Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

"Trojan.Zeroaccess! khem" is getting on my nerves... :(

Started by thatguy89 , Feb 24 2012 09:11 AM

  • This topic is locked This topic is locked
136 replies to this topic

#46 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 01 March 2012 - 06:31 AM

Hi,

Sorry about the delay in response. I had some tests last night and more today.
-----------

Let's do this...


Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

  • Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
----------

In your next reply please post the logs made by Malwarebytes and ESET online scanner. :)
Posted Image
 
 

    Advertisements

Register to Remove

#47 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 01 March 2012 - 01:54 PM

Hey,
Ok so unfortunately due to a problem Ive had with my laptop for at least a year and a half now (it's about 2 and a half years old) after a long time left running it will begin to emit high frequency sounds before following with an odd click sound. after a while the frequency sound won't stop and at that point the laptop will freeze before going into a blue screen shut down. I never worried to much about this but obviously now that Im leaving it to scan for hours at a time it's crashed during the scan. ESET was taking a while but scanning nontheless (it scanned for an hour and a half before everything froze). There may have been more specific details at the end but in the meantime I made note of the infected files just in case what happened happened. It had scaned around 110 000 files and found 4 threats:

Win32/SoftonicDownloader.C application
Win32/RegistryBooster application
Win32/OpenCandy application
Win32/OpenCandy application

(The above files mentioned twice must mean there are specifics that might have been logged after the scan)

Once my computer's cooled down a bit I'll turn it back on and post the malwarebytes log. That worked fine as usual.

I think I might also delete a large number of files on my laptop to ensure the scans go a bit faster when scanning C:/ (I use an external harddrive that I haven't plugged in since before the infection, so I have a lot of data saved that could perhaps be deleted on my computer to speed up the process? Otherwise I'm worried it will keep crashing before it can finish doing anything constructive!)

#48 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 01 March 2012 - 02:22 PM

Here's the MBAM log: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.01.04 Windows Vista Service Pack 1 x86 NTFS (Safe Mode/Networking) Internet Explorer 7.0.6001.18000 Compaq :: COMPAQ-PC [administrator] 01/03/2012 17:45:59 mbam-log-2012-03-01 (17-52-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 186156 Time elapsed: 4 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 19 C:\Windows\System32\HssDrv.dll (RootKit.0Access.H) -> No action taken. C:\Windows\System32\apache.dll (RootKit.0Access.H) -> No action taken. C:\Windows\System32\asc.dll (RootKit.0Access.H) -> No action taken. C:\Windows\System32\AsIO.dll (RootKit.0Access.H) -> No action taken. C:\Windows\System32\bdfdll.dll (RootKit.0Access.H) -> No action taken. C:\Windows\System32\cdfsvc.dll (RootKit.0Access.H) -> No action taken. C:\Windows\System32\cqmgstor.dll (RootKit.0Access.H) -> No action taken. C:\Windows\System32\fshttps.dll (RootKit.0Access.H) -> No action taken. C:\Windows\System32\helpsvc.dll (RootKit.0Access.H) -> No action taken. C:\Windows\System32\Invoker.dll (RootKit.0Access.H) -> No action taken. C:\Windows\System32\iPassPeriodicUpdateApp.dll (RootKit.0Access.H) -> No action taken. C:\Windows\System32\McciCMService.dll (RootKit.0Access.H) -> No action taken. C:\Windows\System32\mfesmfk.dll (RootKit.0Access.H) -> No action taken. C:\Windows\System32\nvlddmkm.dll (RootKit.0Access.H) -> No action taken. C:\Windows\System32\PCDRSRVC.dll (RootKit.0Access.H) -> No action taken. C:\Windows\System32\queuemgr.dll (RootKit.0Access.H) -> No action taken. C:\Windows\System32\rt61.dll (RootKit.0Access.H) -> No action taken. C:\Windows\System32\SMTPSVC.dll (RootKit.0Access.H) -> No action taken. C:\Windows\System32\sprtsvc_ddoctorv2.dll (RootKit.0Access.H) -> No action taken. (end)

#49 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 01 March 2012 - 02:30 PM

Hi, I only have a minute but will have more time later tonight. Re-run Malwarebytes and delete those files instead of taking no action and then post the new log. :)
Posted Image
 
 

#50 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 01 March 2012 - 02:47 PM

Hey, just saw your reply. I'll do that again then. i managed to get gmer running for a while before the high frequency sounds started happening again so I stopped the scan straight away and I've attached the results of about 25mins worth of scanning. It picked up a whole bunch of stuff in the process though!

Attached Files


#51 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 01 March 2012 - 03:08 PM

MBAM log: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.01.04 Windows Vista Service Pack 1 x86 NTFS (Safe Mode/Networking) Internet Explorer 7.0.6001.18000 Compaq :: COMPAQ-PC [administrator] 01/03/2012 20:57:46 mbam-log-2012-03-01 (20-57-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 187886 Time elapsed: 5 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 21 C:\Windows\System32\HssDrv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\apache.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\asc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\AsIO.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\bdfdll.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\cdfsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\cqmgstor.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\fshttps.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\helpsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\Invoker.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\iPassPeriodicUpdateApp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\McciCMService.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\mfesmfk.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\nvlddmkm.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\PCDRSRVC.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\PNDIS5.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\queuemgr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\rt61.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\SMTPSVC.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\sprtsvc_ddoctorv2.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\Windows\System32\WUSB54Gv4SVC.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. (end)

#52 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 01 March 2012 - 04:58 PM

Hi,

Scan With RootKitUnHooker
  • Please Download Rootkit Unhooker and save it to your desktop.
  • Now Right-click and Run as Administrator on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers and Stealth
  • Uncheck the rest. then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished and then click File > Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
---------
Posted Image
 
 

#53 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 02 March 2012 - 07:54 AM

Hey Jeff! No problems this time, here's the report: RkU Version: 3.8.389.593, Type LE (SR2) ============================================== OS Name: Windows Vista Version 6.0.6001 (Service Pack 1) Number of processors #2 ============================================== >Drivers ============================================== 0x97403000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7319552 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver) 0x8540C000 C:\Windows\system32\ntkrnlpa.exe 3911680 bytes (Microsoft Corporation, NT Kernel & System) 0x8540C000 PnpManager 3911680 bytes 0x8540C000 RAW 3911680 bytes 0x8540C000 WMIxWDM 3911680 bytes 0xA9AD0000 Win32k 2113536 bytes 0xA9AD0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0xBF403000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120227.002\NAVEX15.SYS 1572864 bytes (Symantec Corporation, AV Engine) 0x8E004000 C:\Windows\system32\drivers\ql2300.sys 1277952 bytes (QLogic Corporation, QLogic Fibre Channel Stor Miniport Driver) 0x85A8C000 PCI_PNP5711 1114112 bytes 0x85A8C000 C:\Windows\System32\Drivers\sptd.sys 1114112 bytes 0x8EA0D000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver) 0x98808000 C:\Windows\system32\DRIVERS\athr.sys 1105920 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver) 0x8E60B000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver) 0x8E80F000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver) 0x806CB000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module) 0x8320E000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver) 0x92801000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20120215.001\BHDrvx86.sys 835584 bytes (Symantec Corporation, BASH Driver) 0x8E40A000 C:\Windows\system32\drivers\NIS\1207000.00D\SYMEFA.SYS 765952 bytes (Symantec Corporation, Symantec Extended File Attributes) 0x8DF0F000 C:\Windows\system32\drivers\megasr.sys 749568 bytes (LSI Corporation, Inc., LSI MegaRAID Software RAID Driver) 0x92923000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor) 0x8DB23000 C:\Windows\system32\drivers\iastorv.sys 659456 bytes (Intel Corporation, Intel Matrix Storage Manager driver (base)) 0x97AFE000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel) 0x8DE0D000 C:\Windows\system32\drivers\elxstor.sys 606208 bytes (Emulex, Storport Miniport Driver for LightPulse HBAs) 0xBEE06000 C:\Windows\System32\Drivers\NIS\1207000.00D\SRTSP.SYS 548864 bytes (Symantec Corporation, Symantec AutoProtect) 0x85A03000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic) 0x8E347000 C:\Windows\System32\DRIVERS\cmdguard.sys 503808 bytes (COMODO, COMODO Internet Security Sandbox Driver) 0x8E4C5000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0x82252000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack) 0x8DC74000 C:\Windows\system32\drivers\adp94xx.sys 434176 bytes (Adaptec, Inc., Adaptec Windows SAS/SATA Storport Driver) 0x8E536000 C:\Windows\system32\DRIVERS\stwrt.sys 409600 bytes (IDT, Inc., IDT PC Audio) 0x80611000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library) 0x9A87B000 C:\Windows\system32\drivers\RapportBuka.sys 393216 bytes (Trusteer Ltd., RapportBuka) 0x9A943000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver) 0x8331F000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20120224.002\IDSvix86.sys 385024 bytes (Symantec Corporation, IDS Core Driver) 0x99E0C000 C:\Windows\System32\Drivers\NIS\1207000.00D\SYMTDIV.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver) 0x8E2E0000 C:\Windows\system32\drivers\NIS\1207000.00D\SYMDS.SYS 356352 bytes (Symantec Corporation, Symantec Data Store) 0x8E13C000 C:\Windows\system32\drivers\ql40xx.sys 348160 bytes (QLogic Corporation, QLogic iSCSI Storport Miniport Driver) 0x823AD000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver) 0xA9D20000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0x8DCDE000 C:\Windows\system32\drivers\adpahci.sys 311296 bytes (Adaptec, Inc., Adaptec Windows SATA Storport Driver) 0x8DA39000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver) 0x99E9F000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x85B9C000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT) 0x8068A000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver) 0x8DC1E000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver) 0x97BB5000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0x9A809000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0x8E204000 C:\Windows\system32\drivers\uliahci.sys 245760 bytes (ULi Electronics Inc., ULi SATA Controller Driver) 0x8E741000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem) 0x82334000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr) 0x8EB24000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0x8E3C2000 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys 221184 bytes 0x8E788000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB) 0x857C7000 ACPI_HAL 208896 bytes 0x857C7000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0x8E2AE000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0x99EE7000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver) 0x9895E000 C:\Windows\system32\DRIVERS\SynTP.sys 200704 bytes (Synaptics, Inc., Synaptics Touchpad Driver) 0x989C3000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver) 0x8E7CD000 C:\Windows\system32\DRIVERS\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0x8E261000 C:\Windows\system32\drivers\ulsata2.sys 180224 bytes (Promise Technology, Inc., Promise SATAII150 Series Windows Drivers) 0x8E716000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider) 0x8E9CE000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library) 0x8220B000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver) 0x82385000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver) 0x8EB95000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache) 0x807AB000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0x8DD6B000 C:\Windows\system32\drivers\adpu320.sys 155648 bytes (Adaptec, Inc., Adaptec StorPort Ultra320 SCSI Driver) 0x9A845000 C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 155648 bytes (Trusteer Ltd., RapportPG) 0x8DD45000 C:\Windows\system32\drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver) 0x99E65000 C:\Windows\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library) 0x8E59A000 C:\Windows\system32\DRIVERS\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0x98916000 C:\Windows\system32\DRIVERS\Rtlh86.sys 151552 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver ) 0x99F6F000 C:\Windows\system32\drivers\NIS\1207000.00D\Ironx86.SYS 147456 bytes (Symantec Corporation, Iron Driver) 0x8E963000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0x99FD6000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS) 0x8DAF3000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll) 0x8E5BF000 C:\Windows\system32\drivers\IntcHdmi.sys 135168 bytes (Intel® Corporation, Intel® High Definition Audio HDMI) 0x8E240000 C:\Windows\system32\drivers\ulsata.sys 135168 bytes (Promise Technology, Inc., Promise Ultra/Sata Series Driver for Win2003) 0x99FB5000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver) 0x8E1D5000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver) 0x8E28D000 C:\Windows\system32\drivers\vsmraid.sys 135168 bytes (VIA Technologies Inc.,Ltd, VIA RAID DRIVER FOR AMD-X86-64) 0x822F5000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0x82315000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0x8DBCC000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension) 0x9A9A1000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver) 0x822BF000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver) 0x807E1000 C:\Windows\system32\drivers\mpio.sys 114688 bytes (Microsoft Corporation, MultiPath Support Bus-Driver) 0x8DD2A000 C:\Windows\system32\drivers\adpu160m.sys 110592 bytes (Adaptec, Inc., Adaptec LH Ultra160 Driver (x86)) 0x8E8F8000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API) 0x92908000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver) 0x8DAD8000 C:\Windows\system32\drivers\nvraid.sys 110592 bytes (NVIDIA Corporation, NVIDIA® nForce™ RAID Driver) 0x8DED3000 C:\Windows\system32\drivers\lsi_fc.sys 106496 bytes (LSI Logic, LSI Logic Fusion-MPT FC Driver (StorPort)) 0x8DC04000 C:\Windows\system32\drivers\lsi_scsi.sys 106496 bytes (LSI Logic, LSI Logic Fusion-MPT SCSI Driver (StorPort)) 0x8DABE000 C:\Windows\system32\drivers\msdsm.sys 106496 bytes (Microsoft Corporation, Microsoft Device Specific Module) 0x822DC000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver) 0x9899C000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0x8DEED000 C:\Windows\system32\drivers\lsi_sas.sys 98304 bytes (LSI Logic, LSI Logic Fusion-MPT SAS Driver (StorPort)) 0x8236D000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector) 0x9A9CF000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver) 0x8E94C000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0x99F93000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver) 0x8DDA5000 C:\Windows\system32\drivers\arc.sys 90112 bytes (Adaptec, Inc., Adaptec RAID Storport Driver) 0x8DDBB000 C:\Windows\system32\drivers\arcsas.sys 90112 bytes (Adaptec, Inc., Adaptec SAS RAID WS03 Driver) 0x83309000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver) 0x99F38000 C:\Windows\system32\DRIVERS\inspect.sys 90112 bytes (COMODO, COMODO Internet Security Firewall Driver) 0x99F22000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler) 0x8DDDF000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver) 0x8E9A9000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager) 0x8EB65000 C:\Windows\system32\drivers\sbp2port.sys 86016 bytes (Microsoft Corporation, SBP-2 Protocol Driver) 0x8E19E000 C:\Windows\system32\drivers\sisraid4.sys 86016 bytes (Silicon Integrated Systems, SiS AHCI Stor-Miniport Driver) 0x8DD91000 C:\Windows\system32\drivers\djsvs.sys 81920 bytes (Adaptec, Inc., Adaptec Ultra SCSI miniport) 0xBF583000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120227.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine) 0x8E995000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0x99E8B000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver) 0x9893B000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver) 0x8223F000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6) 0x99F5C000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0x8E93A000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver) 0x8EBBC000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver) 0x8E7BC000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy) 0x80671000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver) !!!!!!!!!!!Hidden driver: 0x9A9BF000 00003971 65536 bytes 0x8E337000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver) 0x8DEAB000 C:\Windows\system32\drivers\iirsp.sys 65536 bytes (Intel Corp./ICP vortex GmbH, Intel/ICP Raid Storport Driver) 0x929D2000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver) 0x8DAAE000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager) 0x9A86B000 C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 65536 bytes (Trusteer Ltd., RapportEI) 0x8E9BE000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver) 0x8E91C000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver) 0x807D2000 C:\Windows\system32\drivers\isapnp.sys 61440 bytes (Microsoft Corporation, PNP ISA Bus Driver) 0x928F9000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver) 0x8EB86000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0x8DA0E000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver) 0x8E986000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0x8E92B000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0x8DA2A000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver) 0xA9D10000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver) 0x99F4E000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver) 0x8DFD1000 C:\Windows\system32\drivers\nfrd960.sys 57344 bytes (IBM Corporation, IBM ServeRAID Controller Driver) 0x8DDD1000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver) 0x8DA8A000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0x928CD000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver) 0x8DFDF000 C:\Windows\system32\drivers\nvstor.sys 53248 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver) 0x8E191000 C:\Windows\system32\drivers\sisraid2.sys 53248 bytes (Microsoft Corporation, SiS RAID Stor Miniport Driver) 0x8E77B000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator) 0x97B9D000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver) 0x85A7F000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR) 0x8DEBB000 C:\Windows\system32\drivers\iteatapi.sys 49152 bytes (Integrated Technology Express, Inc., ITE IT8211 ATA/ATAPI SCSI miniport) 0x8DEC7000 C:\Windows\system32\drivers\iteraid.sys 49152 bytes (Integrated Technology Express, Inc., ITE IT8212 ATA RAID SCSI miniport) 0x8EB7A000 C:\Windows\System32\Drivers\RapportKELL.sys 49152 bytes (Trusteer Ltd., RapportKE) 0x8E1B3000 C:\Windows\system32\drivers\symc8xx.sys 49152 bytes (LSI Logic, LSI Logic 8XX SCSI Miniport Driver) 0x832F6000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver) 0x8E5F0000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0x8DE00000 C:\Windows\System32\DRIVERS\cmdhlp.sys 45056 bytes (COMODO, COMODO Internet Security Helper Driver) 0x928DA000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes 0x8DC69000 C:\Windows\system32\drivers\hpcisss.sys 45056 bytes (Hewlett-Packard Company, Smart Array Storport Driver) 0x98953000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver) 0x98991000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver) 0x8DFC6000 C:\Windows\system32\drivers\mraid35x.sys 45056 bytes (LSI Logic Corporation, MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86) 0x8DFEC000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver) 0x97BF3000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0x99FAA000 C:\Windows\system32\drivers\NIS\1207000.00D\SRTSPX.SYS 45056 bytes (Symantec Corporation, Symantec AutoProtect) 0x8E1BF000 C:\Windows\system32\drivers\sym_hi.sys 45056 bytes (LSI Logic, LSI Logic Hi-Perf SCSI Miniport Driver) 0x8E1CA000 C:\Windows\system32\drivers\sym_u3.sys 45056 bytes (LSI Logic, LSI Logic Ultra160 SCSI Miniport Driver) 0x989F1000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper) 0x8EA00000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver) 0x97BAA000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0x8DA20000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver) 0x928E5000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes 0x928EF000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver) 0x8DEA1000 C:\Windows\system32\drivers\i2omp.sys 40960 bytes (Microsoft Corporation, I2O Miniport Driver) 0x8DF05000 C:\Windows\system32\drivers\megasas.sys 40960 bytes (LSI Corporation, MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x86) 0x8DC5F000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver) 0x8E800000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver) 0x82235000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver) 0x9A8DB000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy) 0x832EC000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver) 0xBF597000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver) 0x8EBCD000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver) 0x8E600000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver) 0x8E1F6000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0xA9CF0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver) 0x8E913000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver) 0x989BA000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI) 0x85BE2000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0x99F19000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer) 0x8DBC4000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver) 0x80682000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver) 0x8DAA6000 C:\Windows\system32\drivers\cmdide.sys 32768 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver) 0x80609000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0x85BEB000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver) 0x8E400000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport) 0x8E5E0000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport) 0x8EB5D000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor) 0x8DB1B000 C:\Windows\system32\drivers\viaide.sys 32768 bytes (VIA Technologies, Inc., VIA Generic PCI IDE Bus Driver) 0x8EB1C000 C:\Windows\system32\drivers\wd.sys 32768 bytes (Microsoft Corporation, Microsoft Watchdog Timer Driver) 0x8DA98000 C:\Windows\system32\drivers\aliide.sys 28672 bytes (Acer Laboratories Inc., ALi mini IDE Driver) 0x8DA9F000 C:\Windows\system32\drivers\amdide.sys 28672 bytes (Microsoft Corporation, AMD IDE Driver) 0x8E9F8000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver) 0x8E5E9000 C:\Windows\system32\drivers\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0x8DA83000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver) 0x98800000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver) 0x8DB14000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) 0x989B4000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter) 0x99FF8000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS) 0x9894E000 C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 20480 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver) 0x8EBF8000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver) 0x8DA1D000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver) 0x989FC000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0x9898F000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0x890A71E8 unknown_irp_handler 3608 bytes 0x890961E8 unknown_irp_handler 3608 bytes 0x8908E1E8 unknown_irp_handler 3608 bytes 0x890931E8 unknown_irp_handler 3608 bytes 0x890851E8 unknown_irp_handler 3608 bytes 0x8909C1E8 unknown_irp_handler 3608 bytes 0x890971E8 unknown_irp_handler 3608 bytes 0x890891E8 unknown_irp_handler 3608 bytes 0x8908F1E8 unknown_irp_handler 3608 bytes 0x8909E1E8 unknown_irp_handler 3608 bytes 0x8909F1E8 unknown_irp_handler 3608 bytes 0x890991E8 unknown_irp_handler 3608 bytes 0x8908D1E8 unknown_irp_handler 3608 bytes 0x890861E8 unknown_irp_handler 3608 bytes 0x890921E8 unknown_irp_handler 3608 bytes 0x8908B1E8 unknown_irp_handler 3608 bytes 0x890A31E8 unknown_irp_handler 3608 bytes 0x8909D1E8 unknown_irp_handler 3608 bytes 0x890A01E8 unknown_irp_handler 3608 bytes 0x8909A1E8 unknown_irp_handler 3608 bytes 0x890951E8 unknown_irp_handler 3608 bytes 0x8908C1E8 unknown_irp_handler 3608 bytes 0x890A21E8 unknown_irp_handler 3608 bytes 0x8A95B1E8 unknown_irp_handler 3608 bytes 0x890A41E8 unknown_irp_handler 3608 bytes 0x89DCA1E8 unknown_irp_handler 3608 bytes 0x890941E8 unknown_irp_handler 3608 bytes 0x890A61E8 unknown_irp_handler 3608 bytes 0x890981E8 unknown_irp_handler 3608 bytes 0x8908A1E8 unknown_irp_handler 3608 bytes 0x890871E8 unknown_irp_handler 3608 bytes 0x890A81E8 unknown_irp_handler 3608 bytes 0x890A11E8 unknown_irp_handler 3608 bytes 0x890901E8 unknown_irp_handler 3608 bytes 0x890A51E8 unknown_irp_handler 3608 bytes 0x890911E8 unknown_irp_handler 3608 bytes 0x890881E8 unknown_irp_handler 3608 bytes 0x8909B1E8 unknown_irp_handler 3608 bytes 0x8B3BE1E8 unknown_irp_handler 3608 bytes 0x8BD6F1E8 unknown_irp_handler 3608 bytes 0x89E3E408 unknown_irp_handler 3064 bytes 0x89E2C430 unknown_irp_handler 3024 bytes 0x89E46430 unknown_irp_handler 3024 bytes 0x8A927430 unknown_irp_handler 3024 bytes ============================================== >Stealth ============================================== WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]

#54 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 02 March 2012 - 09:32 AM

Hi,

Believe it or not that looks promising...
------------

Go ahead and run ERUNT again so that we have a new backup of your registry.
----------

Now run a new scan with OTL
In the Custom Scans section put the following...

netsvcs
/MD5START
consrv.dll
/MD5STOP
CreateRestorePoint

Once the scan is complete please post the log that will be created (there will be only one). :)
Posted Image
 
 

#55 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 02 March 2012 - 10:32 AM

Here we go (Had to run it in safe mode though because it would stop responding when scanning modules in normal mode...)


OTL logfile created on: 02/03/2012 16:19:53 - Run 3
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Compaq\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 82.90% Memory free
6.06 Gb Paging File | 5.75 Gb Available in Paging File | 94.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.33 Gb Total Space | 127.73 Gb Free Space | 57.45% Space Free | Partition Type: NTFS
Drive D: | 10.55 Gb Total Space | 1.80 Gb Free Space | 17.04% Space Free | Partition Type: NTFS

Computer Name: COMPAQ-PC | User Name: Compaq | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Compaq\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe (COMODO)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SED133x) -- File not found
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (CLPSLS) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe (Symantec Corporation)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_O2DA) SupportSoft Sprocket Service (O2DA) -- C:\Program Files\O2 Assistant\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_O2DA) SupportSoft Repair Service (O2DA) -- C:\Program Files\O2 Assistant\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (sonicatheaterinstallerservice) -- C:\Windows\System32\vnxservice.dll (Oak Technology Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MA_CMIDI_InstallerService) -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (Avid Technology, Inc.)


========== Driver Services (SafeList) ==========

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120227.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120227.002\NAVENG.SYS (Symantec Corporation)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20120224.002\IDSvix86.sys (Symantec Corporation)
DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ()
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20120215.001\BHDrvx86.sys (Symantec Corporation)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (RapportIaso) -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys (Trusteer Ltd.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1207000.00D\SYMTDIV.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1207000.00D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1207000.00D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1207000.00D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1207000.00D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1207000.00D\Ironx86.SYS (Symantec Corporation)
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (RapportBuka) -- C:\Windows\System32\drivers\RapportBuka.sys (Trusteer Ltd.)
DRV - (SE1008mdm) -- C:\Windows\System32\drivers\SE1008mdm.sys (Sony Ericsson)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (MA_CMIDI) -- C:\Windows\System32\drivers\MA_CMIDI.SYS (M-Audio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...rio&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Compaq\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Compaq\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2012/02/19 18:02:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_5_2 [2012/03/02 16:00:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/19 18:01:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/20 12:49:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/20 12:49:34 | 000,000,000 | ---D | M]

[2011/10/12 21:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Compaq\AppData\Roaming\mozilla\Extensions
[2012/01/22 15:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions
[2010/03/13 21:03:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/12 15:53:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/01/22 15:37:25 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/01/22 14:56:00 | 000,000,000 | ---D | M] (Bflix extension) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\info@thebflix.com
[2012/01/22 15:02:31 | 000,002,472 | ---- | M] () -- C:\Users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\zyg90ndo.default\searchplugins\safesearch.xml
[2012/01/22 14:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/02 16:00:42 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\COFFPLGN_2011_7_5_2
[2012/02/19 18:02:03 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPLGN
[2011/12/21 07:42:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/21 05:14:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/21 05:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 05:14:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/21 05:14:26 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/21 05:14:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{googl
e:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chro
me&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client
=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Compaq\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO] C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [O2DA] C:\Program Files\O2 Assistant\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73F92850-0943-4CBD-8836-3F9DF80843DA}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: pavfnsvr - File not found
NetSvcs: Jukebox - File not found
NetSvcs: parallel - File not found
NetSvcs: stllssvr - File not found
NetSvcs: mgabg - File not found
NetSvcs: symsnap - File not found
NetSvcs: upsmonservice - File not found
NetSvcs: lgsnd_filter - File not found
NetSvcs: crauto - File not found
NetSvcs: ROOTUSB - File not found
NetSvcs: thkeys - File not found
NetSvcs: szkg - File not found
NetSvcs: bcoreusb - File not found
NetSvcs: BCMWLNPF - File not found
NetSvcs: NdisFilt - File not found
NetSvcs: VRFIL - File not found
NetSvcs: GcKernel - File not found
NetSvcs: HBtnKey - File not found
NetSvcs: WDM_YAMAHAAC97 - File not found
NetSvcs: nwlnkipx - File not found
NetSvcs: ndassvc - File not found
NetSvcs: sonicatheaterinstallerservice - C:\Windows\System32\vnxservice.dll (Oak Technology Inc.)
NetSvcs: brmfbags - File not found
NetSvcs: ha20x2k - File not found
NetSvcs: FVXSCSI - File not found
NetSvcs: SWMX00 - File not found
NetSvcs: JiaoCap - File not found
NetSvcs: ip6fw - File not found
NetSvcs: abnetmon - File not found
NetSvcs: {eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc} - File not found
NetSvcs: SED133x - File not found
NetSvcs: SymIM - File not found
NetSvcs: U81xobex - File not found
NetSvcs: DCamUSBMke2 - File not found
NetSvcs: windowblinds - File not found
NetSvcs: ersvc - File not found
NetSvcs: Anydlc - File not found
NetSvcs: trlokom_rmhsvc - File not found
NetSvcs: client32 - File not found
NetSvcs: taphss - File not found
NetSvcs: se59obex - File not found
NetSvcs: astcc - File not found
NetSvcs: SNPSTD3 - File not found
NetSvcs: WmaCVideo32 - File not found
NetSvcs: n558 - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/03/01 17:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/01 08:27:41 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/01 08:25:25 | 004,422,703 | R--- | C] (Swearware) -- C:\ComboFix.exe
[2012/02/28 15:44:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/28 15:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/02/28 15:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/26 11:38:43 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\Tific
[2012/02/26 11:35:33 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Local\Symantec
[2012/02/26 10:22:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/26 10:22:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/26 10:22:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/26 10:15:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/26 00:32:58 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Compaq\Desktop\OTL.exe
[2012/02/26 00:26:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/25 10:55:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Compaq\Desktop\dds.com
[2012/02/25 10:53:28 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Compaq\Desktop\aswMBR.exe
[2012/02/25 10:44:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Compaq\Desktop\dds.scr
[2012/02/24 14:57:14 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Compaq\Desktop\HiJackThis.exe
[2012/02/20 13:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/02/20 13:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/02/20 11:27:24 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/20 11:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/20 11:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/20 11:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/20 10:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/02/20 10:25:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/02/20 10:24:29 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Local\Comodo
[2012/02/20 10:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/02/20 10:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/02/20 10:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2012/02/20 10:03:58 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\Malwarebytes
[2012/02/20 10:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/20 10:03:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/20 10:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/20 10:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/13 12:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2012/02/05 15:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/02/05 15:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012/02/05 14:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/02/05 14:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2012/02/05 14:46:09 | 000,000,000 | ---D | C] -- C:\WMSDK
[2012/02/04 16:00:16 | 000,000,000 | ---D | C] -- C:\Users\Compaq\Desktop\photos Aurore phone
[2012/02/03 18:17:13 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\Media Player Classic
[2012/02/03 15:58:11 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Local\{63666F5D-CB50-4006-BAD8-A7A359057769}
[2012/02/03 15:41:32 | 000,262,144 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2012/02/03 15:41:32 | 000,086,016 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2012/02/03 15:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\OpenLibraries
[2012/02/03 10:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2012/02/03 10:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock

========== Files - Modified Within 30 Days ==========

[2012/03/02 16:17:04 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/03/02 16:16:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/02 16:15:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 16:15:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 16:07:48 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/02 16:07:48 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/02 16:02:13 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/03/02 13:55:16 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4056065152-634905853-1308159465-1000UA.job
[2012/03/02 13:39:27 | 000,139,264 | ---- | M] () -- C:\Users\Compaq\Desktop\RKUnhookerLE.EXE
[2012/03/01 20:17:22 | 000,006,144 | ---- | M] () -- C:\Users\Compaq\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/01 20:17:20 | 000,006,756 | ---- | M] () -- C:\Users\Compaq\AppData\Local\d3d9caps.dat
[2012/03/01 17:17:54 | 211,156,206 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/01 08:27:48 | 000,000,000 | R--- | M] () -- C:\Windows\SWSC.exe
[2012/03/01 08:25:43 | 004,422,703 | R--- | M] (Swearware) -- C:\ComboFix.exe
[2012/02/28 15:40:29 | 000,000,873 | ---- | M] () -- C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/28 15:40:17 | 000,000,693 | ---- | M] () -- C:\Users\Compaq\Desktop\NTREGOPT.lnk
[2012/02/28 15:40:16 | 000,000,674 | ---- | M] () -- C:\Users\Compaq\Desktop\ERUNT.lnk
[2012/02/26 21:18:32 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCompaq.job
[2012/02/26 19:56:19 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4056065152-634905853-1308159465-1000Core.job
[2012/02/26 00:33:00 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Compaq\Desktop\OTL.exe
[2012/02/26 00:23:00 | 002,044,183 | ---- | M] () -- C:\Users\Compaq\Desktop\tdsskiller.zip
[2012/02/25 11:02:53 | 000,000,512 | ---- | M] () -- C:\Users\Compaq\Desktop\MBR.dat
[2012/02/25 10:55:35 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Compaq\Desktop\dds.com
[2012/02/25 10:54:19 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Compaq\Desktop\aswMBR.exe
[2012/02/25 10:44:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Compaq\Desktop\dds.scr
[2012/02/24 14:57:17 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Compaq\Desktop\HiJackThis.exe
[2012/02/20 13:31:23 | 003,745,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/20 13:22:29 | 000,292,100 | ---- | M] () -- C:\Users\Compaq\Documents\cc_20120220_132138.reg
[2012/02/20 13:14:54 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/20 11:27:03 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/20 11:03:11 | 002,185,990 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1207000.00D\Cat.DB
[2012/02/20 10:58:44 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/02/20 10:57:56 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/02/20 10:14:19 | 000,001,017 | ---- | M] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/02/20 10:14:19 | 000,000,993 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012/02/20 10:03:49 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/17 15:57:53 | 000,002,047 | ---- | M] () -- C:\Users\Compaq\Desktop\Google Chrome.lnk
[2012/02/17 15:57:53 | 000,002,009 | ---- | M] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/15 10:11:08 | 000,002,587 | ---- | M] () -- C:\Users\Compaq\Desktop\Microsoft Office Word 2007.lnk
[2012/02/08 10:53:04 | 000,000,326 | ---- | M] () -- C:\MemeoSendAddin
[2012/02/03 15:41:32 | 000,262,144 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2012/02/03 15:41:32 | 000,086,016 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2012/02/03 10:00:11 | 000,001,688 | ---- | M] () -- C:\Users\Compaq\Desktop\PeerBlock.lnk
[2012/02/01 17:57:19 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

========== Files Created - No Company Name ==========

[2012/03/02 13:39:26 | 000,139,264 | ---- | C] () -- C:\Users\Compaq\Desktop\RKUnhookerLE.EXE
[2012/03/01 17:17:35 | 211,156,206 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/29 18:36:19 | 000,006,144 | ---- | C] () -- C:\Users\Compaq\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 09:45:44 | 000,302,592 | ---- | C] () -- C:\Users\Compaq\Desktop\gmer.exe
[2012/02/28 15:48:06 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/28 15:40:29 | 000,000,873 | ---- | C] () -- C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/28 15:40:16 | 000,000,693 | ---- | C] () -- C:\Users\Compaq\Desktop\NTREGOPT.lnk
[2012/02/28 15:40:15 | 000,000,674 | ---- | C] () -- C:\Users\Compaq\Desktop\ERUNT.lnk
[2012/02/26 10:22:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/26 10:22:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/26 10:22:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/26 10:22:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/26 10:22:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/26 10:22:57 | 000,000,000 | R--- | C] () -- C:\Windows\SWSC.exe
[2012/02/26 00:22:57 | 002,044,183 | ---- | C] () -- C:\Users\Compaq\Desktop\tdsskiller.zip
[2012/02/25 11:02:53 | 000,000,512 | ---- | C] () -- C:\Users\Compaq\Desktop\MBR.dat
[2012/02/20 13:21:45 | 000,292,100 | ---- | C] () -- C:\Users\Compaq\Documents\cc_20120220_132138.reg
[2012/02/20 13:14:53 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/20 11:27:03 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/20 10:58:43 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/02/20 10:14:19 | 000,001,017 | ---- | C] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/02/20 10:14:19 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012/02/20 10:14:08 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/02/20 10:03:49 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/03 16:08:58 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/02/03 10:00:10 | 000,001,688 | ---- | C] () -- C:\Users\Compaq\Desktop\PeerBlock.lnk
[2012/01/10 17:52:32 | 000,000,132 | ---- | C] () -- C:\Users\Compaq\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/01/08 11:04:09 | 000,001,940 | ---- | C] () -- C:\Users\Compaq\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/09 14:07:42 | 000,006,524 | ---- | C] () -- C:\Users\Compaq\AppData\Roaming\wklnhst.dat
[2010/07/07 12:41:13 | 000,000,114 | ---- | C] () -- C:\Windows\wininit.ini

========== Custom Scans ==========



< End of report >

    Advertisements

Register to Remove

#56 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 02 March 2012 - 12:57 PM

Hi,

I can still see the ZeroAccess infection sitting there.
----------

Please boot into Safe Mode with Networking.
----------

Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

Disable your AntiVirus and AntiSpyware applications.

Press Start >> in the Start Search bar type Run >> when Run populates above, open it >> copy/paste the following into Run text bar combofix /nombr
---------

Hopefully that will be enough to get it to run. If the log is produced please post it...if not please let me know what happened.
Posted Image
 
 

#57 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 03 March 2012 - 02:25 AM

Het Jeff, One of my friends parents works as a computer technician and has kindly been able to have a look at my computer over the weekend. ive told him exactly what ive done so far with your advice and Ive written down my log in details for the forum so he may or may not reply to you over the weekend. Nethertheless could you leave to thread open just in case he doesnt get in touch with you? I'll be able to report back on monday whether theres been any success, and ive asked him to kindly give me the details so i can let you know as youve been helping me for a while! Ps. I hope you dont take it personally, it's just a much faster process than posting, replying and the waiting in between...!

#58 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 03 March 2012 - 07:38 AM

Nope...I don't take it personally. Let me know how it works out for you. :) I will leave it open...no problems.
Posted Image
 
 

#59 thatguy89

thatguy89

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 06 March 2012 - 06:35 AM

Hey Jeff, hope you had a good weekend! I got the laptop back yesterday and apparently due to the massive corruption of files caused by the virus the only option was a system restore (which I tried doing two weeks ago anyway, just not in safe mode - derr!! lol ) It's a bit weird now though however. I havent much to to check it out but I'm pretty sure the internet browsers (firefox/chrome) aren't working because despite persistent double clicking and right click run as admin's, they just simply wouldnt open. Likewise I'd try to open certain programs like Norton and nothing would happen... I don't have any of the progrmas like OTL hijack this Comodo firewall or combofix anymore, so maybe a new scan might be in order??

#60 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 06 March 2012 - 07:14 AM

Hi,

I hope you had a good weekend as well. :)
---------

That is what I was afraid would be the case. With the Zero Access infection, we can never know what is going to happen 100% and corruption of files and loss of internet can just be the tip of the iceberg. Let's get a look at some places on your system to see what is going on. Unfortunately a full reinstall may be what we are coming to and would be the safest bet.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Posted Image
 
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·