Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

OLMARIK.TDL4 removal aftermath [Solved]


  • This topic is locked This topic is locked

#16
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

# Step 1 #

Download the Fix.txt
Attached File  fix.txt   220bytes   29 downloads

Open OTL.exe

Drag and drop the attach that you download to the Custom Scan/Fixes box.
Posted Image

Then click the Posted Image button at the top

Let the program run unhindered, reboot the PC when it is done.

# Step 2 #
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

  • 0

Advertisements


#17
silversurferWV

silversurferWV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Tried to drag and drop fix.txt into the OTL custom scan/fix box. OTL won't let me do that. The cursor turns into a circle with a slash through it when inside the box
  • 0

#18
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

# Step 1 #

Download the Fix.txt
Attached File  fix.txt   220bytes   31 downloads

Open OTL.exe

Click the Posted Image button at the top and it will ask for the location of the txt file.

Select the Fix.txt file.

Let the program run unhindered, reboot the PC when it is done.

# Step 2 #
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

  • 0

#19
silversurferWV

silversurferWV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Followed your instructions.

OTL ran for a few seconds and then went into the "not responding" mode.
  • 0

#20
silversurferWV

silversurferWV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Just to let you know that Comast sent me another bot notification this morning at 9:03 a.m.
  • 0

#21
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

# Step 1 #
  • Download ERUNT.
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed).
  • Install ERUNT by following the prompts.
    (Use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later).
  • Start ERUNT.
    (Either by double clicking on the desktop icon or choosing to start the program at the end of the setup).
  • Choose a location for the backup.
    (The default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked.
  • Press OK.
  • Press YES to create the folder.
Posted Image

# Step 2 #

Download the attach (Fix.bat):
Attached File  fix.bat   148bytes   28 downloads

Double click in Fix.bat to run.

The computer will restart.

# Step 3 #
  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic

  • 0

#22
silversurferWV

silversurferWV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Followed all your instructions. Everything seemed to work as expected. Here's the OTL log:

OTL logfile created on: 7/30/2012 7:56:03 PM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Harry\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.70 Gb Available Physical Memory | 83.77% Memory free
16.00 Gb Paging File | 14.58 Gb Available in Paging File | 91.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 125.43 Gb Free Space | 44.88% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 40.76 Gb Free Space | 17.50% Space Free | Partition Type: NTFS
Drive E: | 600.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 3.72 Gb Total Space | 1.84 Gb Free Space | 49.54% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: Harry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/26 21:21:07 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Harry\Desktop\OTL.exe
PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/11 14:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/11/11 14:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/11/11 14:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/05/17 16:06:16 | 002,644,816 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV:64bit: - [2010/10/28 06:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/17 22:59:40 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/09 18:02:56 | 000,331,648 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe -- (FileOpenManagerSvc)
SRV - [2010/11/11 14:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 14:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 14:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/08/19 14:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/14 08:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2012/03/14 08:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2012/03/14 08:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2012/03/14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 03:04:34 | 000,044,624 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/11 14:32:32 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/11/11 14:32:32 | 000,030,832 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2010/11/11 14:32:20 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/11/11 14:30:34 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/11/11 14:30:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/11/11 13:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/11/11 11:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/11/11 11:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010/08/24 13:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010/08/24 13:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 13:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:35:03 | 000,192,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\eFE5b32e.sys -- (E100B)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/08/19 14:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-736737125-3206749467-127025134-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-736737125-3206749467-127025134-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/?cid=xpbar
IE - HKU\S-1-5-21-736737125-3206749467-127025134-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-736737125-3206749467-127025134-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-736737125-3206749467-127025134-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 2C 76 A1 8C C1 CB 01 [binary data]
IE - HKU\S-1-5-21-736737125-3206749467-127025134-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-736737125-3206749467-127025134-1001\..\SearchScopes,DefaultScope = {08674750-0B78-42D4-A564-06A5165E6C62}
IE - HKU\S-1-5-21-736737125-3206749467-127025134-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-736737125-3206749467-127025134-1001\..\SearchScopes\{08674750-0B78-42D4-A564-06A5165E6C62}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-736737125-3206749467-127025134-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-736737125-3206749467-127025134-1001\..\SearchScopes\{B592E622-4490-42E9-BCD5-77C1ECCEE925}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-736737125-3206749467-127025134-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....s}&fr=chr-iobit
IE - HKU\S-1-5-21-736737125-3206749467-127025134-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Harry\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Harry\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/07/26 13:09:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/27 19:42:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/07/26 13:09:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/10/21 18:52:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/27 19:42:14 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Harry\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Harry\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Harry\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Plugins = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\chemohaemmfhjpmlgkmkanfpfbkaihop\0.7.0_0\
CHR - Extension: Google Search = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\
CHR - Extension: Oogle = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\0.81_0\
CHR - Extension: BugMeNot Lite = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb\0.3.9_0\
CHR - Extension: Thesaurus Extension = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlghihanpgbalbphnffoehfkbcfcpic\1.1_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.12_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.2.1_0\
CHR - Extension: Gmail = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-736737125-3206749467-127025134-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati...x-w32-2.0.1.cab (AlternaTIFF ActiveX)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} https://aepnow.aep.c...ies/instweb.cab (CSD ActiveX Installer)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E68A996-5DF9-4A66-A9C3-6F2D96349944}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63D40FB6-FCFA-4E67-B1FD-5025C1690579}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD420E92-4EA0-47DD-B718-C5AD7728ED95}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD420E92-4EA0-47DD-B718-C5AD7728ED95}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (taskmgr.exe) - C:\Windows\SysWow64\taskmgr.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/31 21:01:48 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/03/31 16:42:59 | 000,000,000 | ---D | M] - C:\Automotive -- [ NTFS ]
O32 - AutoRun File - [1998/08/13 08:53:20 | 000,024,064 | R--- | M] (Dipl.-Ing. Stefan Krueger <[email protected]>) - E:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2010/03/05 09:16:30 | 000,000,175 | R--- | M] () - E:\AUTORUN.INI -- [ CDFS ]
O32 - AutoRun File - [1999/12/27 12:05:28 | 000,000,143 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{fbe88e8c-2d96-11e0-905d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fbe88e8c-2d96-11e0-905d-806e6f6e6963}\Shell\acro_set\command - "" = E:\rs405eng.exe -- [1999/11/22 19:04:44 | 006,603,173 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{fbe88e8c-2d96-11e0-905d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE -- [1998/08/13 08:53:20 | 000,024,064 | R--- | M] (Dipl.-Ing. Stefan Krueger <[email protected]>)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/30 19:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/07/30 19:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/07/30 19:46:34 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Harry\Desktop\erunt_setup.exe
[2012/07/26 21:20:53 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Harry\Desktop\OTL.exe
[2012/07/26 21:06:01 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Harry\Desktop\TFC.exe
[2012/07/26 13:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/07/25 13:04:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/23 17:25:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/23 17:25:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/20 22:54:04 | 000,000,000 | ---D | C] -- C:\Users\Harry\DoctorWeb
[2012/07/20 12:23:47 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/19 19:15:24 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Converber
[2012/07/18 22:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/18 22:53:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/07/18 22:47:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/07/18 22:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012/07/18 22:43:40 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\Chromium
[2012/07/18 22:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup 3.0
[2012/07/18 22:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/07/17 23:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/17 23:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/16 19:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftPerfect
[2012/07/16 19:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\NetWorx
[2012/07/09 11:53:41 | 000,000,000 | ---D | C] -- C:\Users\Harry\AEP_Diesel_Fire_Pumps
[2012/06/30 21:50:50 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\Cisco

========== Files - Modified Within 30 Days ==========

[2012/07/30 19:59:34 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 19:59:34 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 19:55:54 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync
[2012/07/30 19:53:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/30 19:53:07 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/30 19:50:19 | 000,000,924 | ---- | M] () -- C:\Users\Harry\Desktop\NTREGOPT.lnk
[2012/07/30 19:50:19 | 000,000,905 | ---- | M] () -- C:\Users\Harry\Desktop\ERUNT.lnk
[2012/07/30 19:47:57 | 000,000,148 | ---- | M] () -- C:\Users\Harry\Desktop\fix.bat
[2012/07/30 19:46:36 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Harry\Desktop\erunt_setup.exe
[2012/07/30 09:09:12 | 000,970,752 | ---- | M] () -- C:\Users\Harry\Documents\BDTracker.accdb
[2012/07/26 21:21:07 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Harry\Desktop\OTL.exe
[2012/07/26 21:06:04 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Harry\Desktop\TFC.exe
[2012/07/26 12:45:53 | 000,783,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/26 12:45:53 | 000,662,964 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/26 12:45:53 | 000,122,418 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/22 21:23:15 | 000,000,512 | ---- | M] () -- C:\Users\Harry\Desktop\MBR.dat
[2012/07/22 21:21:13 | 000,012,435 | ---- | M] () -- C:\Users\Harry\Desktop\MsPaintCopy.jpg
[2012/07/18 22:37:14 | 000,889,372 | ---- | M] () -- C:\Users\Harry\AppData\Local\census.cache
[2012/07/18 22:37:07 | 000,107,883 | ---- | M] () -- C:\Users\Harry\AppData\Local\ars.cache
[2012/07/18 15:04:54 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/18 15:04:54 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/18 09:08:37 | 000,001,133 | ---- | M] () -- C:\Users\Harry\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/07/17 23:13:30 | 000,569,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/17 23:07:54 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/07/16 21:49:00 | 001,970,144 | ---- | M] () -- C:\Users\Harry\Desktop\phto.JPG
[2012/07/16 20:55:00 | 002,089,186 | ---- | M] () -- C:\Users\Harry\Desktop\poto.JPG
[2012/07/11 20:08:15 | 000,160,538 | ---- | M] () -- C:\Users\Harry\Desktop\Pedro_VFD_Outputs.jpg

========== Files Created - No Company Name ==========

[2012/07/30 19:55:54 | 000,000,000 | -HS- | C] () -- C:\DkHyperbootSync
[2012/07/30 19:50:19 | 000,000,924 | ---- | C] () -- C:\Users\Harry\Desktop\NTREGOPT.lnk
[2012/07/30 19:50:19 | 000,000,905 | ---- | C] () -- C:\Users\Harry\Desktop\ERUNT.lnk
[2012/07/30 19:47:57 | 000,000,148 | ---- | C] () -- C:\Users\Harry\Desktop\fix.bat
[2012/07/22 21:23:15 | 000,000,512 | ---- | C] () -- C:\Users\Harry\Desktop\MBR.dat
[2012/07/22 21:21:13 | 000,012,435 | ---- | C] () -- C:\Users\Harry\Desktop\MsPaintCopy.jpg
[2012/07/17 23:07:54 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/07/16 21:49:00 | 001,970,144 | ---- | C] () -- C:\Users\Harry\Desktop\phto.JPG
[2012/07/16 20:55:00 | 002,089,186 | ---- | C] () -- C:\Users\Harry\Desktop\poto.JPG
[2012/07/11 20:08:12 | 000,160,538 | ---- | C] () -- C:\Users\Harry\Desktop\Pedro_VFD_Outputs.jpg
[2012/05/15 19:42:39 | 000,889,372 | ---- | C] () -- C:\Users\Harry\AppData\Local\census.cache
[2012/05/15 19:42:27 | 000,107,883 | ---- | C] () -- C:\Users\Harry\AppData\Local\ars.cache
[2012/05/15 19:34:01 | 000,000,036 | ---- | C] () -- C:\Users\Harry\AppData\Local\housecall.guid.cache
[2012/04/27 19:32:21 | 000,233,134 | ---- | C] () -- C:\Windows\hpwins22.dat
[2012/04/27 19:32:21 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2012/03/16 15:07:51 | 002,040,278 | ---- | C] () -- C:\Users\Harry\Magnetic_Flo_Excellent_graphics_manual MAG flow rate - ENG.pdf
[2012/02/13 19:29:58 | 000,000,058 | ---- | C] () -- C:\Windows\TaxACT11.ini
[2011/10/21 18:52:52 | 002,212,608 | ---- | C] () -- C:\Windows\wweb32.dll
[2011/04/01 20:20:42 | 000,000,017 | ---- | C] () -- C:\Users\Harry\AppData\Local\resmon.resmoncfg
[2011/02/27 18:33:18 | 000,777,138 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/07 22:08:19 | 000,000,061 | ---- | C] () -- C:\Windows\TaxACT09.ini
[2011/02/07 22:01:03 | 000,000,058 | ---- | C] () -- C:\Windows\TaxACT10.ini
[2011/01/17 11:47:09 | 000,000,842 | ---- | C] () -- C:\Users\Harry\.recently-used.xbel
[2009/05/28 17:03:56 | 000,076,355 | ---- | C] () -- C:\Users\Harry\FIG BS-2-1-12-1.TIF
[2009/05/25 18:44:13 | 000,480,092 | ---- | C] () -- C:\Users\Harry\mtp_1_bw_173700e_2.tif
[2008/09/09 09:57:41 | 000,062,935 | ---- | C] () -- C:\Users\Harry\cd1.sfv
[2008/09/09 09:57:41 | 000,000,059 | ---- | C] () -- C:\Users\Harry\Autorun.inf
[2008/08/13 19:51:06 | 000,001,224 | ---- | C] () -- C:\Users\Harry\.archerrc
[2008/07/09 22:28:37 | 000,005,723 | ---- | C] () -- C:\Users\Harry\New document 1.2008_07_09_22_28_37.0
[2008/07/06 21:24:58 | 000,010,735 | ---- | C] () -- C:\Users\Harry\settings3DE71.das
[2008/07/03 21:42:21 | 000,000,031 | ---- | C] () -- C:\Users\Harry\.gtk-bookmarks

========== LOP Check ==========

[2011/04/29 09:55:48 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Autodesk
[2011/02/01 15:24:10 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\ESET
[2011/07/07 10:22:35 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\FileOpen
[2011/03/01 20:40:00 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Iconico
[2011/02/01 10:54:05 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Leadertech
[2012/06/08 19:57:17 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Nuance
[2011/02/16 11:37:32 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\WinBatch
[2011/08/29 17:52:33 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Zeon
[2009/07/14 01:08:49 | 000,028,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#23
silversurferWV

silversurferWV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Additonal information:

Comcast sent me bot notifications at 11:42 p.m. on July 30th.

Ran an ESET scan and it found this:

C:\TDSSKiller_Quarantine\20.07.2012_12.22.38\mbr0000\tdlfs0000\tsk0000.dta - a variant of Win32/Rootkit.Kryptik.NH trojan - cleaned by deleting - quarantined [1]

Ran a MalwareBytes scan and it is reporting this:

Trojan.Agent File C:\Windows\svchost.exe
  • 0

#24
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #
Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-736737125-3206749467-127025134-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}

    :Commands
    [REBOOT]

  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

# Step 2 #
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

  • 0

#25
silversurferWV

silversurferWV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here's the OTL log:

========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-736737125-3206749467-127025134-1001\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.55.0 log created on 07312012_154859
  • 0

Advertisements


#26
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

How is your computer? Comcast is still sending warnings?
  • 0

#27
silversurferWV

silversurferWV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
No Comcast bot notices since 11:42 p.m. on July 30th. However, MalwareBytes is still detecting Trojan.Agent C:\windows\svchost.exe.
  • 0

#28
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Do you have the Windows 7 DVD?
I need to know if you have the Recovery Console in your computer. To see this, follow these steps:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • See if the option Repair your computer exist:
    Posted Image

  • 0

#29
silversurferWV

silversurferWV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I don't have the Windows 7 DVD. Upgraded via download.

However, in regard to the "repair your computer" menu option that you are inquiring about, it is present.
  • 0

#30
silversurferWV

silversurferWV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Got another Comcast bot notice this morning at 8:55 a.m.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP