WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

"Trojan.Zeroaccess! khem" is getting on my nerves... :(

Started by thatguy89 , Feb 24 2012 09:11 AM

Page 6 of 10
4
5
6
7
8

This topic is locked

136 replies to this topic

#76 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 08 March 2012 - 11:34 AM

Hi,

Run ERUNT again and then do the following:

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:Services

:OTL
SRV - (Norton Internet Security) -- File not found
DRV - (SASKUTIL) -- File not found
DRV - (SASDIFSV) -- File not found
DRV - (NwlnkFwd) -- File not found
DRV - (NwlnkFlt) -- File not found
DRV - (IpInIp) -- File not found
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{449E6B05-733D-47E5-B2CB-BD3C4E983F4F}: "URL" = http://uk.kelkoopartners.net/ctl/do/search...tnerId=96913936
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&ap...q={searchTerms}
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l...q={SEARCHTERMS}
IE - HKLM\..\SearchScopes\{B96022F1-5D71-49A3-A8ED-17B26FC70B63}: "URL" = http://slirsredirect.search.aol.com/slirs_...hpcnnbie7-en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=i...mp;locale=en_UK
IE - HKCU\..\SearchScopes\{449E6B05-733D-47E5-B2CB-BD3C4E983F4F}: "URL" = http://uk.kelkoopartners.net/ctl/do/search...tnerId=96913936
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&ap...q={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/web?q={SEARCHTERMS}&...o=GB&ver=17
IE - HKCU\..\SearchScopes\{B96022F1-5D71-49A3-A8ED-17B26FC70B63}: "URL" = http://slirsredirect.search.aol.com/slirs_...hpcnnbie7-en-gb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074
FF - prefs.js..browser.search.defaultenginename: "iLivid Web Search"
FF - prefs.js..browser.search.order.1: "iLivid Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.ask.co.uk"
FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.4.1.00
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.7.0.6
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=101&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
[2011/10/12 15:53:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/03/04 13:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/01/22 15:37:25 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}(356)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O33 - MountPoints2\{25d47d5d-dc37-11de-adef-00238be688d6}\Shell - "" = AutoRun
O33 - MountPoints2\{25d47d5d-dc37-11de-adef-00238be688d6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{7e845458-a480-11de-a064-00238be688d6}\Shell - "" = AutoRun
O33 - MountPoints2\{7e845458-a480-11de-a064-00238be688d6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[createrestorepoint]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Advertisements

Register to Remove

#77 thatguy89

Authentic Member

Authentic Member
80 posts

Posted 08 March 2012 - 04:17 PM

Hola,
Here's the results log:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service Norton Internet Security stopped successfully!
Service Norton Internet Security deleted successfully!
File File not found not found.
Service SASKUTIL stopped successfully!
Service SASKUTIL deleted successfully!
File File not found not found.
Service SASDIFSV stopped successfully!
Service SASDIFSV deleted successfully!
File File not found not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
C:\Program Files\Vuze_Remote\prxtbVuze.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{449E6B05-733D-47E5-B2CB-BD3C4E983F4F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{449E6B05-733D-47E5-B2CB-BD3C4E983F4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B96022F1-5D71-49A3-A8ED-17B26FC70B63}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B96022F1-5D71-49A3-A8ED-17B26FC70B63}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{449E6B05-733D-47E5-B2CB-BD3C4E983F4F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{449E6B05-733D-47E5-B2CB-BD3C4E983F4F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B96022F1-5D71-49A3-A8ED-17B26FC70B63}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B96022F1-5D71-49A3-A8ED-17B26FC70B63}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "iLivid Web Search" removed from browser.search.defaultenginename
Prefs.js: "iLivid Web Search" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "www.ask.co.uk" removed from browser.startup.homepage
Prefs.js: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.4.1.00 removed from extensions.enabledItems
Prefs.js: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.7.0.6 removed from extensions.enabledItems
Prefs.js: "http://www.searchqu....id=406&sr=0&q=" removed from keyword.URL
Prefs.js: "*.local" removed from network.proxy.no_proxies_on
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}(356)\searchplugin folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}(356)\modules folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}(356)\META-INF folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}(356)\defaults folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}(356)\components folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}(356)\chrome folder moved successfully.
C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}(356) folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25d47d5d-dc37-11de-adef-00238be688d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25d47d5d-dc37-11de-adef-00238be688d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25d47d5d-dc37-11de-adef-00238be688d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25d47d5d-dc37-11de-adef-00238be688d6}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e845458-a480-11de-a064-00238be688d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e845458-a480-11de-a064-00238be688d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e845458-a480-11de-a064-00238be688d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e845458-a480-11de-a064-00238be688d6}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Compaq\Desktop\cmd.bat deleted successfully.
C:\Users\Compaq\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Compaq
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 3958820 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb

OTL by OldTimer - Version 3.2.36.1 log created on 03082012_221314

Files\Folders moved on Reboot...
C:\Users\Compaq\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS0319OK\iframe[1].htm moved successfully.
C:\Users\Compaq\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9T4MIH1\index[1].htm moved successfully.

Registry entries deleted on Reboot...

#78 thatguy89

Authentic Member

Authentic Member
80 posts

Posted 08 March 2012 - 04:24 PM

and here's the scan

(No extras this time. I did "run scan" rather than quick...)

OTL logfile created on: 08/03/2012 22:18:36 - Run 2
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Compaq\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 82.63% Memory free
6.06 Gb Paging File | 5.74 Gb Available in Paging File | 94.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.33 Gb Total Space | 125.84 Gb Free Space | 56.60% Space Free | Partition Type: NTFS
Drive D: | 10.55 Gb Total Space | 1.80 Gb Free Space | 17.04% Space Free | Partition Type: NTFS

Computer Name: COMPAQ-PC | User Name: Compaq | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Compaq\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe (COMODO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\WinRAR\RarExt.dll ()

========== Win32 Services (SafeList) ==========

SRV - (PSEXESVC) -- C:\Windows\PSEXESVC.EXE (Sysinternals)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (CLPSLS) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (SeagateDashboardService) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_O2DA) SupportSoft Sprocket Service (O2DA) -- C:\Program Files\O2 Assistant\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_O2DA) SupportSoft Repair Service (O2DA) -- C:\Program Files\O2 Assistant\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MA_CMIDI_InstallerService) -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (Avid Technology, Inc.)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120110.032\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120110.032\NAVENG.SYS (Symantec Corporation)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ()
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20111223.001\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20120110.002\IDSvix86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (RapportIaso) -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys (Trusteer Ltd.)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (RapportBuka) -- C:\Windows\System32\drivers\RapportBuka.sys (Trusteer Ltd.)
DRV - (SE1008mdm) -- C:\Windows\System32\drivers\SE1008mdm.sys (Sony Ericsson)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (MA_CMIDI) -- C:\Windows\System32\drivers\MA_CMIDI.SYS (M-Audio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{CAC4D04F-B0F4-442A-8CA9-988E7117AFE3}: "URL" = http://uk.search.yah...amp;type=ie2008

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{CAC4D04F-B0F4-442A-8CA9-988E7117AFE3}: "URL" = http://uk.search.yah...amp;type=ie2008
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.4.3
FF - prefs.js..network.proxy.no_proxies_on: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Compaq\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Compaq\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2012/03/04 13:18:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_4_3 [2012/03/04 13:18:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/04 13:18:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/04 13:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/04 13:18:48 | 000,000,000 | ---D | M]

[2011/10/12 21:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Compaq\AppData\Roaming\mozilla\Extensions
[2012/03/08 22:13:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions
[2010/03/13 21:03:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/04 13:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\cacaoweb@cacaoweb.org
[2012/01/22 14:56:00 | 000,000,000 | ---D | M] (Bflix extension) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\info@thebflix.com
[2012/01/22 15:02:31 | 000,002,472 | ---- | M] () -- C:\Users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\zyg90ndo.default\searchplugins\safesearch.xml
[2012/03/04 13:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/04 13:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012/01/22 14:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(117)
[2012/01/22 14:55:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(117)\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/04 13:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\COFFPLGN_2011_7_4_3
[2012/03/04 13:18:59 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPLGN
[2012/03/04 13:18:59 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\COMPAQ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZYG90NDO.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
File not found (No name found) -- C:\USERS\COMPAQ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZYG90NDO.DEFAULT\EXTENSIONS\{BA14329E-9550-4989-B3F2-9732E92D17CC}
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/21 05:14:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/21 05:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 05:14:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/21 05:14:26 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/21 05:14:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{googl
e:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chro
me&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client
=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Compaq\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [COMODO] C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Send] C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe ()
O4 - HKLM..\Run: [O2DA] C:\Program Files\O2 Assistant\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found
O4 - Startup: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate Product Registration.lnk = C:\Users\Compaq\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe (Leader Technologies/Seagate)
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73F92850-0943-4CBD-8836-3F9DF80843DA}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/08 17:06:36 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Compaq\Desktop\OTL.exe
[2012/03/08 17:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/03/08 09:17:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/08 09:17:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/08 09:17:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/08 09:17:48 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/08 09:17:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/08 09:16:42 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/03/07 18:48:33 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/03/07 18:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/03/07 18:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/03/07 10:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/06 16:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/03/01 17:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/28 15:44:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/28 15:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/26 11:38:43 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\Tific
[2012/02/26 11:35:33 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Local\Symantec
[2012/02/26 10:15:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/26 00:26:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/20 13:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/02/20 11:27:24 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/20 11:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/20 11:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/20 10:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/02/20 10:25:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/02/20 10:24:29 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Local\Comodo
[2012/02/20 10:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/02/20 10:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2012/02/20 10:03:58 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\Malwarebytes
[2012/02/20 10:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/20 10:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/13 12:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe

========== Files - Modified Within 30 Days ==========

[2012/03/08 22:15:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/08 17:06:39 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Compaq\Desktop\OTL.exe
[2012/03/08 17:04:32 | 000,000,913 | ---- | M] () -- C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/03/08 17:04:22 | 000,000,733 | ---- | M] () -- C:\Users\Compaq\Desktop\NTREGOPT.lnk
[2012/03/08 17:04:22 | 000,000,714 | ---- | M] () -- C:\Users\Compaq\Desktop\ERUNT.lnk
[2012/03/08 16:59:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/08 16:59:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 18:56:14 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/03/07 18:56:04 | 000,000,391 | ---- | M] () -- C:\temp398.bat
[2012/03/07 18:53:37 | 000,000,391 | ---- | M] () -- C:\temp171.bat
[2012/03/07 18:47:51 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/03/07 18:47:21 | 004,104,666 | ---- | M] () -- C:\Users\Compaq\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/03/07 11:44:51 | 000,591,918 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/07 11:44:51 | 000,099,800 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/07 11:19:16 | 000,002,627 | ---- | M] () -- C:\Users\Compaq\Desktop\Microsoft Office Word 2007.lnk
[2012/03/07 10:40:38 | 000,006,756 | ---- | M] () -- C:\Users\Compaq\AppData\Local\d3d9caps.dat
[2012/03/07 10:25:47 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4056065152-634905853-1308159465-1000UA.job
[2012/03/07 10:25:39 | 000,002,047 | ---- | M] () -- C:\Users\Compaq\Desktop\Google Chrome.lnk
[2012/03/07 10:25:39 | 000,002,009 | ---- | M] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/07 10:25:25 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/07 10:24:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4056065152-634905853-1308159465-1000Core.job
[2012/03/07 10:20:42 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/03/07 10:14:27 | 002,185,990 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB
[2012/03/07 10:12:00 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/03/07 10:10:59 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/03/07 10:02:12 | 000,001,108 | ---- | M] () -- C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate Product Registration.lnk
[2012/03/06 16:21:25 | 000,001,057 | ---- | M] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/03/06 16:21:25 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012/03/04 13:24:05 | 003,745,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/26 00:23:00 | 002,044,183 | ---- | M] () -- C:\Users\Compaq\Desktop\tdsskiller.zip
[2012/02/08 10:53:04 | 000,000,326 | ---- | M] () -- C:\MemeoSendAddin

========== Files Created - No Company Name ==========

[2012/03/08 17:04:32 | 000,000,913 | ---- | C] () -- C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/03/08 17:04:22 | 000,000,733 | ---- | C] () -- C:\Users\Compaq\Desktop\NTREGOPT.lnk
[2012/03/08 17:04:22 | 000,000,714 | ---- | C] () -- C:\Users\Compaq\Desktop\ERUNT.lnk
[2012/03/08 09:17:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/08 09:17:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/08 09:17:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/08 09:17:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/08 09:17:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/07 18:56:04 | 000,000,391 | ---- | C] () -- C:\temp398.bat
[2012/03/07 18:53:37 | 000,000,391 | ---- | C] () -- C:\temp171.bat
[2012/03/07 18:47:51 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/03/07 18:47:21 | 004,104,666 | ---- | C] () -- C:\Users\Compaq\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/03/07 10:25:25 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/07 10:12:00 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/03/07 10:10:59 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/03/06 16:21:25 | 000,001,057 | ---- | C] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/03/06 16:21:25 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012/02/26 00:22:57 | 002,044,183 | ---- | C] () -- C:\Users\Compaq\Desktop\tdsskiller.zip
[2012/01/10 17:52:32 | 000,000,132 | ---- | C] () -- C:\Users\Compaq\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/07/09 14:07:42 | 000,006,524 | ---- | C] () -- C:\Users\Compaq\AppData\Roaming\wklnhst.dat
[2010/07/07 12:41:13 | 000,000,114 | ---- | C] () -- C:\Windows\wininit.ini

< End of report >

#79 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 09 March 2012 - 12:06 PM

Hi,

Looking better...

Run a new scan with OTL
In the Custom Scans text box put the following and then press Run Scan...

netsvc
/md5start
consrv.dll
vnxservice.dll
/md5stop
createrestorpoint

After the scan has finished please post the log and let me know how your system is running.

#80 thatguy89

Authentic Member

Authentic Member
80 posts

Posted 09 March 2012 - 02:32 PM

Viola
Usually the text in the custom box disappears but it didn't happen this time.
Also, seems to be some progress: not getting redirected anymore and flash isnt trying to install, but Norton's still not opening, neither is firefox. chrome will but wont connect to server. Also Windows defender "application failed to initialize." We're getting there though by the looks of things....

here's the .txt anyway:

OTL logfile created on: 09/03/2012 19:55:24 - Run 3
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Compaq\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 54.68% Memory free
6.06 Gb Paging File | 4.77 Gb Available in Paging File | 78.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.33 Gb Total Space | 122.84 Gb Free Space | 55.25% Space Free | Partition Type: NTFS
Drive D: | 10.55 Gb Total Space | 1.80 Gb Free Space | 17.04% Space Free | Partition Type: NTFS

Computer Name: COMPAQ-PC | User Name: Compaq | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Compaq\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe (COMODO)
PRC - C:\Program Files\Comodo\COMODO GeekBuddy\CLPS.exe (COMODO)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\uiStub.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe (Memeo)
PRC - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
PRC - C:\Program Files\O2 Assistant\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\O2 Assistant\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\O2 Assistant\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\SMINST\BLService.exe ()
PRC - C:\Windows\System32\wermgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (Avid Technology, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()

========== Win32 Services (SafeList) ==========

SRV - (PSEXESVC) -- C:\Windows\PSEXESVC.EXE (Sysinternals)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (CLPSLS) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (SeagateDashboardService) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_O2DA) SupportSoft Sprocket Service (O2DA) -- C:\Program Files\O2 Assistant\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_O2DA) SupportSoft Repair Service (O2DA) -- C:\Program Files\O2 Assistant\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MA_CMIDI_InstallerService) -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (Avid Technology, Inc.)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120110.032\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120110.032\NAVENG.SYS (Symantec Corporation)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ()
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20111223.001\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20120110.002\IDSvix86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (RapportIaso) -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys (Trusteer Ltd.)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (RapportBuka) -- C:\Windows\System32\drivers\RapportBuka.sys (Trusteer Ltd.)
DRV - (SE1008mdm) -- C:\Windows\System32\drivers\SE1008mdm.sys (Sony Ericsson)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (MA_CMIDI) -- C:\Windows\System32\drivers\MA_CMIDI.SYS (M-Audio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{CAC4D04F-B0F4-442A-8CA9-988E7117AFE3}: "URL" = http://uk.search.yah...amp;type=ie2008

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{CAC4D04F-B0F4-442A-8CA9-988E7117AFE3}: "URL" = http://uk.search.yah...amp;type=ie2008
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.4.3
FF - prefs.js..network.proxy.no_proxies_on: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Compaq\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Compaq\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2012/03/04 13:18:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_4_3 [2012/03/04 13:18:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/04 13:18:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/04 13:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/04 13:18:48 | 000,000,000 | ---D | M]

[2011/10/12 21:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Compaq\AppData\Roaming\mozilla\Extensions
[2012/03/08 22:13:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions
[2010/03/13 21:03:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/04 13:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\cacaoweb@cacaoweb.org
[2012/01/22 14:56:00 | 000,000,000 | ---D | M] (Bflix extension) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\info@thebflix.com
[2012/01/22 15:02:31 | 000,002,472 | ---- | M] () -- C:\Users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\zyg90ndo.default\searchplugins\safesearch.xml
[2012/03/04 13:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/04 13:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012/01/22 14:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(117)
[2012/01/22 14:55:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(117)\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/04 13:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\COFFPLGN_2011_7_4_3
[2012/03/04 13:18:59 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPLGN
[2012/03/04 13:18:59 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\COMPAQ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZYG90NDO.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
File not found (No name found) -- C:\USERS\COMPAQ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZYG90NDO.DEFAULT\EXTENSIONS\{BA14329E-9550-4989-B3F2-9732E92D17CC}
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/21 05:14:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/21 05:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 05:14:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/21 05:14:26 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/21 05:14:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{googl
e:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chro
me&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client
=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Compaq\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [COMODO] C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Send] C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe ()
O4 - HKLM..\Run: [O2DA] C:\Program Files\O2 Assistant\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found
O4 - Startup: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate Product Registration.lnk = C:\Users\Compaq\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe (Leader Technologies/Seagate)
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73F92850-0943-4CBD-8836-3F9DF80843DA}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/08 17:06:36 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Compaq\Desktop\OTL.exe
[2012/03/08 17:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/03/08 09:17:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/08 09:17:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/08 09:17:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/08 09:17:48 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/08 09:17:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/08 09:16:42 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/03/07 18:48:33 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/03/07 18:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/03/07 18:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/03/07 10:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/06 16:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/03/01 17:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/28 15:44:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/28 15:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/26 11:38:43 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\Tific
[2012/02/26 11:35:33 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Local\Symantec
[2012/02/26 10:15:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/26 00:26:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/20 13:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/02/20 11:27:24 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/20 11:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/20 11:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/20 10:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/02/20 10:25:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/02/20 10:24:29 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Local\Comodo
[2012/02/20 10:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/02/20 10:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2012/02/20 10:03:58 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\Malwarebytes
[2012/02/20 10:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/20 10:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/13 12:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe

========== Files - Modified Within 30 Days ==========

[2012/03/09 19:59:09 | 000,591,918 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/09 19:59:09 | 000,099,800 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/09 19:51:58 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/03/09 19:51:51 | 000,001,108 | ---- | M] () -- C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate Product Registration.lnk
[2012/03/09 19:50:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/09 19:50:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/09 19:50:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/09 19:50:04 | 3148,795,904 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/08 17:06:39 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Compaq\Desktop\OTL.exe
[2012/03/08 17:04:32 | 000,000,913 | ---- | M] () -- C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/03/08 17:04:22 | 000,000,733 | ---- | M] () -- C:\Users\Compaq\Desktop\NTREGOPT.lnk
[2012/03/08 17:04:22 | 000,000,714 | ---- | M] () -- C:\Users\Compaq\Desktop\ERUNT.lnk
[2012/03/07 18:56:14 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/03/07 18:56:04 | 000,000,391 | ---- | M] () -- C:\temp398.bat
[2012/03/07 18:53:37 | 000,000,391 | ---- | M] () -- C:\temp171.bat
[2012/03/07 18:47:51 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/03/07 18:47:21 | 004,104,666 | ---- | M] () -- C:\Users\Compaq\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/03/07 11:19:16 | 000,002,627 | ---- | M] () -- C:\Users\Compaq\Desktop\Microsoft Office Word 2007.lnk
[2012/03/07 10:40:38 | 000,006,756 | ---- | M] () -- C:\Users\Compaq\AppData\Local\d3d9caps.dat
[2012/03/07 10:25:47 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4056065152-634905853-1308159465-1000UA.job
[2012/03/07 10:25:39 | 000,002,047 | ---- | M] () -- C:\Users\Compaq\Desktop\Google Chrome.lnk
[2012/03/07 10:25:39 | 000,002,009 | ---- | M] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/07 10:25:25 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/07 10:24:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4056065152-634905853-1308159465-1000Core.job
[2012/03/07 10:14:27 | 002,185,990 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB
[2012/03/07 10:12:00 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/03/07 10:10:59 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/03/06 16:21:25 | 000,001,057 | ---- | M] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/03/06 16:21:25 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012/03/04 13:24:05 | 003,745,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/26 00:23:00 | 002,044,183 | ---- | M] () -- C:\Users\Compaq\Desktop\tdsskiller.zip

========== Files Created - No Company Name ==========

[2012/03/09 19:50:04 | 3148,795,904 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/08 17:04:32 | 000,000,913 | ---- | C] () -- C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/03/08 17:04:22 | 000,000,733 | ---- | C] () -- C:\Users\Compaq\Desktop\NTREGOPT.lnk
[2012/03/08 17:04:22 | 000,000,714 | ---- | C] () -- C:\Users\Compaq\Desktop\ERUNT.lnk
[2012/03/08 09:17:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/08 09:17:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/08 09:17:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/08 09:17:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/08 09:17:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/07 18:56:04 | 000,000,391 | ---- | C] () -- C:\temp398.bat
[2012/03/07 18:53:37 | 000,000,391 | ---- | C] () -- C:\temp171.bat
[2012/03/07 18:47:51 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/03/07 18:47:21 | 004,104,666 | ---- | C] () -- C:\Users\Compaq\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/03/07 10:25:25 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/07 10:12:00 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/03/07 10:10:59 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/03/06 16:21:25 | 000,001,057 | ---- | C] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/03/06 16:21:25 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012/02/26 00:22:57 | 002,044,183 | ---- | C] () -- C:\Users\Compaq\Desktop\tdsskiller.zip
[2012/01/10 17:52:32 | 000,000,132 | ---- | C] () -- C:\Users\Compaq\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/07/09 14:07:42 | 000,006,524 | ---- | C] () -- C:\Users\Compaq\AppData\Roaming\wklnhst.dat
[2010/07/07 12:41:13 | 000,000,114 | ---- | C] () -- C:\Windows\wininit.ini

========== Custom Scans ==========

< netsvc >

< createrestorpoint >

< End of report >

#81 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 09 March 2012 - 08:11 PM

Sounds like we are starting to break through.

We are going to try this again...

Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

Disable your AntiVirus and AntiSpyware applications.

Right-click and Run as Administrator on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.
---------

#82 thatguy89

Authentic Member

Authentic Member
80 posts

Posted 10 March 2012 - 05:56 AM

well, even though things seem to be looking up, combofix is still incapable of getting past the "scan times ... may take longer" sign. I left it for over an hour. I was on safe mode with networking. It said comodo defense+ was found to be active before the scan but I'd definitely disabled it. I don't think combofix like me really lol

#83 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 10 March 2012 - 08:10 AM

Hi,

We are going to try something a little bit different. I want to see what this won't run on your system LOL!!

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following text into the Run box as shown and click OK.
Combofix /Uninstall
(Note: There is a space between the ..X and the /U that needs to be there.)

Posted Image

----------

Now

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

#84 thatguy89

Authentic Member

Authentic Member
80 posts

Posted 10 March 2012 - 10:09 AM

Hmm, this is quite weird... I have combofix.exe on my desktop, but when i typed Combofix /Uninstall into Run it says "windows cannot find 'Combofix' etc..." Hmmmmmmmmm....... :huh:

#85 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 11 March 2012 - 03:11 PM

Hi, Ok...I am going to forego using ComboFix. I just returned home from being out of town. Could you please explain what malware related problems you are still having? I just want to be sure to guide you in the best possible way.

Advertisements

Register to Remove

#86 thatguy89

Authentic Member

Authentic Member
80 posts

Posted 12 March 2012 - 05:04 AM

Hey, in terms of malware im not sure really, the obvious things that were happening before arent anymore, but i want to make sure nothings still there in case i want to do internet banking etc. Combofix not working is a total enigma to me. I tried again by renaming it but it wont progess, it crashed my laptop in fact! There are a few weird things going on now though, norton wont open anymore nor appear in the system tray, firefox and google wont work: i can just reinstall those i suppose but in regards to norton, maybe theres some freeware that might be just as good? I keep getting that sign again "the recycle bin on c:/ is corrupted" not sure what that means.. It seems like the carnage may be over but it has left a lot of debris in its wake lol

#87 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 12 March 2012 - 05:48 AM

Hi,

Yes...ComboFix not running is a bit troubling. I have seen it before but just very few times. Go ahead and try to uninstall both Chrome and Firefox and then get a fresh install of them both and see if that helps. Once that has been completed...

Run ComboFix using these instructions:

Click the Windows 'Start' button > in the Start Search bar type 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.
======

IF THAT DOES NOT WORK FOLLOW THESE STEPS

Click Start > in the Start Search bar type Run and then type the following in the Run text bar:

Combofix /nombr then click ok

ComboFix should then run. Let me know if it starts to go through or seems to freeze again.

#88 thatguy89

Authentic Member

Authentic Member
80 posts

Posted 12 March 2012 - 06:56 AM

just deleted and reinstalled chrome and firefox: still not working! chrome = Error 138 (net::ERR_NETWORK_ACCESS_DENIED): Unable to access the network. Firefox = Unable to connect Firefox can't establish a connection to the server at www.mozilla.com. All very strange... I'll get back to you on combofix asap

#89 thatguy89

Authentic Member

Authentic Member
80 posts

Posted 12 March 2012 - 07:16 AM

Also, how long do you think I should leave combofix running before deciding that it's stalled/crashed? It's always the same part where it seems to stop working, but how long would it need to be stuck on a certain part to be a good indicator that it's definitely not working and it's not just down to me being impatient? I've left it running for a few hours sometimes and twenty minutes on other occasions..needless to say it never progressed beyond the scan times may take longer sign.

#90 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 12 March 2012 - 07:23 AM

Hi, Go ahead and leave it for about thirty minutes. If it is not responding go ahead and stop it. By the way, I agree with you that we are dealing with what has been broken unfortunately by the ZeroAccess rootkit. Hopefully we will be able to get this sorted out. I am going to let you know that in the end it may be that we need to just format and reinstall Windows.

Body Background

skin color theme