WiredWX Hobby Weather ToolsLog in

 


Root Kit....Zero Access

4 posters

descriptionRoot Kit....Zero Access - Page 5 EmptyRe: Root Kit....Zero Access

more_horiz
I have some interesting news

Someone linked me to this:
http://www.bleepingcomputer.com/forums/topic454607.html/page__st__30

It appears this could be a false positive by combofix
We might have been chasing ghosts the last week

Please download MBRCheck by a_d_13 from either of the following mirrors and save it to your C:\
  • Mirror #1
  • Mirror #2
  • Mirror #3


Reboot with OTLPE
Run mbrcheck to verify your MBR in off-line mode.
Post the report back here.

descriptionRoot Kit....Zero Access - Page 5 EmptyRe: Root Kit....Zero Access

more_horiz
do you have any suggestions on how to save reports in OTLPE? Been having difficlty doing that

descriptionRoot Kit....Zero Access - Page 5 EmptyRe: Root Kit....Zero Access

more_horiz
mbrcheck saves the report in the same folder where you saved it.
So if you saved mbrcheck to c:\, the report should be there.

btw the majorgeeks case you found is completely different. This user had a lot of infections. I did not find that kind of stuff on your computer.

descriptionRoot Kit....Zero Access - Page 5 EmptyRe: Root Kit....Zero Access

more_horiz
Hope we found it

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: (build 2600)
Logical Drives Mask: 0x00800006

Kernel Drivers (total 81):
0x80400000 \i386\system32\ntoskrnl.exe
0x80615000 \i386\system32\halaacpi.dll
0xF7987000 \i386\system32\KDCOM.DLL
0xF7897000 \i386\system32\BOOTVID.dll
0xF73EC000 setupdd.sys
0xF7A4F000 \i386\system32\drivers\SPDDLANG.SYS
0xF73DB000 pci.sys
0xF73AD000 acpi.sys
0xF7989000 \i386\system32\drivers\WMILIB.SYS
0xF7487000 isapnp.sys
0xF789B000 acpiec.sys
0xF7A50000 \i386\system32\drivers\OPRGHDLR.SYS
0xF7A51000 pciide.sys
0xF7707000 \i386\system32\drivers\PCIIDEX.SYS
0xF74B7000 mountmgr.sys
0xF7370000 ftdisk.sys
0xF7717000 partmgr.sys
0xF7993000 dmload.sys
0xF734A000 dmio.sys
0xF74E7000 \i386\system32\drivers\CLASSPNP.SYS
0xF7727000 usbehci.sys
0xF72F0000 \i386\system32\drivers\USBPORT.SYS
0xF7737000 usbuhci.sys
0xF7507000 usbhub.sys
0xF7997000 \i386\system32\drivers\USBD.SYS
0xF773F000 usbccgp.sys
0xF789F000 hidusb.sys
0xF7747000 \i386\system32\drivers\HIDPARSE.SYS
0xF7517000 \i386\system32\drivers\HIDCLASS.SYS
0xF7537000 i8042prt.sys
0xF78A7000 kbdhid.sys
0xF7757000 kbdclass.sys
0xF775F000 mouclass.sys
0xF78AB000 mouhid.sys
0xF72D8000 SCSIPORT.SYS
0xF72C0000 atapi.sys
0xF78C7000 VMSCSI.SY_
0xF77BF000 VIAPDSK.SY_
0xF7193000 viamraid.SY_
0xF712C000 SISRAID4.SY_
0xF77C7000 SISRAID2.SY_
0xF6B3C000 iastor78.SY_
0xF614C000 dmboot.sys
0xF720B000 cdrom.sys
0xF71FB000 disk.sys
0xF6135000 ksecdd.sys
0xF6112000 fastfat.sys
0xF6085000 ntfs.sys
0xF71EB000 cdfs.sys
0xF6058000 ndis.sys
0xF603D000 mup.sys
0xF7AD4000 \SystemRoot\System32\drivers\audstub.sys
0xF79A1000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF783F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF79A5000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF5EB9000 \SystemRoot\System32\DRIVERS\ks.sys
0xF5FFD000 \SystemRoot\system32\drivers\ramdriv.sys
0xF77CF000 \SystemRoot\System32\drivers\vga.sys
0xBAFEC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xBAFBB000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF5FE0000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF7AE6000 \SystemRoot\System32\Drivers\Null.SYS
0xF776F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF777F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBAFA8000 \SystemRoot\System32\drivers\ipsec.sys
0xF79A9000 \SystemRoot\System32\Drivers\Beep.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF77AF000 \SystemRoot\System32\watchdog.sys
0xF5FA4000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF9C1000 \SystemRoot\System32\drivers\dxg.sys
0xF7B2A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xF721B000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF684B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBAAB4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBAA45000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA9ED000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA9CB000 \SystemRoot\system32\drivers\afd.sys
0xBA9A3000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF77F7000 \??\B:\mbr.sys
0x7C900000 \I386\SYSTEM32\NTDLL.DLL

Processes (total 15):
0 System Idle Process
4 System
244 X:\I386\SYSTEM32\CSRSS.EXE
304 X:\I386\SYSTEM32\SERVICES.EXE
316 X:\I386\SYSTEM32\LSASS.EXE
436 X:\I386\SYSTEM32\SVCHOST.EXE
444 X:\I386\SYSTEM32\REATOGOLOGON.EXE
520 X:\I386\SYSTEM32\SVCHOST.EXE
1532 X:\I386\SYSTEM32\SVCHOST.EXE
1704 X:\I386\SYSTEM32\SVCHOST.EXE
1836 X:\PROGRAMS\wbload\wbload.exe
1964 X:\I386\SYSTEM32\SVCHOST.EXE
2020 X:\I386\EXPLORER.EXE
648 X:\I386\EXPLORER.EXE
1436 C:\Users\JonEJet\Downloads\MBRCheck.exe

\\.\B: --> error 1
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1246GSX, Rev: LB213M

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61

descriptionRoot Kit....Zero Access - Page 5 EmptyRe: Root Kit....Zero Access

more_horiz
MBR is clean.

Next set of instructions, kindly provided by a helpful member of another forum.

After booting normal go to start menu ==> Run and type CMD and hit Enter
You are now in the command prompt. Enter the following command:
fsutil reparsepoint delete C:\Windows\$NtUninstallKB46020$


After that open OTL (you still have it available? Otherwise download it here).
In the custom scans/fixes field type the following:
rd /s/q C:\Windows\$NtUninstallKB46020$ /c


And click Run Fix. Please post the result back here.

====================

Another tool that was recommended by him was this tool by Panda.

If all this still does not make the Combofix alert go away, I seriously doubt your computer is infected and I think we are dealing with a false positive from Combofix.

No ZAccess variant should be able to survive the armageddon of tools we have thrown at your computer.

descriptionRoot Kit....Zero Access - Page 5 EmptyRe: Root Kit....Zero Access

more_horiz
Error: Unable to interpret in the current context!

OTL by OldTimer - Version 3.2.45.0 log created on 06072012_232428

Not sure that went well

As far as the false positive, I still can't run combofix, and I still get redirected most times I do any type of search

Also, under the CMD prompt, I got the following message

The FSUTIL utility requires you have administration privledges

descriptionRoot Kit....Zero Access - Page 5 EmptyRe: Root Kit....Zero Access

more_horiz
oops I am dumb

The OTL script must be this:

:files
rd /s/q C:\Windows\$NtUninstallKB46020$ /c


But only do this if the fsutil command has been executed correctly.
Do you have a CMD/Command Prompt Icon that you can rightclick and run as administrator?

descriptionRoot Kit....Zero Access - Page 5 EmptyRe: Root Kit....Zero Access

more_horiz
DOes not give me option to run as administrator....but I can change that on my computer, can't i?

Okay, figured out the cmd as administrator thing

after i run the command under the promt, it gives me "ERROR: THe file or directory is not a reparse point

descriptionRoot Kit....Zero Access - Page 5 EmptyRe: Root Kit....Zero Access

more_horiz
ran OTL

========== FILES ==========
< rd /s/q C:\Windows\$NtUninstallKB46020$ /c >
C:\Users\JonEJet\Desktop\cmd.bat deleted successfully.
C:\Users\JonEJet\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.45.0 log created on 06082012_003533

descriptionRoot Kit....Zero Access - Page 5 EmptyRe: Root Kit....Zero Access

more_horiz
From yorkyt

2012-06-07 23:31:24: ****************************************************
2012-06-07 23:31:24: Starting UP ... v 0.0.0.220
2012-06-07 23:31:24: ****************************************************
2012-06-07 23:31:25: Stop TPSRV returns: 2
2012-06-07 23:31:40: Listing processes...
2012-06-07 23:31:40: :[System Process]:0
2012-06-07 23:31:40: :System:4
2012-06-07 23:31:40: :smss.exe:540
2012-06-07 23:31:40: :csrss.exe:612
2012-06-07 23:31:40: :wininit.exe:656
2012-06-07 23:31:40: :csrss.exe:664
2012-06-07 23:31:40: :services.exe:700
2012-06-07 23:31:40: :lsass.exe:712
2012-06-07 23:31:40: :lsm.exe:724
2012-06-07 23:31:40: :winlogon.exe:796
2012-06-07 23:31:40: :svchost.exe:896
2012-06-07 23:31:40: :PresentationFontCache.exe:964
2012-06-07 23:31:40: :svchost.exe:1008
2012-06-07 23:31:40: :svchost.exe:1056
2012-06-07 23:31:40: :svchost.exe:1148
2012-06-07 23:31:40: :svchost.exe:1160
2012-06-07 23:31:40: :audiodg.exe:1272
2012-06-07 23:31:40: :SLsvc.exe:1308
2012-06-07 23:31:40: :svchost.exe:1356
2012-06-07 23:31:40: :svchost.exe:1512
2012-06-07 23:31:40: :AvastSvc.exe:1684
2012-06-07 23:31:40: :dwm.exe:1780
2012-06-07 23:31:40: :explorer.exe:1812
2012-06-07 23:31:40: :spoolsv.exe:1916
2012-06-07 23:31:40: :taskeng.exe:1944
2012-06-07 23:31:40: :taskeng.exe:2028
2012-06-07 23:31:40: :agrsmsvc.exe:1912
2012-06-07 23:31:40: :igfxpers.exe:1712
2012-06-07 23:31:40: :CFSvcs.exe:2084
2012-06-07 23:31:40: :svchost.exe:2136
2012-06-07 23:31:40: :lxducoms.exe:2288
2012-06-07 23:31:40: :pinger.exe:2392
2012-06-07 23:31:40: :SeaPort.EXE:2412
2012-06-07 23:31:40: :RtHDVCpl.exe:2420
2012-06-07 23:31:40: :SynTPStart.exe:2452
2012-06-07 23:31:40: :sftvsa.exe:2672
2012-06-07 23:31:40: :svchost.exe:2732
2012-06-07 23:31:40: :TNaviSrv.exe:2772
2012-06-07 23:31:40: :GoogleDesktop.exe:2860
2012-06-07 23:31:40: :TODDSrv.exe:2880
2012-06-07 23:31:40: :TosCoSrv.exe:2980
2012-06-07 23:31:40: :realsched.exe:2992
2012-06-07 23:31:40: :AvastUI.exe:3080
2012-06-07 23:31:40: :TosBtSrv.exe:3100
2012-06-07 23:31:40: :ULCDRSvr.exe:3196
2012-06-07 23:31:40: :svchost.exe:3212
2012-06-07 23:31:40: :WLIDSVC.EXE:3236
2012-06-07 23:31:40: :SearchIndexer.exe:3292
2012-06-07 23:31:40: :sftlist.exe:3408
2012-06-07 23:31:40: :WLIDSVCM.EXE:3684
2012-06-07 23:31:40: :CVHSVC.EXE:4040
2012-06-07 23:31:40: :SynTPEnh.exe:3416
2012-06-07 23:31:40: :unsecapp.exe:3396
2012-06-07 23:31:40: :WmiPrvSE.exe:2600
2012-06-07 23:31:40: :firefox.exe:3948
2012-06-07 23:31:40: :SynToshiba.exe:1328
2012-06-07 23:31:40: :plugin-container.exe:2612
2012-06-07 23:31:40: :jp2launcher.exe:4160
2012-06-07 23:31:40: :java.exe:4184
2012-06-07 23:31:40: :wuauclt.exe:4852
2012-06-07 23:31:40: :realplay.exe:6072
2012-06-07 23:31:40: :SearchProtocolHost.exe:2692
2012-06-07 23:31:40: :yorkyt.exe:5436
2012-06-07 23:31:40: :WmiPrvSE.exe:5652
2012-06-07 23:31:40: :SearchFilterHost.exe:5660
2012-06-07 23:31:40:
2012-06-07 23:31:40: Setting restore point
2012-06-07 23:32:17: Determining autonomous or dropped mode...
2012-06-07 23:32:17: Autonomus mode
2012-06-07 23:32:18: Installing drivers...
2012-06-07 23:32:20: Checking that it installed...
2012-06-07 23:32:20: Driver is installed...
2012-06-07 23:32:20: cmd.exe /c start "C:\Users\JonEJet\Desktop\yorkyt.exe"
2012-06-07 23:32:28: Restarting...
2012-06-07 23:54:05: ****************************************************
2012-06-07 23:54:05: Starting UP ... v 0.0.0.220
2012-06-07 23:54:05: ****************************************************
2012-06-07 23:54:05: Stop TPSRV returns: 2
2012-06-07 23:54:21: Listing processes...
2012-06-07 23:54:21: :[System Process]:0
2012-06-07 23:54:21: :System:4
2012-06-07 23:54:21: :smss.exe:476
2012-06-07 23:54:21: :csrss.exe:548
2012-06-07 23:54:21: :wininit.exe:592
2012-06-07 23:54:21: :csrss.exe:600
2012-06-07 23:54:21: :services.exe:636
2012-06-07 23:54:21: :winlogon.exe:692
2012-06-07 23:54:21: :lsass.exe:724
2012-06-07 23:54:21: :lsm.exe:732
2012-06-07 23:54:21: :svchost.exe:872
2012-06-07 23:54:21: :PresentationFontCache.exe:936
2012-06-07 23:54:21: :svchost.exe:980
2012-06-07 23:54:21: :svchost.exe:1024
2012-06-07 23:54:21: :svchost.exe:1104
2012-06-07 23:54:21: :svchost.exe:1116
2012-06-07 23:54:21: :audiodg.exe:1220
2012-06-07 23:54:21: :SLsvc.exe:1252
2012-06-07 23:54:21: :svchost.exe:1292
2012-06-07 23:54:21: :svchost.exe:1452
2012-06-07 23:54:21: :AvastSvc.exe:1660
2012-06-07 23:54:21: :dwm.exe:1724
2012-06-07 23:54:21: :explorer.exe:1760
2012-06-07 23:54:21: :spoolsv.exe:1868
2012-06-07 23:54:21: :taskeng.exe:1888
2012-06-07 23:54:21: :taskeng.exe:2008
2012-06-07 23:54:21: :agrsmsvc.exe:268
2012-06-07 23:54:21: :CFSvcs.exe:508
2012-06-07 23:54:21: :svchost.exe:556
2012-06-07 23:54:21: :lxducoms.exe:588
2012-06-07 23:54:21: :pinger.exe:1652
2012-06-07 23:54:21: :SeaPort.EXE:2084
2012-06-07 23:54:21: :sftvsa.exe:2320
2012-06-07 23:54:21: :svchost.exe:2340
2012-06-07 23:54:21: :TNaviSrv.exe:2368
2012-06-07 23:54:21: :TODDSrv.exe:2424
2012-06-07 23:54:21: :TosCoSrv.exe:2444
2012-06-07 23:54:21: :TosBtSrv.exe:2500
2012-06-07 23:54:21: :ULCDRSvr.exe:2516
2012-06-07 23:54:21: :svchost.exe:2548
2012-06-07 23:54:21: :WLIDSVC.EXE:2584
2012-06-07 23:54:21: :SearchIndexer.exe:2616
2012-06-07 23:54:21: :WLIDSVCM.EXE:2920
2012-06-07 23:54:21: :igfxpers.exe:3704
2012-06-07 23:54:21: :RtHDVCpl.exe:3852
2012-06-07 23:54:21: :SynTPStart.exe:3988
2012-06-07 23:54:21: :unsecapp.exe:4044
2012-06-07 23:54:21: :GoogleDesktop.exe:4068
2012-06-07 23:54:21: :realsched.exe:844
2012-06-07 23:54:21: :WmiPrvSE.exe:1776
2012-06-07 23:54:21: :reader_sl.exe:1428
2012-06-07 23:54:21: :AvastUI.exe:2556
2012-06-07 23:54:21: :ONENOTEM.EXE:308
2012-06-07 23:54:21: :SearchProtocolHost.exe:2972
2012-06-07 23:54:21: :firefox.exe:200
2012-06-07 23:54:21: :SynTPEnh.exe:3184
2012-06-07 23:54:21: :SynToshiba.exe:3676
2012-06-07 23:54:21: :realplay.exe:4000
2012-06-07 23:54:21: :jp2launcher.exe:3312
2012-06-07 23:54:21: :java.exe:3584
2012-06-07 23:54:21: :plugin-container.exe:3672
2012-06-07 23:54:21: :SearchFilterHost.exe:840
2012-06-07 23:54:21: :WmiPrvSE.exe:3976
2012-06-07 23:54:21: :wuauclt.exe:2292
2012-06-07 23:54:21: :yorkyt.exe:3684
2012-06-07 23:54:21:
2012-06-07 23:54:21: Setting restore point
2012-06-07 23:55:00: Determining autonomous or dropped mode...
2012-06-07 23:55:00: Autonomus mode
2012-06-07 23:55:00: Installing drivers...
2012-06-07 23:55:09: Checking that it installed...
2012-06-07 23:55:09: Driver is installed...
2012-06-07 23:55:09: cmd.exe /c start "C:\Users\JonEJet\Desktop\yorkyt.exe"
2012-06-07 23:55:59: Please restart manually

descriptionRoot Kit....Zero Access - Page 5 EmptyRe: Root Kit....Zero Access

more_horiz
Root Kit....Zero Access - Page 5 Celebration


Holy cow, IT WORKED!!!!! I am so happy right now. Ran Combofix, WoooooooooooooooHooooooooooooooo

ComboFix 12-06-06.02 - JonEJet 06/08/2012 0:59.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1074 [GMT -4:00]
Running from: c:\users\JonEJet\Desktop\SeviceFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\AlexaNSISPlugin.5340.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))
.
.
2012-06-08 05:14 . 2012-06-08 05:18 -------- d-----w- c:\users\JonEJet\AppData\Local\temp
2012-06-08 05:14 . 2012-06-08 05:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-08 05:14 . 2012-06-08 05:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-08 03:23 . 2012-06-08 03:23 -------- d-----w- C:\_OTL
2012-06-07 11:41 . 2012-06-07 11:44 -------- d-----w- C:\SeviceFix
2012-06-07 11:29 . 2012-06-08 04:56 -------- d-----w- C:\ComboFix
2012-06-06 16:14 . 2012-06-06 16:14 -------- d-----w- c:\program files\HitmanPro
2012-06-01 16:24 . 2012-04-21 01:18 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-06-01 16:24 . 2012-04-21 01:18 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-06-01 01:01 . 2012-06-01 01:01 -------- d-----w- c:\program files\Amazon
2012-06-01 01:00 . 2012-06-01 15:45 -------- d-----w- c:\program files\Amazon Browser Bar
2012-05-31 14:01 . 2012-06-06 16:05 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-31 13:59 . 2012-06-06 15:50 624608 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-05-31 13:59 . 2012-06-06 15:50 43488 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-05-31 13:59 . 2012-06-06 15:50 157600 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-31 13:59 . 2012-06-06 15:50 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-31 13:18 . 2012-05-31 13:18 0 ----a-w- c:\windows\system32\sho5BF7.tmp
2012-05-30 14:20 . 2012-05-30 14:20 -------- d-----w- c:\users\JonEJet\AppData\Roaming\FixZeroAccess
2012-05-29 15:23 . 2012-05-29 15:27 -------- d-----w- c:\program files\Free Download Manager
2012-05-29 15:22 . 2012-05-29 15:22 -------- d-----w- c:\programdata\Babylon
2012-05-29 15:22 . 2012-05-29 15:22 -------- d-----w- c:\users\JonEJet\AppData\Roaming\Babylon
2012-05-29 14:33 . 2012-05-29 14:33 0 ----a-w- c:\windows\system32\shoD4F8.tmp
2012-05-28 20:49 . 2012-05-28 20:49 -------- d-----w- c:\programdata\Sophos
2012-05-28 19:04 . 2012-05-29 15:28 -------- d-----w- c:\programdata\blekko toolbars
2012-05-28 19:04 . 2012-05-28 19:46 -------- d-----w- c:\users\JonEJet\AppData\Local\blekkotb_031
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 19:50 . 2011-04-02 16:25 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2010-12-07 10:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-06 15:50 . 2012-06-01 16:24 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-06 1862144]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-02 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.3.lnk - c:\users\JonEJet\AppData\Local\temp\quickstart.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0b4fdb4952f0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 02:58]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 02:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.amazon.com/websearch/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ie_sp_
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
FF - ProfilePath - c:\users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\okcrvxtn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.amazon.com/websearch/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_sp_
FF - prefs.js: keyword.URL - hxxp://www.amazon.com/websearch/ref=bit_bds-amzn_serp_ff_us_display?ie=UTF8&tag=bds-amzn-serp-us-ff-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_ab_&query=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 54828
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\lxducoms.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Microsoft Application Virtualization Client\sftvsa.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Microsoft Application Virtualization Client\sftlist.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\windows\RtHDVCpl.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\windows\system32\ssBranded.scr
.
**************************************************************************
.
Completion time: 2012-06-08 01:49:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-08 05:49
.
Pre-Run: 66,296,856,576 bytes free
Post-Run: 66,943,954,944 bytes free
.
- - End Of File - - F14C638D9AE6FF20316F056A7883F9AD

descriptionRoot Kit....Zero Access - Page 5 EmptyRe: Root Kit....Zero Access

more_horiz
The virus must still be infecting my computer, because I'm still being redirected during my searches

Ugh...

descriptionRoot Kit....Zero Access - Page 5 EmptyRe: Root Kit....Zero Access

more_horiz
Well that is certainly good news Smile...

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:

:files
c:\windows\system32\shoD4F8.tmp
c:\windows\system32\sho5BF7.tmp
:commands
[reboot]

  • CAREFUL NOW! You must click the Run Fix button, NOT the Run Scan!
  • If it asks to reboot the computer, please allow that.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)


====================

Analysis of a suspicious file.
  • Please go to the Virustotal website by clicking here
  • Click the Browse button and in the Name field paste:
    c:\users\JonEJet\AppData\Local\temp\quickstart.exe

  • Click Open and click Send File
  • If Virustotal informs you that "File has already been analysed", click Reanalyse file now
  • An analysis report will appear. Copy and paste the url (something like http://www.virustotal.com/analisis/blabla) into your next reply.


====================

Please download OTL by OldTimer from here and save it to your desktop.
  • Close all windows and double click OTL.exe.
  • The Extra Registry setting should be Use Safelist
  • Copy and paste the following text into the Custom Scans/Fixes box:

Code:

%APPDATA%\Microsoft\*.*
%systemroot%\system32\config\systemprofile\*.dat /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\winn32\*.*
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\TinyProxy.
%systemroot%\system32\*.* /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.* /lockedfiles
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
netlogon.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
disk.sys
explorer.exe
userinit.exe
winlogon.exe
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

  • Click the Run Scan button and allow it to run.
  • It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  • You may need multiple posts to get it all.


descriptionRoot Kit....Zero Access - Page 5 EmptyRe: Root Kit....Zero Access

more_horiz
========== FILES ==========
c:\windows\system32\shoD4F8.tmp moved successfully.
c:\windows\system32\sho5BF7.tmp moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.45.0 log created on 06092012_091931


2. WHen I searched my computer for quickstart.exe it said file not found, so I could not analyze

Well, I looked around, and it brought me this....basically scanned the Combofix.txt

https://www.virustotal.com/file/8f964ba53603f1276199d5f117af38fff88ae4c5b91d4f2afeceaaa4a97ac602/analysis/1339162478/




Last edited by JonEJet on 8th June 2012, 2:11 pm; edited 1 time in total

descriptionRoot Kit....Zero Access - Page 5 EmptyRe: Root Kit....Zero Access

more_horiz
OTL logfile created on: 6/9/2012 9:38:10 AM - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\JonEJet\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.90% Memory free
4.21 Gb Paging File | 3.23 Gb Available in Paging File | 76.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 61.66 Gb Free Space | 55.89% Space Free | Partition Type: NTFS

Computer Name: JONEJET-PC | User Name: JonEJet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/06 11:50:57 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/01 10:16:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTL.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/10/14 18:45:05 | 000,589,824 | ---- | M] ( ) -- C:\Windows\System32\lxducoms.exe
PRC - [2010/02/01 23:02:21 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/19 15:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/08/15 19:31:50 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/15 18:58:02 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/04/25 15:14:16 | 004,444,160 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/29 14:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/02/26 01:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/11/15 00:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 22:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/06 11:50:56 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/28 10:57:23 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009/05/06 09:04:36 | 000,466,944 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\resource.dll
MOD - [2009/05/06 09:03:44 | 000,372,736 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\toolband.dll
MOD - [2007/09/13 19:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MpsSvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe -- (MozillaMaintenance)
SRV - File not found [On_Demand | Stopped] -- -- (BFE)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/10/14 18:45:05 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device)
SRV - [2008/07/27 14:00:25 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/19 21:17:50 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/01/19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 00:34:54 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008/01/19 00:34:46 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2007/09/24 21:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/09/19 15:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 14:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/26 01:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/15 00:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 22:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\UP_date\PEDrv.sys -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.5\CO_Mon.sys -- (CWMonitor)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\SeviceFix13496S\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/06/08 14:15:56 | 000,027,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/06/30 13:20:45 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/30 13:20:45 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/01/18 22:49:18 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/18 22:28:10 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2007/09/19 14:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/06/01 17:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/01/24 18:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 02:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 02:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/09 02:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2006/11/02 05:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2006/11/02 05:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 05:49:20 | 000,013,416 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2006/11/02 05:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006/11/02 04:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 04:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 04:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 04:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2006/11/02 04:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006/11/02 04:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 04:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 04:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 04:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006/11/02 04:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2006/11/02 04:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006/11/02 04:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2006/11/02 04:35:03 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2006/11/02 04:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2006/11/02 04:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006/11/02 04:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006/11/02 04:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006/11/02 04:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/10/18 15:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 02:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/09/27 08:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\kr3npxp.sys -- (KR3NPXP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{BC37B0C6-1699-454D-815B-74DB6873EE31}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ie_sp_
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {21475A23-BD73-3152-6CAC-741072CD9B98}
IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{21475A23-BD73-3152-6CAC-741072CD9B98}: "URL" = http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_ie_us_display?ie=UTF8&tag=bds-amzn-serp-us-ie-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ie_ds_&query={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=078E4B36CE8D139AA3721C4FC3CC31B5&q={searchTerms}
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKCU\..\SearchScopes\{BC37B0C6-1699-454D-815B-74DB6873EE31}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_sp_"
FF - prefs.js..keyword.URL: "http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_ff_us_display?ie=UTF8&tag=bds-amzn-serp-us-ff-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_ab_&query="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54828
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/07 13:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/06 11:51:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/04 19:44:19 | 000,000,000 | ---D | M]

[2012/01/16 23:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JonEJet\AppData\Roaming\Mozilla\Extensions
[2012/03/12 20:07:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\6llx2x2q.default\extensions
[2012/06/01 10:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\okcrvxtn.default\extensions
[2012/06/06 11:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/01 10:11:28 | 000,502,682 | ---- | M] () (No name found) -- C:\USERS\JONEJET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OKCRVXTN.DEFAULT\EXTENSIONS\ABB@AMAZON.COM.XPI
[2012/03/12 20:07:50 | 000,004,728 | ---- | M] () (No name found) -- C:\USERS\JONEJET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OKCRVXTN.DEFAULT\EXTENSIONS\COOIJLURCQ@COOIJLURCQ.ORG.XPI
[2012/06/06 11:50:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/28 15:04:42 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Amazon (Enabled)
CHR - default_search_provider: search_url = http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_cr_us_display?ie=UTF8&tag=bds-amzn-serp-us-cr-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_cr_ds_&query={searchTerms}
CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?q={searchTerms}&output=chrome,
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\JonEJet\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: avast! WebRep = C:\Users\JonEJet\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

O1 HOSTS File: ([2012/06/08 01:18:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BCB3EAE-FB8F-4141-8934-8A0E11E5B570}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBCEC8C8-8DDA-4014-B428-FED0EEFC40F8}: DhcpNameServer = 208.59.247.45 208.59.247.46
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - File not found
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/08 14:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/08 01:49:17 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Local\temp
[2012/06/08 01:18:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/08 01:14:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/07 23:23:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/07 07:41:09 | 000,000,000 | ---D | C] -- C:\SeviceFix
[2012/06/05 09:49:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/06/05 09:35:14 | 007,287,176 | ---- | C] (SurfRight B.V.) -- C:\Users\JonEJet\Desktop\HitmanPro36.exe
[2012/06/04 15:51:05 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/06/04 15:51:04 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/06/04 15:51:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/06/04 15:51:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/06/03 12:29:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\JonEJet\Documents\OTL.exe
[2012/06/02 14:55:01 | 098,077,435 | ---- | C] (Igor Pavlov) -- C:\Users\JonEJet\Desktop\OTLPEStd.exe
[2012/06/01 12:59:23 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Local\Seven Zip
[2012/06/01 12:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/01 12:26:33 | 016,339,280 | ---- | C] (Mozilla) -- C:\Users\JonEJet\Desktop\Firefox Setup 12.0.exe
[2012/06/01 10:16:29 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTL.exe
[2012/05/31 21:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2012/05/31 21:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon Browser Bar
[2012/05/31 10:23:14 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\Documents\OneNote Notebooks
[2012/05/31 10:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/31 09:41:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\JonEJet\Desktop\dds.scr
[2012/05/31 09:27:33 | 000,201,728 | ---- | C] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTC.exe
[2012/05/30 17:53:26 | 000,138,120 | ---- | C] (ESET) -- C:\Users\JonEJet\Desktop\ESETSirefefRemover.exe
[2012/05/30 11:04:58 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\JonEJet\Desktop\aswMBR.exe
[2012/05/30 10:20:51 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Roaming\FixZeroAccess
[2012/05/30 09:45:58 | 001,805,736 | ---- | C] (Symantec Corporation) -- C:\Users\JonEJet\Desktop\FixZeroAccess.exe
[2012/05/29 11:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Free Download Manager
[2012/05/29 11:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/05/29 11:22:35 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Roaming\Babylon
[2012/05/28 15:04:14 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Local\blekkotb_031
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

descriptionRoot Kit....Zero Access - Page 5 EmptyRe: Root Kit....Zero Access

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum