Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System check virus?


  • Please log in to reply

#1
tsigoleos

tsigoleos

    New Member

  • Member
  • Pip
  • 1 posts
(updated)

Greetings all.

A friend of mine brought me her pc to show me something weird....
At windows startup a system check window comes on saying the pc is full of errors on everything you can imagine.... memory hard drives registry the lot...
it also pops up 10 or more window messages sayng that failed to save all the components for the file \\System32\00006fb. The file is corrupted or unreadable. This error may be caused by a pc hardware problem. yeah right...
also some "critical error" messages that tell me that my drives are full memory is low etc...
All drives seem to have no items in them, taskmanager is blocked,search doesn t work, all files and foldes attriutes are set to hidden and read only etc.
i ran mbam and it found a hpum hijack threat and removed it but surely there is still something on the machine
It s 1000% a virus or mal-spyware but how can i get rid of it??

Thanking you in advance

G
edit
i m pasting 2 otl log files 1 from safe mde before mbam ran 2 from the user afer mbam

1.the otl.txt (ran it in safe mode)
---------------------------------------------------------------------------------------------------------------
OTL logfile created on: 15/3/2012 22:31:12 - Run 1
OTL by OldTimer - Version 3.2.37.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000408 | Country: Greece | Language: ELL | Date Format: d/M/yyyy

1023,49 Mb Total Physical Memory | 737,60 Mb Available Physical Memory | 72,07% Memory free
1,65 Gb Paging File | 1,51 Gb Available in Paging File | 91,16% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 40,75 Gb Free Space | 54,68% Space Free | Partition Type: NTFS
Drive D: | 128,00 Gb Total Space | 47,30 Gb Free Space | 36,95% Space Free | Partition Type: NTFS
Drive E: | 20,13 Gb Total Space | 18,99 Gb Free Space | 94,31% Space Free | Partition Type: NTFS
Drive H: | 3,72 Gb Total Space | 3,72 Gb Free Space | 99,98% Space Free | Partition Type: FAT32

Computer Name: KOULAPC | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/15 22:05:14 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/14 02:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2006/02/28 14:00:00 | 000,015,360 | -H-- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2005/08/03 22:32:08 | 000,125,440 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/30 15:29:24 | 000,654,848 | -H-- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/27 14:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/14 14:36:48 | 000,085,096 | -H-- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011/01/14 12:35:56 | 000,196,912 | -H-- | M] (Nitro PDF Software) [Auto | Stopped] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2008/12/12 18:06:40 | 000,642,856 | -H-- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2008/12/12 18:05:20 | 000,025,264 | -H-- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,023,984 | -H-- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/04 15:17:15 | 000,627,072 | RH-- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/04/13 20:45:30 | 000,010,624 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/10/27 11:19:26 | 000,050,688 | -H-- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2004/08/04 00:41:36 | 000,606,684 | -H-- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/07/24 07:52:26 | 000,998,004 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/19 04:48:32 | 000,156,604 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 04:48:22 | 000,213,860 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 04:48:08 | 000,011,068 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 04:48:04 | 000,195,432 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/19 04:47:52 | 000,837,548 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/19 04:46:28 | 000,127,948 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2001/08/17 14:19:20 | 000,003,712 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 14:11:06 | 000,066,591 | -H-- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [1999/12/17 01:00:00 | 000,006,752 | -H-- | M] (Creative Technology Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://downloads.php....php?rvs=hompag
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://downloads.php....php?rvs=hompag
IE - HKLM\..\SearchScopes,DefaultScope = {7D562E9C-B8AA-46A7-AE7B-D62E91DBBBBF}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{7D562E9C-B8AA-46A7-AE7B-D62E91DBBBBF}: "URL" = http://downloads.php....php?rvs=hompag


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1229272821-606747145-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/21 14:20:39 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/13 10:53:10 | 000,000,000 | -H-D | M]

[2011/11/28 21:05:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/21 14:20:38 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/09 13:23:48 | 000,411,368 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/21 14:20:33 | 000,001,525 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/30 09:21:18 | 000,002,288 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/21 14:20:33 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/21 14:20:33 | 000,000,760 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/21 14:20:33 | 000,001,219 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-el.xml

O1 HOSTS File: ([2006/02/28 14:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (VisualBeeCommunity Toolbar) - {0e38f85e-eee9-426a-ae1c-60c36b729951} - C:\Program Files\VisualBeeCommunity\prxtbVisu.dll (Conduit Ltd.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VisualBeeCommunity Toolbar) - {0e38f85e-eee9-426a-ae1c-60c36b729951} - C:\Program Files\VisualBeeCommunity\prxtbVisu.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [UNXamjHQiYee.exe] C:\Documents and Settings\All Users\Application Data\UNXamjHQiYee.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\Koula\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Koula\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-606747145-839522115-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1229272821-606747145-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1298493452634 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E6D8509-AECD-442A-AD62-CD76307CD6CC}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E674133-436F-491C-B944-E3F6527FBE4E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/23 22:20:15 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/15 22:30:40 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/03/15 19:58:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2012/03/15 19:57:35 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/03/15 19:57:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012/03/15 19:57:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012/03/15 19:57:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012/03/15 19:57:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/03/15 19:57:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012/03/15 19:57:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/03/15 19:57:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/03/15 19:57:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/03/15 19:57:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/03/15 19:57:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012/03/15 19:57:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012/03/15 19:57:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/03/15 19:57:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2012/03/15 19:57:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/03/15 19:57:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012/03/15 19:57:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/03/15 19:57:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/03/15 19:57:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/03/15 19:48:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 6
[2012/03/15 19:48:31 | 000,000,000 | -H-D | C] -- C:\Program Files\TeamViewer
[2012/03/15 19:36:50 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

========== Files - Modified Within 30 Days ==========

[2012/03/15 22:33:25 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/15 22:28:41 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/15 22:28:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/15 22:26:39 | 003,375,577 | -H-- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000002-80651102}.CDF
[2012/03/15 22:26:39 | 003,375,577 | -H-- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000002-80651102}.BAK
[2012/03/15 22:26:38 | 000,001,166 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/15 22:05:14 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/03/15 22:00:22 | 000,001,170 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/15 20:06:32 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E66322C8-BC1B-4797-93FF-E490055AE87B}.job
[2012/03/15 11:35:19 | 001,704,496 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 11:26:45 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/15 11:04:26 | 000,000,448 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\TirtArkNzl3lDl
[2012/03/15 11:01:07 | 000,000,320 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~TirtArkNzl3lDl
[2012/03/15 11:01:07 | 000,000,232 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~TirtArkNzl3lDlr
[2012/03/15 11:00:52 | 000,337,920 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\TirtArkNzl3lDl.exe
[2012/03/15 10:47:56 | 000,429,056 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\UNXamjHQiYee.exe
[2012/03/15 00:57:44 | 000,025,296 | -H-- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000002-80651102}.rfx
[2012/03/15 00:57:44 | 000,025,296 | -H-- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000002-80651102}.rfx
[2012/03/15 00:57:44 | 000,016,516 | -H-- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000002-80651102}.rfx
[2012/03/15 00:57:44 | 000,016,516 | -H-- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000002-80651102}.rfx
[2012/03/15 00:57:44 | 000,001,080 | -H-- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/03/15 00:57:44 | 000,001,080 | -H-- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/03/15 00:57:44 | 000,000,024 | -H-- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000002-80651102}.dat
[2012/03/15 00:57:44 | 000,000,024 | -H-- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000002-80651102}.dat
[2012/02/23 11:58:05 | 000,001,074 | -H-- | M] () -- C:\WINDOWS\tasks\Roxio PhotoShow Updater.job
[2012/02/16 01:41:40 | 000,505,208 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 01:41:40 | 000,089,054 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/03/15 19:57:35 | 000,001,599 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/03/15 19:57:35 | 000,000,792 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012/03/15 11:01:07 | 000,000,232 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~TirtArkNzl3lDlr
[2012/03/15 11:01:06 | 000,000,320 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~TirtArkNzl3lDl
[2012/03/15 11:00:58 | 000,000,448 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\TirtArkNzl3lDl
[2012/03/15 11:00:45 | 000,337,920 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\TirtArkNzl3lDl.exe
[2012/03/15 10:50:57 | 000,429,056 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\UNXamjHQiYee.exe
[2012/02/15 09:52:05 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 09:52:05 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/01/09 01:56:31 | 000,484,302 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1229272821-606747145-839522115-1003-0.dat
[2011/11/17 00:55:20 | 000,484,302 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/09/29 19:58:18 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/06/09 20:34:16 | 000,003,654 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2011/05/30 15:52:42 | 002,463,976 | -H-- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2011/05/13 14:55:25 | 000,000,043 | -H-- | C] () -- C:\WINDOWS\hpfccopy.INI
[2011/05/12 12:54:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2011/05/12 10:51:09 | 000,000,103 | -H-- | C] () -- C:\WINDOWS\CTRec.INI
[2011/03/22 11:19:26 | 000,079,830 | -H-- | C] () -- C:\WINDOWS\hpgins07.dat
[2011/03/22 11:19:26 | 000,000,848 | -H-- | C] () -- C:\WINDOWS\hpgmdl07.dat
[2011/03/09 11:39:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/02 15:42:27 | 000,000,024 | -H-- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000002-80651102}.dat
[2011/03/02 15:42:27 | 000,000,024 | -H-- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000002-80651102}.dat
[2011/03/02 15:41:45 | 000,179,669 | -H-- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2011/03/02 15:41:44 | 000,164,044 | -H-- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2011/03/02 15:41:44 | 000,113,373 | -H-- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2011/03/02 15:41:44 | 000,113,273 | -H-- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2011/03/02 15:41:44 | 000,044,055 | -H-- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2011/03/02 15:41:24 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2011/03/02 15:41:23 | 000,184,320 | -H-- | C] () -- C:\WINDOWS\PSCONV.EXE
[2011/03/02 15:41:22 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2011/03/02 15:41:22 | 000,000,180 | -H-- | C] () -- C:\WINDOWS\System32\KILL.INI
[2011/03/02 15:41:14 | 000,065,536 | -H-- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2011/02/24 02:42:55 | 000,000,307 | -H-- | C] () -- C:\WINDOWS\SBWIN.INI
[2011/02/24 02:42:54 | 000,000,231 | -H-- | C] () -- C:\WINDOWS\AC3API.INI
[2011/02/24 02:42:53 | 001,048,576 | -H-- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2011/02/24 02:42:03 | 000,037,727 | -H-- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2011/02/24 02:42:03 | 000,000,029 | -H-- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/02/24 00:00:50 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/02/23 23:59:39 | 001,704,496 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/23 22:32:06 | 000,015,312 | RH-- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/02/23 22:23:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/02/23 22:17:05 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2012/03/15 19:58:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2011/03/18 13:51:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/09/30 09:21:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/11/16 11:54:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CivilTeam
[2011/09/29 20:03:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2011/09/29 20:01:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/05/06 22:15:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/05/12 10:58:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow
[2011/05/12 10:58:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets
[2011/05/28 19:10:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Koula\Application Data\Autodesk
[2011/09/30 09:21:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Koula\Application Data\Babylon
[2011/11/16 10:11:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Koula\Application Data\BabylonToolbar
[2011/07/26 11:37:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Koula\Application Data\DVDVideoSoft
[2011/07/26 11:36:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Koula\Application Data\DVDVideoSoftIEHelpers
[2011/03/09 16:23:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Koula\Application Data\InterVideo
[2011/05/06 22:17:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Koula\Application Data\Nitro PDF
[2011/05/06 22:13:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Koula\Application Data\OpenCandy
[2011/03/09 13:28:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Koula\Application Data\OpenOffice.org
[2012/03/15 21:33:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Koula\Application Data\PriceGong
[2011/05/12 10:58:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Koula\Application Data\Simple Star
[2012/03/15 19:48:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Koula\Application Data\TeamViewer
[2012/03/15 22:33:25 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/03/15 20:06:32 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E66322C8-BC1B-4797-93FF-E490055AE87B}.job

========== Purity Check ==========



< End of report >
----------------------------------------------------------------------------------------------------------------





2.The OTL log from the user in normal windows startup
-----------------------------------------------------------------------------------------------

OTL logfile created on: 16/3/2012 00:00:37 - Run 3
OTL by OldTimer - Version 3.2.37.0 Folder = C:\Documents and Settings\Koula\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000408 | Country: Greece | Language: ELL | Date Format: d/M/yyyy

1023,49 Mb Total Physical Memory | 506,53 Mb Available Physical Memory | 49,49% Memory free
1,65 Gb Paging File | 1,32 Gb Available in Paging File | 79,76% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 39,71 Gb Free Space | 53,28% Space Free | Partition Type: NTFS
Drive D: | 128,00 Gb Total Space | 47,30 Gb Free Space | 36,95% Space Free | Partition Type: NTFS
Drive E: | 20,13 Gb Total Space | 18,99 Gb Free Space | 94,31% Space Free | Partition Type: NTFS
Drive H: | 3,72 Gb Total Space | 3,71 Gb Free Space | 99,73% Space Free | Partition Type: FAT32

Computer Name: KOULAPC | User Name: Koula | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/15 22:05:14 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Koula\Desktop\OTL.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/30 15:29:24 | 000,654,848 | -H-- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/01/14 12:35:56 | 000,196,912 | -H-- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2010/05/21 00:56:14 | 011,312,128 | -H-- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:55:10 | 011,318,784 | -H-- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/02/16 11:43:33 | 001,358,384 | RH-- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | -H-- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/14 02:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 21:46:20 | 000,624,248 | -H-- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2007/01/15 12:23:48 | 000,344,064 | -H-- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/10/27 07:41:18 | 000,221,184 | -H-- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/10/27 07:14:48 | 000,010,752 | -H-- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2002/07/02 11:56:00 | 000,024,576 | -H-- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2002/03/22 06:41:56 | 000,094,208 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/03 17:28:36 | 001,292,288 | -H-- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | -H-- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008/04/14 02:12:42 | 000,148,992 | -H-- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2008/04/14 02:11:59 | 000,014,336 | -H-- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 02:11:52 | 000,498,742 | -H-- | M] () -- C:\WINDOWS\system32\dxmasf.dll
MOD - [2008/04/14 02:11:51 | 000,059,904 | -H-- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/08/21 12:32:44 | 000,098,304 | -H-- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2006/10/27 07:17:56 | 000,516,096 | -H-- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/10/27 07:13:06 | 004,587,520 | RH-- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/10/26 14:00:42 | 000,049,152 | -H-- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\VCUPermits9.dll
MOD - [2006/10/26 14:00:30 | 000,069,632 | -H-- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\VCUError9.dll
MOD - [2006/02/28 14:00:00 | 000,015,360 | -H-- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2005/08/03 22:32:08 | 000,125,440 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/30 15:29:24 | 000,654,848 | -H-- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/27 14:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/14 14:36:48 | 000,085,096 | -H-- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011/01/14 12:35:56 | 000,196,912 | -H-- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2008/12/12 18:06:40 | 000,642,856 | -H-- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2008/12/12 18:05:20 | 000,025,264 | -H-- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,023,984 | -H-- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/04 15:17:15 | 000,627,072 | RH-- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/04/13 20:45:30 | 000,010,624 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/10/27 11:19:26 | 000,050,688 | -H-- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2004/08/04 00:41:36 | 000,606,684 | -H-- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/07/24 07:52:26 | 000,998,004 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/19 04:48:32 | 000,156,604 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 04:48:22 | 000,213,860 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 04:48:08 | 000,011,068 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 04:48:04 | 000,195,432 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/19 04:47:52 | 000,837,548 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/19 04:46:28 | 000,127,948 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2001/08/17 14:19:20 | 000,003,712 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 14:11:06 | 000,066,591 | -H-- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [1999/12/17 01:00:00 | 000,006,752 | -H-- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://downloads.php....php?rvs=hompag
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://downloads.php....php?rvs=hompag
IE - HKLM\..\SearchScopes,DefaultScope = {7D562E9C-B8AA-46A7-AE7B-D62E91DBBBBF}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{7D562E9C-B8AA-46A7-AE7B-D62E91DBBBBF}: "URL" = http://downloads.php....php?rvs=hompag

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://downloads.php....php?rvs=hompag
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...0000050da6e4b3d
IE - HKCU\..\URLSearchHook: {0e38f85e-eee9-426a-ae1c-60c36b729951} - C:\Program Files\VisualBeeCommunity\prxtbVisu.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000050da6e4b3d
IE - HKCU\..\SearchScopes\{7088DF60-5A7C-4AF9-9CC6-E4CA5597559D}: "URL" = http://websearch.ask...2E-5997BDBC1307
IE - HKCU\..\SearchScopes\{7D562E9C-B8AA-46A7-AE7B-D62E91DBBBBF}: "URL" = http://downloads.php....php?rvs=hompag
IE - HKCU\..\SearchScopes\{8D8CEE6E-D36E-4DAF-9011-FDC22BF4E9AC}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3032526
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...260118707136863
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "VisualBeeCommunity Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...babsrc=HP_Prot"
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/21 14:20:39 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/13 10:53:10 | 000,000,000 | -H-D | M]

[2011/03/09 11:40:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Koula\Application Data\Mozilla\Extensions
[2012/03/09 10:57:55 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Koula\Application Data\Mozilla\Firefox\Profiles\sz3avu5n.default\extensions
[2012/03/07 22:53:26 | 000,000,000 | -H-D | M] (VisualBeeCommunity Community Toolbar) -- C:\Documents and Settings\Koula\Application Data\Mozilla\Firefox\Profiles\sz3avu5n.default\extensions\{0e38f85e-eee9-426a-ae1c-60c36b729951}
[2011/03/18 13:18:26 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Koula\Application Data\Mozilla\Firefox\Profiles\sz3avu5n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/26 11:36:38 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Koula\Application Data\Mozilla\Firefox\Profiles\sz3avu5n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/03/09 10:57:55 | 000,000,000 | -H-D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Documents and Settings\Koula\Application Data\Mozilla\Firefox\Profiles\sz3avu5n.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2011/09/29 19:58:58 | 000,000,000 | -H-D | M] (DealPly) -- C:\Documents and Settings\Koula\Application Data\Mozilla\Firefox\Profiles\sz3avu5n.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011/09/30 09:21:25 | 000,000,000 | -H-D | M] (Babylon) -- C:\Documents and Settings\Koula\Application Data\Mozilla\Firefox\Profiles\sz3avu5n.default\extensions\[email protected]
[2011/03/18 13:18:25 | 000,000,000 | -H-D | M] (Personas) -- C:\Documents and Settings\Koula\Application Data\Mozilla\Firefox\Profiles\sz3avu5n.default\extensions\[email protected]
[2011/09/29 10:37:08 | 000,002,404 | -H-- | M] () -- C:\Documents and Settings\Koula\Application Data\Mozilla\Firefox\Profiles\sz3avu5n.default\searchplugins\askcom.xml
[2011/09/04 10:19:48 | 000,000,939 | -H-- | M] () -- C:\Documents and Settings\Koula\Application Data\Mozilla\Firefox\Profiles\sz3avu5n.default\searchplugins\conduit.xml
[2011/09/29 19:57:23 | 000,002,207 | -H-- | M] () -- C:\Documents and Settings\Koula\Application Data\Mozilla\Firefox\Profiles\sz3avu5n.default\searchplugins\MyStart Search.xml
[2011/11/28 21:05:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/21 14:20:38 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/09 13:23:48 | 000,411,368 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/21 14:20:33 | 000,001,525 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/30 09:21:18 | 000,002,288 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/21 14:20:33 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/21 14:20:33 | 000,000,760 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/21 14:20:33 | 000,001,219 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-el.xml

O1 HOSTS File: ([2006/02/28 14:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (VisualBeeCommunity Toolbar) - {0e38f85e-eee9-426a-ae1c-60c36b729951} - C:\Program Files\VisualBeeCommunity\prxtbVisu.dll (Conduit Ltd.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VisualBeeCommunity Toolbar) - {0e38f85e-eee9-426a-ae1c-60c36b729951} - C:\Program Files\VisualBeeCommunity\prxtbVisu.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (VisualBeeCommunity Toolbar) - {0E38F85E-EEE9-426A-AE1C-60C36B729951} - C:\Program Files\VisualBeeCommunity\prxtbVisu.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\Koula\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Koula\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Append to existing PDF - Reg Error: Value error. File not found
O8 - Extra context menu item: Convert link target to Adobe PDF - Reg Error: Value error. File not found
O8 - Extra context menu item: Convert link target to existing PDF - Reg Error: Value error. File not found
O8 - Extra context menu item: Convert selected links to Adobe PDF - Reg Error: Value error. File not found
O8 - Extra context menu item: Convert selected links to existing PDF - Reg Error: Value error. File not found
O8 - Extra context menu item: Convert selection to Adobe PDF - Reg Error: Value error. File not found
O8 - Extra context menu item: Convert selection to existing PDF - Reg Error: Value error. File not found
O8 - Extra context menu item: Convert to Adobe PDF - Reg Error: Value error. File not found
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Koula\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Koula\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1298493452634 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E6D8509-AECD-442A-AD62-CD76307CD6CC}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E674133-436F-491C-B944-E3F6527FBE4E}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Koula\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Koula\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/23 22:20:15 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/15 23:41:44 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Koula\Desktop\OTL.exe
[2012/03/15 23:27:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/03/15 23:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Koula\Application Data\Malwarebytes
[2012/03/15 22:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/15 22:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/15 22:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/15 22:19:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Koula\Recent
[2012/03/15 19:48:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Koula\Application Data\TeamViewer
[2012/03/15 19:48:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 6
[2012/03/15 19:48:31 | 000,000,000 | -H-D | C] -- C:\Program Files\TeamViewer
[2012/03/15 19:36:50 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/03/15 11:01:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Koula\Start Menu\Programs\System Check
[2012/03/06 15:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Koula\Desktop\Προβα ANAL VERITAS

========== Files - Modified Within 30 Days ==========

[2012/03/16 00:00:29 | 000,001,170 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/15 23:44:40 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/15 23:41:15 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/15 23:39:18 | 000,001,166 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/15 23:39:16 | 003,375,577 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000002-80651102}.CDF
[2012/03/15 23:39:16 | 003,375,577 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000002-80651102}.BAK
[2012/03/15 23:39:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/15 23:39:04 | 1073,274,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/15 23:37:47 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2012/03/15 22:57:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/15 22:05:14 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Koula\Desktop\OTL.exe
[2012/03/15 20:06:32 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E66322C8-BC1B-4797-93FF-E490055AE87B}.job
[2012/03/15 11:35:19 | 001,704,496 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 11:26:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/15 11:09:23 | 000,000,853 | -H-- | M] () -- C:\Documents and Settings\Koula\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/15 11:04:26 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TirtArkNzl3lDl
[2012/03/15 11:01:07 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~TirtArkNzl3lDl
[2012/03/15 11:01:07 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~TirtArkNzl3lDlr
[2012/03/15 11:00:52 | 000,337,920 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TirtArkNzl3lDl.exe
[2012/03/15 00:57:44 | 000,025,296 | -H-- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000002-80651102}.rfx
[2012/03/15 00:57:44 | 000,025,296 | -H-- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000002-80651102}.rfx
[2012/03/15 00:57:44 | 000,016,516 | -H-- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000002-80651102}.rfx
[2012/03/15 00:57:44 | 000,016,516 | -H-- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000002-80651102}.rfx
[2012/03/15 00:57:44 | 000,001,080 | -H-- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/03/15 00:57:44 | 000,001,080 | -H-- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/03/15 00:57:44 | 000,000,024 | -H-- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000002-80651102}.dat
[2012/03/15 00:57:44 | 000,000,024 | -H-- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000002-80651102}.dat
[2012/03/09 22:15:39 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\Koula\My Documents\spider.sav
[2012/03/09 11:28:36 | 000,068,309 | ---- | M] () -- C:\Documents and Settings\Koula\Desktop\paragellia ladi.pdf
[2012/03/09 11:26:38 | 000,068,551 | ---- | M] () -- C:\Documents and Settings\Koula\Desktop\paragellia patatas.pdf
[2012/02/23 11:58:05 | 000,001,074 | -H-- | M] () -- C:\WINDOWS\tasks\Roxio PhotoShow Updater.job
[2012/02/16 01:41:40 | 000,505,208 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 01:41:40 | 000,089,054 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/03/15 23:37:00 | 000,001,983 | ---- | C] () -- C:\Documents and Settings\Koula\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
[2012/03/15 23:37:00 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Koula\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2012/03/15 23:15:21 | 1073,274,880 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/15 22:57:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/15 11:09:23 | 000,000,853 | -H-- | C] () -- C:\Documents and Settings\Koula\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/15 11:01:07 | 000,000,232 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~TirtArkNzl3lDlr
[2012/03/15 11:01:06 | 000,000,320 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~TirtArkNzl3lDl
[2012/03/15 11:00:58 | 000,000,448 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\TirtArkNzl3lDl
[2012/03/15 11:00:45 | 000,337,920 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\TirtArkNzl3lDl.exe
[2012/03/09 11:28:36 | 000,068,309 | ---- | C] () -- C:\Documents and Settings\Koula\Desktop\paragellia ladi.pdf
[2012/03/09 11:26:38 | 000,068,551 | ---- | C] () -- C:\Documents and Settings\Koula\Desktop\paragellia patatas.pdf
[2012/02/15 09:52:05 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 09:52:05 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/11 01:15:04 | 000,012,648 | -H-- | C] () -- C:\Documents and Settings\Koula\Local Settings\Application Data\rx_audio.Cache
[2012/01/09 01:56:31 | 000,484,302 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1229272821-606747145-839522115-1003-0.dat
[2011/11/17 00:55:20 | 000,484,302 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/09/29 19:58:18 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/06/09 20:34:16 | 000,003,654 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2011/05/30 15:52:42 | 002,463,976 | -H-- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2011/05/28 19:11:25 | 000,000,360 | -H-- | C] () -- C:\Documents and Settings\Koula\Local Settings\Application Data\rx_image.Cache
[2011/05/13 14:55:25 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI
[2011/05/12 12:54:12 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/05/12 10:51:09 | 000,000,103 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2011/03/22 11:30:21 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Koula\Local Settings\Application Data\fusioncache.dat
[2011/03/22 11:19:26 | 000,079,830 | ---- | C] () -- C:\WINDOWS\hpgins07.dat
[2011/03/22 11:19:26 | 000,000,848 | ---- | C] () -- C:\WINDOWS\hpgmdl07.dat
[2011/03/09 11:39:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/02 16:08:26 | 000,068,608 | -H-- | C] () -- C:\Documents and Settings\Koula\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/02 15:42:27 | 000,000,024 | -H-- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000002-80651102}.dat
[2011/03/02 15:42:27 | 000,000,024 | -H-- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000002-80651102}.dat
[2011/03/02 15:41:45 | 000,179,669 | -H-- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2011/03/02 15:41:44 | 000,164,044 | -H-- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2011/03/02 15:41:44 | 000,113,373 | -H-- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2011/03/02 15:41:44 | 000,113,273 | -H-- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2011/03/02 15:41:44 | 000,044,055 | -H-- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2011/03/02 15:41:24 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2011/03/02 15:41:23 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2011/03/02 15:41:22 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2011/03/02 15:41:22 | 000,000,180 | -H-- | C] () -- C:\WINDOWS\System32\KILL.INI
[2011/03/02 15:41:14 | 000,065,536 | -H-- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2011/02/24 02:42:55 | 000,000,307 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2011/02/24 02:42:54 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2011/02/24 02:42:53 | 001,048,576 | -H-- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2011/02/24 02:42:03 | 000,037,727 | -H-- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2011/02/24 02:42:03 | 000,000,029 | -H-- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/02/24 00:00:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/02/23 23:59:39 | 001,704,496 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/23 22:32:06 | 000,015,312 | RH-- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/02/23 22:23:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/02/23 22:17:05 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2011/03/18 13:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/09/30 09:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/11/16 11:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CivilTeam
[2011/09/29 20:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2011/09/29 20:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/05/06 22:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/05/12 10:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow
[2011/05/12 10:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets
[2011/05/28 19:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Koula\Application Data\Autodesk
[2011/09/30 09:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Koula\Application Data\Babylon
[2011/11/16 10:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Koula\Application Data\BabylonToolbar
[2011/07/26 11:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Koula\Application Data\DVDVideoSoft
[2011/07/26 11:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Koula\Application Data\DVDVideoSoftIEHelpers
[2011/03/09 16:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Koula\Application Data\InterVideo
[2011/05/06 22:17:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Koula\Application Data\Nitro PDF
[2011/05/06 22:13:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Koula\Application Data\OpenCandy
[2011/03/09 13:28:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Koula\Application Data\OpenOffice.org
[2012/03/15 21:33:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Koula\Application Data\PriceGong
[2011/05/12 10:58:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Koula\Application Data\Simple Star
[2012/03/15 19:48:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Koula\Application Data\TeamViewer
[2012/03/15 23:44:40 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/03/15 20:06:32 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E66322C8-BC1B-4797-93FF-E490055AE87B}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/10/01 13:25:45 | 000,000,000 | R--D | M](C:\Documents and Settings\Koula\Desktop\ikaria?) -- C:\Documents and Settings\Koula\Desktop\ikaria
[2011/03/19 22:48:46 | 000,000,000 | R--D | C](C:\Documents and Settings\Koula\Desktop\ikaria?) -- C:\Documents and Settings\Koula\Desktop\ikaria

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Koula\My Documents\Οι σαρώσεις μου:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Koula\My Documents\sxedio.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Koula\My Documents\DVDVideoSoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Koula\Desktop\Προβα ANAL VERITAS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Koula\Desktop\αυθαίρετα:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Koula\Desktop\top-elasswnas:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Koula\Desktop\inst(1).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Koula\Desktop\GONE NUTTY.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Koula\Desktop\FONTS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Koula\Desktop\E-News:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Koula\Desktop\decitions2ext.wav:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Koula\Desktop\DECITIONS.wav:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Koula\Desktop\[2011] Lulu - Lou Reed And Metallica:Roxio EMC Stream

< End of report >
-----------------------------------------------------------------------------------------------


thanx again in advance

Edited by tsigoleos, 15 March 2012 - 04:16 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP