Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

"Trojan.Zeroaccess! khem" is getting on my nerves... :(

Started by thatguy89 , Feb 24 2012 09:11 AM

  • This topic is locked This topic is locked
136 replies to this topic

#106 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 15 March 2012 - 08:54 AM

Hi,

Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]
Posted Image
 
 

    Advertisements

Register to Remove

#107 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 15 March 2012 - 01:32 PM

Wahey! Something worked LOL Here you go Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 14-03-2012 Ran by SYSTEM at 15-03-2012 19:27:08 Running from F:\ Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [150040 2008-10-28] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [178712 2008-10-28] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [154136 2008-10-28] (Intel Corporation) HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-04] (Synaptics, Inc.) HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [483420 2009-01-20] (IDT, Inc.) HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [468264 2008-09-23] (CyberLink Corp.) HKLM\...\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2008-12-24] (CyberLink Corp.) HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [218408 2008-12-03] (CyberLink Corp.) HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [210216 2008-10-30] (CyberLink Corp.) HKLM\...\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard) HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM\...\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248040 2010-02-18] (Sun Microsystems, Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [417792 2009-09-04] (Apple Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141600 2009-10-28] (Apple Inc.) HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation) HKLM\...\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui [136416 2010-04-22] (Memeo Inc.) HKLM\...\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe --silent [144608 2010-04-16] (Memeo Inc.) HKLM\...\Run: [Memeo Send] C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe --silent [236816 2009-11-04] () HKLM\...\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui [79112 2010-04-30] () HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated) HKLM\...\Run: [O2DA] "C:\Program Files\O2 Assistant\bin\sprtcmd.exe" /P O2DA [206120 2010-04-23] (SupportSoft, Inc.) HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] () HKLM\...\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [208184 2011-11-23] (COMODO) HKLM\...\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe [182584 2011-11-23] (COMODO) HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [6676808 2011-12-20] (COMODO) HKU\Compaq\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company) HKU\Compaq\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-11-18] (Hewlett-Packard) HKU\Compaq\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation) HKU\Compaq\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation) HKU\Compaq\...\Run: [Google Update] "C:\Users\Compaq\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-01] (Google Inc.) HKU\Compaq\...\Run: [AdobeBridge] [x] HKU\Compaq\...\Policies\system: [disableregistrytools] 0 HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-11-18] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-11-18] (Hewlett-Packard) HKU\Compaq\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company) HKU\Compaq\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-11-18] (Hewlett-Packard) HKU\Compaq\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation) HKU\Compaq\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation) HKU\Compaq\...\Run: [Google Update] "C:\Users\Compaq\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-01] (Google Inc.) HKU\Compaq\...\Run: [AdobeBridge] [x] HKU\Compaq\...\Policies\system: [disableregistrytools] 0 HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-11-18] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-11-18] (Hewlett-Packard) Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 AppInit_DLLs: C:\Windows\System32\guard32.dll ================================ Services (Whitelisted) ================== 2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe [81920 2009-01-20] (Andrea Electronics Corporation) 2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144712 2009-07-09] (Apple Inc.) 2 CLPSLS; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [1052472 2011-11-23] (COMODO) 2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [1960584 2011-12-19] (COMODO) 2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) 3 GameConsoleService; "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [165416 2008-05-05] (WildTangent, Inc.) 2 MA_CMIDI_InstallerService; C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe [86016 2007-06-11] (Avid Technology, Inc.) 3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.) 3 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2010-04-22] (Memeo) 3 PSEXESVC; C:\Windows\PSEXESVC.EXE [181064 2012-03-07] (Sysinternals) 2 RapportMgmtService; "C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe" [931640 2011-11-07] (Trusteer Ltd.) 2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-23] () 2 RichVideo; "C:\Program Files\CyberLink\Shared files\RichVideo.exe" [247152 2008-11-25] () 2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-04-30] (Memeo) 2 sprtsvc_O2DA; "C:\Program Files\O2 Assistant\bin\sprtsvc.exe" /service /P O2DA [206120 2010-04-23] (SupportSoft, Inc.) 2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe [249938 2009-01-20] (IDT, Inc.) 2 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [383408 2010-04-23] (SupportSoft, Inc.) 3 SwitchBoard; "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated) 2 tgsrvc_O2DA; "C:\Program Files\O2 Assistant\bin\tgsrvc.exe" /p O2DA [185640 2010-04-23] (SupportSoft, Inc.) 2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x] ========================== Drivers (Whitelisted) ============= 1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [491816 2012-01-17] (COMODO) 1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38616 2011-12-19] (COMODO) 1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [82400 2011-12-19] (COMODO) 3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [112128 2008-09-21] (Intel® Corporation) 3 MA_CMIDI; C:\Windows\System32\drivers\ma_cmidi.sys [21888 2006-08-16] (M-Audio) 0 Mraid35x; C:\Windows\System32\drivers\mraid35x.sys [33384 2006-11-02] (LSI Logic Corporation) 1 RapportBuka; \??\C:\Windows\system32\drivers\RapportBuka.sys [390528 2010-03-06] (Trusteer Ltd.) 1 RapportCerberus_34302; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [228208 2011-12-15] () 1 RapportEI; \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [71440 2011-11-07] (Trusteer Ltd.) 3 RapportIaso; \??\c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [21520 2011-08-18] (Trusteer Ltd.) 0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [56208 2011-11-07] (Trusteer Ltd.) 1 RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [164112 2011-11-07] (Trusteer Ltd.) 3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [138240 2008-12-23] (Realtek Corporation ) 3 RTSTOR; C:\Windows\System32\drivers\RTSTOR.SYS [60416 2008-12-29] (Realtek Semiconductor Corp.) 3 SE1008mdm; C:\Windows\System32\DRIVERS\SE1008mdm.sys [58536 2009-02-12] (Sony Ericsson) 0 SiSRaid2; C:\Windows\System32\drivers\sisraid2.sys [41016 2008-01-20] (Microsoft Corporation) 0 UlSata; C:\Windows\System32\drivers\ulsata.sys [98408 2006-11-02] (Promise Technology, Inc.) 0 ulsata2; C:\Windows\System32\drivers\ulsata2.sys [115816 2008-01-20] (Promise Technology, Inc.) 3 catchme; \??\C:\Users\Compaq\AppData\Local\Temp\catchme.sys [x] ========================== NetSvcs (Whitelisted) =========== NETSVC: ezSharedSvc ============ One Month Created Files and Folders ============== 2012-03-14 13:30 - 2010-09-07 07:39 - 0150392 ____A (Sysinternals - www.sysinternals.com) C:\Windows\junction.exe 2012-03-14 13:30 - 2006-07-28 01:32 - 0007005 ____N C:\Windows\Eula.txt 2012-03-14 01:37 - 2012-03-14 01:37 - 0000065 ____A C:\Users\Compaq\Desktop\junc.bat 2012-03-14 01:37 - 2012-03-14 01:37 - 0000065 ____A C:\Documents and Settings\Compaq\Desktop\junc.bat 2012-03-14 01:35 - 2010-09-07 07:39 - 0150392 ____A (Sysinternals - www.sysinternals.com) C:\junction.exe 2012-03-14 01:35 - 2006-07-28 01:32 - 0007005 ____N C:\Eula.txt 2012-03-14 01:34 - 2012-03-14 13:28 - 0079623 ____A C:\Users\Compaq\Desktop\Junction.zip 2012-03-14 01:34 - 2012-03-14 13:28 - 0079623 ____A C:\Documents and Settings\Compaq\Desktop\Junction.zip 2012-03-13 13:48 - 2012-03-13 13:50 - 0000000 ___SD C:\ComboFix 2012-03-12 04:53 - 2012-03-12 04:54 - 0000000 ____D C:\Users\Compaq\Application Data\Mozilla 2012-03-12 04:53 - 2012-03-12 04:54 - 0000000 ____D C:\Users\Compaq\AppData\Roaming\Mozilla 2012-03-12 04:53 - 2012-03-12 04:54 - 0000000 ____D C:\Documents and Settings\Compaq\Application Data\Mozilla 2012-03-12 04:53 - 2012-03-12 04:54 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Roaming\Mozilla 2012-03-12 04:53 - 2012-03-12 04:53 - 0000846 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2012-03-12 04:53 - 2012-03-12 04:53 - 0000846 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk 2012-03-12 04:53 - 2012-03-12 04:53 - 0000846 ____A C:\Documents and Settings\Public\Desktop\Mozilla Firefox.lnk 2012-03-12 04:53 - 2012-03-12 04:53 - 0000846 ____A C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2012-03-12 04:48 - 2012-03-12 04:48 - 0002047 ____A C:\Users\Compaq\Desktop\Google Chrome.lnk 2012-03-12 04:48 - 2012-03-12 04:48 - 0002047 ____A C:\Documents and Settings\Compaq\Desktop\Google Chrome.lnk 2012-03-12 02:21 - 2012-03-12 02:21 - 0000714 ____A C:\Windows\setupact.log 2012-03-12 02:21 - 2012-03-12 02:21 - 0000000 ____A C:\Windows\setuperr.log 2012-03-12 01:51 - 2012-03-12 01:51 - 0000000 ___HD C:\VritualRoot 2012-03-09 12:26 - 2012-03-09 12:26 - 0010232 ____A C:\Users\Compaq\Desktop\hello.docx 2012-03-09 12:26 - 2012-03-09 12:26 - 0010232 ____A C:\Documents and Settings\Compaq\Desktop\hello.docx 2012-03-08 09:19 - 2012-03-08 09:19 - 0041648 ____A C:\Users\Compaq\Desktop\Extras.Txt 2012-03-08 09:19 - 2012-03-08 09:19 - 0041648 ____A C:\Documents and Settings\Compaq\Desktop\Extras.Txt 2012-03-08 09:18 - 2012-03-09 12:25 - 0077830 ____A C:\Users\Compaq\Desktop\OTL.Txt 2012-03-08 09:18 - 2012-03-09 12:25 - 0077830 ____A C:\Documents and Settings\Compaq\Desktop\OTL.Txt 2012-03-08 09:14 - 2012-03-08 09:14 - 0004548 ____A C:\Users\Compaq\Desktop\03082012_170814.log 2012-03-08 09:14 - 2012-03-08 09:14 - 0004548 ____A C:\Documents and Settings\Compaq\Desktop\03082012_170814.log 2012-03-08 09:06 - 2012-03-08 09:06 - 0594432 ____A (OldTimer Tools) C:\Users\Compaq\Desktop\OTL.exe 2012-03-08 09:06 - 2012-03-08 09:06 - 0594432 ____A (OldTimer Tools) C:\Documents and Settings\Compaq\Desktop\OTL.exe 2012-03-08 09:04 - 2012-03-08 09:04 - 0000913 ____A C:\Users\Compaq\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk 2012-03-08 09:04 - 2012-03-08 09:04 - 0000913 ____A C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk 2012-03-08 09:04 - 2012-03-08 09:04 - 0000913 ____A C:\Documents and Settings\Compaq\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk 2012-03-08 09:04 - 2012-03-08 09:04 - 0000913 ____A C:\Documents and Settings\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk 2012-03-08 09:04 - 2012-03-08 09:04 - 0000733 ____A C:\Users\Compaq\Desktop\NTREGOPT.lnk 2012-03-08 09:04 - 2012-03-08 09:04 - 0000733 ____A C:\Documents and Settings\Compaq\Desktop\NTREGOPT.lnk 2012-03-08 09:04 - 2012-03-08 09:04 - 0000714 ____A C:\Users\Compaq\Desktop\ERUNT.lnk 2012-03-08 09:04 - 2012-03-08 09:04 - 0000714 ____A C:\Documents and Settings\Compaq\Desktop\ERUNT.lnk 2012-03-08 01:17 - 2012-03-08 09:04 - 0000000 ____D C:\Windows\ERDNT 2012-03-08 01:17 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe 2012-03-08 01:17 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe 2012-03-08 01:17 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-03-08 01:17 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-03-08 01:17 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-03-08 01:17 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe 2012-03-08 01:17 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe 2012-03-08 01:17 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe 2012-03-07 12:32 - 2012-03-14 01:32 - 0039322 ____A C:\Windows\PFRO.log 2012-03-07 10:56 - 2012-03-07 10:56 - 0000391 ____A C:\temp398.bat 2012-03-07 10:53 - 2012-03-07 10:53 - 0000391 ____A C:\temp171.bat 2012-03-07 10:48 - 2012-03-07 10:56 - 0181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE 2012-03-07 10:47 - 2012-03-07 10:47 - 4104666 ____A C:\Users\Compaq\Desktop\tweaking.com_windows_repair_aio_setup.exe 2012-03-07 10:47 - 2012-03-07 10:47 - 4104666 ____A C:\Documents and Settings\Compaq\Desktop\tweaking.com_windows_repair_aio_setup.exe 2012-03-07 10:47 - 2012-03-07 10:47 - 0002048 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2012-03-07 10:47 - 2012-03-07 10:47 - 0002048 ____A C:\Users\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2012-03-07 10:47 - 2012-03-07 10:47 - 0002048 ____A C:\Documents and Settings\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2012-03-07 10:47 - 2012-03-07 10:47 - 0002048 ____A C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2012-03-07 10:47 - 2012-03-07 10:47 - 0000000 ____D C:\Program Files\Tweaking.com 2012-03-07 03:46 - 2012-03-07 03:46 - 0002772 ____A C:\Users\Compaq\Desktop\degreeshowproposal.txt 2012-03-07 03:46 - 2012-03-07 03:46 - 0002772 ____A C:\Documents and Settings\Compaq\Desktop\degreeshowproposal.txt 2012-03-07 02:37 - 2012-03-14 13:25 - 3252406 ____A C:\Windows\ntbtlog.txt 2012-03-07 02:25 - 2012-03-07 02:25 - 0000804 ____A C:\Users\Public\Desktop\CCleaner.lnk 2012-03-07 02:25 - 2012-03-07 02:25 - 0000804 ____A C:\Users\All Users\Desktop\CCleaner.lnk 2012-03-07 02:25 - 2012-03-07 02:25 - 0000804 ____A C:\Documents and Settings\Public\Desktop\CCleaner.lnk 2012-03-07 02:25 - 2012-03-07 02:25 - 0000804 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk 2012-03-07 02:25 - 2012-03-07 02:25 - 0000000 ____D C:\Program Files\CCleaner 2012-03-07 02:12 - 2012-03-07 02:12 - 0001753 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk 2012-03-07 02:12 - 2012-03-07 02:12 - 0001753 ____A C:\Users\All Users\Desktop\COMODO Firewall.lnk 2012-03-07 02:12 - 2012-03-07 02:12 - 0001753 ____A C:\Documents and Settings\Public\Desktop\COMODO Firewall.lnk 2012-03-07 02:12 - 2012-03-07 02:12 - 0001753 ____A C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk 2012-03-07 02:10 - 2012-03-07 02:10 - 0000903 ____A C:\Users\Public\Desktop\Comodo Dragon.lnk 2012-03-07 02:10 - 2012-03-07 02:10 - 0000903 ____A C:\Users\All Users\Desktop\Comodo Dragon.lnk 2012-03-07 02:10 - 2012-03-07 02:10 - 0000903 ____A C:\Documents and Settings\Public\Desktop\Comodo Dragon.lnk 2012-03-07 02:10 - 2012-03-07 02:10 - 0000903 ____A C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk 2012-03-07 02:01 - 2012-03-07 02:01 - 0107512 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT 2012-03-06 08:23 - 2012-03-07 10:57 - 0004224 ____A C:\Users\Compaq\Desktop\FSS.txt 2012-03-06 08:23 - 2012-03-07 10:57 - 0004224 ____A C:\Documents and Settings\Compaq\Desktop\FSS.txt 2012-03-06 08:21 - 2012-03-06 08:21 - 0001033 ____A C:\Users\Public\Desktop\COMODO GeekBuddy.lnk 2012-03-06 08:21 - 2012-03-06 08:21 - 0001033 ____A C:\Users\All Users\Desktop\COMODO GeekBuddy.lnk 2012-03-06 08:21 - 2012-03-06 08:21 - 0001033 ____A C:\Documents and Settings\Public\Desktop\COMODO GeekBuddy.lnk 2012-03-06 08:21 - 2012-03-06 08:21 - 0001033 ____A C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk 2012-03-06 08:17 - 2012-03-06 08:20 - 85874016 ____A (COMODO) C:\Users\Compaq\Downloads\cfw-installer.exe 2012-03-06 08:17 - 2012-03-06 08:20 - 85874016 ____A (COMODO) C:\Documents and Settings\Compaq\Downloads\cfw-installer.exe 2012-03-01 09:57 - 2012-03-01 09:57 - 0000000 ____D C:\Program Files\ESET 2012-02-29 10:41 - 2012-02-29 10:42 - 0082142 ____A C:\TDSSKiller.2.7.14.0_29.02.2012_18.41.17_log.txt 2012-02-29 10:37 - 2012-02-29 10:37 - 0000434 ____A C:\rkill.log 2012-02-29 01:45 - 2012-02-29 01:45 - 0294216 ____A C:\Users\Compaq\Downloads\gmer (4).zip 2012-02-29 01:45 - 2012-02-29 01:45 - 0294216 ____A C:\Documents and Settings\Compaq\Downloads\gmer (4).zip 2012-02-28 07:44 - 2012-02-28 07:44 - 0000000 ____D C:\_OTL 2012-02-28 07:40 - 2012-03-08 09:04 - 0000000 ____D C:\Program Files\ERUNT 2012-02-28 06:43 - 2012-02-28 06:43 - 0294216 ____A C:\Users\Compaq\Downloads\gmer (3).zip 2012-02-28 06:43 - 2012-02-28 06:43 - 0294216 ____A C:\Documents and Settings\Compaq\Downloads\gmer (3).zip 2012-02-28 06:37 - 2012-02-28 06:37 - 0294216 ____A C:\Users\Compaq\Downloads\gmer (2).zip 2012-02-28 06:37 - 2012-02-28 06:37 - 0294216 ____A C:\Documents and Settings\Compaq\Downloads\gmer (2).zip 2012-02-27 12:11 - 2012-02-27 12:11 - 0294216 ____A C:\Users\Compaq\Downloads\gmer (1).zip 2012-02-27 12:11 - 2012-02-27 12:11 - 0294216 ____A C:\Documents and Settings\Compaq\Downloads\gmer (1).zip 2012-02-27 12:09 - 2012-02-27 12:09 - 0294195 ____A C:\Users\Compaq\Downloads\gmer.zip 2012-02-27 12:09 - 2012-02-27 12:09 - 0294195 ____A C:\Documents and Settings\Compaq\Downloads\gmer.zip 2012-02-26 03:38 - 2012-02-26 03:38 - 0000000 ____D C:\Users\Compaq\Application Data\Tific 2012-02-26 03:38 - 2012-02-26 03:38 - 0000000 ____D C:\Users\Compaq\AppData\Roaming\Tific 2012-02-26 03:38 - 2012-02-26 03:38 - 0000000 ____D C:\Documents and Settings\Compaq\Application Data\Tific 2012-02-26 03:38 - 2012-02-26 03:38 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Roaming\Tific 2012-02-26 03:35 - 2012-02-26 03:35 - 0000000 ____D C:\Users\Compaq\Local Settings\Symantec 2012-02-26 03:35 - 2012-02-26 03:35 - 0000000 ____D C:\Users\Compaq\Local Settings\Application Data\Symantec 2012-02-26 03:35 - 2012-02-26 03:35 - 0000000 ____D C:\Users\Compaq\AppData\Local\Symantec 2012-02-26 03:35 - 2012-02-26 03:35 - 0000000 ____D C:\Documents and Settings\Compaq\Local Settings\Symantec 2012-02-26 03:35 - 2012-02-26 03:35 - 0000000 ____D C:\Documents and Settings\Compaq\Local Settings\Application Data\Symantec 2012-02-26 03:35 - 2012-02-26 03:35 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Local\Symantec 2012-02-26 02:15 - 2012-02-26 02:22 - 0000000 ____D C:\Qoobox 2012-02-25 16:26 - 2012-02-29 10:42 - 0000000 ____D C:\TDSSKiller_Quarantine 2012-02-25 16:22 - 2012-02-25 16:23 - 2044183 ____A C:\Users\Compaq\Desktop\tdsskiller.zip 2012-02-25 16:22 - 2012-02-25 16:23 - 2044183 ____A C:\Documents and Settings\Compaq\Desktop\tdsskiller.zip 2012-02-24 07:08 - 2012-02-24 07:08 - 0014649 ____A C:\Users\Compaq\Downloads\hijackthis.log 2012-02-24 07:08 - 2012-02-24 07:08 - 0014649 ____A C:\Documents and Settings\Compaq\Downloads\hijackthis.log 2012-02-22 01:44 - 2012-03-12 14:14 - 1029455 ____A C:\Windows\WindowsUpdate.log 2012-02-20 03:27 - 2012-02-20 03:27 - 0000000 ____D C:\Users\Compaq\Application Data\SUPERAntiSpyware.com 2012-02-20 03:27 - 2012-02-20 03:27 - 0000000 ____D C:\Users\Compaq\AppData\Roaming\SUPERAntiSpyware.com 2012-02-20 03:27 - 2012-02-20 03:27 - 0000000 ____D C:\Documents and Settings\Compaq\Application Data\SUPERAntiSpyware.com 2012-02-20 03:27 - 2012-02-20 03:27 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Roaming\SUPERAntiSpyware.com 2012-02-20 03:26 - 2012-03-04 05:21 - 0000000 ____D C:\Program Files\SUPERAntiSpyware 2012-02-20 03:26 - 2012-02-20 03:26 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com 2012-02-20 03:26 - 2012-02-20 03:26 - 0000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com 2012-02-20 03:26 - 2012-02-20 03:26 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2012-02-20 03:26 - 2012-02-20 03:26 - 0000000 ____D C:\Documents and Settings\All Users\SUPERAntiSpyware.com 2012-02-20 03:26 - 2012-02-20 03:26 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2012-02-20 02:52 - 2012-03-12 13:56 - 0000000 ____D C:\Users\All Users\CPA_VA 2012-02-20 02:52 - 2012-03-12 13:56 - 0000000 ____D C:\Users\All Users\Application Data\CPA_VA 2012-02-20 02:52 - 2012-03-12 13:56 - 0000000 ____D C:\ProgramData\CPA_VA 2012-02-20 02:52 - 2012-03-12 13:56 - 0000000 ____D C:\Documents and Settings\All Users\CPA_VA 2012-02-20 02:52 - 2012-03-12 13:56 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\CPA_VA 2012-02-20 02:25 - 2012-02-20 02:25 - 0000000 ____D C:\Users\Public\Documents\COMODO 2012-02-20 02:25 - 2012-02-20 02:25 - 0000000 ____D C:\Users\All Users\Documents\COMODO 2012-02-20 02:25 - 2012-02-20 02:25 - 0000000 ____D C:\Documents and Settings\Public\Documents\COMODO 2012-02-20 02:25 - 2012-02-20 02:25 - 0000000 ____D C:\Documents and Settings\All Users\Documents\COMODO 2012-02-20 02:24 - 2012-02-20 02:24 - 0000000 ____D C:\Users\Compaq\Local Settings\Comodo 2012-02-20 02:24 - 2012-02-20 02:24 - 0000000 ____D C:\Users\Compaq\Local Settings\Application Data\Comodo 2012-02-20 02:24 - 2012-02-20 02:24 - 0000000 ____D C:\Users\Compaq\AppData\Local\Comodo 2012-02-20 02:24 - 2012-02-20 02:24 - 0000000 ____D C:\Documents and Settings\Compaq\Local Settings\Comodo 2012-02-20 02:24 - 2012-02-20 02:24 - 0000000 ____D C:\Documents and Settings\Compaq\Local Settings\Application Data\Comodo 2012-02-20 02:24 - 2012-02-20 02:24 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Local\Comodo 2012-02-20 02:14 - 2012-03-12 01:53 - 0000000 ____D C:\Users\All Users\Comodo 2012-02-20 02:14 - 2012-03-12 01:53 - 0000000 ____D C:\Users\All Users\Application Data\Comodo 2012-02-20 02:14 - 2012-03-12 01:53 - 0000000 ____D C:\ProgramData\Comodo 2012-02-20 02:14 - 2012-03-12 01:53 - 0000000 ____D C:\Documents and Settings\All Users\Comodo 2012-02-20 02:14 - 2012-03-12 01:53 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo 2012-02-20 02:14 - 2012-02-20 02:58 - 0000000 ____D C:\Program Files\Comodo 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\Users\Compaq\Application Data\Malwarebytes 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\Users\Compaq\AppData\Roaming\Malwarebytes 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\Users\All Users\Malwarebytes 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\ProgramData\Malwarebytes 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\Documents and Settings\Compaq\Application Data\Malwarebytes 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Roaming\Malwarebytes 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\Documents and Settings\All Users\Malwarebytes 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2012-02-15 02:27 - 2012-02-15 03:19 - 0021934 ____A C:\Users\Compaq\Desktop\energy statistics - Dave.docx 2012-02-15 02:27 - 2012-02-15 03:19 - 0021934 ____A C:\Documents and Settings\Compaq\Desktop\energy statistics - Dave.docx ============ 3 Months Modified Files and Folders =============== 2012-03-15 19:26 - 2012-03-15 19:26 - 0000000 ____D C:\FRST 2012-03-14 13:28 - 2012-03-14 01:34 - 0079623 ____A C:\Users\Compaq\Desktop\Junction.zip 2012-03-14 13:28 - 2012-03-14 01:34 - 0079623 ____A C:\Documents and Settings\Compaq\Desktop\Junction.zip 2012-03-14 13:25 - 2012-03-07 02:37 - 3252406 ____A C:\Windows\ntbtlog.txt 2012-03-14 01:37 - 2012-03-14 01:37 - 0000065 ____A C:\Users\Compaq\Desktop\junc.bat 2012-03-14 01:37 - 2012-03-14 01:37 - 0000065 ____A C:\Documents and Settings\Compaq\Desktop\junc.bat 2012-03-14 01:32 - 2012-03-07 12:32 - 0039322 ____A C:\Windows\PFRO.log 2012-03-13 13:50 - 2012-03-13 13:48 - 0000000 ___SD C:\ComboFix 2012-03-13 13:49 - 2009-03-01 22:35 - 0000000 __SHD C:\$RECYCLE.BIN 2012-03-13 10:47 - 2010-09-13 03:57 - 0000000 ____D C:\Program Files\Norton Internet Security 2012-03-13 10:45 - 2009-03-01 22:53 - 0000000 ____D C:\Users\All Users\Norton 2012-03-13 10:45 - 2009-03-01 22:53 - 0000000 ____D C:\Users\All Users\Application Data\Norton 2012-03-13 10:45 - 2009-03-01 22:53 - 0000000 ____D C:\ProgramData\Norton 2012-03-13 10:45 - 2009-03-01 22:53 - 0000000 ____D C:\Documents and Settings\All Users\Norton 2012-03-13 10:45 - 2009-03-01 22:53 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Norton 2012-03-13 10:44 - 2009-03-01 22:54 - 0000000 ____D C:\Users\All Users\Symantec 2012-03-13 10:44 - 2009-03-01 22:54 - 0000000 ____D C:\Users\All Users\Application Data\Symantec 2012-03-13 10:44 - 2009-03-01 22:54 - 0000000 ____D C:\ProgramData\Symantec 2012-03-13 10:44 - 2009-03-01 22:54 - 0000000 ____D C:\Documents and Settings\All Users\Symantec 2012-03-13 10:44 - 2009-03-01 22:54 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Symantec 2012-03-13 10:21 - 2006-11-02 02:33 - 0703388 ____A C:\Windows\System32\PerfStringBackup.INI 2012-03-12 14:14 - 2012-02-22 01:44 - 1029455 ____A C:\Windows\WindowsUpdate.log 2012-03-12 14:14 - 2006-11-02 05:01 - 0032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-03-12 14:14 - 2006-11-02 05:01 - 0000006 ___AH C:\Windows\Tasks\SA.DAT 2012-03-12 14:14 - 2006-11-02 04:47 - 0003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-03-12 14:14 - 2006-11-02 04:47 - 0003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-03-12 13:59 - 2009-09-08 07:38 - 0009199 ____A C:\Users\All Users\HPWALog.txt 2012-03-12 13:59 - 2009-09-08 07:38 - 0009199 ____A C:\Users\All Users\Application Data\HPWALog.txt 2012-03-12 13:59 - 2009-09-08 07:38 - 0009199 ____A C:\ProgramData\HPWALog.txt 2012-03-12 13:59 - 2009-09-08 07:38 - 0009199 ____A C:\Documents and Settings\All Users\HPWALog.txt 2012-03-12 13:59 - 2009-09-08 07:38 - 0009199 ____A C:\Documents and Settings\All Users\Application Data\HPWALog.txt 2012-03-12 13:57 - 2009-09-08 12:26 - 0000000 ____D C:\Users\Compaq\Tracing 2012-03-12 13:57 - 2009-09-08 12:26 - 0000000 ____D C:\Documents and Settings\Compaq\Tracing 2012-03-12 13:56 - 2012-02-20 02:52 - 0000000 ____D C:\Users\All Users\CPA_VA 2012-03-12 13:56 - 2012-02-20 02:52 - 0000000 ____D C:\Users\All Users\Application Data\CPA_VA 2012-03-12 13:56 - 2012-02-20 02:52 - 0000000 ____D C:\ProgramData\CPA_VA 2012-03-12 13:56 - 2012-02-20 02:52 - 0000000 ____D C:\Documents and Settings\All Users\CPA_VA 2012-03-12 13:56 - 2012-02-20 02:52 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\CPA_VA 2012-03-12 13:55 - 2009-06-17 03:08 - 0000286 ____A C:\Users\All Users\hpqp.ini 2012-03-12 13:55 - 2009-06-17 03:08 - 0000286 ____A C:\Users\All Users\Application Data\hpqp.ini 2012-03-12 13:55 - 2009-06-17 03:08 - 0000286 ____A C:\ProgramData\hpqp.ini 2012-03-12 13:55 - 2009-06-17 03:08 - 0000286 ____A C:\Documents and Settings\All Users\hpqp.ini 2012-03-12 13:55 - 2009-06-17 03:08 - 0000286 ____A C:\Documents and Settings\All Users\Application Data\hpqp.ini 2012-03-12 05:52 - 2010-03-19 05:55 - 0002627 ____A C:\Users\Compaq\Desktop\Microsoft Office Word 2007.lnk 2012-03-12 05:52 - 2010-03-19 05:55 - 0002627 ____A C:\Documents and Settings\Compaq\Desktop\Microsoft Office Word 2007.lnk 2012-03-12 04:54 - 2012-03-12 04:53 - 0000000 ____D C:\Users\Compaq\Application Data\Mozilla 2012-03-12 04:54 - 2012-03-12 04:53 - 0000000 ____D C:\Users\Compaq\AppData\Roaming\Mozilla 2012-03-12 04:54 - 2012-03-12 04:53 - 0000000 ____D C:\Documents and Settings\Compaq\Application Data\Mozilla 2012-03-12 04:54 - 2012-03-12 04:53 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Roaming\Mozilla 2012-03-12 04:53 - 2012-03-12 04:53 - 0000846 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2012-03-12 04:53 - 2012-03-12 04:53 - 0000846 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk 2012-03-12 04:53 - 2012-03-12 04:53 - 0000846 ____A C:\Documents and Settings\Public\Desktop\Mozilla Firefox.lnk 2012-03-12 04:53 - 2012-03-12 04:53 - 0000846 ____A C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2012-03-12 04:53 - 2010-03-13 12:57 - 0000000 ____D C:\Program Files\Mozilla Firefox 2012-03-12 04:48 - 2012-03-12 04:48 - 0002047 ____A C:\Users\Compaq\Desktop\Google Chrome.lnk 2012-03-12 04:48 - 2012-03-12 04:48 - 0002047 ____A C:\Documents and Settings\Compaq\Desktop\Google Chrome.lnk 2012-03-12 04:47 - 2011-11-01 03:44 - 0000000 ____D C:\Users\Compaq\Local Settings\Google 2012-03-12 04:47 - 2011-11-01 03:44 - 0000000 ____D C:\Users\Compaq\Local Settings\Application Data\Google 2012-03-12 04:47 - 2011-11-01 03:44 - 0000000 ____D C:\Users\Compaq\AppData\Local\Google 2012-03-12 04:47 - 2011-11-01 03:44 - 0000000 ____D C:\Documents and Settings\Compaq\Local Settings\Google 2012-03-12 04:47 - 2011-11-01 03:44 - 0000000 ____D C:\Documents and Settings\Compaq\Local Settings\Application Data\Google 2012-03-12 04:47 - 2011-11-01 03:44 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Local\Google 2012-03-12 02:24 - 2011-11-01 03:44 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4056065152-634905853-1308159465-1000UA.job 2012-03-12 02:24 - 2011-11-01 03:44 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4056065152-634905853-1308159465-1000Core.job 2012-03-12 02:21 - 2012-03-12 02:21 - 0000714 ____A C:\Windows\setupact.log 2012-03-12 02:21 - 2012-03-12 02:21 - 0000000 ____A C:\Windows\setuperr.log 2012-03-12 02:04 - 2011-02-02 08:29 - 0000000 ____D C:\Program Files\NCH Software 2012-03-12 02:03 - 2009-03-01 23:19 - 0000000 ____D C:\Users\All Users\WildTangent 2012-03-12 02:03 - 2009-03-01 23:19 - 0000000 ____D C:\Users\All Users\Application Data\WildTangent 2012-03-12 02:03 - 2009-03-01 23:19 - 0000000 ____D C:\ProgramData\WildTangent 2012-03-12 02:03 - 2009-03-01 23:19 - 0000000 ____D C:\Program Files\HP Games 2012-03-12 02:03 - 2009-03-01 23:19 - 0000000 ____D C:\Documents and Settings\All Users\WildTangent 2012-03-12 02:03 - 2009-03-01 23:19 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\WildTangent 2012-03-12 02:02 - 2009-09-08 07:33 - 0000000 ____D C:\users\Compaq 2012-03-12 02:01 - 2011-12-13 07:36 - 0000000 ____D C:\Users\Compaq\Application Data\Real 2012-03-12 02:01 - 2011-12-13 07:36 - 0000000 ____D C:\Users\Compaq\AppData\Roaming\Real 2012-03-12 02:01 - 2011-12-13 07:36 - 0000000 ____D C:\Users\All Users\Real 2012-03-12 02:01 - 2011-12-13 07:36 - 0000000 ____D C:\Users\All Users\Application Data\Real 2012-03-12 02:01 - 2011-12-13 07:36 - 0000000 ____D C:\ProgramData\Real 2012-03-12 02:01 - 2011-12-13 07:36 - 0000000 ____D C:\Program Files\Real 2012-03-12 02:01 - 2011-12-13 07:36 - 0000000 ____D C:\Documents and Settings\Compaq\Application Data\Real 2012-03-12 02:01 - 2011-12-13 07:36 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Roaming\Real 2012-03-12 02:01 - 2011-12-13 07:36 - 0000000 ____D C:\Documents and Settings\All Users\Real 2012-03-12 02:01 - 2011-12-13 07:36 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Real 2012-03-12 01:53 - 2012-02-20 02:14 - 0000000 ____D C:\Users\All Users\Comodo 2012-03-12 01:53 - 2012-02-20 02:14 - 0000000 ____D C:\Users\All Users\Application Data\Comodo 2012-03-12 01:53 - 2012-02-20 02:14 - 0000000 ____D C:\ProgramData\Comodo 2012-03-12 01:53 - 2012-02-20 02:14 - 0000000 ____D C:\Documents and Settings\All Users\Comodo 2012-03-12 01:53 - 2012-02-20 02:14 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo 2012-03-12 01:51 - 2012-03-12 01:51 - 0000000 ___HD C:\VritualRoot 2012-03-09 12:26 - 2012-03-09 12:26 - 0010232 ____A C:\Users\Compaq\Desktop\hello.docx 2012-03-09 12:26 - 2012-03-09 12:26 - 0010232 ____A C:\Documents and Settings\Compaq\Desktop\hello.docx 2012-03-09 12:25 - 2012-03-08 09:18 - 0077830 ____A C:\Users\Compaq\Desktop\OTL.Txt 2012-03-09 12:25 - 2012-03-08 09:18 - 0077830 ____A C:\Documents and Settings\Compaq\Desktop\OTL.Txt 2012-03-08 14:13 - 2011-11-02 13:59 - 0000000 ____D C:\Program Files\ConduitEngine 2012-03-08 14:13 - 2011-11-02 13:58 - 0000000 ____D C:\Program Files\Vuze_Remote 2012-03-08 14:13 - 2010-02-22 01:58 - 0000000 ____D C:\Program Files\Ask.com 2012-03-08 09:19 - 2012-03-08 09:19 - 0041648 ____A C:\Users\Compaq\Desktop\Extras.Txt 2012-03-08 09:19 - 2012-03-08 09:19 - 0041648 ____A C:\Documents and Settings\Compaq\Desktop\Extras.Txt 2012-03-08 09:14 - 2012-03-08 09:14 - 0004548 ____A C:\Users\Compaq\Desktop\03082012_170814.log 2012-03-08 09:14 - 2012-03-08 09:14 - 0004548 ____A C:\Documents and Settings\Compaq\Desktop\03082012_170814.log 2012-03-08 09:06 - 2012-03-08 09:06 - 0594432 ____A (OldTimer Tools) C:\Users\Compaq\Desktop\OTL.exe 2012-03-08 09:06 - 2012-03-08 09:06 - 0594432 ____A (OldTimer Tools) C:\Documents and Settings\Compaq\Desktop\OTL.exe 2012-03-08 09:04 - 2012-03-08 09:04 - 0000913 ____A C:\Users\Compaq\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk 2012-03-08 09:04 - 2012-03-08 09:04 - 0000913 ____A C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk 2012-03-08 09:04 - 2012-03-08 09:04 - 0000913 ____A C:\Documents and Settings\Compaq\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk 2012-03-08 09:04 - 2012-03-08 09:04 - 0000913 ____A C:\Documents and Settings\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk 2012-03-08 09:04 - 2012-03-08 09:04 - 0000733 ____A C:\Users\Compaq\Desktop\NTREGOPT.lnk 2012-03-08 09:04 - 2012-03-08 09:04 - 0000733 ____A C:\Documents and Settings\Compaq\Desktop\NTREGOPT.lnk 2012-03-08 09:04 - 2012-03-08 09:04 - 0000714 ____A C:\Users\Compaq\Desktop\ERUNT.lnk 2012-03-08 09:04 - 2012-03-08 09:04 - 0000714 ____A C:\Documents and Settings\Compaq\Desktop\ERUNT.lnk 2012-03-08 09:04 - 2012-03-08 01:17 - 0000000 ____D C:\Windows\ERDNT 2012-03-08 09:04 - 2012-02-28 07:40 - 0000000 ____D C:\Program Files\ERUNT 2012-03-07 10:57 - 2012-03-06 08:23 - 0004224 ____A C:\Users\Compaq\Desktop\FSS.txt 2012-03-07 10:57 - 2012-03-06 08:23 - 0004224 ____A C:\Documents and Settings\Compaq\Desktop\FSS.txt 2012-03-07 10:56 - 2012-03-07 10:56 - 0000391 ____A C:\temp398.bat 2012-03-07 10:56 - 2012-03-07 10:48 - 0181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE 2012-03-07 10:53 - 2012-03-07 10:53 - 0000391 ____A C:\temp171.bat 2012-03-07 10:47 - 2012-03-07 10:47 - 4104666 ____A C:\Users\Compaq\Desktop\tweaking.com_windows_repair_aio_setup.exe 2012-03-07 10:47 - 2012-03-07 10:47 - 4104666 ____A C:\Documents and Settings\Compaq\Desktop\tweaking.com_windows_repair_aio_setup.exe 2012-03-07 10:47 - 2012-03-07 10:47 - 0002048 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2012-03-07 10:47 - 2012-03-07 10:47 - 0002048 ____A C:\Users\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2012-03-07 10:47 - 2012-03-07 10:47 - 0002048 ____A C:\Documents and Settings\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2012-03-07 10:47 - 2012-03-07 10:47 - 0002048 ____A C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2012-03-07 10:47 - 2012-03-07 10:47 - 0000000 ____D C:\Program Files\Tweaking.com 2012-03-07 03:46 - 2012-03-07 03:46 - 0002772 ____A C:\Users\Compaq\Desktop\degreeshowproposal.txt 2012-03-07 03:46 - 2012-03-07 03:46 - 0002772 ____A C:\Documents and Settings\Compaq\Desktop\degreeshowproposal.txt 2012-03-07 02:40 - 2009-09-28 11:59 - 0006756 ____A C:\Users\Compaq\Local Settings\d3d9caps.dat 2012-03-07 02:40 - 2009-09-28 11:59 - 0006756 ____A C:\Users\Compaq\Local Settings\Application Data\d3d9caps.dat 2012-03-07 02:40 - 2009-09-28 11:59 - 0006756 ____A C:\Users\Compaq\AppData\Local\d3d9caps.dat 2012-03-07 02:40 - 2009-09-28 11:59 - 0006756 ____A C:\Documents and Settings\Compaq\Local Settings\d3d9caps.dat 2012-03-07 02:40 - 2009-09-28 11:59 - 0006756 ____A C:\Documents and Settings\Compaq\Local Settings\Application Data\d3d9caps.dat 2012-03-07 02:40 - 2009-09-28 11:59 - 0006756 ____A C:\Documents and Settings\Compaq\AppData\Local\d3d9caps.dat 2012-03-07 02:27 - 2011-10-12 07:18 - 0000000 ____D C:\Windows\Minidump 2012-03-07 02:27 - 2010-12-18 01:13 - 0000000 ____D C:\Users\Compaq\Local Settings\CrashDumps 2012-03-07 02:27 - 2010-12-18 01:13 - 0000000 ____D C:\Users\Compaq\Local Settings\Application Data\CrashDumps 2012-03-07 02:27 - 2010-12-18 01:13 - 0000000 ____D C:\Users\Compaq\AppData\Local\CrashDumps 2012-03-07 02:27 - 2010-12-18 01:13 - 0000000 ____D C:\Documents and Settings\Compaq\Local Settings\CrashDumps 2012-03-07 02:27 - 2010-12-18 01:13 - 0000000 ____D C:\Documents and Settings\Compaq\Local Settings\Application Data\CrashDumps 2012-03-07 02:27 - 2010-12-18 01:13 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Local\CrashDumps 2012-03-07 02:25 - 2012-03-07 02:25 - 0000804 ____A C:\Users\Public\Desktop\CCleaner.lnk 2012-03-07 02:25 - 2012-03-07 02:25 - 0000804 ____A C:\Users\All Users\Desktop\CCleaner.lnk 2012-03-07 02:25 - 2012-03-07 02:25 - 0000804 ____A C:\Documents and Settings\Public\Desktop\CCleaner.lnk 2012-03-07 02:25 - 2012-03-07 02:25 - 0000804 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk 2012-03-07 02:25 - 2012-03-07 02:25 - 0000000 ____D C:\Program Files\CCleaner 2012-03-07 02:12 - 2012-03-07 02:12 - 0001753 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk 2012-03-07 02:12 - 2012-03-07 02:12 - 0001753 ____A C:\Users\All Users\Desktop\COMODO Firewall.lnk 2012-03-07 02:12 - 2012-03-07 02:12 - 0001753 ____A C:\Documents and Settings\Public\Desktop\COMODO Firewall.lnk 2012-03-07 02:12 - 2012-03-07 02:12 - 0001753 ____A C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk 2012-03-07 02:10 - 2012-03-07 02:10 - 0000903 ____A C:\Users\Public\Desktop\Comodo Dragon.lnk 2012-03-07 02:10 - 2012-03-07 02:10 - 0000903 ____A C:\Users\All Users\Desktop\Comodo Dragon.lnk 2012-03-07 02:10 - 2012-03-07 02:10 - 0000903 ____A C:\Documents and Settings\Public\Desktop\Comodo Dragon.lnk 2012-03-07 02:10 - 2012-03-07 02:10 - 0000903 ____A C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk 2012-03-07 02:05 - 2009-09-08 07:33 - 0000000 ____D C:\Users\Compaq\AppData\LocalLow 2012-03-07 02:05 - 2009-09-08 07:33 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\LocalLow 2012-03-07 02:01 - 2012-03-07 02:01 - 0107512 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT 2012-03-06 08:21 - 2012-03-06 08:21 - 0001033 ____A C:\Users\Public\Desktop\COMODO GeekBuddy.lnk 2012-03-06 08:21 - 2012-03-06 08:21 - 0001033 ____A C:\Users\All Users\Desktop\COMODO GeekBuddy.lnk 2012-03-06 08:21 - 2012-03-06 08:21 - 0001033 ____A C:\Documents and Settings\Public\Desktop\COMODO GeekBuddy.lnk 2012-03-06 08:21 - 2012-03-06 08:21 - 0001033 ____A C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk 2012-03-06 08:20 - 2012-03-06 08:17 - 85874016 ____A (COMODO) C:\Users\Compaq\Downloads\cfw-installer.exe 2012-03-06 08:20 - 2012-03-06 08:17 - 85874016 ____A (COMODO) C:\Documents and Settings\Compaq\Downloads\cfw-installer.exe 2012-03-06 08:10 - 2009-09-08 10:17 - 0000000 ____D C:\Users\Compaq\Application Data\Adobe 2012-03-06 08:10 - 2009-09-08 10:17 - 0000000 ____D C:\Users\Compaq\AppData\Roaming\Adobe 2012-03-06 08:10 - 2009-09-08 10:17 - 0000000 ____D C:\Documents and Settings\Compaq\Application Data\Adobe 2012-03-06 08:10 - 2009-09-08 10:17 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Roaming\Adobe 2012-03-04 05:33 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\System32\config\TxR 2012-03-04 05:30 - 2011-01-14 02:50 - 0000000 ____D C:\Users\Compaq\Application Data\Memeo 2012-03-04 05:30 - 2011-01-14 02:50 - 0000000 ____D C:\Users\Compaq\AppData\Roaming\Memeo 2012-03-04 05:30 - 2011-01-14 02:50 - 0000000 ____D C:\Documents and Settings\Compaq\Application Data\Memeo 2012-03-04 05:30 - 2011-01-14 02:50 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Roaming\Memeo 2012-03-04 05:30 - 2009-09-08 07:38 - 0107512 ____A C:\Users\Compaq\Local Settings\GDIPFONTCACHEV1.DAT 2012-03-04 05:30 - 2009-09-08 07:38 - 0107512 ____A C:\Users\Compaq\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-03-04 05:30 - 2009-09-08 07:38 - 0107512 ____A C:\Users\Compaq\AppData\Local\GDIPFONTCACHEV1.DAT 2012-03-04 05:30 - 2009-09-08 07:38 - 0107512 ____A C:\Documents and Settings\Compaq\Local Settings\GDIPFONTCACHEV1.DAT 2012-03-04 05:30 - 2009-09-08 07:38 - 0107512 ____A C:\Documents and Settings\Compaq\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-03-04 05:30 - 2009-09-08 07:38 - 0107512 ____A C:\Documents and Settings\Compaq\AppData\Local\GDIPFONTCACHEV1.DAT 2012-03-04 05:24 - 2006-11-02 04:47 - 3745552 ____A C:\Windows\System32\FNTCACHE.DAT 2012-03-04 05:21 - 2012-02-20 03:26 - 0000000 ____D C:\Program Files\SUPERAntiSpyware 2012-03-04 05:20 - 2006-11-02 02:22 - 75497472 ____A C:\Windows\System32\config\system_previous 2012-03-04 05:20 - 2006-11-02 02:22 - 51904512 ____A C:\Windows\System32\config\software_previous 2012-03-04 05:20 - 2006-11-02 02:22 - 0262144 ____A C:\Windows\System32\config\security_previous 2012-03-04 05:20 - 2006-11-02 02:22 - 0262144 ____A C:\Windows\System32\config\sam_previous 2012-03-04 05:19 - 2011-05-31 12:08 - 0000000 ____D C:\Users\Compaq\Application Data\Azureus 2012-03-04 05:19 - 2011-05-31 12:08 - 0000000 ____D C:\Users\Compaq\AppData\Roaming\Azureus 2012-03-04 05:19 - 2011-05-31 12:08 - 0000000 ____D C:\Documents and Settings\Compaq\Application Data\Azureus 2012-03-04 05:19 - 2011-05-31 12:08 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Roaming\Azureus 2012-03-04 05:19 - 2010-09-13 03:57 - 0000000 ____D C:\Windows\System32\Drivers\NIS 2012-03-04 05:19 - 2010-04-07 09:48 - 0000000 ____D C:\Users\Compaq\Application Data\vlc 2012-03-04 05:19 - 2010-04-07 09:48 - 0000000 ____D C:\Users\Compaq\AppData\Roaming\vlc 2012-03-04 05:19 - 2010-04-07 09:48 - 0000000 ____D C:\Documents and Settings\Compaq\Application Data\vlc 2012-03-04 05:19 - 2010-04-07 09:48 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Roaming\vlc 2012-03-04 05:19 - 2010-03-23 03:26 - 0000000 ____D C:\Users\Compaq\Application Data\Spotify 2012-03-04 05:19 - 2010-03-23 03:26 - 0000000 ____D C:\Users\Compaq\AppData\Roaming\Spotify 2012-03-04 05:19 - 2010-03-23 03:26 - 0000000 ____D C:\Documents and Settings\Compaq\Application Data\Spotify 2012-03-04 05:19 - 2010-03-23 03:26 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Roaming\Spotify 2012-03-04 05:19 - 2009-09-11 13:52 - 0000000 ____D C:\Users\Compaq\Local Settings\QuickPlay 2012-03-04 05:19 - 2009-09-11 13:52 - 0000000 ____D C:\Users\Compaq\Local Settings\Application Data\QuickPlay 2012-03-04 05:19 - 2009-09-11 13:52 - 0000000 ____D C:\Users\Compaq\AppData\Local\QuickPlay 2012-03-04 05:19 - 2009-09-11 13:52 - 0000000 ____D C:\Documents and Settings\Compaq\Local Settings\QuickPlay 2012-03-04 05:19 - 2009-09-11 13:52 - 0000000 ____D C:\Documents and Settings\Compaq\Local Settings\Application Data\QuickPlay 2012-03-04 05:19 - 2009-09-11 13:52 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Local\QuickPlay 2012-03-04 05:19 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\System32\spool 2012-03-04 05:19 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\System32\Msdtc 2012-03-04 05:18 - 2011-06-02 00:18 - 0000000 ____D C:\Program Files\Adobe Media Player 2012-03-04 05:18 - 2011-04-27 07:03 - 0000000 ____D C:\Program Files\AnvSoft 2012-03-04 05:18 - 2011-01-31 13:34 - 0000000 ____D C:\Program Files\Microsoft Silverlight 2012-03-04 05:18 - 2011-01-14 02:48 - 0000000 ____D C:\Program Files\Memeo 2012-03-04 05:18 - 2011-01-14 02:48 - 0000000 ____D C:\Program Files\Common Files\Memeo 2012-03-04 05:18 - 2011-01-14 02:47 - 0000000 ____D C:\Program Files\Seagate 2012-03-04 05:18 - 2010-08-29 10:03 - 0000000 ____D C:\Program Files\Maxis 2012-03-04 05:18 - 2010-07-05 12:38 - 0000000 ____D C:\Program Files\Lionhead Studios Ltd 2012-03-04 05:18 - 2010-05-28 11:54 - 0000000 ____D C:\Users\All Users\DivX 2012-03-04 05:18 - 2010-05-28 11:54 - 0000000 ____D C:\Users\All Users\Application Data\DivX 2012-03-04 05:18 - 2010-05-28 11:54 - 0000000 ____D C:\ProgramData\DivX 2012-03-04 05:18 - 2010-05-28 11:54 - 0000000 ____D C:\Documents and Settings\All Users\DivX 2012-03-04 05:18 - 2010-05-28 11:54 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\DivX 2012-03-04 05:18 - 2010-03-23 03:26 - 0000000 ____D C:\Program Files\Spotify 2012-03-04 05:18 - 2010-03-13 13:19 - 0000000 ____D C:\Users\All Users\McAfee Security Scan 2012-03-04 05:18 - 2010-03-13 13:19 - 0000000 ____D C:\Users\All Users\Application Data\McAfee Security Scan 2012-03-04 05:18 - 2010-03-13 13:19 - 0000000 ____D C:\ProgramData\McAfee Security Scan 2012-03-04 05:18 - 2010-03-13 13:19 - 0000000 ____D C:\Program Files\McAfee Security Scan 2012-03-04 05:18 - 2010-03-13 13:19 - 0000000 ____D C:\Documents and Settings\All Users\McAfee Security Scan 2012-03-04 05:18 - 2010-03-13 13:19 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee Security Scan 2012-03-04 05:18 - 2009-12-01 01:15 - 0000000 ____D C:\Program Files\DivX 2012-03-04 05:18 - 2009-11-08 02:36 - 0000000 ____D C:\Program Files\QuickTime 2012-03-04 05:18 - 2009-09-08 10:39 - 0000000 ____D C:\Program Files\Apple Software Update 2012-03-04 05:18 - 2009-06-17 03:12 - 0000000 ____D C:\Program Files\muvee Technologies 2012-03-04 05:18 - 2009-06-17 03:12 - 0000000 ____D C:\Program Files\Common Files\muvee Technologies 2012-03-04 05:18 - 2009-03-01 23:58 - 0000000 ____D C:\Users\All Users\Application Data\AOL 2012-03-04 05:18 - 2009-03-01 23:58 - 0000000 ____D C:\Users\All Users\AOL 2012-03-04 05:18 - 2009-03-01 23:58 - 0000000 ____D C:\ProgramData\AOL 2012-03-04 05:18 - 2009-03-01 23:58 - 0000000 ____D C:\Program Files\AOL 2012-03-04 05:18 - 2009-03-01 23:58 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\AOL 2012-03-04 05:18 - 2009-03-01 23:58 - 0000000 ____D C:\Documents and Settings\All Users\AOL 2012-03-04 05:18 - 2009-03-01 22:51 - 0000000 ___HD C:\Program Files\InstallShield Installation Information 2012-03-04 05:18 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\registration 2012-03-04 04:44 - 2006-11-02 02:22 - 0262144 ____A C:\Windows\System32\config\default_previous 2012-03-04 04:35 - 2012-02-03 02:00 - 0000000 ____D C:\Program Files\PeerBlock 2012-03-04 04:31 - 2006-11-02 02:22 - 32768000 ____A C:\Windows\System32\config\components_previous 2012-03-01 13:05 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\SchCache 2012-03-01 12:15 - 2009-09-28 09:25 - 0000000 ____D C:\Users\Compaq\art 2012-03-01 12:15 - 2009-09-28 09:25 - 0000000 ____D C:\Documents and Settings\Compaq\art 2012-03-01 09:57 - 2012-03-01 09:57 - 0000000 ____D C:\Program Files\ESET 2012-02-29 10:42 - 2012-02-29 10:41 - 0082142 ____A C:\TDSSKiller.2.7.14.0_29.02.2012_18.41.17_log.txt 2012-02-29 10:42 - 2012-02-25 16:26 - 0000000 ____D C:\TDSSKiller_Quarantine 2012-02-29 10:37 - 2012-02-29 10:37 - 0000434 ____A C:\rkill.log 2012-02-29 01:45 - 2012-02-29 01:45 - 0294216 ____A C:\Users\Compaq\Downloads\gmer (4).zip 2012-02-29 01:45 - 2012-02-29 01:45 - 0294216 ____A C:\Documents and Settings\Compaq\Downloads\gmer (4).zip 2012-02-28 07:44 - 2012-02-28 07:44 - 0000000 ____D C:\_OTL 2012-02-28 06:43 - 2012-02-28 06:43 - 0294216 ____A C:\Users\Compaq\Downloads\gmer (3).zip 2012-02-28 06:43 - 2012-02-28 06:43 - 0294216 ____A C:\Documents and Settings\Compaq\Downloads\gmer (3).zip 2012-02-28 06:37 - 2012-02-28 06:37 - 0294216 ____A C:\Users\Compaq\Downloads\gmer (2).zip 2012-02-28 06:37 - 2012-02-28 06:37 - 0294216 ____A C:\Documents and Settings\Compaq\Downloads\gmer (2).zip 2012-02-27 12:11 - 2012-02-27 12:11 - 0294216 ____A C:\Users\Compaq\Downloads\gmer (1).zip 2012-02-27 12:11 - 2012-02-27 12:11 - 0294216 ____A C:\Documents and Settings\Compaq\Downloads\gmer (1).zip 2012-02-27 12:09 - 2012-02-27 12:09 - 0294195 ____A C:\Users\Compaq\Downloads\gmer.zip 2012-02-27 12:09 - 2012-02-27 12:09 - 0294195 ____A C:\Documents and Settings\Compaq\Downloads\gmer.zip 2012-02-26 03:38 - 2012-02-26 03:38 - 0000000 ____D C:\Users\Compaq\Application Data\Tific 2012-02-26 03:38 - 2012-02-26 03:38 - 0000000 ____D C:\Users\Compaq\AppData\Roaming\Tific 2012-02-26 03:38 - 2012-02-26 03:38 - 0000000 ____D C:\Documents and Settings\Compaq\Application Data\Tific 2012-02-26 03:38 - 2012-02-26 03:38 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Roaming\Tific 2012-02-26 03:35 - 2012-02-26 03:35 - 0000000 ____D C:\Users\Compaq\Local Settings\Symantec 2012-02-26 03:35 - 2012-02-26 03:35 - 0000000 ____D C:\Users\Compaq\Local Settings\Application Data\Symantec 2012-02-26 03:35 - 2012-02-26 03:35 - 0000000 ____D C:\Users\Compaq\AppData\Local\Symantec 2012-02-26 03:35 - 2012-02-26 03:35 - 0000000 ____D C:\Documents and Settings\Compaq\Local Settings\Symantec 2012-02-26 03:35 - 2012-02-26 03:35 - 0000000 ____D C:\Documents and Settings\Compaq\Local Settings\Application Data\Symantec 2012-02-26 03:35 - 2012-02-26 03:35 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Local\Symantec 2012-02-26 02:22 - 2012-02-26 02:15 - 0000000 ____D C:\Qoobox 2012-02-25 16:23 - 2012-02-25 16:22 - 2044183 ____A C:\Users\Compaq\Desktop\tdsskiller.zip 2012-02-25 16:23 - 2012-02-25 16:22 - 2044183 ____A C:\Documents and Settings\Compaq\Desktop\tdsskiller.zip 2012-02-24 07:08 - 2012-02-24 07:08 - 0014649 ____A C:\Users\Compaq\Downloads\hijackthis.log 2012-02-24 07:08 - 2012-02-24 07:08 - 0014649 ____A C:\Documents and Settings\Compaq\Downloads\hijackthis.log 2012-02-20 05:17 - 2012-01-17 12:35 - 0000000 ____D C:\Users\Compaq\Application Data\DAEMON Tools Lite 2012-02-20 05:17 - 2012-01-17 12:35 - 0000000 ____D C:\Users\Compaq\AppData\Roaming\DAEMON Tools Lite 2012-02-20 05:17 - 2012-01-17 12:35 - 0000000 ____D C:\Documents and Settings\Compaq\Application Data\DAEMON Tools Lite 2012-02-20 05:17 - 2012-01-17 12:35 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Roaming\DAEMON Tools Lite 2012-02-20 05:17 - 2010-02-14 13:09 - 0000000 ____D C:\Users\Compaq\Application Data\Skype 2012-02-20 05:17 - 2010-02-14 13:09 - 0000000 ____D C:\Users\Compaq\AppData\Roaming\Skype 2012-02-20 05:17 - 2010-02-14 13:09 - 0000000 ____D C:\Documents and Settings\Compaq\Application Data\Skype 2012-02-20 05:17 - 2010-02-14 13:09 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Roaming\Skype 2012-02-20 05:17 - 2009-03-02 00:02 - 0000000 ____D C:\Windows\panther 2012-02-20 03:27 - 2012-02-20 03:27 - 0000000 ____D C:\Users\Compaq\Application Data\SUPERAntiSpyware.com 2012-02-20 03:27 - 2012-02-20 03:27 - 0000000 ____D C:\Users\Compaq\AppData\Roaming\SUPERAntiSpyware.com 2012-02-20 03:27 - 2012-02-20 03:27 - 0000000 ____D C:\Documents and Settings\Compaq\Application Data\SUPERAntiSpyware.com 2012-02-20 03:27 - 2012-02-20 03:27 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Roaming\SUPERAntiSpyware.com 2012-02-20 03:26 - 2012-02-20 03:26 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com 2012-02-20 03:26 - 2012-02-20 03:26 - 0000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com 2012-02-20 03:26 - 2012-02-20 03:26 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2012-02-20 03:26 - 2012-02-20 03:26 - 0000000 ____D C:\Documents and Settings\All Users\SUPERAntiSpyware.com 2012-02-20 03:26 - 2012-02-20 03:26 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2012-02-20 02:58 - 2012-02-20 02:14 - 0000000 ____D C:\Program Files\Comodo 2012-02-20 02:25 - 2012-02-20 02:25 - 0000000 ____D C:\Users\Public\Documents\COMODO 2012-02-20 02:25 - 2012-02-20 02:25 - 0000000 ____D C:\Users\All Users\Documents\COMODO 2012-02-20 02:25 - 2012-02-20 02:25 - 0000000 ____D C:\Documents and Settings\Public\Documents\COMODO 2012-02-20 02:25 - 2012-02-20 02:25 - 0000000 ____D C:\Documents and Settings\All Users\Documents\COMODO 2012-02-20 02:24 - 2012-02-20 02:24 - 0000000 ____D C:\Users\Compaq\Local Settings\Comodo 2012-02-20 02:24 - 2012-02-20 02:24 - 0000000 ____D C:\Users\Compaq\Local Settings\Application Data\Comodo 2012-02-20 02:24 - 2012-02-20 02:24 - 0000000 ____D C:\Users\Compaq\AppData\Local\Comodo 2012-02-20 02:24 - 2012-02-20 02:24 - 0000000 ____D C:\Documents and Settings\Compaq\Local Settings\Comodo 2012-02-20 02:24 - 2012-02-20 02:24 - 0000000 ____D C:\Documents and Settings\Compaq\Local Settings\Application Data\Comodo 2012-02-20 02:24 - 2012-02-20 02:24 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Local\Comodo 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\Users\Compaq\Application Data\Malwarebytes 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\Users\Compaq\AppData\Roaming\Malwarebytes 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\Users\All Users\Malwarebytes 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\ProgramData\Malwarebytes 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\Documents and Settings\Compaq\Application Data\Malwarebytes 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Roaming\Malwarebytes 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\Documents and Settings\All Users\Malwarebytes 2012-02-20 02:03 - 2012-02-20 02:03 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2012-02-19 11:33 - 2011-05-31 12:06 - 0000000 ____D C:\Program Files\Vuze 2012-02-19 10:23 - 2011-05-31 13:28 - 0000000 ____D C:\Users\Compaq\My Documents\Vuze Downloads 2012-02-19 10:23 - 2011-05-31 13:28 - 0000000 ____D C:\Users\Compaq\Documents\Vuze Downloads 2012-02-19 10:23 - 2011-05-31 13:28 - 0000000 ____D C:\Documents and Settings\Compaq\My Documents\Vuze Downloads 2012-02-19 10:23 - 2011-05-31 13:28 - 0000000 ____D C:\Documents and Settings\Compaq\Documents\Vuze Downloads 2012-02-19 10:02 - 2012-02-05 07:11 - 0000000 ____D C:\Program Files\K-Lite Codec Pack 2012-02-19 09:41 - 2009-03-01 23:45 - 0000000 ____D C:\Users\All Users\Microsoft Help 2012-02-19 09:41 - 2009-03-01 23:45 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help 2012-02-19 09:41 - 2009-03-01 23:45 - 0000000 ____D C:\ProgramData\Microsoft Help 2012-02-19 09:41 - 2009-03-01 23:45 - 0000000 ____D C:\Documents and Settings\All Users\Microsoft Help 2012-02-19 09:41 - 2009-03-01 23:45 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help 2012-02-17 07:31 - 2009-09-08 10:43 - 0000000 ____D C:\Users\Compaq\Local Settings\Application Data\Apple Computer 2012-02-17 07:31 - 2009-09-08 10:43 - 0000000 ____D C:\Users\Compaq\Local Settings\Apple Computer 2012-02-17 07:31 - 2009-09-08 10:43 - 0000000 ____D C:\Users\Compaq\AppData\Local\Apple Computer 2012-02-17 07:31 - 2009-09-08 10:43 - 0000000 ____D C:\Documents and Settings\Compaq\Local Settings\Application Data\Apple Computer 2012-02-17 07:31 - 2009-09-08 10:43 - 0000000 ____D C:\Documents and Settings\Compaq\Local Settings\Apple Computer 2012-02-17 07:31 - 2009-09-08 10:43 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Local\Apple Computer 2012-02-15 03:19 - 2012-02-15 02:27 - 0021934 ____A C:\Users\Compaq\Desktop\energy statistics - Dave.docx 2012-02-15 03:19 - 2012-02-15 02:27 - 0021934 ____A C:\Documents and Settings\Compaq\Desktop\energy statistics - Dave.docx 2012-02-13 04:03 - 2012-02-13 04:03 - 0000000 ____D C:\Users\All Users\LightScribe 2012-02-13 04:03 - 2012-02-13 04:03 - 0000000 ____D C:\Users\All Users\Application Data\LightScribe 2012-02-13 04:03 - 2012-02-13 04:03 - 0000000 ____D C:\ProgramData\LightScribe 2012-02-13 04:03 - 2012-02-13 04:03 - 0000000 ____D C:\Documents and Settings\All Users\LightScribe 2012-02-13 04:03 - 2012-02-13 04:03 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\LightScribe 2012-02-08 02:53 - 2011-01-14 02:50 - 0000326 ____A C:\MemeoSendAddin 2012-02-07 10:33 - 2009-10-20 09:36 - 0000052 ____A C:\Windows\System32\DOErrors.log 2012-02-05 06:59 - 2012-02-05 06:59 - 0000000 ____D C:\Program Files\Apple Software Update(7) 2012-02-05 06:46 - 2012-02-05 06:46 - 0000000 ____D C:\WMSDK 2012-02-04 08:08 - 2012-02-04 08:08 - 0503746 ____A C:\Users\Compaq\Downloads\_matéo 2012-02-04 08:08 - 2012-02-04 08:08 - 0503746 ____A C:\Documents and Settings\Compaq\Downloads\_matéo 2012-02-04 08:00 - 2012-02-04 08:00 - 0000000 ____D C:\Users\Compaq\Desktop\photos Aurore phone 2012-02-04 08:00 - 2012-02-04 08:00 - 0000000 ____D C:\Documents and Settings\Compaq\Desktop\photos Aurore phone 2012-02-03 10:18 - 2011-06-02 00:03 - 0000000 ____D C:\Users\Compaq\Adobe CS5 2012-02-03 10:18 - 2011-06-02 00:03 - 0000000 ____D C:\Documents and Settings\Compaq\Adobe CS5 2012-02-03 10:17 - 2012-02-03 10:17 - 0000000 ____D C:\Users\Compaq\Application Data\Media Player Classic 2012-02-03 10:17 - 2012-02-03 10:17 - 0000000 ____D C:\Users\Compaq\AppData\Roaming\Media Player Classic 2012-02-03 10:17 - 2012-02-03 10:17 - 0000000 ____D C:\Documents and Settings\Compaq\Application Data\Media Player Classic 2012-02-03 10:17 - 2012-02-03 10:17 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Roaming\Media Player Classic 2012-02-03 07:58 - 2012-02-03 07:58 - 0000000 ____D C:\Users\Compaq\Local Settings\Application Data\{63666F5D-CB50-4006-BAD8-A7A359057769} 2012-02-03 07:58 - 2012-02-03 07:58 - 0000000 ____D C:\Users\Compaq\Local Settings\{63666F5D-CB50-4006-BAD8-A7A359057769} 2012-02-03 07:58 - 2012-02-03 07:58 - 0000000 ____D C:\Users\Compaq\AppData\Local\{63666F5D-CB50-4006-BAD8-A7A359057769} 2012-02-03 07:58 - 2012-02-03 07:58 - 0000000 ____D C:\Documents and Settings\Compaq\Local Settings\Application Data\{63666F5D-CB50-4006-BAD8-A7A359057769} 2012-02-03 07:58 - 2012-02-03 07:58 - 0000000 ____D C:\Documents and Settings\Compaq\Local Settings\{63666F5D-CB50-4006-BAD8-A7A359057769} 2012-02-03 07:58 - 2012-02-03 07:58 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Local\{63666F5D-CB50-4006-BAD8-A7A359057769} 2012-02-03 07:38 - 2009-03-01 22:51 - 0000000 ____D C:\Program Files\Common Files\InstallShield 2012-02-01 08:07 - 2012-02-01 07:45 - 0108544 ____A C:\Users\Compaq\Desktop\Rédaction Dossier WSPU.doc 2012-02-01 08:07 - 2012-02-01 07:45 - 0108544 ____A C:\Documents and Settings\Compaq\Desktop\Rédaction Dossier WSPU.doc 2012-01-28 05:20 - 2012-01-28 05:20 - 0776487 ____A C:\Users\Compaq\Downloads\784_1327756494_37430.docx 2012-01-28 05:20 - 2012-01-28 05:20 - 0776487 ____A C:\Documents and Settings\Compaq\Downloads\784_1327756494_37430.docx 2012-01-28 03:26 - 2012-01-28 03:26 - 0068608 ____A C:\Users\Compaq\Downloads\A_D_brief_HARVARD_REFERENCING_guide_Sept_09-4 (1).doc 2012-01-28 03:26 - 2012-01-28 03:26 - 0068608 ____A C:\Documents and Settings\Compaq\Downloads\A_D_brief_HARVARD_REFERENCING_guide_Sept_09-4 (1).doc 2012-01-28 03:07 - 2012-01-28 03:07 - 0009667 ____A C:\Users\Compaq\Desktop\moodle final essay.pdf 2012-01-28 03:07 - 2012-01-28 03:07 - 0009667 ____A C:\Documents and Settings\Compaq\Desktop\moodle final essay.pdf 2012-01-28 03:04 - 2012-01-28 03:04 - 0110539 ____A C:\Users\Compaq\Downloads\HCC_3_Submission_Procedures (1).docx 2012-01-28 03:04 - 2012-01-28 03:04 - 0110539 ____A C:\Documents and Settings\Compaq\Downloads\HCC_3_Submission_Procedures (1).docx 2012-01-28 03:03 - 2012-01-28 03:03 - 0110539 ____A C:\Users\Compaq\Downloads\HCC_3_Submission_Procedures.docx 2012-01-28 03:03 - 2012-01-28 03:03 - 0110539 ____A C:\Documents and Settings\Compaq\Downloads\HCC_3_Submission_Procedures.docx 2012-01-28 00:31 - 2012-01-28 00:31 - 0068608 ____A C:\Users\Compaq\Downloads\A_D_brief_HARVARD_REFERENCING_guide_Sept_09-4.doc 2012-01-28 00:31 - 2012-01-28 00:31 - 0068608 ____A C:\Documents and Settings\Compaq\Downloads\A_D_brief_HARVARD_REFERENCING_guide_Sept_09-4.doc 2012-01-23 06:59 - 2012-01-23 06:59 - 0342667 ____A C:\Users\Compaq\Downloads\student certificate.zip 2012-01-23 06:59 - 2012-01-23 06:59 - 0342667 ____A C:\Documents and Settings\Compaq\Downloads\student certificate.zip 2012-01-17 14:14 - 2012-01-17 14:14 - 0000000 ____D C:\Program Files\Common Files\DigiDesign 2012-01-17 14:14 - 2009-09-08 11:27 - 0000000 ____D C:\Program Files\VstPlugins 2012-01-17 14:01 - 2012-01-17 14:01 - 0000000 ____D C:\Program Files\Toontrack 2012-01-17 13:00 - 2012-01-17 13:00 - 0491816 ____A (COMODO) C:\Windows\System32\Drivers\cmdGuard.sys 2012-01-17 12:35 - 2012-01-17 12:35 - 0000000 ____D C:\Users\All Users\DAEMON Tools Lite 2012-01-17 12:35 - 2012-01-17 12:35 - 0000000 ____D C:\Users\All Users\Application Data\DAEMON Tools Lite 2012-01-17 12:35 - 2012-01-17 12:35 - 0000000 ____D C:\ProgramData\DAEMON Tools Lite 2012-01-17 12:35 - 2012-01-17 12:35 - 0000000 ____D C:\Documents and Settings\All Users\DAEMON Tools Lite 2012-01-17 12:35 - 2012-01-17 12:35 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite 2012-01-17 10:30 - 2012-01-17 10:24 - 0000000 ____D C:\Users\All Users\InstallMate 2012-01-17 10:30 - 2012-01-17 10:24 - 0000000 ____D C:\Users\All Users\Application Data\InstallMate 2012-01-17 10:30 - 2012-01-17 10:24 - 0000000 ____D C:\ProgramData\InstallMate 2012-01-17 10:30 - 2012-01-17 10:24 - 0000000 ____D C:\Documents and Settings\All Users\InstallMate 2012-01-17 10:30 - 2012-01-17 10:24 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\InstallMate 2012-01-17 10:24 - 2012-01-17 10:24 - 0000000 ____D C:\Users\All Users\Premium 2012-01-17 10:24 - 2012-01-17 10:24 - 0000000 ____D C:\Users\All Users\Application Data\Premium 2012-01-17 10:24 - 2012-01-17 10:24 - 0000000 ____D C:\ProgramData\Premium 2012-01-17 10:24 - 2012-01-17 10:24 - 0000000 ____D C:\Documents and Settings\All Users\Premium 2012-01-17 10:24 - 2012-01-17 10:24 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Premium 2012-01-16 13:05 - 2012-01-16 13:05 - 0214844 ____A C:\Users\Compaq\Downloads\STA Travel Booking Confirmation.pdf 2012-01-16 13:05 - 2012-01-16 13:05 - 0214844 ____A C:\Documents and Settings\Compaq\Downloads\STA Travel Booking Confirmation.pdf 2012-01-11 08:00 - 2010-04-07 09:25 - 0000000 ____D C:\Program Files\Graboid 2012-01-11 07:51 - 2012-01-10 12:16 - 0000000 ____D C:\Program Files\AVS4YOU 2012-01-11 07:50 - 2012-01-10 12:17 - 0001030 ____A C:\Users\Compaq\Desktop\AVS Video Converter.lnk 2012-01-11 07:50 - 2012-01-10 12:17 - 0001030 ____A C:\Documents and Settings\Compaq\Desktop\AVS Video Converter.lnk 2012-01-11 07:37 - 2012-01-11 07:37 - 0000000 ____A C:\Users\Compaq\Local Settings\FnF4.txt 2012-01-11 07:37 - 2012-01-11 07:37 - 0000000 ____A C:\Users\Compaq\Local Settings\Application Data\FnF4.txt 2012-01-11 07:37 - 2012-01-11 07:37 - 0000000 ____A C:\Users\Compaq\AppData\Local\FnF4.txt 2012-01-11 07:37 - 2012-01-11 07:37 - 0000000 ____A C:\Documents and Settings\Compaq\Local Settings\FnF4.txt 2012-01-11 07:37 - 2012-01-11 07:37 - 0000000 ____A C:\Documents and Settings\Compaq\Local Settings\Application Data\FnF4.txt 2012-01-11 07:37 - 2012-01-11 07:37 - 0000000 ____A C:\Documents and Settings\Compaq\AppData\Local\FnF4.txt 2012-01-10 12:22 - 2009-11-19 19:34 - 0016896 ____A C:\Users\Compaq\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-01-10 12:22 - 2009-11-19 19:34 - 0016896 ____A C:\Users\Compaq\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-01-10 12:22 - 2009-11-19 19:34 - 0016896 ____A C:\Users\Compaq\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-01-10 12:22 - 2009-11-19 19:34 - 0016896 ____A C:\Documents and Settings\Compaq\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-01-10 12:22 - 2009-11-19 19:34 - 0016896 ____A C:\Documents and Settings\Compaq\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-01-10 12:22 - 2009-11-19 19:34 - 0016896 ____A C:\Documents and Settings\Compaq\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-01-10 12:20 - 2012-01-10 12:20 - 0000000 ____D C:\Users\Compaq\Application Data\AVS4YOU 2012-01-10 12:20 - 2012-01-10 12:20 - 0000000 ____D C:\Users\Compaq\AppData\Roaming\AVS4YOU 2012-01-10 12:20 - 2012-01-10 12:20 - 0000000 ____D C:\Documents and Settings\Compaq\Application Data\AVS4YOU 2012-01-10 12:20 - 2012-01-10 12:20 - 0000000 ____D C:\Documents and Settings\Compaq\AppData\Roaming\AVS4YOU 2012-01-10 12:20 - 2012-01-10 12:16 - 0000000 ____D C:\Users\All Users\AVS4YOU 2012-01-10 12:20 - 2012-01-10 12:16 - 0000000 ____D C:\Users\All Users\Application Data\AVS4YOU 2012-01-10 12:20 - 2012-01-10 12:16 - 0000000 ____D C:\ProgramData\AVS4YOU 2012-01-10 12:20 - 2012-01-10 12:16 - 0000000 ____D C:\Documents and Settings\All Users\AVS4YOU 2012-01-10 12:20 - 2012-01-10 12:16 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\AVS4YOU 2012-01-10 12:19 - 2012-01-10 12:16 - 0000000 ____D C:\Program Files\Common Files\AVSMedia 2012-01-10 12:18 - 2012-01-10 12:18 - 0000814 ____A C:\Users\Public\Desktop\WinRAR.lnk 2012-01-10 12:18 - 2012-01-10 12:18 - 0000814 ____A C:\Users\All Users\Desktop\WinRAR.lnk 2012-01-10 12:18 - 2012-01-10 12:18 - 0000814 ____A C:\Documents and Settings\Public\Desktop\WinRAR.lnk 2012-01-10 12:18 - 2012-01-10 12:18 - 0000814 ____A C:\Documents and Settings\All Users\Desktop\WinRAR.lnk 2012-01-10 12:18 - 2011-06-02 00:50 - 0000000 ____D C:\Program Files\WinRAR 2012-01-10 09:52 - 2012-01-10 09:52 - 0000132 ____A C:\Users\Compaq\Application Data\Adobe BMP Format CS5 Prefs 2012-01-10 09:52 - 2012-01-10 09:52 - 0000132 ____A C:\Users\Compaq\AppData\Roaming\Adobe BMP Format CS5 Prefs 2012-01-10 09:52 - 2012-01-10 09:52 - 0000132 ____A C:\Documents and Settings\Compaq\Application Data\Adobe BMP Format CS5 Prefs 2012-01-10 09:52 - 2012-01-10 09:52 - 0000132 ____A C:\Documents and Settings\Compaq\AppData\Roaming\Adobe BMP Format CS5 Prefs 2012-01-10 09:16 - 2012-01-10 09:16 - 0380928 ____A C:\Users\Compaq\Desktop\Réponses des activités.doc 2012-01-10 09:16 - 2012-01-10 09:16 - 0380928 ____A C:\Documents and Settings\Compaq\Desktop\Réponses des activités.doc 2011-12-23 13:18 - 2009-09-08 12:18 - 0000326 ____A C:\Windows\Tasks\HPCeeScheduleForCompaq.job 2011-12-19 10:59 - 2011-12-19 10:59 - 0082400 ____A (COMODO) C:\Windows\System32\Drivers\inspect.sys 2011-12-19 10:59 - 2011-12-19 10:59 - 0038616 ____A (COMODO) C:\Windows\System32\Drivers\cmdhlp.sys 2011-12-19 10:59 - 2011-12-19 10:59 - 0019600 ____A (COMODO) C:\Windows\System32\Drivers\cmderd.sys 2011-12-19 10:58 - 2011-12-19 10:58 - 0301224 ____A (COMODO) C:\Windows\System32\guard32.dll 2011-12-19 10:58 - 2011-12-19 10:58 - 0033984 ____A (COMODO) C:\Windows\System32\cmdcsr.dll 2011-12-18 08:44 - 2011-12-18 08:44 - 0058368 ____A C:\Users\Compaq\Downloads\13 déc11 AC 1ère partie retour.doc 2011-12-18 08:44 - 2011-12-18 08:44 - 0058368 ____A C:\Documents and Settings\Compaq\Downloads\13 déc11 AC 1ère partie retour.doc ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe [2009-03-02 00:19] - [2009-03-02 00:19] - 2927104 ____A (Microsoft Corporation) 4F554999D7D5F05DAAEBBA7B5BA1089D C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\User32.dll [2008-01-20 18:24] - [2008-01-20 18:24] - 0627200 ____A (Microsoft Corporation) B974D9F06DC7D1908E825DC201681269 C:\Windows\System32\Drivers\volsnap.sys [2008-01-20 18:23] - [2008-01-20 18:23] - 0227896 ____A (Microsoft Corporation) D8B4A53DD2769F226B3EB374374987C9 ========================= Memory info ====================== Percentage of memory in use: 18% Total physical RAM: 3002.17 MB Available physical RAM: 2449.29 MB Total Pagefile: 2727.11 MB Available Pagefile: 2555.49 MB Total Virtual: 2047.88 MB Available Virtual: 1966.14 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:222.33 GB) (Free:126.32 GB) NTFS ==>[Drive with boot components (obtanied from BCD)] 2 Drive d: (RECOVERY) (Fixed) (Total:10.55 GB) (Free:1.8 GB) NTFS ==>[System with boot components (obtained from reading drive)] 4 Drive f: () (Removable) (Total:0.95 GB) (Free:0.31 GB) FAT 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 233 GB 1024 KB Disk 1 Online 972 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 222 GB 1024 KB Partition 2 Primary 11 GB 222 GB ================================================================================ ====================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C NTFS Partition 222 GB Healthy ================================================================================ ====================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D RECOVERY NTFS Partition 11 GB Healthy ================================================================================ ====================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 972 MB 16 KB ================================================================================ ====================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT Removable 972 MB Healthy ================================================================================ ====================== ========================================================== Last Boot: 2012-03-14 01:51 ======================= End Of Log ==========================

#108 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 15 March 2012 - 02:01 PM

Hi,

That really doesn't look bad.

Run a scan with OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
Drives
CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Posted Image
 
 

#109 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 15 March 2012 - 04:01 PM

ah ok, looks like we're getting there then!

heres otl.txt

OTL logfile created on: 15/03/2012 21:45:45 - Run 4
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Compaq\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 82.29% Memory free
6.06 Gb Paging File | 5.73 Gb Available in Paging File | 94.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.33 Gb Total Space | 126.86 Gb Free Space | 57.06% Space Free | Partition Type: NTFS
Drive D: | 10.55 Gb Total Space | 1.80 Gb Free Space | 17.04% Space Free | Partition Type: NTFS

Computer Name: COMPAQ-PC | User Name: Compaq | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Compaq\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe (COMODO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (PSEXESVC) -- C:\Windows\PSEXESVC.EXE (Sysinternals)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (CLPSLS) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (SeagateDashboardService) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_O2DA) SupportSoft Sprocket Service (O2DA) -- C:\Program Files\O2 Assistant\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_O2DA) SupportSoft Repair Service (O2DA) -- C:\Program Files\O2 Assistant\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MA_CMIDI_InstallerService) -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (Avid Technology, Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ()
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (RapportIaso) -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys (Trusteer Ltd.)
DRV - (RapportBuka) -- C:\Windows\System32\drivers\RapportBuka.sys (Trusteer Ltd.)
DRV - (SE1008mdm) -- C:\Windows\System32\drivers\SE1008mdm.sys (Sony Ericsson)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (MA_CMIDI) -- C:\Windows\System32\drivers\MA_CMIDI.SYS (M-Audio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{CAC4D04F-B0F4-442A-8CA9-988E7117AFE3}: "URL" = http://uk.search.yah...amp;type=ie2008


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKU\S-1-5-21-4056065152-634905853-1308159465-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKU\S-1-5-21-4056065152-634905853-1308159465-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4056065152-634905853-1308159465-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4056065152-634905853-1308159465-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4056065152-634905853-1308159465-1000\..\SearchScopes\{CAC4D04F-B0F4-442A-8CA9-988E7117AFE3}: "URL" = http://uk.search.yah...amp;type=ie2008
IE - HKU\S-1-5-21-4056065152-634905853-1308159465-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Compaq\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Compaq\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/12 12:53:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/12 10:01:29 | 000,000,000 | ---D | M]

[2012/03/12 12:54:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Compaq\AppData\Roaming\mozilla\Extensions
[2012/03/12 12:53:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/22 14:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(117)
[2012/01/22 14:55:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(117)\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/02/16 14:55:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/16 11:08:43 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/16 10:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 11:08:43 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/16 11:08:43 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/16 11:08:43 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{googl
e:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chro
me&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client
=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Compaq\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-4056065152-634905853-1308159465-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-4056065152-634905853-1308159465-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [COMODO] C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Send] C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe ()
O4 - HKLM..\Run: [O2DA] C:\Program Files\O2 Assistant\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4056065152-634905853-1308159465-1000..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found
O4 - Startup: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-4056065152-634905853-1308159465-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73F92850-0943-4CBD-8836-3F9DF80843DA}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/03/16 03:26:58 | 000,000,000 | ---D | C] -- C:\FRST
[2012/03/14 21:30:24 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\junction.exe
[2012/03/14 09:35:40 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
[2012/03/13 21:48:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/12 12:53:52 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\Mozilla
[2012/03/12 12:48:17 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/03/12 09:51:26 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2012/03/08 17:06:36 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Compaq\Desktop\OTL.exe
[2012/03/08 17:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/03/08 09:17:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/08 09:17:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/08 09:17:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/08 09:17:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/07 18:48:33 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/03/07 18:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/03/07 18:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/03/07 10:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/06 16:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/03/01 17:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/28 15:44:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/28 15:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/26 11:38:43 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\Tific
[2012/02/26 11:35:33 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Local\Symantec
[2012/02/26 10:15:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/26 00:26:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/20 13:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/02/20 11:27:24 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/20 11:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/20 11:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/20 10:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/02/20 10:25:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/02/20 10:24:29 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Local\Comodo
[2012/02/20 10:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/02/20 10:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2012/02/20 10:03:58 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\Malwarebytes
[2012/02/20 10:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/20 10:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2012/03/15 21:42:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/14 21:28:18 | 000,079,623 | ---- | M] () -- C:\Users\Compaq\Desktop\Junction.zip
[2012/03/14 09:37:29 | 000,000,065 | ---- | M] () -- C:\Users\Compaq\Desktop\junc.bat
[2012/03/13 18:21:37 | 000,591,918 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/13 18:21:37 | 000,099,800 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/12 22:14:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 22:14:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 21:55:43 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/03/12 13:52:48 | 000,002,627 | ---- | M] () -- C:\Users\Compaq\Desktop\Microsoft Office Word 2007.lnk
[2012/03/12 12:53:35 | 000,000,870 | ---- | M] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/12 12:53:35 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/12 12:48:21 | 000,002,047 | ---- | M] () -- C:\Users\Compaq\Desktop\Google Chrome.lnk
[2012/03/12 12:48:21 | 000,002,009 | ---- | M] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/12 10:24:12 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4056065152-634905853-1308159465-1000UA.job
[2012/03/12 10:24:05 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4056065152-634905853-1308159465-1000Core.job
[2012/03/08 17:06:39 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Compaq\Desktop\OTL.exe
[2012/03/08 17:04:32 | 000,000,913 | ---- | M] () -- C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/03/08 17:04:22 | 000,000,733 | ---- | M] () -- C:\Users\Compaq\Desktop\NTREGOPT.lnk
[2012/03/08 17:04:22 | 000,000,714 | ---- | M] () -- C:\Users\Compaq\Desktop\ERUNT.lnk
[2012/03/07 18:56:14 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/03/07 18:56:04 | 000,000,391 | ---- | M] () -- C:\temp398.bat
[2012/03/07 18:53:37 | 000,000,391 | ---- | M] () -- C:\temp171.bat
[2012/03/07 18:47:51 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/03/07 18:47:21 | 004,104,666 | ---- | M] () -- C:\Users\Compaq\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/03/07 10:40:38 | 000,006,756 | ---- | M] () -- C:\Users\Compaq\AppData\Local\d3d9caps.dat
[2012/03/07 10:25:25 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/07 10:14:27 | 002,185,990 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB
[2012/03/07 10:12:00 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/03/07 10:10:59 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/03/06 16:21:25 | 000,001,057 | ---- | M] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/03/06 16:21:25 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012/03/04 13:24:05 | 003,745,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/26 00:23:00 | 002,044,183 | ---- | M] () -- C:\Users\Compaq\Desktop\tdsskiller.zip

========== Files Created - No Company Name ==========

[2012/03/14 09:37:29 | 000,000,065 | ---- | C] () -- C:\Users\Compaq\Desktop\junc.bat
[2012/03/14 09:34:42 | 000,079,623 | ---- | C] () -- C:\Users\Compaq\Desktop\Junction.zip
[2012/03/12 12:53:35 | 000,000,870 | ---- | C] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/12 12:53:35 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/12 12:53:35 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/12 12:48:21 | 000,002,047 | ---- | C] () -- C:\Users\Compaq\Desktop\Google Chrome.lnk
[2012/03/12 12:48:21 | 000,002,009 | ---- | C] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/08 17:04:32 | 000,000,913 | ---- | C] () -- C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/03/08 17:04:22 | 000,000,733 | ---- | C] () -- C:\Users\Compaq\Desktop\NTREGOPT.lnk
[2012/03/08 17:04:22 | 000,000,714 | ---- | C] () -- C:\Users\Compaq\Desktop\ERUNT.lnk
[2012/03/08 09:17:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/08 09:17:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/08 09:17:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/08 09:17:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/08 09:17:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/07 18:56:04 | 000,000,391 | ---- | C] () -- C:\temp398.bat
[2012/03/07 18:53:37 | 000,000,391 | ---- | C] () -- C:\temp171.bat
[2012/03/07 18:47:51 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/03/07 18:47:21 | 004,104,666 | ---- | C] () -- C:\Users\Compaq\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/03/07 10:25:25 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/07 10:12:00 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/03/07 10:10:59 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/03/06 16:21:25 | 000,001,057 | ---- | C] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/03/06 16:21:25 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012/02/26 00:22:57 | 002,044,183 | ---- | C] () -- C:\Users\Compaq\Desktop\tdsskiller.zip
[2012/01/10 17:52:32 | 000,000,132 | ---- | C] () -- C:\Users\Compaq\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/07/09 14:07:42 | 000,006,524 | ---- | C] () -- C:\Users\Compaq\AppData\Roaming\wklnhst.dat
[2010/07/07 12:41:13 | 000,000,114 | ---- | C] () -- C:\Windows\wininit.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/09/07 15:39:20 | 000,150,392 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe


< C:\Windows\assembly\tmp\U\*.* /s >


========== Drive Information ==========
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 222.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 11.00GB
Starting Offset: 238726152192
Hidden sectors: 0


< End of report >

#110 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 15 March 2012 - 04:05 PM

no sign of the extras.txt though.. im not sure where it is because it hasnt saved to my desktop..

#111 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 15 March 2012 - 05:54 PM

Hi, There won't be an Extras log made so you don't need to worry about that one. Let me look this over and see what we have. How is your system running?
Posted Image
 
 

#112 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 16 March 2012 - 03:34 AM

Hey Jeff, seems much better actually :thumbup: chrome and firefox are now working, windows defender isn't though: when logging on a few pop ups tell me straight away that Erunt cant back up, windows defender "fails to initialize" and recycle bin on C:\ is corrupted as always! i haven't got an antivirus now so I don't want to browse a lot, but perhaps I could try dowloading peerblock again, because it needs certain things to run which the virus corrupted, so I'm not sure whether that will still work or not. but as I said before, if I can't get everything back to how it was before the virus, so long as there's a freeware alternative I'm not really fussed ^_^

#113 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 16 March 2012 - 03:47 AM

a hah! might want to look at this attached print screen. I opened task manager to stop msn messenger from popping up at start up -it's really annoying!- and the first task is a incomprehensible line of numbers and letters. It might not be a virus but I thought I'd let you know just to be safe... it might be of help, im not sure really!

Attached Thumbnails

  • hmmm.jpg

#114 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 16 March 2012 - 05:44 AM

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Right-click and Run as Administrator SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :file
C:\Windows\System32\ias.dll
C:\Windows\System32\ezsvc7.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Posted Image
 
 

#115 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 16 March 2012 - 01:23 PM

Hi, SystemLook 30.07.11 by jpshortstuff Log created at 19:22 on 16/03/2012 by Compaq Administrator - Elevation successful ========== file ========== C:\Windows\System32\ias.dll - File found and opened. MD5: 7A5F8218325F00396DAEA2F985FA0ECB Created at 02:24 on 21/01/2008 Modified at 02:24 on 21/01/2008 Size: 18944 bytes Attributes: --a---- FileDescription: Network Policy Server FileVersion: 6.0.6001.18000 (longhorn_rtm.080118-1840) ProductVersion: 6.0.6001.18000 OriginalFilename: IAS.DLL.MUI InternalName: IAS.DLL ProductName: Microsoft® Windows® Operating System CompanyName: Microsoft Corporation LegalCopyright: © Microsoft Corporation. All rights reserved. C:\Windows\System32\ezsvc7.dll - File found and opened. MD5: 42F721C52EEF2D6DF9372A53813A83EF Created at 07:58 on 02/03/2009 Modified at 20:00 on 03/02/2008 Size: 129992 bytes Attributes: --a---- FileDescription: Shared EasyBits services for Windows FileVersion: 3.0.0.1 ProductVersion: 1.0.0.0 OriginalFilename: InternalName: ProductName: CompanyName: EasyBits Sofware AS LegalCopyright: EasyBits Sofware AS Comments: -= EOF =-

    Advertisements

Register to Remove

#116 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 16 March 2012 - 02:07 PM

Hi,

Thanks for that log.

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services

:OTL
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)

:Files
C:\Windows\System32\ezsvc7.dll
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
----------
Posted Image
 
 

#117 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 16 March 2012 - 02:27 PM

ok here's the post fix:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service ezSharedSvc stopped successfully!
Service ezSharedSvc deleted successfully!
C:\Windows\System32\ezsvc7.dll moved successfully.
ezSharedSvc removed from NetSvcs value successfully!
File C:\Windows\System32\ezsvc7.dll not found.
========== FILES ==========
File\Folder C:\Windows\System32\ezsvc7.dll not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Compaq\Desktop\cmd.bat deleted successfully.
C:\Users\Compaq\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Compaq
->Temp folder emptied: 31144832 bytes
->Temporary Internet Files folder emptied: 65037333 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 12532492 bytes
->Google Chrome cache emptied: 6969179 bytes
->Flash cache emptied: 343 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105544 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 110.00 mb


OTL by OldTimer - Version 3.2.36.1 log created on 03162012_201758

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


-------------------------------------------


And heres the new log!

OTL logfile created on: 16/03/2012 20:22:41 - Run 5
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Compaq\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 82.04% Memory free
6.06 Gb Paging File | 5.72 Gb Available in Paging File | 94.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.33 Gb Total Space | 126.61 Gb Free Space | 56.95% Space Free | Partition Type: NTFS
Drive D: | 10.55 Gb Total Space | 1.80 Gb Free Space | 17.04% Space Free | Partition Type: NTFS

Computer Name: COMPAQ-PC | User Name: Compaq | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Compaq\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (PSEXESVC) -- C:\Windows\PSEXESVC.EXE (Sysinternals)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (SeagateDashboardService) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_O2DA) SupportSoft Sprocket Service (O2DA) -- C:\Program Files\O2 Assistant\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_O2DA) SupportSoft Repair Service (O2DA) -- C:\Program Files\O2 Assistant\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MA_CMIDI_InstallerService) -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (Avid Technology, Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ()
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (RapportIaso) -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys (Trusteer Ltd.)
DRV - (RapportBuka) -- C:\Windows\System32\drivers\RapportBuka.sys (Trusteer Ltd.)
DRV - (SE1008mdm) -- C:\Windows\System32\drivers\SE1008mdm.sys (Sony Ericsson)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (MA_CMIDI) -- C:\Windows\System32\drivers\MA_CMIDI.SYS (M-Audio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{CAC4D04F-B0F4-442A-8CA9-988E7117AFE3}: "URL" = http://uk.search.yah...amp;type=ie2008

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{CAC4D04F-B0F4-442A-8CA9-988E7117AFE3}: "URL" = http://uk.search.yah...amp;type=ie2008
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Compaq\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Compaq\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/12 12:53:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/12 10:01:29 | 000,000,000 | ---D | M]

[2012/03/12 12:54:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Compaq\AppData\Roaming\mozilla\Extensions
[2012/03/12 12:53:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/22 14:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(117)
[2012/01/22 14:55:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(117)\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/02/16 14:55:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/16 11:08:43 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/16 10:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 11:08:43 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/16 11:08:43 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/16 11:08:43 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{googl
e:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chro
me&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client
=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Compaq\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Send] C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe ()
O4 - HKLM..\Run: [O2DA] C:\Program Files\O2 Assistant\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found
O4 - Startup: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73F92850-0943-4CBD-8836-3F9DF80843DA}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/16 03:26:58 | 000,000,000 | ---D | C] -- C:\FRST
[2012/03/14 21:30:24 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\junction.exe
[2012/03/14 09:35:40 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
[2012/03/13 21:48:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/12 12:53:52 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\Mozilla
[2012/03/12 12:48:17 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/03/12 09:51:26 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2012/03/08 17:06:36 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Compaq\Desktop\OTL.exe
[2012/03/08 17:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/03/08 09:17:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/08 09:17:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/08 09:17:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/08 09:17:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/07 18:48:33 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/03/07 18:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/03/07 18:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/03/07 10:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/06 16:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/03/01 17:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/28 15:44:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/28 15:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/26 11:38:43 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\Tific
[2012/02/26 11:35:33 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Local\Symantec
[2012/02/26 10:15:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/26 00:26:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/20 13:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/02/20 11:27:24 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/20 11:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/20 11:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/20 10:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/02/20 10:25:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/02/20 10:24:29 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Local\Comodo
[2012/02/20 10:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/02/20 10:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2012/02/20 10:03:58 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\Malwarebytes
[2012/02/20 10:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/20 10:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2012/03/16 20:19:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/16 19:25:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/16 19:25:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/16 19:23:11 | 000,591,918 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/16 19:23:11 | 000,099,800 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/16 19:22:09 | 000,139,264 | ---- | M] () -- C:\Users\Compaq\Desktop\SystemLook.exe
[2012/03/16 19:19:23 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/03/16 09:46:58 | 000,147,794 | ---- | M] () -- C:\Users\Compaq\Desktop\hmmm.jpg
[2012/03/16 09:25:08 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4056065152-634905853-1308159465-1000UA.job
[2012/03/14 21:28:18 | 000,079,623 | ---- | M] () -- C:\Users\Compaq\Desktop\Junction.zip
[2012/03/14 09:37:29 | 000,000,065 | ---- | M] () -- C:\Users\Compaq\Desktop\junc.bat
[2012/03/12 13:52:48 | 000,002,627 | ---- | M] () -- C:\Users\Compaq\Desktop\Microsoft Office Word 2007.lnk
[2012/03/12 12:53:35 | 000,000,870 | ---- | M] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/12 12:53:35 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/12 12:48:21 | 000,002,047 | ---- | M] () -- C:\Users\Compaq\Desktop\Google Chrome.lnk
[2012/03/12 12:48:21 | 000,002,009 | ---- | M] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/12 10:24:05 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4056065152-634905853-1308159465-1000Core.job
[2012/03/08 17:06:39 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Compaq\Desktop\OTL.exe
[2012/03/08 17:04:32 | 000,000,913 | ---- | M] () -- C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/03/08 17:04:22 | 000,000,733 | ---- | M] () -- C:\Users\Compaq\Desktop\NTREGOPT.lnk
[2012/03/08 17:04:22 | 000,000,714 | ---- | M] () -- C:\Users\Compaq\Desktop\ERUNT.lnk
[2012/03/07 18:56:14 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/03/07 18:56:04 | 000,000,391 | ---- | M] () -- C:\temp398.bat
[2012/03/07 18:53:37 | 000,000,391 | ---- | M] () -- C:\temp171.bat
[2012/03/07 18:47:51 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/03/07 18:47:21 | 004,104,666 | ---- | M] () -- C:\Users\Compaq\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/03/07 10:40:38 | 000,006,756 | ---- | M] () -- C:\Users\Compaq\AppData\Local\d3d9caps.dat
[2012/03/07 10:25:25 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/07 10:14:27 | 002,185,990 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB
[2012/03/07 10:12:00 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/03/07 10:10:59 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/03/04 13:24:05 | 003,745,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/26 00:23:00 | 002,044,183 | ---- | M] () -- C:\Users\Compaq\Desktop\tdsskiller.zip

========== Files Created - No Company Name ==========

[2012/03/16 19:21:47 | 000,139,264 | ---- | C] () -- C:\Users\Compaq\Desktop\SystemLook.exe
[2012/03/16 09:41:37 | 000,147,794 | ---- | C] () -- C:\Users\Compaq\Desktop\hmmm.jpg
[2012/03/14 09:37:29 | 000,000,065 | ---- | C] () -- C:\Users\Compaq\Desktop\junc.bat
[2012/03/14 09:34:42 | 000,079,623 | ---- | C] () -- C:\Users\Compaq\Desktop\Junction.zip
[2012/03/12 12:53:35 | 000,000,870 | ---- | C] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/12 12:53:35 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/12 12:53:35 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/12 12:48:21 | 000,002,047 | ---- | C] () -- C:\Users\Compaq\Desktop\Google Chrome.lnk
[2012/03/12 12:48:21 | 000,002,009 | ---- | C] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/08 17:04:32 | 000,000,913 | ---- | C] () -- C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/03/08 17:04:22 | 000,000,733 | ---- | C] () -- C:\Users\Compaq\Desktop\NTREGOPT.lnk
[2012/03/08 17:04:22 | 000,000,714 | ---- | C] () -- C:\Users\Compaq\Desktop\ERUNT.lnk
[2012/03/08 09:17:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/08 09:17:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/08 09:17:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/08 09:17:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/08 09:17:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/07 18:56:04 | 000,000,391 | ---- | C] () -- C:\temp398.bat
[2012/03/07 18:53:37 | 000,000,391 | ---- | C] () -- C:\temp171.bat
[2012/03/07 18:47:51 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/03/07 18:47:21 | 004,104,666 | ---- | C] () -- C:\Users\Compaq\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/03/07 10:25:25 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/07 10:12:00 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/03/07 10:10:59 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/02/26 00:22:57 | 002,044,183 | ---- | C] () -- C:\Users\Compaq\Desktop\tdsskiller.zip
[2012/01/10 17:52:32 | 000,000,132 | ---- | C] () -- C:\Users\Compaq\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/07/09 14:07:42 | 000,006,524 | ---- | C] () -- C:\Users\Compaq\AppData\Roaming\wklnhst.dat
[2010/07/07 12:41:13 | 000,000,114 | ---- | C] () -- C:\Windows\wininit.ini

< End of report >

#118 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 17 March 2012 - 08:22 AM

Hi,

  • Click Start > Run type Notepad click OK.
  • This will open an empty Notepad file.
  • Copy/Paste the contents of the box below into Notepad.
    @echo off
regedit.exe /e "%userprofile%\Desktop\look.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender"
Notepad.exe %userprofile%\Desktop\look.txt
Del look.txt
Del %0
  • Click Format and ensure Wordwrap is unchecked.
  • Save as RegExp.bat
  • Save as file type All Files or it won't work.
  • Now double click on RegExp.bat to run it.
  • A file look.txt will open on your Desktop, please post the contents in your next reply.

Posted Image
 
 

#119 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 17 March 2012 - 12:23 PM

ok, A pop us says something like "Could not find look.txt, would you like to create a new file?" so I click yes, then notepad opens along with cmd.exe but they're both empty...no sign of the hard disk doing anything either. So yeah, I'd post the log but there's nothing lol

#120 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 17 March 2012 - 08:06 PM

Hi,

Let's get your operating system updated.

You are presently running Windows Vista Service Pack 1 but the most recent version is Service Pack 2. You can go to Start >> All Programs >> Windows Updates and then download and install all updates. Once you get that completed check out Windows Defender and see if it is working. :) I apologize that this is taking some time but we are basically rebuilding your system from the problems created by the ZeroAccess infection.
Posted Image
 
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·