL. (desktop)
      6. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.


    Please include in your reply:
    1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
    2. The contents of the checkhd.txt log.
    3. The contents of the OTL.txt and Extras.txt logs.


    mambass
     
  4. lexefx

    lexefx Thread Starter

    Joined:
    Jun 7, 2012
    Messages:
    13
    Hi Mambass,

    The type of the file system is NTFS.

    WARNING! F parameter not specified.
    Running CHKDSK in read-only mode.

    CHKDSK is verifying files (stage 1 of 3)...
    CHKDSK is verifying indexes (stage 2 of 3)...

    Errors found. CHKDSK cannot continue in read-only mode.

    OTL logfile created on: 6/14/2012 8:38:02 PM - Run 4
    OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\alex mouroulis\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.07 Mb Total Physical Memory | 144.06 Mb Available Physical Memory | 28.19% Memory free
    1.22 Gb Paging File | 0.70 Gb Available in Paging File | 57.31% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 20.67 Gb Free Space | 55.47% Space Free | Partition Type: NTFS
    Drive F: | 74.53 Gb Total Space | 33.08 Gb Free Space | 44.39% Space Free | Partition Type: NTFS

    Computer Name: LEXEFXDESKTOP | User Name: lexefx | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/09 13:06:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex mouroulis\Desktop\OTL.exe
    PRC - [2012/06/06 21:54:45 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2012/04/28 17:16:37 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
    PRC - [2012/03/27 05:09:24 | 000,421,736 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2009/10/16 16:08:52 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdwcoms.exe
    PRC - [2009/10/16 16:08:40 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdwserv.exe
    PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
    PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
    PRC - [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
    PRC - [2009/05/11 11:47:06 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmon.exe
    PRC - [2009/05/11 11:47:04 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmsdmon.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2001/08/17 18:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/13 04:58:57 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ffeeaf96c7bc4f08de893caeb85164a3\System.Windows.Forms.ni.dll
    MOD - [2012/06/13 04:57:35 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\45a637a2f296cb927008ee3bebe4d9f5\System.Drawing.ni.dll
    MOD - [2012/06/06 21:54:44 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2012/05/10 04:00:14 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\2b3c052a804d2c78cfeba3f37c7771be\System.Configuration.ni.dll
    MOD - [2012/05/10 03:54:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\8171059286d46a3a1d8d4d9693f7674b\System.Xml.ni.dll
    MOD - [2012/05/10 03:43:16 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f116eef17c58f0dad8204cf73696ecf6\System.ni.dll
    MOD - [2012/05/10 03:37:14 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0e6fe5404c8a0a6e852b6984b7cf3f9c\mscorlib.ni.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/10/16 15:55:04 | 000,155,648 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdwdrpp.dll
    MOD - [2009/10/16 15:39:42 | 000,188,416 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdwdatr.dll
    MOD - [2009/10/16 15:39:26 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdwcats.dll
    MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    MOD - [2009/10/14 13:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LvApi11\LvApi11.dll
    MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
    MOD - [2009/08/19 15:33:58 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\lxdwcaps.dll
    MOD - [2009/08/19 15:33:54 | 001,036,288 | ---- | M] () -- C:\WINDOWS\system32\lxdwdrs.dll
    MOD - [2009/07/16 15:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
    MOD - [2009/07/16 15:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
    MOD - [2009/07/16 15:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
    MOD - [2009/07/16 15:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\SDL.dll
    MOD - [2009/07/16 15:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtxml4.dll
    MOD - [2009/07/16 15:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
    MOD - [2009/07/16 15:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtsql4.dll
    MOD - [2009/07/16 15:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
    MOD - [2009/07/16 15:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
    MOD - [2009/07/16 15:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
    MOD - [2009/07/16 15:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
    MOD - [2009/07/16 15:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\phonon4.dll
    MOD - [2009/05/11 11:47:06 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmon.exe
    MOD - [2009/05/11 11:47:04 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmsdmon.exe
    MOD - [2009/05/11 10:43:46 | 000,081,920 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwcaps.dll
    MOD - [2009/05/11 10:43:36 | 000,380,928 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwscw.dll
    MOD - [2009/05/11 10:43:35 | 001,036,288 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwdrs.dll
    MOD - [2009/05/11 10:31:56 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwcnv4.dll
    MOD - [2008/05/27 03:36:57 | 000,036,864 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\app4r.monitor.core.dll
    MOD - [2008/05/27 03:36:57 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\app4r.monitor.common.dll
    MOD - [2008/05/27 03:35:58 | 000,065,536 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\app4r.devmons.mcmdevmon.dll
    MOD - [2008/05/09 10:52:36 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\lxdwcnv4.dll
    MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2008/03/25 04:53:10 | 000,012,288 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2012/06/06 21:54:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/05/05 02:31:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2009/10/16 16:08:52 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxdwcoms.exe -- (lxdw_device)
    SRV - [2009/10/16 16:08:40 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe -- (lxdwCATSCustConnectService)
    SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2010/02/17 20:17:38 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2009/04/30 22:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
    DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2001/08/17 08:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
    DRV - [2001/08/17 08:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
    DRV - [2001/08/17 08:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
    DRV - [2001/08/17 08:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
    DRV - [2001/08/17 08:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
    DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
    DRV - [1997/12/22 21:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://housecall.trendmicro.com/
    IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\..\SearchScopes,DefaultScope = {6F969D16-00AE-4B8D-9792-43D687C7CEE5}
    IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\..\SearchScopes\{6F969D16-00AE-4B8D-9792-43D687C7CEE5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "about:home"


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\alex mouroulis\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/06 21:54:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/11 17:49:01 | 000,000,000 | ---D | M]

    [2009/05/10 02:34:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alex mouroulis\Application Data\Mozilla\Extensions
    [2012/06/11 13:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alex mouroulis\Application Data\Mozilla\Firefox\Profiles\x6vvt8g4.default\extensions
    [2010/04/27 06:37:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\alex mouroulis\Application Data\Mozilla\Firefox\Profiles\x6vvt8g4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/06/13 08:42:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/06/11 14:01:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
    [2012/06/13 08:42:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012/06/11 13:52:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2012/06/06 21:54:45 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\alex mouroulis\Application Data\Facebook\npfbplugin_1_0_3.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

    O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    O4 - HKLM..\Run: [lxdwamon] C:\Program Files\Lexmark 7600 Series\lxdwamon.exe ()
    O4 - HKLM..\Run: [lxdwmon.exe] C:\Program Files\Lexmark 7600 Series\lxdwmon.exe ()
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
    O4 - HKU\S-1-5-21-1229272821-113007714-1708537768-1004..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-1229272821-113007714-1708537768-1004..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
    O4 - Startup: C:\Documents and Settings\alex mouroulis\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1229272821-113007714-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241918822448 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36B53A9B-4336-4CAA-B058-E2DDC24A50F6}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/05/09 21:18:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{06b2c102-8c5b-11e0-abfb-000475c35a0a}\Shell - "" = AutoRun
    O33 - MountPoints2\{06b2c102-8c5b-11e0-abfb-000475c35a0a}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{06b2c102-8c5b-11e0-abfb-000475c35a0a}\Shell\AutoRun\command - "" = G:\KODAK_Software_Downloader.exe
    O33 - MountPoints2\{49d74d0b-8dc4-11de-9a36-000475c35a0a}\Shell\AutoRun\command - "" = H:\RACE-K~1\RACE-K~1.exe
    O33 - MountPoints2\{49d74d0b-8dc4-11de-9a36-000475c35a0a}\Shell\open\command - "" = H:\RACE-K~1\RACE-K~1.exe
    O33 - MountPoints2\{725df16d-5ede-11de-9a22-000475c35a0a}\Shell - "" = AutoRun
    O33 - MountPoints2\{725df16d-5ede-11de-9a22-000475c35a0a}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{725df16d-5ede-11de-9a22-000475c35a0a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{e84c3689-6698-11de-9a23-000475c35a0a}\Shell\AutoRun\command - "" = G:\setupSNK.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/13 10:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/06/13 10:17:52 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\alex mouroulis\Desktop\esetsmartinstaller_enu.exe
    [2012/06/13 08:42:44 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2012/06/13 08:42:44 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2012/06/13 08:42:44 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2012/06/13 01:43:52 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
    [2012/06/12 22:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex mouroulis\Application Data\Malwarebytes
    [2012/06/12 22:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/06/12 22:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/06/12 22:04:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/06/12 22:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/06/12 19:36:30 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\alex mouroulis\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/06/11 17:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2012/06/11 14:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/06/11 14:00:30 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2012/06/11 14:00:21 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
    [2012/06/11 13:29:16 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/06/11 08:56:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/06/11 08:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2012/06/10 18:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [2012/06/10 06:39:42 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
    [2012/06/10 06:39:42 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
    [2012/06/09 13:08:14 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2012/06/09 13:06:56 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\alex mouroulis\Desktop\OTL.exe
    [2012/06/09 13:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/06/07 20:02:41 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\alex mouroulis\Desktop\dds.com
    [2012/06/07 19:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2012/06/07 19:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex mouroulis\Start Menu\Programs\HiJackThis
    [2012/05/31 09:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/03/27 05:09:30 | 000,293,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
    [2012/03/27 05:09:24 | 000,421,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
    [2012/03/27 05:09:24 | 000,124,776 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesMiniPlayer.dll
    [2012/03/27 05:09:22 | 000,156,520 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
    [2012/03/27 05:09:20 | 000,402,792 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
    [2012/03/27 05:09:16 | 009,777,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
    [2012/03/27 05:09:06 | 021,006,696 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
    [2012/03/27 05:09:02 | 003,029,528 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
    [2012/03/27 05:09:02 | 000,797,208 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
    [2012/03/27 05:09:02 | 000,649,576 | ---- | C] (Apple Inc.) -- C:\Program Files\iPodUpdaterExt.dll
    [2012/03/27 05:09:02 | 000,281,112 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
    [2012/03/27 05:09:02 | 000,240,152 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
    [2012/03/06 20:44:32 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx
    [2011/10/26 17:01:40 | 043,835,456 | ---- | C] (Apple Inc.) -- C:\Program Files\iPodVoiceOver.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/06/14 20:37:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/14 20:31:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/06/14 20:21:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-113007714-1708537768-1004UA.job
    [2012/06/14 18:37:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/14 18:27:48 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2012/06/14 18:15:09 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
    [2012/06/14 18:15:07 | 000,013,062 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/06/14 18:14:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/06/14 18:14:06 | 535,969,792 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/14 09:00:40 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/06/13 17:21:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-113007714-1708537768-1004Core.job
    [2012/06/13 10:18:04 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\alex mouroulis\Desktop\esetsmartinstaller_enu.exe
    [2012/06/13 04:45:35 | 000,502,678 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/06/13 04:45:35 | 000,086,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/06/13 03:27:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/06/12 22:09:05 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\SystemLook.exe
    [2012/06/12 22:06:01 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/06/12 22:06:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/12 19:42:14 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\alex mouroulis\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/06/11 21:39:10 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/06/11 21:39:08 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\Google Chrome.lnk
    [2012/06/11 08:54:19 | 000,000,843 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\ERUNT.lnk
    [2012/06/09 23:15:36 | 000,003,971 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\attach.zip
    [2012/06/09 22:35:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/06/09 13:06:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex mouroulis\Desktop\OTL.exe
    [2012/06/09 13:05:07 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2012/06/07 20:03:45 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\erh3wq3q.exe
    [2012/06/07 20:02:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\alex mouroulis\Desktop\dds.com
    [2012/06/07 19:57:44 | 000,002,002 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\HiJackThis.lnk
    [2012/06/07 19:13:41 | 000,015,382 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Desktop\556159_10150940228321614_2132695160_n.jpg
    [2012/06/05 14:45:48 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2012/05/31 09:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
    [2012/05/31 09:15:05 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/05/31 09:15:05 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2012/05/16 11:08:26 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll

    ========== Files Created - No Company Name ==========

    [2012/06/12 22:08:34 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\SystemLook.exe
    [2012/06/12 22:06:01 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/06/12 22:06:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/11 17:49:04 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2012/06/11 08:54:19 | 000,000,843 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\ERUNT.lnk
    [2012/06/09 23:15:36 | 000,003,971 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\attach.zip
    [2012/06/09 13:14:35 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2012/06/09 13:05:07 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
    [2012/06/09 13:04:34 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/06/07 20:03:45 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\erh3wq3q.exe
    [2012/06/07 19:57:44 | 000,002,002 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\HiJackThis.lnk
    [2012/06/07 19:13:40 | 000,015,382 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Desktop\556159_10150940228321614_2132695160_n.jpg
    [2012/06/05 14:45:47 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2012/05/31 09:15:05 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/05/31 09:15:05 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/05/31 09:15:05 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2012/03/06 20:43:04 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
    [2012/02/15 20:09:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/04/09 17:40:31 | 000,402,023 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\census.cache
    [2011/04/09 17:37:28 | 000,160,574 | ---- | C] () -- C:\Documents and Settings\alex mouroulis\Local Settings\Application Data\ars.cache

    ========== LOP Check ==========

    [2010/04/03 23:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Facebook
    [2010/12/29 08:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\FinalTorrent
    [2011/01/18 06:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\FreeFileViewer
    [2010/01/18 23:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\ImgBurn
    [2012/04/28 13:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Leadertech
    [2009/08/11 21:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Lexmark Productivity Studio
    [2009/05/10 15:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Windows Desktop Search
    [2009/05/10 22:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex mouroulis\Application Data\Windows Search
    [2011/08/14 11:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 7600 Series
    [2010/04/07 12:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/10/06 09:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/05/10 22:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2012/06/14 18:15:09 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\Free File Viewer Update Checker.job

    ========== Purity Check ==========



    < End of report >

    still dragging but better.
     

    Attached Files:

  5. mambass

    mambass Malware Specialist

    Joined:
    Apr 11, 2008
    Messages:
    141
    Hi lexefx, :)

    Since OTL isn't showing any application events related to Chkdsk activity, I'm thinking that Chkdsk's warning is a false positive. If you like, you can follow the instructions in the article here to look at your Event Viewer to see if you can find any logged errors. Should you find any errors, those should be taken seriously as a possibility of pending disk failure.

    Your computer appears to be clear of malware. Good job. :thumbup:

    Please stay with me a bit longer because there are a few important things that we still need to do to cleanup and make sure that you don't get infected again.

    Please print these instructions because you will need to close this browser window in a step below.

    • Perform a Custom Fix with OTL
      1. Right-click the OTL icon on your Desktop and select Run As Administrator to run the program.
      2. In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
        Code:
        :processes
        killallprocesses
        :Commands
        [EMPTYTEMP]
        [EMPTYFLASH]
        [EMPTYJAVA]
        [CLEARALLRESTOREPOINTS]
        
        
      3. Close all running applications other than OTL.
      4. Click the Run Fix button at the top.
      5. Let the program run unhindered and reboot the PC when it is done.
      6. When the computer Reboots, and you start your usual account, a Notepad text file will appear.
      7. There's no need to post to log.

    • Cleanup with OTL
      1. Close all windows/applications.
      2. Double-click the OTL on your Desktop.
      3. Click the CleanUp button in the OTL window. The cleanup will begin after which a dialog will be displayed indicating that a reboot is required.
      4. Click the OK button in the message window. The system will reboot.

    • Stay clean
      The important thing now is to actively do things that will help keep you from getting infected in the future.
      1. Keep Antivirus and applications updated
        This is the MOST IMPORTANT thing that you can do to keep from becoming infected.
        • Keep Microsoft products up-to-date with the latest security patches. Either
          • Enable some level of Automatic Updates
            • Click Start > Control Panel. The Control Panel window will be displayed.
            • Double-click the System icon/entry. The System Properties window will be displayed.
            • Click the Automatic Updates tab.
            • Select the option which best fits your needs.
          • Or use Internet Explorer (not Firefox) to visit the Microsoft Update site on a regular basis.

        • I personally use and recommend the free Secunia Personal Software Inspector (PSI). This program will keep you aware of software that is installed on your computer that contains security vulnerabilities for which security patches exist. I have mine set to automatically scan my computer weekly.

        • All updates are important but pay particular attention to updates for all browsers as well as Microsoft, Java and Adobe products. These are widely-used products that Malware writers frequently target.

      2. Read and stay informed!

        To help minimize the chances of becoming re-infected, please read.
        Computer Security - a short guide to staying safer online

        If your computer is running slowly after your clean up, please read.
        What to do if your Computer is running slowly


    I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

    Safe surfing! :)


    mambass
     
  6. lexefx

    lexefx Thread Starter

    Joined:
    Jun 7, 2012
    Messages:
    13
    Hi Mambass,

    Thanks for all your help! what should I do as ongoing maintenance? What tools that I now have, should I use?
     
  7. mambass

    mambass Malware Specialist

    Joined:
    Apr 11, 2008
    Messages:
    141
    Hi lexefx, :)

    You're welcome. :)

    I rely on Secunia PSI to keep me aware of security patches that are available for the software that's installed on my computer. That's about the only maintenance work that needs to be done. Staying on top of the security patches is essential to protecting your system.

    The Computer Security - a short guide to staying safer online thread identifies a number of tools that can be used to help keep you secure. Use the ones that fit your needs.

    Do you have any other questions?

    mambass
     
  8. lexefx

    lexefx Thread Starter

    Joined:
    Jun 7, 2012
    Messages:
    13
    Thanks for all your help! Your a great asset to this forum!
     
  9. mambass

    mambass Malware Specialist

    Joined:
    Apr 11, 2008
    Messages:
    141
    I appreciate the kind words. :)

    Take care.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1056226