WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

"Trojan.Zeroaccess! khem" is getting on my nerves... :(

Started by thatguy89 , Feb 24 2012 09:11 AM

This topic is locked

136 replies to this topic

#1 thatguy89

Authentic Member

Authentic Member
80 posts

Posted 24 February 2012 - 09:11 AM

Last week Norton picked up Trojan.Zeroaccess! khem and requires a manual removal. Since then I've trawled through forums downloading malwarebytes, super anti-spyware and comodo firewall in the process. Attempts to get rid of the virus have been futile. It's damaged my Base Filtering Engine, IPsec Policy Agents and IKE and AuthIpsec Keyring Module (discovered due to PeerBlock not opening anymore). Can anyone help?

PS. Whilst writing this Norton blocked an attempt by the same virus again!

Here is my Log File having scanned using HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:08:51, on 24/02/2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\O2 Assistant\bin\sprtcmd.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Users\Compaq\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Compaq\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Compaq\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Compaq\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Compaq\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Compaq\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Compaq\Downloads\HiJackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...rio&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: aTube Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [O2DA] "C:\Program Files\O2 Assistant\bin\sprtcmd.exe" /P O2DA
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Compaq\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: Norton Internet Security. (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SupportSoft Sprocket Service (O2DA) (sprtsvc_O2DA) - SupportSoft, Inc. - C:\Program Files\O2 Assistant\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: SupportSoft Repair Service (O2DA) (tgsrvc_O2DA) - SupportSoft, Inc. - C:\Program Files\O2 Assistant\bin\tgsrvc.exe

--
End of file - 14647 bytes

I would massively appreciate the help guys!
Thanks

Advertisements

Register to Remove

#2 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 24 February 2012 - 12:15 PM

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.
----------

Please download DDS from one of the following links and save it to your desktop.

- DDS.scr
- DDS.pif
Disable any script blocking protection (How to Disable your Security Programs)
Double click DDS icon to run the tool (may take up to 3 minutes to run)
When done, DDS.txt will open.
After a few moments, attach.txt will open in a second window.
Save both reports to your desktop.

---------------------------------------------------

Post the contents of the DDS.txt report in your next reply
Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

----------

Please download aswMBR to your desktop.

Double click the aswMBR icon to run it.
Vista and Windows 7 users right click the icon and choose "Run as administrator".
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Click the image to enlarge it
----------

In your next reply please post both of the logs created by DDS and the log created by aswMBR.exe.

#3 thatguy89

Authentic Member

Authentic Member
80 posts

Posted 25 February 2012 - 05:06 AM

Hi Jeff! Here is the DDS.txt: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_20 Run by Compaq at 10:56:05 on 2012-02-25 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3002.1241 [GMT 0:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe C:\Windows\system32\svchost.exe -k rpcss C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\SMINST\BLService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\O2 Assistant\bin\sprtsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\O2 Assistant\bin\tgsrvc.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\O2 Assistant\bin\sprtcmd.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Windows\system32\DllHost.exe C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Mozilla Firefox\firefox.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Windows\system32\wuauclt.exe C:\Windows\System32\ping.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.searchqu.com/406 uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb uInternet Settings,ProxyOverride = <local> uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.7.0.13\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.7.0.13\ips\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll BHO: aTube Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: aTube Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.7.0.13\coIEPlg.dll TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [Google Update] "c:\users\compaq\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0" mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0" mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [O2DA] "c:\program files\o2 assistant\bin\sprtcmd.exe" /P O2DA mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h StartupFolder: c:\users\compaq\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{73F92850-0943-4CBD-8836-3F9DF80843DA} : DhcpNameServer = 192.168.1.254 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\windows\system32\guard32.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\users\compaq\appdata\roaming\mozilla\firefox\profiles\zyg90ndo.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.ask.co.uk FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=101&systemid=406&sr=0&q= FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\coffplgn_2011_7_4_3\components\coFFPlgn.dll FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\ipsffplgn\components\IPSFFPl.dll FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\users\compaq\appdata\roaming\mozilla\firefox\profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll FF - component: c:\users\compaq\appdata\roaming\mozilla\firefox\profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll FF - component: c:\users\compaq\appdata\roaming\mozilla\firefox\profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll FF - component: c:\users\compaq\appdata\roaming\mozilla\firefox\profiles\zyg90ndo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll FF - component: c:\users\compaq\appdata\roaming\mozilla\firefox\profiles\zyg90ndo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko5.dll FF - component: c:\users\compaq\appdata\roaming\mozilla\firefox\profiles\zyg90ndo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko6.dll FF - component: c:\users\compaq\appdata\roaming\mozilla\firefox\profiles\zyg90ndo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko7.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\compaq\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll . ============= SERVICES / DRIVERS =============== . R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1207000.00d\symds.sys [2012-2-1 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1207000.00d\symefa.sys [2012-2-1 744568] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-16 820344] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-1-17 491816] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 38616] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\definitions\ipsdefs\20120224.002\IDSvix86.sys [2012-2-25 368248] R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-3-6 390528] R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208] R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1207000.00d\ironx86.sys [2012-2-1 136312] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1207000.00d\symtdiv.sys [2012-2-1 331384] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_fa807195\AEstSrv.exe [2009-6-17 81920] R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504] R2 NIS;Norton Internet Security.;c:\program files\norton internet security\engine\18.7.0.13\ccsvchst.exe [2012-2-1 130008] R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-7 931640] R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-3-2 365952] R2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);c:\program files\o2 assistant\bin\sprtsvc.exe [2010-4-23 206120] R2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);c:\program files\o2 assistant\bin\tgsrvc.exe [2010-4-23 185640] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-3-2 222512] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-4 106104] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-2-3 20080] S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-18 21520] S3 SE1008mdm;Sony Ericsson SE1008 Mobile Device Full USB Driver;c:\windows\system32\drivers\SE1008mdm.sys [2009-2-12 58536] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-02-25 10:48:07 275968 ----a-w- c:\program files\win32.exe 2012-02-22 09:51:48 28160 ----a-w- c:\programdata\67AC568.exe 2012-02-22 09:51:36 0 ----a-w- c:\windows\system32\67AC568.com 2012-02-20 13:14:51 -------- d-----w- c:\program files\CCleaner 2012-02-20 11:27:24 -------- d-----w- c:\users\compaq\appdata\roaming\SUPERAntiSpyware.com 2012-02-20 11:26:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-02-20 11:26:59 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-02-20 10:52:32 -------- d-----w- c:\programdata\CPA_VA 2012-02-20 10:24:29 -------- d-----w- c:\users\compaq\appdata\local\Comodo 2012-02-20 10:14:19 -------- d-----w- c:\programdata\Comodo 2012-02-20 10:14:05 -------- d-----w- c:\program files\Comodo 2012-02-20 10:03:58 -------- d-----w- c:\users\compaq\appdata\roaming\Malwarebytes 2012-02-20 10:03:48 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-20 10:03:48 -------- d-----w- c:\programdata\Malwarebytes 2012-02-20 10:03:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-18 09:52:39 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-02-13 12:03:03 -------- d-----w- c:\programdata\LightScribe 2012-02-05 15:11:53 -------- d-----w- c:\program files\K-Lite Codec Pack 2012-02-05 14:46:09 -------- d-----w- C:\WMSDK 2012-02-03 16:08:58 165376 ----a-w- c:\windows\system32\unrar.dll 2012-02-03 15:58:11 -------- d-----w- c:\users\compaq\appdata\local\{63666F5D-CB50-4006-BAD8-A7A359057769} 2012-02-03 15:41:32 86016 ----a-w- c:\windows\system32\OpenAL32.dll 2012-02-03 15:41:32 262144 ----a-w- c:\windows\system32\wrap_oal.dll 2012-02-03 15:39:45 -------- d-----w- c:\program files\OpenLibraries 2012-02-03 10:00:07 -------- d-----w- c:\program files\PeerBlock 2012-02-01 14:32:00 331384 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symtdiv.sys 2012-02-01 14:32:00 299640 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symnets.sys 2012-02-01 14:31:59 744568 ----a-r- c:\windows\system32\drivers\nis\1207000.00d\symefa.sys 2012-02-01 14:31:59 516216 ----a-r- c:\windows\system32\drivers\nis\1207000.00d\srtsp.sys 2012-02-01 14:31:59 50168 ----a-r- c:\windows\system32\drivers\nis\1207000.00d\srtspx.sys 2012-02-01 14:31:59 340088 ----a-r- c:\windows\system32\drivers\nis\1207000.00d\symds.sys 2012-02-01 14:31:58 136312 ----a-r- c:\windows\system32\drivers\nis\1207000.00d\ironx86.sys 2012-02-01 14:31:04 -------- d-----w- c:\windows\system32\drivers\nis\1207000.00D . ==================== Find3M ==================== . 2012-01-17 21:00:32 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2012-01-17 20:57:45 428088 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-12-19 18:59:06 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2011-12-19 18:59:04 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys 2011-12-19 18:58:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll 2011-12-19 18:58:56 301224 ----a-w- c:\windows\system32\guard32.dll 2011-12-13 15:36:41 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-12-13 15:36:41 348160 ----a-w- c:\windows\system32\msvcr71.dll . ============= FINISH: 10:58:07.64 =============== The Attach.txt should be attached! Aaaaaand here's the aswMBR log: aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software Run date: 2012-02-25 11:02:07 ----------------------------- 11:02:07.538 OS Version: Windows 6.0.6001 Service Pack 1 11:02:07.538 Number of processors: 2 586 0x170A 11:02:07.538 ComputerName: COMPAQ-PC UserName: Compaq 11:02:10.658 Initialize success 11:02:19.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 11:02:19.078 Disk 0 Vendor: ST9250315AS 0003HPM1 Size: 238475MB BusType: 3 11:02:19.110 Disk 0 MBR read successfully 11:02:19.110 Disk 0 MBR scan 11:02:19.110 Disk 0 unknown MBR code 11:02:19.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 227666 MB offset 2048 11:02:19.156 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10805 MB offset 466262016 11:02:19.172 Disk 0 scanning sectors +488390656 11:02:19.219 Disk 0 scanning C:\Windows\system32\drivers 11:02:26.332 File: C:\Windows\system32\drivers\netbt.sys **SUSPICIOUS** 11:02:33.212 Disk 0 trace - called modules: 11:02:33.243 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8b4bdfd0]<< 11:02:33.259 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89991198] 11:02:33.259 3 CLASSPNP.SYS[8db0a745] -> nt!IofCallDriver -> [0x89f6e538] 11:02:33.774 \Driver\00001526[0x89f6e670] -> IRP_MJ_CREATE -> 0x8b4bdfd0 11:02:33.774 Scan finished successfully 11:02:53.664 Disk 0 MBR has been saved successfully to "C:\Users\Compaq\Desktop\MBR.dat" 11:02:53.679 The log file has been saved successfully to "C:\Users\Compaq\Desktop\aswMBR.txt" Thanks for the help so far Jeff

(The attach.txt was taking ages to upload so I'll provide these for now and try and post the attach.txt again...d'oh!)

#4 thatguy89

Authentic Member

Authentic Member
80 posts

Posted 25 February 2012 - 05:21 AM

Ok so I'm having some trouble attaching attach.txt.... I've tried doing it on both firefox and chrome, firefox just says that it's uploading file, forever.. Chrome says in the attach box that 'this web page is not available.' I've tried reloading the page several times, I've checked that google is a permitted program in my firewall (even though they're now disabled so would that make a difference?) and the 'Use a proxy server for your LAN' was already disabled when I checked. It's never easy is it! Any ideas? :huh:

#5 thatguy89

Authentic Member

Authentic Member
80 posts

Posted 25 February 2012 - 07:43 AM

here we go. I transfered attach.txt via usb onto a friends computer, uploaded in no time!

Attached Files

Attach.txt 18.78KB 353 downloads

#6 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 25 February 2012 - 01:45 PM

Hi,

Good job getting those logs ran and uploaded.

------------

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.

----------

Please download TDSSKiller.zip

Extract it to your desktop
Right-click and Run as Administrator TDSSKiller.exe
Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

Download OTL to your desktop.
Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------

In your next reply, if you have chosen to attempt cleaning, please post the logs made by TDSSKiller and OTL.

#7 thatguy89

Authentic Member

Authentic Member
80 posts

Posted 25 February 2012 - 07:00 PM

well Jeff I knew it was bad but not as bad as this! I'll go ahead with the cleaning however, we can't go down without a fight!

Here is the TDSSKiller report:

00:24:10.0657 5680 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
00:24:12.0701 5680 ============================================================
00:24:12.0701 5680 Current date / time: 2012/02/26 00:24:12.0701
00:24:12.0701 5680 SystemInfo:
00:24:12.0701 5680
00:24:12.0701 5680 OS Version: 6.0.6001 ServicePack: 1.0
00:24:12.0701 5680 Product type: Workstation
00:24:12.0701 5680 ComputerName: COMPAQ-PC
00:24:12.0701 5680 UserName: Compaq
00:24:12.0701 5680 Windows directory: C:\Windows
00:24:12.0701 5680 System windows directory: C:\Windows
00:24:12.0701 5680 Processor architecture: Intel x86
00:24:12.0701 5680 Number of processors: 2
00:24:12.0701 5680 Page size: 0x1000
00:24:12.0701 5680 Boot type: Normal boot
00:24:12.0701 5680 ============================================================
00:24:15.0212 5680 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:24:15.0228 5680 \Device\Harddisk0\DR0:
00:24:15.0228 5680 MBR used
00:24:15.0228 5680 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BCA9000
00:24:15.0228 5680 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BCA9800, BlocksNum 0x151A800
00:24:15.0649 5680 Initialize success
00:24:15.0649 5680 ============================================================
00:24:28.0769 2480 ============================================================
00:24:28.0769 2480 Scan started
00:24:28.0769 2480 Mode: Manual;
00:24:28.0769 2480 ============================================================
00:24:33.0277 2480 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
00:24:33.0293 2480 ACPI - ok
00:24:33.0667 2480 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
00:24:33.0761 2480 adp94xx - ok
00:24:33.0963 2480 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
00:24:34.0057 2480 adpahci - ok
00:24:34.0385 2480 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
00:24:34.0385 2480 adpu160m - ok
00:24:34.0572 2480 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
00:24:34.0587 2480 adpu320 - ok
00:24:34.0931 2480 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
00:24:34.0993 2480 AFD - ok
00:24:35.0211 2480 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
00:24:35.0211 2480 agp440 - ok
00:24:35.0305 2480 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:24:35.0305 2480 aic78xx - ok
00:24:35.0461 2480 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
00:24:35.0477 2480 aliide - ok
00:24:35.0601 2480 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
00:24:35.0601 2480 amdagp - ok
00:24:35.0648 2480 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
00:24:35.0664 2480 amdide - ok
00:24:35.0726 2480 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
00:24:35.0726 2480 AmdK7 - ok
00:24:35.0742 2480 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
00:24:35.0742 2480 AmdK8 - ok
00:24:35.0960 2480 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
00:24:35.0960 2480 arc - ok
00:24:36.0257 2480 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
00:24:36.0257 2480 arcsas - ok
00:24:36.0615 2480 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:24:36.0631 2480 AsyncMac - ok
00:24:36.0740 2480 atapi (9c0e70031905adbf94edb9ea14af943b) C:\Windows\system32\drivers\atapi.sys
00:24:36.0740 2480 atapi - ok
00:24:37.0021 2480 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys
00:24:37.0052 2480 athr - ok
00:24:37.0598 2480 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:24:37.0598 2480 Beep - ok
00:24:38.0175 2480 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
00:24:38.0331 2480 BHDrvx86 - ok
00:24:38.0659 2480 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
00:24:38.0675 2480 blbdrive - ok
00:24:38.0987 2480 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
00:24:39.0049 2480 bowser - ok
00:24:39.0205 2480 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:24:39.0221 2480 BrFiltLo - ok
00:24:39.0236 2480 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:24:39.0236 2480 BrFiltUp - ok
00:24:39.0330 2480 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:24:39.0330 2480 Brserid - ok
00:24:39.0345 2480 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:24:39.0345 2480 BrSerWdm - ok
00:24:39.0361 2480 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:24:39.0377 2480 BrUsbMdm - ok
00:24:39.0377 2480 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:24:39.0392 2480 BrUsbSer - ok
00:24:39.0439 2480 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:24:39.0439 2480 BTHMODEM - ok
00:24:39.0470 2480 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:24:39.0470 2480 cdfs - ok
00:24:39.0517 2480 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
00:24:39.0533 2480 cdrom - ok
00:24:39.0548 2480 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
00:24:39.0564 2480 circlass - ok
00:24:39.0611 2480 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
00:24:39.0626 2480 CLFS - ok
00:24:40.0016 2480 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
00:24:40.0032 2480 CmBatt - ok
00:24:40.0469 2480 cmdGuard (61273223115b06a063cc8d4e640f63e3) C:\Windows\system32\DRIVERS\cmdguard.sys
00:24:40.0578 2480 cmdGuard - ok
00:24:40.0905 2480 cmdHlp (b4c05b0bfcb90c030085893a39863b6f) C:\Windows\system32\DRIVERS\cmdhlp.sys
00:24:40.0937 2480 cmdHlp - ok
00:24:41.0015 2480 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
00:24:41.0015 2480 cmdide - ok
00:24:41.0061 2480 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
00:24:41.0061 2480 Compbatt - ok
00:24:41.0093 2480 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
00:24:41.0093 2480 crcdisk - ok
00:24:41.0108 2480 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
00:24:41.0124 2480 Crusoe - ok
00:24:41.0217 2480 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
00:24:41.0217 2480 DfsC - ok
00:24:41.0545 2480 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
00:24:41.0545 2480 disk - ok
00:24:41.0904 2480 drmkaud (a261867e0862be565bc1f86d387c0805) C:\Windows\system32\drivers\drmkaud.sys
00:24:41.0904 2480 drmkaud - ok
00:24:42.0341 2480 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
00:24:42.0403 2480 DXGKrnl - ok
00:24:42.0637 2480 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:24:42.0637 2480 E1G60 - ok
00:24:42.0731 2480 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
00:24:42.0731 2480 Ecache - ok
00:24:43.0043 2480 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
00:24:43.0214 2480 eeCtrl - ok
00:24:43.0448 2480 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
00:24:43.0464 2480 elxstor - ok
00:24:43.0589 2480 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:24:43.0589 2480 EraserUtilRebootDrv - ok
00:24:43.0713 2480 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
00:24:43.0713 2480 ErrDev - ok
00:24:43.0807 2480 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
00:24:43.0823 2480 exfat - ok
00:24:43.0885 2480 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
00:24:43.0916 2480 fastfat - ok
00:24:44.0166 2480 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
00:24:44.0166 2480 fdc - ok
00:24:44.0322 2480 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:24:44.0337 2480 FileInfo - ok
00:24:44.0400 2480 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:24:44.0400 2480 Filetrace - ok
00:24:44.0634 2480 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:24:44.0634 2480 flpydisk - ok
00:24:44.0712 2480 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
00:24:44.0712 2480 FltMgr - ok
00:24:44.0759 2480 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
00:24:44.0759 2480 Fs_Rec - ok
00:24:44.0805 2480 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
00:24:44.0805 2480 gagp30kx - ok
00:24:44.0899 2480 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:24:44.0899 2480 GEARAspiWDM - ok
00:24:44.0961 2480 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
00:24:44.0977 2480 HdAudAddService - ok
00:24:44.0993 2480 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:24:45.0008 2480 HDAudBus - ok
00:24:45.0024 2480 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:24:45.0024 2480 HidBth - ok
00:24:45.0055 2480 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:24:45.0055 2480 HidIr - ok
00:24:45.0133 2480 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
00:24:45.0133 2480 HidUsb - ok
00:24:45.0227 2480 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
00:24:45.0242 2480 HpCISSs - ok
00:24:45.0305 2480 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
00:24:45.0320 2480 HpqKbFiltr - ok
00:24:45.0476 2480 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
00:24:45.0523 2480 HTTP - ok
00:24:45.0663 2480 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
00:24:45.0679 2480 i2omp - ok
00:24:45.0960 2480 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:24:45.0975 2480 i8042prt - ok
00:24:46.0412 2480 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
00:24:46.0428 2480 iaStorV - ok
00:24:47.0177 2480 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20120224.002\IDSvix86.sys
00:24:47.0192 2480 IDSVix86 - ok
00:24:47.0677 2480 igfx (0391268713612372e4e0eceaadad41d5) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:24:47.0775 2480 igfx - ok
00:24:48.0165 2480 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:24:48.0165 2480 iirsp - ok
00:24:48.0648 2480 inspect (bd2e5fab6f73c57ff67d3e1428e5b8ee) C:\Windows\system32\DRIVERS\inspect.sys
00:24:48.0711 2480 inspect - ok
00:24:48.0976 2480 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
00:24:48.0976 2480 IntcHdmiAddService - ok
00:24:49.0085 2480 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
00:24:49.0085 2480 intelide - ok
00:24:49.0132 2480 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:24:49.0148 2480 intelppm - ok
00:24:49.0163 2480 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:24:49.0163 2480 IpFilterDriver - ok
00:24:49.0179 2480 IpInIp - ok
00:24:49.0257 2480 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
00:24:49.0272 2480 IPMIDRV - ok
00:24:49.0288 2480 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:24:49.0288 2480 IPNAT - ok
00:24:49.0335 2480 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:24:49.0335 2480 IRENUM - ok
00:24:49.0382 2480 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
00:24:49.0397 2480 isapnp - ok
00:24:49.0444 2480 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
00:24:49.0444 2480 iScsiPrt - ok
00:24:49.0538 2480 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:24:49.0553 2480 iteatapi - ok
00:24:49.0600 2480 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:24:49.0600 2480 iteraid - ok
00:24:49.0647 2480 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:24:49.0647 2480 kbdclass - ok
00:24:49.0662 2480 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
00:24:49.0662 2480 kbdhid - ok
00:24:49.0787 2480 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
00:24:49.0818 2480 KSecDD - ok
00:24:49.0974 2480 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:24:49.0974 2480 lltdio - ok
00:24:50.0193 2480 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
00:24:50.0193 2480 LSI_FC - ok
00:24:50.0349 2480 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
00:24:50.0364 2480 LSI_SAS - ok
00:24:50.0942 2480 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
00:24:50.0957 2480 LSI_SCSI - ok
00:24:51.0410 2480 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:24:51.0425 2480 luafv - ok
00:24:51.0644 2480 MA_CMIDI (6d03a526eeded908759ca8c0e581494d) C:\Windows\system32\drivers\ma_cmidi.sys
00:24:51.0644 2480 MA_CMIDI - ok
00:24:51.0924 2480 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
00:24:51.0940 2480 megasas - ok
00:24:52.0096 2480 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
00:24:52.0112 2480 MegaSR - ok
00:24:52.0377 2480 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:24:52.0392 2480 Modem - ok
00:24:52.0689 2480 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:24:52.0704 2480 monitor - ok
00:24:53.0157 2480 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:24:53.0172 2480 mouclass - ok
00:24:53.0516 2480 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
00:24:53.0531 2480 mouhid - ok
00:24:53.0718 2480 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:24:53.0734 2480 MountMgr - ok
00:24:53.0984 2480 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
00:24:53.0999 2480 mpio - ok
00:24:54.0015 2480 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:24:54.0015 2480 mpsdrv - ok
00:24:54.0077 2480 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:24:54.0077 2480 Mraid35x - ok
00:24:54.0108 2480 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
00:24:54.0108 2480 MRxDAV - ok
00:24:54.0186 2480 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:24:54.0186 2480 mrxsmb - ok
00:24:54.0280 2480 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:24:54.0296 2480 mrxsmb10 - ok
00:24:54.0592 2480 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:24:54.0608 2480 mrxsmb20 - ok
00:24:54.0732 2480 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
00:24:54.0732 2480 msahci - ok
00:24:54.0935 2480 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
00:24:54.0935 2480 msdsm - ok
00:24:55.0138 2480 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:24:55.0138 2480 Msfs - ok
00:24:55.0559 2480 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:24:55.0559 2480 msisadrv - ok
00:24:55.0778 2480 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:24:55.0793 2480 MSKSSRV - ok
00:24:55.0856 2480 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:24:55.0856 2480 MSPCLOCK - ok
00:24:55.0887 2480 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:24:55.0887 2480 MSPQM - ok
00:24:55.0918 2480 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
00:24:55.0918 2480 MsRPC - ok
00:24:55.0996 2480 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:24:55.0996 2480 mssmbios - ok
00:24:56.0058 2480 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:24:56.0058 2480 MSTEE - ok
00:24:56.0324 2480 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
00:24:56.0339 2480 Mup - ok
00:24:56.0480 2480 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
00:24:56.0495 2480 NativeWifiP - ok
00:24:57.0072 2480 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120224.034\NAVENG.SYS
00:24:57.0072 2480 NAVENG - ok
00:24:58.0008 2480 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120224.034\NAVEX15.SYS
00:24:58.0102 2480 NAVEX15 - ok
00:24:58.0320 2480 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
00:24:58.0336 2480 NDIS - ok
00:24:58.0695 2480 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:24:58.0695 2480 NdisTapi - ok
00:24:59.0506 2480 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:24:59.0506 2480 Ndisuio - ok
00:24:59.0724 2480 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
00:24:59.0740 2480 NdisWan - ok
00:25:00.0021 2480 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:25:00.0021 2480 NDProxy - ok
00:25:00.0083 2480 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:25:00.0083 2480 NetBIOS - ok
00:25:00.0114 2480 netbt (17f9a2e833889e3c1771450315bcb409) C:\Windows\system32\DRIVERS\netbt.sys
00:25:00.0114 2480 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: 17f9a2e833889e3c1771450315bcb409, Fake md5: 7c5fee5b1c5728507cd96fb4a13e7a02
00:25:00.0114 2480 netbt ( Virus.Win32.ZAccess.aml ) - infected
00:25:00.0114 2480 netbt - detected Virus.Win32.ZAccess.aml (0)
00:25:00.0380 2480 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
00:25:00.0442 2480 NETw3v32 - ok
00:25:00.0894 2480 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:25:00.0894 2480 nfrd960 - ok
00:25:01.0066 2480 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
00:25:01.0066 2480 Npfs - ok
00:25:01.0128 2480 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:25:01.0128 2480 nsiproxy - ok
00:25:01.0206 2480 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
00:25:01.0238 2480 Ntfs - ok
00:25:01.0394 2480 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:25:01.0394 2480 ntrigdigi - ok
00:25:01.0472 2480 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:25:01.0472 2480 Null - ok
00:25:01.0690 2480 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
00:25:01.0690 2480 nvraid - ok
00:25:02.0127 2480 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
00:25:02.0142 2480 nvstor - ok
00:25:02.0220 2480 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
00:25:02.0236 2480 nv_agp - ok
00:25:02.0267 2480 NwlnkFlt - ok
00:25:02.0345 2480 NwlnkFwd - ok
00:25:02.0486 2480 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
00:25:02.0501 2480 ohci1394 - ok
00:25:02.0813 2480 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:25:02.0829 2480 Parport - ok
00:25:03.0110 2480 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
00:25:03.0110 2480 partmgr - ok
00:25:03.0359 2480 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:25:03.0359 2480 Parvdm - ok
00:25:03.0734 2480 pbfilter (2f6e885c432927a186c2e352c8a1cbf4) C:\Program Files\PeerBlock\pbfilter.sys
00:25:03.0734 2480 pbfilter - ok
00:25:03.0905 2480 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
00:25:03.0921 2480 pci - ok
00:25:03.0936 2480 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
00:25:03.0936 2480 pciide - ok
00:25:03.0983 2480 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:25:03.0999 2480 pcmcia - ok
00:25:04.0061 2480 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:25:04.0092 2480 PEAUTH - ok
00:25:04.0451 2480 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:25:04.0467 2480 PptpMiniport - ok
00:25:04.0919 2480 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
00:25:04.0919 2480 Processor - ok
00:25:05.0231 2480 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
00:25:05.0247 2480 PSched - ok
00:25:05.0450 2480 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
00:25:05.0496 2480 ql2300 - ok
00:25:05.0668 2480 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:25:05.0668 2480 ql40xx - ok
00:25:05.0871 2480 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:25:05.0886 2480 QWAVEdrv - ok
00:25:06.0105 2480 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\Windows\system32\drivers\RapportBuka.sys
00:25:06.0167 2480 RapportBuka - ok
00:25:06.0651 2480 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
00:25:06.0651 2480 RapportCerberus_34302 - ok
00:25:06.0916 2480 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
00:25:06.0916 2480 RapportEI - ok
00:25:07.0353 2480 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
00:25:07.0368 2480 RapportIaso - ok
00:25:07.0540 2480 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\Windows\system32\Drivers\RapportKELL.sys
00:25:07.0556 2480 RapportKELL - ok
00:25:07.0961 2480 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
00:25:07.0961 2480 RapportPG - ok
00:25:08.0117 2480 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:25:08.0133 2480 RasAcd - ok
00:25:08.0351 2480 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:25:08.0351 2480 Rasl2tp - ok
00:25:08.0382 2480 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
00:25:08.0382 2480 RasPppoe - ok
00:25:08.0414 2480 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
00:25:08.0414 2480 RasSstp - ok
00:25:08.0476 2480 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
00:25:08.0476 2480 rdbss - ok
00:25:08.0585 2480 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:25:08.0601 2480 RDPCDD - ok
00:25:09.0006 2480 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
00:25:09.0022 2480 rdpdr - ok
00:25:09.0100 2480 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:25:09.0100 2480 RDPENCDD - ok
00:25:09.0162 2480 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
00:25:09.0178 2480 RDPWD - ok
00:25:09.0552 2480 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:25:09.0552 2480 rspndr - ok
00:25:09.0958 2480 RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
00:25:09.0958 2480 RTL8169 - ok
00:25:10.0161 2480 RTSTOR (2b7da5a2d2c4aae01098d910007edac5) C:\Windows\system32\drivers\RTSTOR.SYS
00:25:10.0176 2480 RTSTOR - ok
00:25:10.0410 2480 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:25:10.0410 2480 SASDIFSV - ok
00:25:10.0457 2480 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:25:10.0473 2480 SASKUTIL - ok
00:25:10.0769 2480 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:25:10.0769 2480 sbp2port - ok
00:25:10.0972 2480 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
00:25:10.0988 2480 sdbus - ok
00:25:11.0206 2480 SE1008mdm (8f6b775f31d01f1f4d04a683c8d0d349) C:\Windows\system32\DRIVERS\SE1008mdm.sys
00:25:11.0222 2480 SE1008mdm - ok
00:25:11.0253 2480 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:25:11.0253 2480 secdrv - ok
00:25:11.0284 2480 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:25:11.0284 2480 Serenum - ok
00:25:11.0378 2480 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:25:11.0378 2480 Serial - ok
00:25:11.0502 2480 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:25:11.0502 2480 sermouse - ok
00:25:11.0705 2480 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
00:25:11.0705 2480 sffdisk - ok
00:25:11.0768 2480 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
00:25:11.0768 2480 sffp_mmc - ok
00:25:11.0799 2480 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
00:25:11.0799 2480 sffp_sd - ok
00:25:11.0830 2480 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:25:11.0846 2480 sfloppy - ok
00:25:11.0892 2480 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
00:25:11.0892 2480 sisagp - ok
00:25:11.0924 2480 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
00:25:11.0924 2480 SiSRaid2 - ok
00:25:11.0970 2480 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
00:25:11.0986 2480 SiSRaid4 - ok
00:25:12.0017 2480 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
00:25:12.0033 2480 Smb - ok
00:25:12.0392 2480 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:25:12.0392 2480 spldr - ok
00:25:12.0610 2480 sptd (f42efefb765235f24b24e1d2b6f99f46) C:\Windows\System32\Drivers\sptd.sys
00:25:12.0610 2480 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: f42efefb765235f24b24e1d2b6f99f46
00:25:12.0626 2480 sptd ( LockedFile.Multi.Generic ) - warning
00:25:12.0626 2480 sptd - detected LockedFile.Multi.Generic (1)
00:25:13.0125 2480 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\NIS\1207000.00D\SRTSP.SYS
00:25:13.0140 2480 SRTSP - ok
00:25:13.0546 2480 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NIS\1207000.00D\SRTSPX.SYS
00:25:13.0546 2480 SRTSPX - ok
00:25:13.0796 2480 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
00:25:13.0874 2480 srv - ok
00:25:14.0014 2480 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
00:25:14.0014 2480 srv2 - ok
00:25:14.0045 2480 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
00:25:14.0045 2480 srvnet - ok
00:25:14.0170 2480 STHDA (5d09e4934bc269c93ebe7c96e34aa8ee) C:\Windows\system32\DRIVERS\stwrt.sys
00:25:14.0201 2480 STHDA - ok
00:25:14.0466 2480 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:25:14.0482 2480 swenum - ok
00:25:14.0950 2480 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:25:14.0950 2480 Symc8xx - ok
00:25:15.0371 2480 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NIS\1207000.00D\SYMDS.SYS
00:25:15.0449 2480 SymDS - ok
00:25:15.0886 2480 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NIS\1207000.00D\SYMEFA.SYS
00:25:16.0042 2480 SymEFA - ok
00:25:16.0260 2480 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
00:25:16.0276 2480 SymEvent - ok
00:25:16.0557 2480 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1207000.00D\Ironx86.SYS
00:25:16.0557 2480 SymIRON - ok
00:25:17.0103 2480 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\NIS\1207000.00D\SYMTDIV.SYS
00:25:17.0134 2480 SYMTDIv - ok
00:25:17.0228 2480 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:25:17.0243 2480 Sym_hi - ok
00:25:17.0259 2480 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:25:17.0274 2480 Sym_u3 - ok
00:25:17.0352 2480 SynTP (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
00:25:17.0368 2480 SynTP - ok
00:25:17.0649 2480 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
00:25:17.0789 2480 Tcpip - ok
00:25:18.0444 2480 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
00:25:18.0460 2480 Tcpip6 - ok
00:25:18.0803 2480 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
00:25:18.0803 2480 tcpipreg - ok
00:25:19.0178 2480 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:25:19.0178 2480 TDPIPE - ok
00:25:19.0318 2480 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:25:19.0318 2480 TDTCP - ok
00:25:19.0536 2480 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
00:25:19.0536 2480 tdx - ok
00:25:19.0630 2480 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
00:25:19.0630 2480 TermDD - ok
00:25:19.0880 2480 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:25:19.0880 2480 tssecsrv - ok
00:25:20.0160 2480 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:25:20.0160 2480 tunmp - ok
00:25:20.0285 2480 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
00:25:20.0301 2480 tunnel - ok
00:25:20.0550 2480 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
00:25:20.0550 2480 uagp35 - ok
00:25:20.0769 2480 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
00:25:20.0769 2480 udfs - ok
00:25:21.0252 2480 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
00:25:21.0268 2480 uliagpkx - ok
00:25:21.0580 2480 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
00:25:21.0627 2480 uliahci - ok
00:25:22.0001 2480 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:25:22.0017 2480 UlSata - ok
00:25:22.0251 2480 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:25:22.0266 2480 ulsata2 - ok
00:25:22.0703 2480 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:25:22.0719 2480 umbus - ok
00:25:23.0358 2480 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
00:25:23.0405 2480 USBAAPL - ok
00:25:23.0530 2480 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
00:25:23.0530 2480 usbaudio - ok
00:25:23.0577 2480 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:25:23.0592 2480 usbccgp - ok
00:25:23.0624 2480 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:25:23.0624 2480 usbcir - ok
00:25:23.0686 2480 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
00:25:23.0686 2480 usbehci - ok
00:25:23.0717 2480 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
00:25:23.0717 2480 usbhub - ok
00:25:23.0951 2480 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
00:25:23.0951 2480 usbohci - ok
00:25:24.0123 2480 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:25:24.0138 2480 usbprint - ok
00:25:24.0170 2480 usbser (a96191470581a7091420d25ecd444502) C:\Windows\system32\DRIVERS\usbser.sys
00:25:24.0170 2480 usbser - ok
00:25:24.0216 2480 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:25:24.0216 2480 USBSTOR - ok
00:25:24.0263 2480 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:25:24.0263 2480 usbuhci - ok
00:25:24.0310 2480 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
00:25:24.0310 2480 usbvideo - ok
00:25:24.0544 2480 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
00:25:24.0544 2480 vga - ok
00:25:24.0934 2480 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:25:24.0934 2480 VgaSave - ok
00:25:25.0121 2480 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
00:25:25.0121 2480 viaagp - ok
00:25:25.0168 2480 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
00:25:25.0168 2480 ViaC7 - ok
00:25:25.0215 2480 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
00:25:25.0215 2480 viaide - ok
00:25:25.0277 2480 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:25:25.0277 2480 volmgr - ok
00:25:25.0386 2480 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
00:25:25.0402 2480 volmgrx - ok
00:25:25.0464 2480 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
00:25:25.0464 2480 volsnap - ok
00:25:25.0511 2480 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
00:25:25.0511 2480 vsmraid - ok
00:25:25.0542 2480 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:25:25.0558 2480 WacomPen - ok
00:25:25.0574 2480 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:25:25.0574 2480 Wanarp - ok
00:25:25.0636 2480 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:25:25.0652 2480 Wanarpv6 - ok
00:25:25.0683 2480 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
00:25:25.0683 2480 Wd - ok
00:25:25.0714 2480 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
00:25:25.0730 2480 Wdf01000 - ok
00:25:26.0104 2480 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:25:26.0104 2480 WmiAcpi - ok
00:25:26.0260 2480 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
00:25:26.0260 2480 WpdUsb - ok
00:25:26.0400 2480 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:25:26.0416 2480 ws2ifsl - ok
00:25:26.0650 2480 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:25:26.0666 2480 WUDFRd - ok
00:25:26.0915 2480 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
00:25:26.0931 2480 yukonwlh - ok
00:25:26.0978 2480 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
00:25:27.0009 2480 \Device\Harddisk0\DR0 - ok
00:25:27.0071 2480 Boot (0x1200) (607723e75431d691f63fe7373284ce5f) \Device\Harddisk0\DR0\Partition0
00:25:27.0087 2480 \Device\Harddisk0\DR0\Partition0 - ok
00:25:27.0165 2480 Boot (0x1200) (939c99ffb5fda050b1289e260d4c4de3) \Device\Harddisk0\DR0\Partition1
00:25:27.0165 2480 \Device\Harddisk0\DR0\Partition1 - ok
00:25:27.0165 2480 ============================================================
00:25:27.0165 2480 Scan finished
00:25:27.0165 2480 ============================================================
00:25:27.0196 2504 Detected object count: 2
00:25:27.0196 2504 Actual detected object count: 2
00:26:08.0708 2504 C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine
00:26:09.0098 2504 Backup copy found, using it..
00:26:09.0425 2504 C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot
00:26:11.0859 2504 netbt ( Virus.Win32.ZAccess.aml ) - User select action: Cure
00:26:11.0859 2504 sptd ( LockedFile.Multi.Generic ) - skipped by user
00:26:11.0859 2504 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
00:26:20.0579 2320 Deinitialize success

-------------------------------

And here's the OTL.txt:

OTL logfile created on: 26/02/2012 00:40:02 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Compaq\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 51.09% Memory free
6.08 Gb Paging File | 4.42 Gb Available in Paging File | 72.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.33 Gb Total Space | 107.87 Gb Free Space | 48.52% Space Free | Partition Type: NTFS
Drive D: | 10.55 Gb Total Space | 1.80 Gb Free Space | 17.04% Space Free | Partition Type: NTFS

Computer Name: COMPAQ-PC | User Name: Compaq | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Compaq\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe (COMODO)
PRC - C:\Program Files\Comodo\COMODO GeekBuddy\CLPS.exe (COMODO)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Apple Software Update\SoftwareUpdate.exe (Apple Inc.)
PRC - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\O2 Assistant\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\O2 Assistant\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\O2 Assistant\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\SMINST\BLService.exe ()
PRC - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (Avid Technology, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll ()
MOD - C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll ()
MOD - C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll ()
MOD - C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()

========== Win32 Services (SafeList) ==========

SRV - (symsnap) -- File not found
SRV - (n558) -- File not found
SRV - (Anydlc) -- File not found
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (CLPSLS) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe (Symantec Corporation)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_O2DA) SupportSoft Sprocket Service (O2DA) -- C:\Program Files\O2 Assistant\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_O2DA) SupportSoft Repair Service (O2DA) -- C:\Program Files\O2 Assistant\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (crauto) -- C:\Windows\System32\ipsecmon.dll (Oak Technology Inc.)
SRV - (MA_CMIDI_InstallerService) -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (Avid Technology, Inc.)

========== Driver Services (SafeList) ==========

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120224.034\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120224.034\NAVENG.SYS (Symantec Corporation)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20120224.002\IDSvix86.sys (Symantec Corporation)
DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ()
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20120215.001\BHDrvx86.sys (Symantec Corporation)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (RapportIaso) -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys (Trusteer Ltd.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1207000.00D\SYMTDIV.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1207000.00D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1207000.00D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1207000.00D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1207000.00D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1207000.00D\Ironx86.SYS (Symantec Corporation)
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (RapportBuka) -- C:\Windows\System32\drivers\RapportBuka.sys (Trusteer Ltd.)
DRV - (SE1008mdm) -- C:\Windows\System32\drivers\SE1008mdm.sys (Sony Ericsson)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (MA_CMIDI) -- C:\Windows\System32\drivers\MA_CMIDI.SYS (M-Audio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "iLivid Web Search"
FF - prefs.js..browser.search.order.1: "iLivid Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.ask.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.4.1.00
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.4.3
FF - prefs.js..keyword.URL: "http://www.searchqu....id=406&sr=0&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Compaq\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Compaq\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2012/02/19 18:02:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_5_2 [2012/02/26 00:29:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/19 18:01:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/20 12:49:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/20 12:49:34 | 000,000,000 | ---D | M]

[2011/10/12 21:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Compaq\AppData\Roaming\mozilla\Extensions
[2012/01/22 15:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions
[2010/03/13 21:03:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/12 15:53:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/01/22 15:37:25 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/01/22 14:56:00 | 000,000,000 | ---D | M] (Bflix extension) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\zyg90ndo.default\extensions\info@thebflix.com
[2012/01/22 15:02:31 | 000,002,472 | ---- | M] () -- C:\Users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\zyg90ndo.default\searchplugins\safesearch.xml
[2011/10/12 15:53:46 | 000,002,520 | ---- | M] () -- C:\Users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\zyg90ndo.default\searchplugins\SearchResults.xml
[2012/01/22 14:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/26 00:29:08 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\COFFPLGN_2011_7_5_2
[2012/02/19 18:02:03 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPLGN
[2011/12/21 07:42:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/21 05:14:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/21 05:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 05:14:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/21 05:14:26 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/12 15:53:46 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011/12/21 05:14:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{googl
e:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chro
me&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client
=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Compaq\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Compaq\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO] C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [O2DA] C:\Program Files\O2 Assistant\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73F92850-0943-4CBD-8836-3F9DF80843DA}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{25d47d5d-dc37-11de-adef-00238be688d6}\Shell - "" = AutoRun
O33 - MountPoints2\{25d47d5d-dc37-11de-adef-00238be688d6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{7e845458-a480-11de-a064-00238be688d6}\Shell - "" = AutoRun
O33 - MountPoints2\{7e845458-a480-11de-a064-00238be688d6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 00:32:58 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Compaq\Desktop\OTL.exe
[2012/02/26 00:26:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/25 10:55:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Compaq\Desktop\dds.com
[2012/02/25 10:53:28 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Compaq\Desktop\aswMBR.exe
[2012/02/25 10:44:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Compaq\Desktop\dds.scr
[2012/02/24 14:57:14 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Compaq\Desktop\HiJackThis.exe
[2012/02/20 13:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/02/20 13:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/02/20 11:27:24 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/20 11:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/20 11:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/20 11:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/20 10:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/02/20 10:25:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/02/20 10:24:29 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Local\Comodo
[2012/02/20 10:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/02/20 10:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/02/20 10:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2012/02/20 10:03:58 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\Malwarebytes
[2012/02/20 10:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/20 10:03:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/20 10:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/20 10:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/13 12:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2012/02/05 15:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/02/05 15:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012/02/05 14:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/02/05 14:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2012/02/05 14:46:09 | 000,000,000 | ---D | C] -- C:\WMSDK
[2012/02/04 16:00:16 | 000,000,000 | ---D | C] -- C:\Users\Compaq\Desktop\photos Aurore phone
[2012/02/03 18:17:13 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\Media Player Classic
[2012/02/03 15:58:11 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Local\{63666F5D-CB50-4006-BAD8-A7A359057769}
[2012/02/03 15:41:32 | 000,262,144 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2012/02/03 15:41:32 | 000,086,016 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2012/02/03 15:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\OpenLibraries
[2012/02/03 10:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2012/02/03 10:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/26 00:55:37 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4056065152-634905853-1308159465-1000UA.job
[2012/02/26 00:33:00 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Compaq\Desktop\OTL.exe
[2012/02/26 00:30:47 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/02/26 00:28:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 00:28:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 00:27:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/26 00:27:45 | 3148,795,904 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/26 00:26:08 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/26 00:26:08 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/26 00:23:00 | 002,044,183 | ---- | M] () -- C:\Users\Compaq\Desktop\tdsskiller.zip
[2012/02/26 00:18:21 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/25 13:36:27 | 000,040,960 | ---- | M] () -- C:\Users\Compaq\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/25 11:02:53 | 000,000,512 | ---- | M] () -- C:\Users\Compaq\Desktop\MBR.dat
[2012/02/25 10:55:35 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Compaq\Desktop\dds.com
[2012/02/25 10:54:19 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Compaq\Desktop\aswMBR.exe
[2012/02/25 10:44:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Compaq\Desktop\dds.scr
[2012/02/24 14:57:17 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Compaq\Desktop\HiJackThis.exe
[2012/02/22 09:52:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\m6j3wHM1.dat
[2012/02/22 09:51:36 | 000,000,000 | ---- | M] () -- C:\Windows\System32\67AC568.com
[2012/02/22 09:50:24 | 000,028,160 | ---- | M] () -- C:\ProgramData\67AC568.exe
[2012/02/20 13:31:23 | 003,745,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/20 13:22:29 | 000,292,100 | ---- | M] () -- C:\Users\Compaq\Documents\cc_20120220_132138.reg
[2012/02/20 13:14:54 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/20 11:27:03 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/20 11:03:11 | 002,185,990 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1207000.00D\Cat.DB
[2012/02/20 10:58:44 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/02/20 10:57:56 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/02/20 10:14:19 | 000,001,017 | ---- | M] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/02/20 10:14:19 | 000,000,993 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012/02/20 10:03:49 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/19 18:20:08 | 000,006,756 | ---- | M] () -- C:\Users\Compaq\AppData\Local\d3d9caps.dat
[2012/02/17 15:57:53 | 000,002,047 | ---- | M] () -- C:\Users\Compaq\Desktop\Google Chrome.lnk
[2012/02/17 15:57:53 | 000,002,009 | ---- | M] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/16 19:55:16 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4056065152-634905853-1308159465-1000Core.job
[2012/02/15 10:11:08 | 000,002,587 | ---- | M] () -- C:\Users\Compaq\Desktop\Microsoft Office Word 2007.lnk
[2012/02/08 10:53:04 | 000,000,326 | ---- | M] () -- C:\MemeoSendAddin
[2012/02/03 15:41:32 | 000,262,144 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2012/02/03 15:41:32 | 000,086,016 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2012/02/03 10:00:11 | 000,001,688 | ---- | M] () -- C:\Users\Compaq\Desktop\PeerBlock.lnk
[2012/02/01 17:57:19 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/01/28 11:07:07 | 000,009,667 | ---- | M] () -- C:\Users\Compaq\Desktop\moodle final essay.pdf
[2012/01/28 04:52:38 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1207000.00D\isolate.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Program Files\win32.exe
[2012/02/26 00:22:57 | 002,044,183 | ---- | C] () -- C:\Users\Compaq\Desktop\tdsskiller.zip
[2012/02/25 11:02:53 | 000,000,512 | ---- | C] () -- C:\Users\Compaq\Desktop\MBR.dat
[2012/02/24 14:45:13 | 3148,795,904 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/22 09:52:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\m6j3wHM1.dat
[2012/02/22 09:51:48 | 000,028,160 | ---- | C] () -- C:\ProgramData\67AC568.exe
[2012/02/22 09:51:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\67AC568.com
[2012/02/20 13:21:45 | 000,292,100 | ---- | C] () -- C:\Users\Compaq\Documents\cc_20120220_132138.reg
[2012/02/20 13:14:53 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/20 11:27:03 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/20 10:58:43 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/02/20 10:14:19 | 000,001,017 | ---- | C] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/02/20 10:14:19 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012/02/20 10:14:08 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/02/20 10:03:49 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/18 09:52:39 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/03 16:08:58 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/02/03 10:00:10 | 000,001,688 | ---- | C] () -- C:\Users\Compaq\Desktop\PeerBlock.lnk
[2012/01/28 11:07:35 | 000,009,667 | ---- | C] () -- C:\Users\Compaq\Desktop\moodle final essay.pdf
[2012/01/10 17:52:32 | 000,000,132 | ---- | C] () -- C:\Users\Compaq\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/01/08 11:04:09 | 000,001,940 | ---- | C] () -- C:\Users\Compaq\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/09 14:07:42 | 000,006,524 | ---- | C] () -- C:\Users\Compaq\AppData\Roaming\wklnhst.dat
[2010/07/07 12:41:13 | 000,000,114 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/02 11:11:02 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

========== LOP Check ==========

[2011/04/27 15:03:32 | 000,000,000 | ---D | M] -- C:\Users\Compaq\AppData\Roaming\AnvSoft
[2011/10/30 13:42:06 | 000,000,000 | ---D | M] -- C:\Users\Compaq\AppData\Roaming\Arduino
[2012/02/20 13:17:49 | 000,000,000 | ---D | M] -- C:\Users\Compaq\AppData\Roaming\Azureus
[2009/11/15 23:11:03 | 000,000,000 | ---D | M] -- C:\Users\Compaq\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/05/04 19:15:48 | 000,000,000 | ---D | M] -- C:\Users\Compaq\AppData\Roaming\cacaoweb
[2011/10/15 07:10:34 | 000,000,000 | ---D | M] -- C:\Users\Compaq\AppData\Roaming\ChessBase
[2012/01/17 20:03:44 | 000,000,000 | ---D | M] -- C:\Users\Compaq\AppData\Roaming\DAEMON Tools
[2012/02/20 13:17:51 | 000,000,000 | ---D | M] -- C:\Users\Compaq\AppData\Roaming\DAEMON Tools Lite
[2011/01/14 10:43:47 | 000,000,000 | ---D | M] -- C:\Users\Compaq\AppData\Roaming\Leadertech
[2011/01/14 10:50:24 | 000,000,000 | ---D | M] -- C:\Users\Compaq\AppData\Roaming\Seagate
[2012/02/07 18:36:09 | 000,000,000 | ---D | M] -- C:\Users\Compaq\AppData\Roaming\Spotify
[2010/07/09 14:07:44 | 000,000,000 | ---D | M] -- C:\Users\Compaq\AppData\Roaming\Template
[2010/02/15 19:30:37 | 000,000,000 | ---D | M] -- C:\Users\Compaq\AppData\Roaming\Trusteer
[2011/02/02 15:55:42 | 000,000,000 | ---D | M] -- C:\Users\Compaq\AppData\Roaming\Uniblue
[2012/02/26 00:26:30 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

I'll post the extras in the next post

#8 thatguy89

Authentic Member

Authentic Member
80 posts

Posted 25 February 2012 - 07:01 PM

Here's the Extras.txt file too

OTL Extras logfile created on: 26/02/2012 00:40:02 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Compaq\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 51.09% Memory free
6.08 Gb Paging File | 4.42 Gb Available in Paging File | 72.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.33 Gb Total Space | 107.87 Gb Free Space | 48.52% Space Free | Partition Type: NTFS
Drive D: | 10.55 Gb Total Space | 1.80 Gb Free Space | 17.04% Space Free | Partition Type: NTFS

Computer Name: COMPAQ-PC | User Name: Compaq | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5D1F5A5A-7155-4658-B836-293509F1299D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6209A73E-7A93-4C7E-A821-874BA1333059}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D3767D7C-F040-433A-B619-2ABDE9C5682F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11D16B3E-254B-4AA3-B1B3-D2E6B5E82276}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{28E5B489-667F-434E-8ACF-255CBC6B0531}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44F5A04E-07B4-4EB3-9943-C308A84A5677}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4DD0D392-B9FA-4F7C-B366-1AD75F7D5053}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{5B085024-C231-4658-B7BA-6B5C239A07C6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{69F91C6D-A781-4F6D-9E22-C3687F7F3CEA}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{71E63B64-8A54-42B7-BECB-EBF81AF8F821}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{76A0BE05-DA0E-4060-9FCC-8CE25BE1F0B1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7EE3DE13-6222-46C0-A01B-BF137C75C8AB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{866D144E-AD6E-4037-A8B7-91988F2B9A6A}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{959B3D6A-D31F-4870-90E7-965ECA0727A3}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{ABA56B8F-CCA4-4466-8689-45C4FC1EF6E4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B301F2EF-5B24-4006-8FE6-06E005DD453A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B6738E96-062C-4061-972C-A14B227DC282}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{CEDF1A8B-90AA-4D68-BADC-0437AA901DC9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D258B9C3-A36A-40A6-9793-94FCBA023F2F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D877D81E-F506-415C-A0EE-7F72746DBABA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D9B01E7E-DF97-45FB-92EA-905B5A06AC62}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7E8951E-CBD5-464C-B515-51894344D4B9}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{F01AA357-673A-4F72-84F5-E04860E2473D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = M-Audio Series II MIDI
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DD1AF59-5121-421F-B92D-EEBF3F20345A}" = Official Video Converter
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5B035501-3F57-4772-B0CA-3D5E613A5D86}" = My O2
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{84BBFA13-C40E-4287-85EF-E8B1034451AA}" = Windows Media Encoder 9 Series SDK
"{85F57CCE-3D78-4637-B7B0-FA5E0FAD8377}" = Edexcel A2 French Student listening activities CD-ROM
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AFB7E806-1FCF-4659-B355-93A657107818}" = Edexcel AS French
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Any Video Converter_is1" = Any Video Converter 3.2.2
"AOL Toolbar" = AOL Toolbar 5.0
"ASIO4ALL" = ASIO4ALL
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Collab" = Collab
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comodo Dragon" = Comodo Dragon
"COMODO GeekBuddy" = COMODO GeekBuddy
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 8" = FL Studio 8
"HDMI" = Intel® Graphics Media Accelerator Driver
"IL Download Manager" = IL Download Manager
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.2.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)
"NIS" = Norton Internet Security
"PoiZone" = PoiZone
"Rapport_msi" = Rapport
"RealPlayer 15.0" = RealPlayer
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"Sony Ericsson W395© driver" = Sony Ericsson W395© driver v3.5.3.0
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toxic Biohazard" = Toxic Biohazard
"VLC media player" = VLC media player 1.0.1
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/09/2011 11:27:59 | Computer Name = Compaq-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/09/2011 11:28:02 | Computer Name = Compaq-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/09/2011 11:28:02 | Computer Name = Compaq-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/09/2011 11:28:03 | Computer Name = Compaq-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/09/2011 11:28:03 | Computer Name = Compaq-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/09/2011 11:28:03 | Computer Name = Compaq-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/09/2011 11:28:03 | Computer Name = Compaq-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/09/2011 11:28:05 | Computer Name = Compaq-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/09/2011 11:28:05 | Computer Name = Compaq-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 17/09/2011 15:20:09 | Computer Name = Compaq-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 29/09/2011 15:37:33 | Computer Name = Compaq-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3158
seconds with 2640 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 25/02/2012 20:19:36 | Computer Name = Compaq-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 25/02/2012 20:19:36 | Computer Name = Compaq-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 25/02/2012 20:28:07 | Computer Name = Compaq-PC | Source = HTTP | ID = 15016
Description =

Error - 25/02/2012 20:29:18 | Computer Name = Compaq-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 25/02/2012 20:29:18 | Computer Name = Compaq-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 25/02/2012 20:29:18 | Computer Name = Compaq-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 25/02/2012 20:29:18 | Computer Name = Compaq-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 25/02/2012 20:29:18 | Computer Name = Compaq-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 25/02/2012 20:29:18 | Computer Name = Compaq-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 25/02/2012 20:29:18 | Computer Name = Compaq-PC | Source = Service Control Manager | ID = 7023
Description =

< End of report >

Thanks in advance even if it can't be saved Jeff, I massively appreciate the effort!!

#9 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 25 February 2012 - 09:18 PM

Hi,

You are more than welcome.

Looks like we got rid of a bit of it but there is more to do.

----------

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

#10 thatguy89

Authentic Member

Authentic Member
80 posts

Posted 26 February 2012 - 05:43 AM

Ok, I seem to have ran into a bit of a problem. Downloaded combofix, disabled norton 360 by right clicking icon in system tray and disabling antivirus auto protect and firewall, same with comodo. Before running, combofix tells me N360 is still active and needs to be disabled to avoid problems etc etc, I double check and even go on Norton's settings and disable literally every option manually and I get a second pop up saying it's STILL active so I go ahead with the scan anyway... everything's fine until it gets to "Scanning for infected files... This typically doesn't take more than 10 minutes However, scan times for badly infected machines may easily double..." After closing it and starting it again a few times, waiting 20 mins each time, half an hour on the last, nothing else happens. It's just this message for half an hour and that's it. Not looking good really.

Advertisements

Register to Remove

#11 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 26 February 2012 - 08:27 AM

Hi,

Let's not get down yet LOL!!
----------

Download Combofix from any of the links below but rename it to svchost.com before saving it to your desktop.

Link 1
Link 2

==================================

Right-click and Run as Administrator on the renamed ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt so we can continue cleaning the system.

If you are told that your antivirus is still running, just go ahead and continue on with the scan.

#12 thatguy89

Authentic Member

Authentic Member
80 posts

Posted 26 February 2012 - 04:59 PM

Ok, i tried several times including in safe mode and havent made any progress, i even left combo fix running for 4 hours and didnt get any further than the scanning in progress sign. Here's exactly what i did before my internet stopped working: downloaded cfix from link 1 (link 2 wouldnt work) i then turned off my wifi(i only use wireless) disabled antivirus firewall etc in "downloads" i renamed combofix "svchost.com" moved svchost.com to desktop right click and opened file (run as admin wasnt an option) cfix extracts files and closes chrome (id left this page open) svchost.com then changes itself to combofix on desktop blue c log box pops up prepares to run creates system restore point scanning infected files (where it stopped all the other previous times) nothing happens again turn wifi back on along with antivirus and firewall to write this on the forum (im using my ipod right now lol) chrome dsn look-up failed firefox says server not found i check comodo firewall and PING.EXE is 99percent output! At that point i stopped all traffic, turned off the wifi and shut the computer down. Obviously i have absolutely no idea what's going on so maybe what ive just told you might give you some ideas, because i sure as hell dont have any! Lol (if i dont laugh i'll cry!)

#13 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 26 February 2012 - 05:45 PM

Hi, Try to run through those steps but try running in Safe Mode with Networking and leave the internet on.

Just so you know this infection is the real-deal and may take some time to bust it open. After you try those steps again in Safe Mode with Networking let me know what happens.

#14 thatguy89

Authentic Member

Authentic Member
80 posts

Posted 27 February 2012 - 06:01 AM

Hi, Right, I disabled everything normally (choosing to disable norton for 5 hours; subsequently I wasnt then warned about norton being active this time.) Ran in safe mode with networking leaving internet on. A few times I was prompted that (more or less in these words) recycled files in C:\ are corrupted would you like to empty recylce bin? I clicked no each time (these have been popping up since downloading combo fix) same thing again, open svchost.com from desktop (run as admin not an option) yet in safe mode when the blue c log box pops up, when 'running combo fix' before creating system restore point it says something like 'authorisation denied administrator permission required.' everything's the same afterwards: creates restore point gets to may take longer than 20 minutes sign and did nothing. I let it run for 2 hours (i need to go to a lecture now!) PS I now also have two files on my desktop and a few in the "temp" folder whose icons have a transluscent appearence as opposed to the standard opaque icons everywhere else. Thanks in advance!

#15 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 27 February 2012 - 06:35 AM

Hi, Ok...let me work up a fix using OTL and then we can come back to ComboFix and see if that works. I will return as quickly as I can.

Those other files that are now on your Desktop you don't need to worry about right now.

Body Background

skin color theme