Root Kit....Zero Access

4 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Page 2 of 6 • 1, 2, 3, 4, 5, 6

Re: Root Kit....Zero Access8th June 2012, 2:08 pm

Con't

========== Files - Modified Within 30 Days ==========

[2012/06/09 09:21:56 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 09:21:56 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 09:21:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/09 09:21:42 | 2135,359,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/08 23:56:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/08 14:15:56 | 000,027,424 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012/06/08 14:13:22 | 000,001,356 | ---- | M] () -- C:\Users\JonEJet\AppData\Local\d3d9caps.dat
[2012/06/08 01:18:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/08 00:48:21 | 179,672,641 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/07 23:30:59 | 001,415,784 | ---- | M] () -- C:\Users\JonEJet\Desktop\yorkyt.exe
[2012/06/07 14:14:40 | 000,604,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/07 14:14:40 | 000,104,356 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/07 11:03:06 | 000,080,384 | ---- | M] () -- C:\Users\JonEJet\Documents\MBRCheck.exe
[2012/06/06 23:37:06 | 000,015,494 | ---- | M] () -- C:\Users\JonEJet\log.xml
[2012/06/06 12:26:20 | 007,287,176 | ---- | M] (SurfRight B.V.) -- C:\Users\JonEJet\Desktop\HitmanPro36.exe
[2012/06/05 09:49:42 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/06/04 15:50:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/06/04 15:50:16 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/06/04 15:50:15 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/06/04 15:50:14 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/06/04 15:50:13 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/06/02 14:55:07 | 098,077,435 | ---- | M] (Igor Pavlov) -- C:\Users\JonEJet\Desktop\OTLPEStd.exe
[2012/06/01 12:27:43 | 000,000,881 | ---- | M] () -- C:\Users\JonEJet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/01 12:27:43 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/01 12:26:37 | 016,339,280 | ---- | M] (Mozilla) -- C:\Users\JonEJet\Desktop\Firefox Setup 12.0.exe
[2012/06/01 10:16:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Documents\OTL.exe
[2012/06/01 10:16:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTL.exe
[2012/05/31 10:23:11 | 000,001,122 | ---- | M] () -- C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/05/31 09:41:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\JonEJet\Desktop\dds.scr
[2012/05/31 09:34:44 | 000,302,592 | ---- | M] () -- C:\Users\JonEJet\Desktop\gmer.exe
[2012/05/31 09:27:39 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTC.exe
[2012/05/31 09:19:25 | 000,349,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/30 17:53:29 | 000,138,120 | ---- | M] (ESET) -- C:\Users\JonEJet\Desktop\ESETSirefefRemover.exe
[2012/05/30 17:00:22 | 000,302,592 | ---- | M] () -- C:\Users\JonEJet\Desktop\311zqyeh.exe
[2012/05/30 11:05:05 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\JonEJet\Desktop\aswMBR.exe
[2012/05/30 09:46:03 | 001,805,736 | ---- | M] (Symantec Corporation) -- C:\Users\JonEJet\Desktop\FixZeroAccess.exe
[2012/05/28 12:15:03 | 000,005,120 | ---- | M] () -- C:\Users\JonEJet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/27 10:01:18 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/23 21:04:34 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/08 14:17:37 | 2135,359,488 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/08 14:11:59 | 000,027,424 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012/06/07 23:30:54 | 001,415,784 | ---- | C] () -- C:\Users\JonEJet\Desktop\yorkyt.exe
[2012/06/07 11:02:55 | 000,080,384 | ---- | C] () -- C:\Users\JonEJet\Documents\MBRCheck.exe
[2012/06/06 23:37:06 | 000,015,494 | ---- | C] () -- C:\Users\JonEJet\log.xml
[2012/06/01 12:24:16 | 000,000,881 | ---- | C] () -- C:\Users\JonEJet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/01 12:24:16 | 000,000,869 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/01 12:24:16 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/31 10:23:11 | 000,001,122 | ---- | C] () -- C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/05/31 09:34:40 | 000,302,592 | ---- | C] () -- C:\Users\JonEJet\Desktop\gmer.exe
[2012/05/30 17:00:20 | 000,302,592 | ---- | C] () -- C:\Users\JonEJet\Desktop\311zqyeh.exe
[2012/01/05 14:31:25 | 000,003,794 | -HS- | C] () -- C:\Users\JonEJet\AppData\Local\803rt48xt48a01113057goevuw1d832mjt5kv53124h
[2012/01/05 14:31:25 | 000,003,794 | -HS- | C] () -- C:\ProgramData\803rt48xt48a01113057goevuw1d832mjt5kv53124h
[2012/01/01 15:26:50 | 000,010,436 | -HS- | C] () -- C:\Users\JonEJet\AppData\Local\fpk18br42an2tvtfyeyk138704u0rks424n13aikjo8
[2012/01/01 15:26:50 | 000,010,436 | -HS- | C] () -- C:\ProgramData\fpk18br42an2tvtfyeyk138704u0rks424n13aikjo8
[2011/05/18 16:44:04 | 000,001,356 | ---- | C] () -- C:\Users\JonEJet\AppData\Local\d3d9caps.dat
[2011/05/14 20:51:30 | 000,011,324 | -HS- | C] () -- C:\Users\JonEJet\AppData\Local\6p74b12e5883bvnms7rio6x2hebdv36h
[2011/05/14 20:51:30 | 000,011,324 | -HS- | C] () -- C:\ProgramData\6p74b12e5883bvnms7rio6x2hebdv36h
[2011/01/30 04:50:10 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/30 04:50:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/28 12:48:12 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2010/12/28 12:48:09 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
[2010/12/28 12:48:06 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2010/12/28 12:48:04 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxducfg.exe
[2010/12/28 12:48:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2010/12/28 12:48:02 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2010/12/28 12:48:01 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxduih.exe
[2010/12/28 12:45:37 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXDUPMON.DLL
[2010/12/28 12:45:37 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXDUFXPU.DLL
[2010/12/28 12:45:15 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxduoem.dll
[2010/12/28 12:32:53 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll
[2010/12/28 12:32:52 | 000,446,464 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll
[2010/12/28 12:32:51 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2010/12/28 12:32:50 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2010/12/28 12:32:46 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2010/12/28 12:32:44 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2010/12/28 12:32:39 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2010/12/28 12:32:24 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxducoms.exe
[2010/12/28 12:32:13 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
[2010/12/28 12:23:12 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxducoin.dll
[2010/12/28 12:22:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll
[2010/12/28 12:22:08 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll
[2010/12/28 12:22:06 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll
[2010/10/12 21:44:13 | 000,000,282 | ---- | C] () -- C:\Users\JonEJet\AppData\Roaming\wklnhst.dat

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/05/30 17:00:22 | 000,302,592 | ---- | M] () -- C:\Users\JonEJet\Desktop\311zqyeh.exe
[2012/05/30 11:05:05 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\JonEJet\Desktop\aswMBR.exe
[2012/05/30 17:53:29 | 000,138,120 | ---- | M] (ESET) -- C:\Users\JonEJet\Desktop\ESETSirefefRemover.exe
[2012/06/01 12:26:37 | 016,339,280 | ---- | M] (Mozilla) -- C:\Users\JonEJet\Desktop\Firefox Setup 12.0.exe
[2012/05/30 09:46:03 | 001,805,736 | ---- | M] (Symantec Corporation) -- C:\Users\JonEJet\Desktop\FixZeroAccess.exe
[2012/05/31 09:34:44 | 000,302,592 | ---- | M] () -- C:\Users\JonEJet\Desktop\gmer.exe
[2012/06/06 12:26:20 | 007,287,176 | ---- | M] (SurfRight B.V.) -- C:\Users\JonEJet\Desktop\HitmanPro36.exe
[2012/05/31 09:27:39 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTC.exe
[2012/06/01 10:16:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTL.exe
[2012/06/02 14:55:07 | 098,077,435 | ---- | M] (Igor Pavlov) -- C:\Users\JonEJet\Desktop\OTLPEStd.exe
[2012/06/07 23:30:59 | 001,415,784 | ---- | M] () -- C:\Users\JonEJet\Desktop\yorkyt.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2012/06/06 11:50:58 | 000,117,728 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2012/06/06 11:50:57 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2012/06/06 11:50:57 | 000,113,120 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\maintenanceservice.exe
[2012/06/06 11:50:57 | 000,157,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
[2012/06/06 11:50:49 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2012/06/06 11:50:45 | 000,265,184 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2012/06/09 09:21:56 | 000,003,568 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 09:21:56 | 000,003,568 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2012/02/08 23:50:41 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2012/05/31 21:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2012/06/01 11:45:11 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon Browser Bar
[2009/06/16 21:25:27 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2012/02/08 23:58:47 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2012/06/08 01:07:06 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/08/12 19:25:54 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2012/05/29 11:27:30 | 000,000,000 | ---D | M] -- C:\Program Files\Free Download Manager
[2011/08/12 19:26:10 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2010/02/01 23:00:31 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2012/01/12 16:34:10 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2007/11/06 18:22:40 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/06/15 10:13:04 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/11/06 19:13:21 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2007/11/06 18:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2012/06/04 15:50:01 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/12/28 12:53:16 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 5600-6600 Series
[2010/12/28 12:40:07 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Printable Web
[2011/06/10 12:10:08 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Toolbar
[2010/12/28 12:44:54 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Tools for Office
[2010/10/14 17:39:04 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2007/11/06 18:33:44 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2012/05/27 10:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2007/11/06 18:25:23 | 000,000,000 | ---D | M] -- C:\Program Files\Marvell
[2012/06/08 01:31:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2012/02/15 04:02:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Application Virtualization Client
[2011/01/30 04:46:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/01/28 17:30:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/05/14 16:22:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/01/30 04:35:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/03/16 19:42:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2011/02/01 04:03:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/01/30 07:34:14 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/06/06 11:51:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/06/06 12:05:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011/01/28 15:07:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Toolbar Installer
[2007/11/06 17:06:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2011/08/26 11:38:04 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Confidential
[2011/04/02 12:29:50 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2007/11/06 18:48:22 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2008/05/05 17:37:36 | 000,000,000 | ---D | M] -- C:\Program Files\PortalPlayer
[2009/06/16 21:29:47 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/02/01 23:02:24 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2007/11/06 18:27:19 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2007/12/11 17:38:23 | 000,000,000 | ---D | M] -- C:\Program Files\REALTEK RTL8187B Wireless LAN Driver
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/05/05 19:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\Sirius
[2011/10/08 17:34:20 | 000,000,000 | ---D | M] -- C:\Program Files\StreamTorrent 1.0
[2007/11/06 18:30:50 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2007/12/11 17:46:36 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba
[2007/11/06 18:46:35 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA Games
[2007/11/06 18:49:57 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba Registration
[2007/11/06 19:09:41 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2006/11/02 09:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2010/10/03 13:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2012/02/08 23:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2011/01/28 17:02:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2011/01/28 17:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2011/01/28 17:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2011/01/28 17:02:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/06/15 09:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2007/11/06 19:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2011/01/30 07:34:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/01/28 17:02:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2012/02/08 23:59:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Users\JonEJet\AppData\Roaming\FixZeroAccess\Archive\agp440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Users\JonEJet\AppData\Roaming\FixZeroAccess\Archive\atapi.sys
[2008/01/19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008/01/19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/05/04 09:49:03 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/05/04 09:49:03 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/05/04 09:49:01 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: DISK.SYS >
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/19 00:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Users\JonEJet\AppData\Roaming\FixZeroAccess\Archive\disk.sys
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2008/01/19 00:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\drivers\disk.sys
[2008/01/19 00:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/19 00:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/05/04 09:52:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/05/04 09:52:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008/01/19 00:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2008/01/19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Users\JonEJet\AppData\Roaming\FixZeroAccess\Archive\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2008/01/19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: USERINIT.EXE >
[2008/01/19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008/01/19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-05 13:24:30

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/06 11:50:49 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/06 11:50:49 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/06 11:50:49 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/06 11:50:57 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/06 11:50:57 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/06 11:50:57 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/19 00:33:14 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/19 00:33:14 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/19 00:33:14 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/21 11:02:30 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/06 11:50:49 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/06 11:50:49 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/06 11:50:49 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/06 11:50:57 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/06 11:50:57 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/06 11:50:57 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/19 00:33:14 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/19 00:33:14 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/19 00:33:14 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/21 11:02:30 | 000,634,648 | ---- | M] (Microsoft Corporation)

< End of report >

OTL Extras logfile created on: 6/9/2012 9:38:10 AM - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\JonEJet\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.90% Memory free
4.21 Gb Paging File | 3.23 Gb Available in Paging File | 76.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 61.66 Gb Free Space | 55.89% Space Free | Partition Type: NTFS

Computer Name: JONEJET-PC | User Name: JonEJet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2447DB17-6CC9-4DBB-9298-026B2DDA45EE}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe |
"{25BD501E-B405-4B48-838B-DD25AE2AF059}" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxamon.exe |
"{26518CFE-9CE2-49C8-AE54-D7A2C2B3B638}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{38F8A755-3E1F-43D4-9141-376233BCC8C6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5C32D627-1E72-410C-B2F3-562D1F0E294D}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe |
"{71ECD802-6562-4FEE-ACBC-741DEA13F8FF}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{77829111-34B6-43EA-AFA5-72475BD78900}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{7DFFF146-EE4A-4EB0-9D2B-66D537D57B80}" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxamon.exe |
"{9FD94F2D-D752-449C-B466-07D3BB0B4517}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A9215425-B487-4306-9D9B-40AC6659D120}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C2F6BA3F-C134-43C3-A01A-FE96791A1246}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{CFDDE38F-C02E-4441-BFD2-CAB0633A333E}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{D49387A8-BD63-4F79-A385-62518E2A506A}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{E316697D-A1ED-4E07-BEDF-64003F62C1A9}" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\frun.exe |
"{E3D73938-4557-4DC0-A310-443F2EAC447F}" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\frun.exe |
"{F76F6717-C16A-4B8B-80B0-24CAB61ECC15}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"TCP Query User{3FCA655C-45AE-461D-BBCF-3F95CE892613}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{69DDF96B-2D18-4BB4-998A-326CE5B56FAD}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{C48F8405-2F3F-4D94-A288-F548F42473A4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{424773F9-B3AA-4192-978F-AC3BB73E7314}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{6A563AA0-B05B-479F-AC12-E4486E278E2E}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{8244CF82-7AC0-430D-9F70-5210840BC2A1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B39177F9-269D-4A9B-82F2-7A48589CCCEF}" = Garmin WebUpdater
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BF493FC0-48B9-45C1-A482-EF04813926BB}" = Point 6.2
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Picasa2" = Picasa 2
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.93
"StreamTorrent 1.0" = StreamTorrent 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Veetle TV" = Veetle TV 0.9.18
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/1/2012 12:04:46 PM | Computer Name = JonEJet-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.45.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 97c Start Time: 01cd400fe4f99ea9 Termination Time: 0

Error - 6/1/2012 12:13:27 PM | Computer Name = JonEJet-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.45.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: c04 Start Time: 01cd4010b4c5d9a3 Termination Time: 15

Error - 6/1/2012 12:42:20 PM | Computer Name = JonEJet-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/2/2012 11:10:10 AM | Computer Name = JonEJet-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0061-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error - 6/2/2012 11:56:39 AM | Computer Name = JonEJet-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.45.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 12f0 Start Time: 01cd40d7d1371b70 Termination Time: 23

Error - 6/2/2012 12:02:29 PM | Computer Name = JonEJet-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.45.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 17bc Start Time: 01cd40d852e6e010 Termination Time: 51

Error - 6/2/2012 9:09:21 PM | Computer Name = JonEJet-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.45.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 4b8 Start Time: 01cd4124b8a48670 Termination Time: 12

Error - 6/2/2012 11:40:57 PM | Computer Name = JonEJet-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/3/2012 3:12:34 PM | Computer Name = JonEJet-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 728 Start Time: 01cd41bc9860e322 Termination Time: 47

Error - 6/3/2012 3:13:07 PM | Computer Name = JonEJet-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.exe version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: a20 Start Time: 01cd41bcd49349a2 Termination Time: 31

[ System Events ]
Error - 6/8/2012 2:18:40 PM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 6/9/2012 9:04:51 AM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 6/9/2012 9:21:58 AM | Computer Name = JonEJet-PC | Source = HTTP | ID = 15016
Description =

Error - 6/9/2012 9:22:58 AM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/9/2012 9:22:58 AM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/9/2012 9:22:58 AM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/9/2012 9:22:58 AM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/9/2012 9:22:58 AM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 6/9/2012 9:22:58 AM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 6/9/2012 9:22:58 AM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7001
Description =

< End of report >

Re: Root Kit....Zero Access10th June 2012, 6:43 pm

I've been out two days without www :p

Lets remove some malware folders with OTL

Please run OTL.exe again
Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:

:files
C:\Users\JonEJet\AppData\Local\803rt48xt48a01113057goevuw1d832mjt5kv53124h
C:\ProgramData\803rt48xt48a01113057goevuw1d832mjt5kv53124h
C:\Users\JonEJet\AppData\Local\6p74b12e5883bvnms7rio6x2hebdv36h
C:\ProgramData\fpk18br42an2tvtfyeyk138704u0rks424n13aikjo8
C:\Users\JonEJet\AppData\Local\fpk18br42an2tvtfyeyk138704u0rks424n13aikjo8
C:\ProgramData\6p74b12e5883bvnms7rio6x2hebdv36h

CAREFUL NOW! You must click the Run Fix button, NOT the Run Scan!
If it asks to reboot the computer, please allow that.
Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

Can you run another MBAM scan?

Re: Root Kit....Zero Access10th June 2012, 6:50 pm

========== FILES ==========
C:\Users\JonEJet\AppData\Local\803rt48xt48a01113057goevuw1d832mjt5kv53124h moved successfully.
C:\ProgramData\803rt48xt48a01113057goevuw1d832mjt5kv53124h moved successfully.
C:\Users\JonEJet\AppData\Local\6p74b12e5883bvnms7rio6x2hebdv36h moved successfully.
C:\ProgramData\fpk18br42an2tvtfyeyk138704u0rks424n13aikjo8 moved successfully.
C:\Users\JonEJet\AppData\Local\fpk18br42an2tvtfyeyk138704u0rks424n13aikjo8 moved successfully.
C:\ProgramData\6p74b12e5883bvnms7rio6x2hebdv36h moved successfully.

OTL by OldTimer - Version 3.2.45.0 log created on 06102012_144848

Re: Root Kit....Zero Access10th June 2012, 6:58 pm

OK - you are still being redirected?

Re: Root Kit....Zero Access10th June 2012, 7:00 pm

Glad you're back Hooray!

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.05.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
JonEJet :: JONEJET-PC [administrator]

6/10/2012 2:50:50 PM
mbam-log-2012-06-10 (14-50-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197961
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Re: Root Kit....Zero Access10th June 2012, 7:03 pm

I think you did it.

Wow, can't thank you enough. This was a tough sucker. WHy do people create these viruses? Jeez

Re: Root Kit....Zero Access10th June 2012, 8:39 pm

Every redirect gives the malware writers $. Maybe less than a cent, but still. Enough of them and teh money flows.

Do you have any more questions or do you want to see my ALORTKYCC (Awesome List Or Recommendations To Keep Your Computer Clean)?

Re: Root Kit....Zero Access10th June 2012, 9:39 pm

The awesome list would be $$$$ Can't Believe It

Re: Root Kit....Zero Access10th June 2012, 11:19 pm

Uh oh, still being redirected.....unreal Let me think

Re: Root Kit....Zero Access11th June 2012, 12:39 pm

I do not find anything in the OTL or ComboFix log that causes the redirect. Also we know that your MBR is clean.

hmmm before we start throwing all kinds of tools at your computer again, let us first verify that it is not your router that is the problem.

We need to know the DNS (Domain Name Server) settings of your router.
To find out the DNS settings of your router, you will have to access your router (requiring username and password) and look up those settings.
If you don´t know how to do that, please consult the manual of the router. If you can´t locate this manual, you can try:

To download the manual at the website of the router´s manufacturer.
Consult this webpage. It will explain for various brands of routers how to change DNS settings (Don´t actually change anything! Just list the IP addresses that your router reports as DNS servers).

An example of what we are looking for:
Root Kit....Zero Access - Page 3 Start_router_dlink_dir855_3

In the above example, you would report to me "208.67.222.222" and "208.67.220.220".

If you don´t find the option of DNS servers, depending on the type of router, you might have to look under an option called "DHCP Server" and find the settings for the DNS servers, which by some routers is called "Static DNS".

Please let me know if you run into any kind of trouble.

Re: Root Kit....Zero Access11th June 2012, 1:29 pm

okay, this is over the top for me, but here we go

it shows my IP, then shows
Submet Mask 255.255.255.0
then in drop down box shows
255.255.255.128
255.255.255.192
255.255.255.224
255.255.255.240
255.255.255.248
255.255.255.252

ahhh found it

DNS 1: 208.59.247.45
DNS 2: 208.59.247.46

Re: Root Kit....Zero Access12th June 2012, 8:30 am

Ok - those are legit.

Which means there is still malware hiding on your computer.
Which is impressive.

We're going to do a custom scan with OTL.

Please download OTL by OldTimer from here and save it to your desktop.

Close all windows and double click OTL.exe.
The Extra Registry setting should be Use Safelist
Copy and paste the following text into the Custom Scans/Fixes box:

Code:

HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s

Click the Run Scan button and allow it to run.
It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
You may need multiple posts to get it all.

Re: Root Kit....Zero Access12th June 2012, 2:28 pm

OTL logfile created on: 6/12/2012 10:11:30 AM - Run 2
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\JonEJet\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.36% Memory free
4.21 Gb Paging File | 2.83 Gb Available in Paging File | 67.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 59.74 Gb Free Space | 54.15% Space Free | Partition Type: NTFS
Drive D: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JONEJET-PC | User Name: JonEJet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/06 11:50:57 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/01 10:16:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTL.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/10/14 18:45:05 | 000,589,824 | ---- | M] ( ) -- C:\Windows\System32\lxducoms.exe
PRC - [2010/02/01 23:02:21 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/19 15:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/08/15 19:31:50 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/15 18:58:02 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/04/25 15:14:16 | 004,444,160 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/29 14:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/02/26 01:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/11/15 00:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 22:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/06 11:50:56 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/04 15:50:17 | 000,014,112 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2011/08/28 10:57:23 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009/05/06 09:04:36 | 000,466,944 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\resource.dll
MOD - [2009/05/06 09:03:44 | 000,372,736 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\toolband.dll
MOD - [2007/09/13 19:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MpsSvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe -- (MozillaMaintenance)
SRV - File not found [On_Demand | Stopped] -- -- (BFE)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/10/14 18:45:05 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device)
SRV - [2008/07/27 14:00:25 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/19 21:17:50 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/01/19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 00:34:54 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008/01/19 00:34:46 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2007/09/24 21:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/09/19 15:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 14:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/26 01:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/15 00:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 22:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\UP_date\PEDrv.sys -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.5\CO_Mon.sys -- (CWMonitor)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\SeviceFix13496S\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/06/30 13:20:45 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/30 13:20:45 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/01/18 22:49:18 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/18 22:28:10 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2007/09/19 14:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/06/01 17:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/01/24 18:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 02:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 02:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/09 02:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2006/11/02 05:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2006/11/02 05:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 05:49:20 | 000,013,416 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2006/11/02 05:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006/11/02 04:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 04:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 04:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 04:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2006/11/02 04:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006/11/02 04:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 04:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 04:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 04:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006/11/02 04:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2006/11/02 04:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006/11/02 04:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2006/11/02 04:35:03 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2006/11/02 04:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2006/11/02 04:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006/11/02 04:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006/11/02 04:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006/11/02 04:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/10/18 15:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 02:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/09/27 08:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\kr3npxp.sys -- (KR3NPXP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{BC37B0C6-1699-454D-815B-74DB6873EE31}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ie_sp_
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {21475A23-BD73-3152-6CAC-741072CD9B98}
IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{21475A23-BD73-3152-6CAC-741072CD9B98}: "URL" = http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_ie_us_display?ie=UTF8&tag=bds-amzn-serp-us-ie-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ie_ds_&query={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=078E4B36CE8D139AA3721C4FC3CC31B5&q={searchTerms}
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKCU\..\SearchScopes\{BC37B0C6-1699-454D-815B-74DB6873EE31}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_sp_"
FF - prefs.js..keyword.URL: "http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_ff_us_display?ie=UTF8&tag=bds-amzn-serp-us-ff-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_ab_&query="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54828
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/07 13:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/06 11:51:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/04 19:44:19 | 000,000,000 | ---D | M]

[2012/01/16 23:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JonEJet\AppData\Roaming\Mozilla\Extensions
[2012/03/12 20:07:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\6llx2x2q.default\extensions
[2012/06/01 10:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\okcrvxtn.default\extensions
[2012/06/06 11:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/01 10:11:28 | 000,502,682 | ---- | M] () (No name found) -- C:\USERS\JONEJET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OKCRVXTN.DEFAULT\EXTENSIONS\ABB@AMAZON.COM.XPI
[2012/03/12 20:07:50 | 000,004,728 | ---- | M] () (No name found) -- C:\USERS\JONEJET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OKCRVXTN.DEFAULT\EXTENSIONS\COOIJLURCQ@COOIJLURCQ.ORG.XPI
[2012/06/06 11:50:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/28 15:04:42 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Amazon (Enabled)
CHR - default_search_provider: search_url = http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_cr_us_display?ie=UTF8&tag=bds-amzn-serp-us-cr-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_cr_ds_&query={searchTerms}
CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?q={searchTerms}&output=chrome,
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\JonEJet\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: avast! WebRep = C:\Users\JonEJet\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

O1 HOSTS File: ([2012/06/08 01:18:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BCB3EAE-FB8F-4141-8934-8A0E11E5B570}: DhcpNameServer = 10.61.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBCEC8C8-8DDA-4014-B428-FED0EEFC40F8}: DhcpNameServer = 208.59.247.45 208.59.247.46
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/11 15:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/06/08 14:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/08 01:49:17 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Local\temp
[2012/06/08 01:18:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/08 01:14:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/07 23:23:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/07 07:41:09 | 000,000,000 | ---D | C] -- C:\SeviceFix
[2012/06/05 09:49:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/06/05 09:35:14 | 007,287,176 | ---- | C] (SurfRight B.V.) -- C:\Users\JonEJet\Desktop\HitmanPro36.exe
[2012/06/04 15:51:05 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/06/04 15:51:04 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/06/04 15:51:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/06/04 15:51:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/06/03 12:29:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\JonEJet\Documents\OTL.exe
[2012/06/02 14:55:01 | 098,077,435 | ---- | C] (Igor Pavlov) -- C:\Users\JonEJet\Desktop\OTLPEStd.exe
[2012/06/01 12:59:23 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Local\Seven Zip
[2012/06/01 12:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/01 12:26:33 | 016,339,280 | ---- | C] (Mozilla) -- C:\Users\JonEJet\Desktop\Firefox Setup 12.0.exe
[2012/06/01 10:16:29 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTL.exe
[2012/05/31 21:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2012/05/31 21:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon Browser Bar
[2012/05/31 10:23:14 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\Documents\OneNote Notebooks
[2012/05/31 10:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/31 09:41:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\JonEJet\Desktop\dds.scr
[2012/05/31 09:27:33 | 000,201,728 | ---- | C] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTC.exe
[2012/05/30 17:53:26 | 000,138,120 | ---- | C] (ESET) -- C:\Users\JonEJet\Desktop\ESETSirefefRemover.exe
[2012/05/30 11:04:58 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\JonEJet\Desktop\aswMBR.exe
[2012/05/30 10:20:51 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Roaming\FixZeroAccess
[2012/05/30 09:45:58 | 001,805,736 | ---- | C] (Symantec Corporation) -- C:\Users\JonEJet\Desktop\FixZeroAccess.exe
[2012/05/29 11:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Free Download Manager
[2012/05/29 11:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/05/29 11:22:35 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Roaming\Babylon
[2012/05/28 15:04:14 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Local\blekkotb_031
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/12 10:04:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/12 10:04:11 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 10:04:11 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 01:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/12 01:00:48 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/11 15:08:18 | 2137,415,680 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/09 13:40:35 | 000,059,246 | ---- | M] () -- C:\Users\JonEJet\Documents\marci.jpg
[2012/06/08 14:13:22 | 000,001,356 | ---- | M] () -- C:\Users\JonEJet\AppData\Local\d3d9caps.dat
[2012/06/08 01:18:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/08 00:48:21 | 179,672,641 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/07 23:30:59 | 001,415,784 | ---- | M] () -- C:\Users\JonEJet\Desktop\yorkyt.exe
[2012/06/07 14:14:40 | 000,604,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/07 14:14:40 | 000,104,356 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/07 11:03:06 | 000,080,384 | ---- | M] () -- C:\Users\JonEJet\Documents\MBRCheck.exe
[2012/06/06 23:37:06 | 000,015,494 | ---- | M] () -- C:\Users\JonEJet\log.xml
[2012/06/06 12:26:20 | 007,287,176 | ---- | M] (SurfRight B.V.) -- C:\Users\JonEJet\Desktop\HitmanPro36.exe
[2012/06/05 09:49:42 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/06/04 15:50:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/06/04 15:50:16 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/06/04 15:50:15 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/06/04 15:50:14 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/06/04 15:50:13 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/06/02 14:55:07 | 098,077,435 | ---- | M] (Igor Pavlov) -- C:\Users\JonEJet\Desktop\OTLPEStd.exe
[2012/06/01 12:27:43 | 000,000,881 | ---- | M] () -- C:\Users\JonEJet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/01 12:27:43 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/01 12:26:37 | 016,339,280 | ---- | M] (Mozilla) -- C:\Users\JonEJet\Desktop\Firefox Setup 12.0.exe
[2012/06/01 10:16:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Documents\OTL.exe
[2012/06/01 10:16:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTL.exe
[2012/05/31 10:23:11 | 000,001,122 | ---- | M] () -- C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/05/31 09:41:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\JonEJet\Desktop\dds.scr
[2012/05/31 09:34:44 | 000,302,592 | ---- | M] () -- C:\Users\JonEJet\Desktop\gmer.exe
[2012/05/31 09:27:39 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTC.exe
[2012/05/31 09:19:25 | 000,349,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/30 17:53:29 | 000,138,120 | ---- | M] (ESET) -- C:\Users\JonEJet\Desktop\ESETSirefefRemover.exe
[2012/05/30 17:00:22 | 000,302,592 | ---- | M] () -- C:\Users\JonEJet\Desktop\311zqyeh.exe
[2012/05/30 11:05:05 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\JonEJet\Desktop\aswMBR.exe
[2012/05/30 09:46:03 | 001,805,736 | ---- | M] (Symantec Corporation) -- C:\Users\JonEJet\Desktop\FixZeroAccess.exe
[2012/05/28 12:15:03 | 000,005,120 | ---- | M] () -- C:\Users\JonEJet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/27 10:01:18 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/09 13:40:30 | 000,059,246 | ---- | C] () -- C:\Users\JonEJet\Documents\marci.jpg
[2012/06/08 14:17:37 | 2137,415,680 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/07 23:30:54 | 001,415,784 | ---- | C] () -- C:\Users\JonEJet\Desktop\yorkyt.exe
[2012/06/07 11:02:55 | 000,080,384 | ---- | C] () -- C:\Users\JonEJet\Documents\MBRCheck.exe
[2012/06/06 23:37:06 | 000,015,494 | ---- | C] () -- C:\Users\JonEJet\log.xml
[2012/06/01 12:24:16 | 000,000,881 | ---- | C] () -- C:\Users\JonEJet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/01 12:24:16 | 000,000,869 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/01 12:24:16 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/31 10:23:11 | 000,001,122 | ---- | C] () -- C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/05/31 09:34:40 | 000,302,592 | ---- | C] () -- C:\Users\JonEJet\Desktop\gmer.exe
[2012/05/30 17:00:20 | 000,302,592 | ---- | C] () -- C:\Users\JonEJet\Desktop\311zqyeh.exe
[2011/05/18 16:44:04 | 000,001,356 | ---- | C] () -- C:\Users\JonEJet\AppData\Local\d3d9caps.dat
[2011/01/30 04:50:10 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/30 04:50:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/28 12:48:12 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2010/12/28 12:48:09 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
[2010/12/28 12:48:06 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2010/12/28 12:48:04 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxducfg.exe
[2010/12/28 12:48:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2010/12/28 12:48:02 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2010/12/28 12:48:01 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxduih.exe
[2010/12/28 12:45:37 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXDUPMON.DLL
[2010/12/28 12:45:37 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXDUFXPU.DLL
[2010/12/28 12:45:15 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxduoem.dll
[2010/12/28 12:32:53 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll
[2010/12/28 12:32:52 | 000,446,464 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll
[2010/12/28 12:32:51 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2010/12/28 12:32:50 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2010/12/28 12:32:46 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2010/12/28 12:32:44 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2010/12/28 12:32:39 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2010/12/28 12:32:24 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxducoms.exe
[2010/12/28 12:32:13 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
[2010/12/28 12:23:12 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxducoin.dll
[2010/12/28 12:22:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll
[2010/12/28 12:22:08 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll
[2010/12/28 12:22:06 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll
[2010/10/12 21:44:13 | 000,000,282 | ---- | C] () -- C:\Users\JonEJet\AppData\Roaming\wklnhst.dat

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >
"" = Microsoft WBEM New Event Subsystem
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/19 00:36:50 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Re: Root Kit....Zero Access12th June 2012, 2:30 pm

OTL Extras logfile created on: 6/12/2012 10:11:33 AM - Run 2
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\JonEJet\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.36% Memory free
4.21 Gb Paging File | 2.83 Gb Available in Paging File | 67.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 59.74 Gb Free Space | 54.15% Space Free | Partition Type: NTFS
Drive D: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JONEJET-PC | User Name: JonEJet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2447DB17-6CC9-4DBB-9298-026B2DDA45EE}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe |
"{25BD501E-B405-4B48-838B-DD25AE2AF059}" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxamon.exe |
"{26518CFE-9CE2-49C8-AE54-D7A2C2B3B638}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{38F8A755-3E1F-43D4-9141-376233BCC8C6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5C32D627-1E72-410C-B2F3-562D1F0E294D}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe |
"{71ECD802-6562-4FEE-ACBC-741DEA13F8FF}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{77829111-34B6-43EA-AFA5-72475BD78900}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{7DFFF146-EE4A-4EB0-9D2B-66D537D57B80}" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxamon.exe |
"{9FD94F2D-D752-449C-B466-07D3BB0B4517}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A9215425-B487-4306-9D9B-40AC6659D120}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C2F6BA3F-C134-43C3-A01A-FE96791A1246}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{CFDDE38F-C02E-4441-BFD2-CAB0633A333E}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{D49387A8-BD63-4F79-A385-62518E2A506A}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{E316697D-A1ED-4E07-BEDF-64003F62C1A9}" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\frun.exe |
"{E3D73938-4557-4DC0-A310-443F2EAC447F}" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\frun.exe |
"{F76F6717-C16A-4B8B-80B0-24CAB61ECC15}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"TCP Query User{3FCA655C-45AE-461D-BBCF-3F95CE892613}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{69DDF96B-2D18-4BB4-998A-326CE5B56FAD}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{C48F8405-2F3F-4D94-A288-F548F42473A4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{424773F9-B3AA-4192-978F-AC3BB73E7314}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{6A563AA0-B05B-479F-AC12-E4486E278E2E}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{8244CF82-7AC0-430D-9F70-5210840BC2A1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B39177F9-269D-4A9B-82F2-7A48589CCCEF}" = Garmin WebUpdater
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BF493FC0-48B9-45C1-A482-EF04813926BB}" = Point 6.2
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Picasa2" = Picasa 2
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.93
"StreamTorrent 1.0" = StreamTorrent 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Veetle TV" = Veetle TV 0.9.18
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/4/2012 1:22:43 PM | Computer Name = JonEJet-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/4/2012 1:22:43 PM | Computer Name = JonEJet-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/4/2012 1:22:43 PM | Computer Name = JonEJet-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/4/2012 1:22:43 PM | Computer Name = JonEJet-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/4/2012 1:22:44 PM | Computer Name = JonEJet-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/4/2012 1:22:44 PM | Computer Name = JonEJet-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/4/2012 1:22:46 PM | Computer Name = JonEJet-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/4/2012 1:22:46 PM | Computer Name = JonEJet-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/4/2012 1:22:47 PM | Computer Name = JonEJet-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/4/2012 1:22:47 PM | Computer Name = JonEJet-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 6/11/2012 3:09:43 PM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/11/2012 3:09:43 PM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/11/2012 3:09:43 PM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/11/2012 3:09:43 PM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/11/2012 3:09:43 PM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 6/11/2012 3:09:43 PM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 6/11/2012 3:09:43 PM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 6/12/2012 10:04:12 AM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 6/12/2012 10:04:12 AM | Computer Name = JonEJet-PC | Source = yukonwlh | ID = 458853
Description = Driver has encountered an internal error

Error - 6/12/2012 10:04:12 AM | Computer Name = JonEJet-PC | Source = yukonwlh | ID = 458853
Description = Driver has encountered an internal error

< End of report >

Re: Root Kit....Zero Access12th June 2012, 2:34 pm

Couple things

I keep seeing AVIRA on my log.....I have stopped using that awhile ago, and was having a tough time ridding the computer of it...Could that be a problem?

Also, Hitman Pro....I can't seem to uninstall it??

Re: Root Kit....Zero Access13th June 2012, 10:06 am

we will be running a fix to deal with a proxy that might be causing the redirects and I will also try to get rid of the AVIRA remnants.

Please run OTL.exe again
Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:


:otl
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54828

:services
AntiVirService
AntiVirSchedulerService
avipbb
avgntflt
ssmdrv

:commands
[reboot]

CAREFUL NOW! You must click the Run Fix button, NOT the Run Scan!
If it asks to reboot the computer, please allow that.
Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

Please download SpiderKill by DragonMaster Jay and save it to your Desktop.

Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.

====================

Download and run SVCHOST Diag by DragonMaster Jay.

Post the log from it when it launches.

Re: Root Kit....Zero Access13th June 2012, 2:36 pm

========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 54828 removed from network.proxy.http_port
File boot] not found.

OTL by OldTimer - Version 3.2.45.0 log created on 06132012_101954

SpiderKill by DragonMaster Jay

Microsoft Windows [Version 6.0.6001]

********************Drivers list********************

Volume in drive C is SQ004585V03
Volume Serial Number is 90D3-0EF7

Directory of C:\Windows\System32\Drivers

06/10/2012 03:03 PM .
06/10/2012 03:03 PM ..
11/06/2007 04:42 PM 2 1179_Toshiba_Satellite A200-A205_26890.MRK
11/02/2006 04:55 AM 53,376 1394bus.sys
01/19/2008 12:43 AM 266,808 acpi.sys
11/02/2006 05:51 AM 420,968 adp94xx.sys
11/02/2006 05:51 AM 297,576 adpahci.sys
11/02/2006 05:50 AM 98,408 adpu160m.sys
11/02/2006 05:51 AM 147,048 adpu320.sys
04/21/2011 09:16 AM 273,408 afd.sys
11/02/2006 05:49 AM 53,864 AGP440.sys
11/28/2006 07:11 PM 1,161,888 AGRSM.sys
11/02/2006 05:49 AM 14,952 aliide.sys
11/02/2006 05:49 AM 54,888 AMDAGP.SYS
11/02/2006 05:49 AM 15,464 amdide.sys
11/02/2006 04:30 AM 38,912 amdk7.sys
11/02/2006 04:30 AM 40,960 amdk8.sys
11/02/2006 05:50 AM 67,688 arc.sys
11/02/2006 05:50 AM 67,688 arcsas.sys
03/06/2012 07:01 PM 20,696 aswFsBlk.sys
03/06/2012 07:01 PM 57,688 aswMonFlt.sys
03/06/2012 07:02 PM 35,672 aswRdr.sys
03/06/2012 07:03 PM 612,184 aswSnx.sys
03/06/2012 07:03 PM 337,880 aswSP.sys
03/06/2012 07:01 PM 53,848 aswTdi.sys
01/18/2008 10:56 PM 17,408 asyncmac.sys
01/19/2008 12:41 AM 21,560 atapi.sys
01/19/2008 12:43 AM 110,136 ataport.sys
05/11/2009 12:49 PM 51,992 avgntdd.sys
06/30/2011 01:20 PM 66,616 avgntflt.sys
05/11/2009 12:49 PM 17,016 avgntmgr.sys
06/30/2011 01:20 PM 138,192 avipbb.sys
01/19/2008 12:41 AM 28,216 battc.sys
01/18/2008 10:53 PM 12,288 bdasup.sys
01/18/2008 10:49 PM 6,144 beep.sys
02/22/2011 08:51 AM 69,632 bowser.sys
11/02/2006 04:24 AM 13,568 BrFiltLo.sys
11/02/2006 04:24 AM 5,248 BrFiltUp.sys
01/18/2008 11:58 PM 93,696 bridge.sys
11/02/2006 04:25 AM 71,808 BrSerId.sys
11/02/2006 04:24 AM 62,336 BrSerWdm.sys
11/02/2006 04:24 AM 12,160 BrUsbMdm.sys
11/02/2006 04:24 AM 11,904 BrUsbSer.sys
11/02/2006 04:55 AM 39,936 bthmodem.sys
01/18/2008 10:28 PM 70,144 cdfs.sys
10/04/2006 10:42 PM 2,432 cdr4_xp.sys
10/04/2006 10:42 PM 2,560 cdralw2k.sys
01/18/2008 10:49 PM 67,072 cdrom.sys
11/02/2006 04:55 AM 35,328 circlass.sys
01/19/2008 12:43 AM 127,544 Classpnp.sys
01/18/2008 10:32 PM 14,208 CmBatt.sys
11/02/2006 05:49 AM 16,488 cmdide.sys
01/19/2008 12:41 AM 20,792 compbatt.sys
01/19/2008 12:42 AM 36,408 crashdmp.sys
11/02/2006 05:49 AM 22,632 crcdisk.sys
11/02/2006 04:30 AM 38,912 crusoe.sys
12/11/2007 05:47 PM 50 DCX.LOG
04/14/2011 10:24 AM 75,264 dfsc.sys
01/19/2008 12:42 AM 55,352 disk.sys
01/18/2008 10:49 PM 19,968 Diskdump.sys
11/02/2006 05:50 AM 71,272 djsvs.sys
01/18/2008 11:53 PM 130,048 drmk.sys
01/18/2008 10:53 PM 5,632 drmkaud.sys
01/19/2008 12:41 AM 29,240 Dumpata.sys
01/18/2008 10:36 PM 13,312 dxapi.sys
01/18/2008 10:36 PM 76,288 dxg.sys
08/01/2008 09:01 PM 625,152 dxgkrnl.sys
11/02/2006 03:30 AM 117,760 E1G60I32.sys
01/19/2008 12:42 AM 143,416 ecache.sys
11/02/2006 05:51 AM 316,520 elxstor.sys
01/28/2011 05:00 PM en-US
06/08/2012 01:18 AM etc
01/18/2008 10:28 PM 136,192 exfat.sys
01/18/2008 10:28 PM 143,360 fastfat.sys
11/02/2006 04:51 AM 25,088 fdc.sys
01/19/2008 12:42 AM 58,936 fileinfo.sys
01/18/2008 10:30 PM 27,648 filetrace.sys
11/02/2006 04:51 AM 20,480 flpydisk.sys
01/19/2008 12:42 AM 192,056 fltMgr.sys
01/18/2008 10:27 PM 12,800 fs_rec.sys
11/20/2006 02:11 AM 7,168 FwLnk.sys
01/19/2008 12:43 AM 101,432 FWPKCLNT.SYS
11/02/2006 05:50 AM 58,984 GAGP30KX.SYS
09/18/2006 05:26 PM 3,440,660 gm.dls
09/18/2006 05:26 PM 646 gmreadme.txt
01/18/2008 09:30 PM 53,760 hdaudbus.sys
11/02/2006 03:36 AM 235,520 HdAudio.sys
11/02/2006 04:55 AM 29,184 hidbth.sys
01/18/2008 10:53 PM 38,912 hidclass.sys
11/02/2006 04:55 AM 21,504 hidir.sys
01/18/2008 10:53 PM 25,472 hidparse.sys
01/18/2008 10:53 PM 12,288 hidusb.sys
11/02/2006 05:50 AM 37,480 HpCISSs.sys
02/20/2010 05:18 PM 411,136 http.sys
11/02/2006 05:49 AM 16,488 i2omgmt.sys
11/02/2006 05:49 AM 27,752 i2omp.sys
01/18/2008 10:49 PM 54,784 i8042prt.sys
11/02/2006 05:51 AM 232,040 iaStorV.sys
09/13/2007 07:23 PM 1,925,632 igdkmd32.sys
11/02/2006 05:50 AM 41,576 iirsp.sys
01/19/2008 12:41 AM 17,976 intelide.sys
01/18/2008 10:27 PM 41,472 intelppm.sys
01/18/2008 10:56 PM 47,616 ipfltdrv.sys
11/02/2006 04:42 AM 65,536 IPMIDrv.sys
01/18/2008 10:56 PM 100,864 ipnat.sys
01/18/2008 10:55 PM 95,744 irda.sys
01/18/2008 10:55 PM 13,312 irenum.sys
11/02/2006 05:50 AM 47,208 isapnp.sys
11/02/2006 05:50 AM 35,944 iteatapi.sys
11/02/2006 05:50 AM 35,944 iteraid.sys
01/19/2008 12:41 AM 35,384 kbdclass.sys
01/18/2008 10:49 PM 15,872 kbdhid.sys
11/09/2006 02:32 AM 219,264 KR10I.sys
11/09/2006 02:31 AM 211,072 KR10N.sys
09/27/2006 08:06 AM 479,488 kr3npxp.sys
01/18/2008 10:49 PM 148,992 ks.sys
06/15/2009 02:20 PM 439,896 ksecdd.sys
01/18/2008 10:55 PM 47,104 lltdio.sys
11/02/2006 05:50 AM 65,640 lsi_fc.sys
11/02/2006 05:50 AM 65,640 lsi_sas.sys
11/02/2006 05:50 AM 65,640 lsi_scsi.sys
01/18/2008 10:30 PM 84,480 luafv.sys
04/04/2012 03:56 PM 22,344 mbam.sys
01/18/2008 10:50 PM 18,944 mcd.sys
11/02/2006 05:49 AM 28,776 megasas.sys
01/18/2008 10:57 PM 31,744 modem.sys
01/18/2008 10:52 PM 41,984 monitor.sys
01/19/2008 12:41 AM 34,360 mouclass.sys
01/18/2008 10:49 PM 15,872 mouhid.sys
01/19/2008 12:42 AM 57,400 mountmgr.sys
11/02/2006 05:50 AM 78,952 mpio.sys
01/18/2008 10:54 PM 64,000 mpsdrv.sys
11/02/2006 05:49 AM 33,384 Mraid35x.sys
01/18/2008 10:28 PM 110,080 mrxdav.sys
04/29/2011 08:49 AM 105,984 mrxsmb.sys
07/06/2011 10:56 AM 213,504 mrxsmb10.sys
04/29/2011 08:49 AM 79,360 mrxsmb20.sys
01/19/2008 12:41 AM 28,728 msahci.sys
11/02/2006 05:50 AM 80,488 msdsm.sys
01/18/2008 10:28 PM 22,528 msfs.sys
01/05/2008 04:31 AM 3 MsftWdf_Kernel_01007_Inbox_Critical.Wdf
11/06/2007 06:30 PM 0 Msft_Kernel_SynTP_01000.Wdf
03/01/2011 03:45 PM 0 Msft_User_WpdFs_01_00_00.Wdf
01/19/2008 12:41 AM 16,440 msisadrv.sys
01/19/2008 12:42 AM 181,304 msiscsi.sys
01/18/2008 10:49 PM 8,192 mskssrv.sys
01/18/2008 10:49 PM 5,888 mspclock.sys
01/18/2008 10:49 PM 5,504 mspqm.sys
01/19/2008 12:42 AM 163,384 msrpc.sys
01/19/2008 12:41 AM 31,288 mssmbios.sys
01/18/2008 10:49 PM 6,016 mstee.sys
01/19/2008 12:42 AM 49,720 mup.sys
01/19/2008 12:43 AM 529,464 ndis.sys
01/18/2008 10:56 PM 20,992 ndistapi.sys
01/18/2008 10:55 PM 16,896 ndisuio.sys
01/18/2008 10:56 PM 121,344 ndiswan.sys
01/18/2008 10:56 PM 49,664 ndproxy.sys
01/18/2008 10:55 PM 35,840 netbios.sys
01/18/2008 10:55 PM 184,320 netbt.sys
01/19/2008 12:42 AM 223,288 netio.sys
11/02/2006 05:50 AM 45,160 nfrd960.sys
01/18/2008 10:28 PM 34,816 npfs.sys
01/18/2008 10:55 PM 16,384 nsiproxy.sys
01/19/2008 12:43 AM 1,081,912 ntfs.sys
11/02/2006 03:36 AM 20,608 ntrigdigi.sys
01/18/2008 10:49 PM 4,608 null.sys
11/02/2006 05:50 AM 88,680 nvraid.sys
11/02/2006 05:50 AM 40,040 nvstor.sys
11/02/2006 05:50 AM 106,600 NV_AGP.SYS
05/19/2008 10:07 PM 148,480 nwifi.sys
11/02/2006 04:55 AM 62,080 ohci1394.sys
04/04/2008 09:21 PM 72,192 pacer.sys
11/02/2006 04:51 AM 79,360 parport.sys
01/19/2008 12:42 AM 56,376 partmgr.sys
11/02/2006 04:51 AM 8,704 parvdm.sys
01/19/2008 12:42 AM 151,096 pci.sys
11/02/2006 05:49 AM 13,416 pciide.sys
01/19/2008 12:42 AM 45,112 pciidex.sys
11/02/2006 05:51 AM 167,528 pcmcia.sys
11/02/2006 05:04 AM 878,080 PEAuth.sys
01/18/2008 10:53 PM 167,936 portcls.sys
11/02/2006 04:30 AM 38,400 processr.sys
09/27/2006 05:53 PM 36,560 pxhelp20.sys
11/02/2006 05:51 AM 900,712 ql2300.sys
11/02/2006 05:50 AM 106,088 ql40xx.sys
01/18/2008 10:56 PM 31,232 qwavedrv.sys
01/18/2008 10:56 PM 11,776 rasacd.sys
01/18/2008 10:56 PM 76,288 rasl2tp.sys
01/18/2008 10:56 PM 41,472 raspppoe.sys
01/18/2008 10:56 PM 62,976 raspptp.sys
01/18/2008 10:56 PM 69,120 rassstp.sys
01/18/2008 10:28 PM 224,768 rdbss.sys
01/18/2008 11:01 PM 6,144 RDPCDD.sys
11/02/2006 05:03 AM 242,688 rdpdr.sys
01/18/2008 11:01 PM 6,144 RDPENCDD.sys
01/18/2008 11:01 PM 181,248 rdpwd.sys
05/09/2008 09:33 PM 113,664 rmcast.sys
01/18/2008 10:56 PM 33,280 RNDISMP.sys
01/18/2008 10:57 PM 8,192 rootmdm.sys
01/18/2008 10:55 PM 60,416 rspndr.sys
03/12/2007 01:27 PM 176 RTHDAEQ0.dat
03/12/2007 01:27 PM 176 RTHDAEQ1.dat
03/15/2007 01:29 PM 176 RTHDAEQ2.dat
03/15/2007 01:29 PM 176 RTHDAEQ3.dat
04/25/2007 09:03 PM 1,771,944 RTKVHDA.sys
06/01/2007 05:07 PM 252,416 rtl8187B.sys
11/02/2006 03:30 AM 44,544 Rtlh86.sys
11/02/2006 05:50 AM 76,392 sbp2port.sys
01/19/2008 12:42 AM 142,904 scsiport.sys
11/06/2007 06:02 PM 82,432 sdbus.sys
11/02/2006 02:37 AM 20,480 secdrv.sys
11/02/2006 04:51 AM 17,920 serenum.sys
11/02/2006 04:51 AM 83,456 serial.sys
01/18/2008 10:49 PM 19,968 sermouse.sys
11/02/2006 04:51 AM 13,312 sffdisk.sys
11/02/2006 04:51 AM 12,800 sffp_mmc.sys
11/02/2006 04:51 AM 12,800 sffp_sd.sys
11/02/2006 04:51 AM 13,312 sfloppy.sys
10/01/2011 09:30 AM 579,944 Sftfslh.sys
10/01/2011 09:30 AM 194,408 Sftplaylh.sys
10/01/2011 09:30 AM 21,864 Sftredirlh.sys
10/01/2011 09:30 AM 19,304 Sftvollh.sys
11/02/2006 05:49 AM 53,352 SISAGP.SYS
11/02/2006 05:50 AM 38,504 sisraid2.sys
11/02/2006 05:50 AM 71,784 sisraid4.sys
01/18/2008 10:55 PM 66,560 smb.sys
01/18/2008 10:49 PM 17,408 smclib.sys
01/19/2008 12:41 AM 21,048 spldr.sys
01/18/2008 09:10 PM 681,984 spsys.sys
02/18/2011 09:31 AM 304,640 srv.sys
04/29/2011 08:49 AM 146,432 srv2.sys
04/29/2011 08:49 AM 102,400 srvnet.sys
05/11/2009 10:12 AM 28,520 ssmdrv.sys
01/19/2008 12:43 AM 123,960 Storport.sys
01/18/2008 10:53 PM 52,992 stream.sys
01/19/2008 12:41 AM 15,288 swenum.sys
11/02/2006 05:50 AM 35,944 symc8xx.sys
11/02/2006 05:49 AM 31,848 sym_hi.sys
11/02/2006 05:50 AM 34,920 sym_u3.sys
08/15/2007 09:03 PM 190,384 SynTP.sys
01/18/2008 10:49 PM 24,576 tape.sys
06/16/2010 11:59 AM 898,952 tcpip.sys
01/18/2008 10:56 PM 30,208 tcpipreg.sys
10/18/2006 03:50 PM 16,128 tdcmdpst.sys
01/18/2008 10:57 PM 20,992 tdi.sys
01/18/2008 11:01 PM 17,920 tdpipe.sys
01/18/2008 11:01 PM 29,184 tdtcp.sys
01/18/2008 10:56 PM 71,680 tdx.sys
01/19/2008 12:42 AM 54,328 termdd.sys
01/24/2007 06:44 PM 290,304 tifm21.sys
09/19/2007 02:59 PM 285,184 tos_sps32.sys
01/18/2008 11:01 PM 23,552 tssecsrv.sys
01/19/2008 01:55 AM 15,360 TUNMP.SYS
02/18/2010 07:52 AM 25,088 tunnel.sys
10/06/2006 02:22 AM 16,768 TVALZ_O.SYS
11/02/2006 05:49 AM 56,936 UAGP35.SYS
01/18/2008 10:28 PM 226,816 udfs.sys
11/02/2006 05:50 AM 58,472 ULIAGPKX.SYS
11/02/2006 05:51 AM 235,112 uliahci.sys
11/02/2006 05:50 AM 98,408 ulsata.sys
11/02/2006 05:50 AM 115,816 ulsata2.sys
01/18/2008 10:53 PM 34,816 umbus.sys
01/28/2011 04:51 PM UMDF
01/18/2008 10:53 PM 7,680 umpass.sys
01/18/2008 10:56 PM 15,872 usb8023.sys
01/18/2008 10:53 PM 25,728 USBCAMD.sys
01/18/2008 10:53 PM 25,728 USBCAMD2.sys
01/18/2008 10:53 PM 73,216 usbccgp.sys
11/02/2006 04:55 AM 68,608 usbcir.sys
01/18/2008 10:53 PM 5,888 usbd.sys
01/18/2008 10:53 PM 39,424 usbehci.sys
01/18/2008 10:53 PM 194,560 usbhub.sys
11/02/2006 04:55 AM 19,456 usbohci.sys
01/18/2008 10:53 PM 226,304 usbport.sys
01/18/2008 11:14 PM 18,944 usbprint.sys
01/18/2008 11:14 PM 35,328 usbscan.sys
01/18/2008 10:53 PM 55,296 USBSTOR.SYS
01/18/2008 10:53 PM 23,552 usbuhci.sys
11/02/2006 04:55 AM 132,352 usbvideo.sys
01/18/2008 10:52 PM 25,088 vga.sys
01/18/2008 10:52 PM 26,112 vgapnp.sys
11/02/2006 05:49 AM 54,376 VIAAGP.SYS
11/02/2006 04:30 AM 39,424 viac7.sys
11/02/2006 05:49 AM 17,512 viaide.sys
01/18/2008 10:52 PM 110,080 videoprt.sys
01/19/2008 12:42 AM 52,792 volmgr.sys
01/19/2008 12:43 AM 294,456 volmgrx.sys
01/19/2008 12:42 AM 227,896 volsnap.sys
11/02/2006 05:50 AM 112,232 vsmraid.sys
11/02/2006 04:52 AM 20,608 wacompen.sys
01/18/2008 10:56 PM 62,464 wanarp.sys
01/18/2008 10:35 PM 32,768 watchdog.sys
11/02/2006 05:49 AM 19,560 wd.sys
01/19/2008 12:43 AM 503,864 Wdf01000.sys
01/19/2008 12:42 AM 35,896 WdfLdr.sys
11/02/2006 04:35 AM 11,264 wmiacpi.sys
01/19/2008 12:41 AM 17,976 wmilib.sys
01/18/2008 11:04 PM 39,936 WpdUsb.sys
01/18/2008 10:56 PM 15,872 ws2ifsl.sys
01/18/2008 10:52 PM 51,200 WUDFPf.sys
01/18/2008 10:53 PM 83,328 WUDFRd.sys
01/09/2007 02:00 PM 221,696 yk60x86.sys
297 File(s) 36,292,705 bytes

Directory of C:\Windows\System32\Drivers\en-US

01/28/2011 05:00 PM .
01/28/2011 05:00 PM ..
11/02/2006 08:41 AM 9,728 acpi.sys.mui
11/02/2006 08:41 AM 8,704 afd.sys.mui
11/02/2006 08:41 AM 3,072 AGP440.sys.mui
11/02/2006 08:41 AM 3,072 AMDAGP.SYS.mui
11/02/2006 08:40 AM 2,560 amdide.sys.mui
11/02/2006 08:40 AM 14,848 amdk7.sys.mui
11/02/2006 08:40 AM 14,848 amdk8.sys.mui
11/02/2006 08:41 AM 3,072 ati2mpad.sys.mui
11/02/2006 08:41 AM 3,584 ati2mtag.sys.mui
11/02/2006 08:40 AM 3,072 atikmdag.sys.mui
01/19/2008 12:30 AM 5,120 b57nd60x.sys.mui
11/02/2006 08:40 AM 7,680 battc.sys.mui
11/02/2006 08:40 AM 5,120 bcm4sbxp.sys.mui
11/02/2006 08:40 AM 2,560 BrParwdm.sys.mui
11/02/2006 08:41 AM 10,240 BrSerId.sys.mui
11/02/2006 08:40 AM 5,120 bthpan.sys.mui
11/02/2006 08:41 AM 7,168 bthport.sys.mui
11/02/2006 08:41 AM 3,072 cmbp0wdm.sys.mui
11/02/2006 08:40 AM 14,848 crusoe.sys.mui
11/02/2006 08:41 AM 3,072 cxbp0wdm.sys.mui
11/02/2006 08:40 AM 3,072 Dot4usb.sys.mui
11/02/2006 08:40 AM 4,096 dxgkrnl.sys.mui
11/02/2006 08:41 AM 5,120 e100b325.sys.mui
01/19/2008 12:37 AM 19,968 e1e6032.sys.mui
01/19/2008 12:40 AM 16,896 E1G60I32.sys.mui
11/02/2006 08:40 AM 5,120 fltmgr.sys.mui
11/02/2006 08:40 AM 3,072 GAGP30KX.SYS.mui
11/02/2006 08:41 AM 3,584 gpr400.sys.mui
11/02/2006 08:41 AM 4,096 grserial.sys.mui
11/02/2006 08:41 AM 3,584 hidbth.sys.mui
11/03/2009 06:18 PM 36,864 http.sys.mui
11/02/2006 08:41 AM 10,752 i8042prt.sys.mui
11/02/2006 08:40 AM 14,848 intelppm.sys.mui
11/02/2006 08:41 AM 6,144 IPMIDrv.sys.mui
11/02/2006 08:41 AM 4,096 ipnat.sys.mui
11/02/2006 08:41 AM 4,096 isapnp.sys.mui
11/02/2006 08:41 AM 4,608 kbdclass.sys.mui
11/02/2006 08:41 AM 3,072 kbdhid.sys.mui
11/02/2006 08:41 AM 9,728 ltmdmnt.sys.mui
01/19/2008 12:30 AM 6,656 luafv.sys.mui
11/02/2006 08:41 AM 4,096 modem.sys.mui
11/02/2006 08:41 AM 4,608 mouclass.sys.mui
11/02/2006 08:41 AM 3,072 mouhid.sys.mui
01/19/2008 12:44 AM 20,480 mpio.sys.mui
11/02/2006 08:41 AM 4,096 msdsm.sys.mui
11/02/2006 08:41 AM 3,584 mssmbios.sys.mui
11/02/2006 08:41 AM 65,536 ntfs.sys.mui
11/02/2006 08:40 AM 4,096 ntrigdigi.sys.mui
11/02/2006 08:41 AM 5,120 nv4_mini.sys.mui
11/02/2006 08:41 AM 3,072 NV_AGP.SYS.mui
11/02/2006 08:40 AM 12,288 ohci1394.sys.mui
11/02/2006 08:41 AM 3,584 pacer.sys.mui
11/02/2006 08:40 AM 4,096 parport.sys.mui
11/02/2006 08:40 AM 3,072 parvdm.sys.mui
11/02/2006 08:41 AM 8,704 pci.sys.mui
11/02/2006 08:41 AM 4,608 pcmcia.sys.mui
11/02/2006 08:41 AM 3,072 pnpmem.sys.mui
11/02/2006 08:40 AM 14,848 processr.sys.mui
11/02/2006 08:41 AM 4,096 pscr.sys.mui
11/02/2006 08:41 AM 3,072 qwavedrv.sys.mui
11/02/2006 08:40 AM 3,584 RNDISMP.sys.mui
11/02/2006 08:41 AM 3,584 rndismpx.sys.mui
11/02/2006 08:41 AM 4,096 scmstcs.sys.mui
11/02/2006 08:41 AM 4,096 SCR111.sys.mui
11/02/2006 08:41 AM 3,584 scsiport.sys.mui
11/02/2006 08:40 AM 10,752 serial.sys.mui
11/02/2006 08:41 AM 5,632 sermouse.sys.mui
11/02/2006 08:41 AM 3,072 serscan.sys.mui
11/02/2006 08:41 AM 3,072 SISAGP.SYS.mui
11/02/2006 08:41 AM 3,072 srv.sys.mui
11/02/2006 08:41 AM 3,072 stcusb.sys.mui
01/19/2008 12:34 AM 5,120 tpm.sys.mui
11/02/2006 08:40 AM 3,072 UAGP35.SYS.mui
11/02/2006 08:41 AM 3,072 ULIAGPKX.SYS.mui
11/02/2006 08:40 AM 3,584 umbus.sys.mui
11/02/2006 08:41 AM 3,072 VIAAGP.SYS.mui
11/02/2006 08:40 AM 14,848 viac7.sys.mui
01/19/2008 12:36 AM 32,768 volsnap.sys.mui
11/02/2006 08:41 AM 4,608 wacompen.sys.mui
11/02/2006 08:41 AM 2,560 wd.sys.mui
01/19/2008 12:33 AM 3,072 wdf01000.sys.mui
11/02/2006 08:41 AM 5,632 yk60x86.sys.mui
82 File(s) 608,256 bytes

Directory of C:\Windows\System32\Drivers\etc

06/08/2012 01:18 AM .
06/08/2012 01:18 AM ..
06/08/2012 01:18 AM 27 hosts
09/18/2006 05:41 PM 3,683 lmhosts.sam
09/18/2006 05:41 PM 407 networks
09/18/2006 05:41 PM 1,358 protocol
09/18/2006 05:41 PM 17,244 services
5 File(s) 22,719 bytes

Directory of C:\Windows\System32\Drivers\UMDF

01/28/2011 04:51 PM .
01/28/2011 04:51 PM ..
11/02/2006 08:42 AM en-US
11/11/2007 11:13 AM 0 Msft_User_WpdFs_01_00_00.Wdf
03/24/2010 02:24 PM 0 Msft_User_WpdMtpDr_01_00_00.Wdf
01/19/2008 12:37 AM 220,160 WpdFs.dll
01/19/2008 12:37 AM 664,576 WpdMtpDr.dll
4 File(s) 884,736 bytes

Directory of C:\Windows\System32\Drivers\UMDF\en-US

11/02/2006 08:42 AM .
11/02/2006 08:42 AM ..
11/02/2006 08:40 AM 6,144 WpdMtpDr.dll.mui
1 File(s) 6,144 bytes

Total Files Listed:
389 File(s) 37,814,560 bytes
14 Dir(s) 64,430,985,216 bytes free

***********************Hidden Drivers********************
Volume in drive C is SQ004585V03
Volume Serial Number is 90D3-0EF7

Directory of C:\Windows\System32\Drivers

03/31/2008 03:55 PM 4 taishop.sys
1 File(s) 4 bytes
0 Dir(s) 64,430,993,408 bytes free

*********************Processes*******************

PROCESS PID PRIO PATH
Dwm.exe 1796 High C:\Windows\system32\Dwm.exe
Explorer.EXE 1816 Normal C:\Windows\Explorer.EXE
taskeng.exe 2040 Normal C:\Windows\system32\taskeng.exe
igfxpers.exe 472 Normal C:\Windows\System32\igfxpers.exe
RtHDVCpl.exe 896 Normal C:\Windows\RtHDVCpl.exe
SynTPStart.exe 2452 Normal C:\Program Files\Synaptics\SynTP\SynTPStart.exe
GoogleDesktop.exe 2868 Normal C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
realsched.exe 3040 Normal C:\Program Files\Common Files\Real\Update_OB\realsched.exe
AvastUI.exe 3100 Normal C:\Program Files\AVAST Software\Avast\AvastUI.exe
ONENOTEM.EXE 3116 Normal C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
SynToshiba.exe 3544 Normal C:\Program Files\Synaptics\SynTP\SynToshiba.exe
unsecapp.exe 3940 Normal C:\Windows\system32\wbem\unsecapp.exe
firefox.exe 3852 Normal C:\Program Files\Mozilla Firefox\firefox.exe
plugin-container.exe 2808 Normal C:\Program Files\Mozilla Firefox\plugin-container.exe
RealPlay.exe 2788 Idle C:\Program Files\Real\RealPlayer\RealPlay.exe
wuauclt.exe 1216 Normal C:\Windows\system32\wuauclt.exe
cmd.exe 544 Normal C:\Windows\system32\cmd.exe
processes.exe 2340 Normal C:\Users\JonEJet\Desktop\SpiderKill\SpiderKill\processes.exe

*********************Modules of explorer.exe and svchost.exe*******************
Module information for 'Explorer.EXE'(1816)
MODULE BASE SIZE PATH
Explorer.EXE 490000 2936832 C:\Windows\Explorer.EXE 6.0.6000.16386 (vista_rtm.061101-2205) Windows Explorer
ntdll.dll 77600000 1212416 C:\Windows\system32\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) NT Layer DLL
kernel32.dll 77380000 901120 C:\Windows\system32\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows NT BASE API Client DLL
snxhk.dll 75d00000 225280 C:\Program Files\AVAST Software\Avast\snxhk.dll 7.0.1426.0 avast! snxhk
ADVAPI32.dll 77070000 811008 C:\Windows\system32\ADVAPI32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Advanced Windows 32 Base API
RPCRT4.dll 77530000 794624 C:\Windows\system32\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Remote Procedure Call Runtime
GDI32.dll 75e70000 307200 C:\Windows\system32\GDI32.dll 6.0.6001.18159 (vistasp1_gdr.081020-1655) GDI Client DLL
USER32.dll 76fb0000 643072 C:\Windows\system32\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Multi-User Windows USER API Client DLL
msvcrt.dll 769d0000 696320 C:\Windows\system32\msvcrt.dll 7.0.6001.18000 (longhorn_rtm.080118-1840) Windows NT CRT DLL
SHLWAPI.dll 76f50000 360448 C:\Windows\system32\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Light-weight Utility Library
SHELL32.dll 75ec0000 11599872 C:\Windows\system32\SHELL32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Shell Common Dll
ole32.dll 76d40000 1327104 C:\Windows\system32\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft OLE for Windows
OLEAUT32.dll 76b10000 577536 C:\Windows\system32\OLEAUT32.dll 6.0.6001.18565 6.0.6001.18565
SHDOCVW.dll 6ff50000 1077248 C:\Windows\system32\SHDOCVW.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Doc Object and Control Library
UxTheme.dll 74bd0000 258048 C:\Windows\system32\UxTheme.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft UxTheme Library
POWRPROF.dll 75130000 106496 C:\Windows\system32\POWRPROF.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Power Profile Helper DLL
dwmapi.dll 71780000 49152 C:\Windows\system32\dwmapi.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft Desktop Window Manager API
gdiplus.dll 73830000 1748992 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll 5.2.6001.18551 (vistasp1_gdr.101104-0637) Microsoft GDI+
slc.dll 75710000 237568 C:\Windows\system32\slc.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Software Licensing Client Dll
PROPSYS.dll 736f0000 765952 C:\Windows\system32\PROPSYS.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Microsoft Property System
BROWSEUI.dll 6fd70000 1335296 C:\Windows\system32\BROWSEUI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Browser UI Library
IMM32.dll 77050000 122880 C:\Windows\system32\IMM32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Multi-User Windows IMM32 API Client DLL
MSCTF.dll 77460000 819200 C:\Windows\system32\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205) MSCTF Server DLL
DUser.dll 74fc0000 196608 C:\Windows\system32\DUser.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows DirectUser Engine
LPK.DLL 76e90000 36864 C:\Windows\system32\LPK.DLL 6.0.6001.18000 (longhorn_rtm.080118-1840) Language Pack
USP10.dll 76a80000 512000 C:\Windows\system32\USP10.dll 1.0626.6001.18461 (vistasp1_gdr.100416-0345) Uniscribe Unicode script processor
comctl32.dll 74c10000 1695744 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll 5.82 (longhorn_rtm.080118-1840) Common Controls Library
WindowsCodecs.dll 71ce0000 733184 C:\Windows\system32\WindowsCodecs.dll 6.0.6001.18131 (vistasp1_gdr.080827-1507) Microsoft Windows Codecs Library
apphelp.dll 75be0000 180224 C:\Windows\system32\apphelp.dll 6.0.6000.16386 (vista_rtm.061101-2205) Application Compatibility Client Library
CLBCatQ.DLL 77730000 540672 C:\Windows\system32\CLBCatQ.DLL 2001.12.6931.18000 (longhorn_rtm.080118-1840) COM+ Configuration Catalog
ashShell.dll 6fce0000 139264 C:\Program Files\AVAST Software\Avast\ashShell.dll 7.0.1426.0 avast! Shell Extension
msi.dll 6fad0000 2105344 C:\Windows\system32\msi.dll 4.0.6001.18000 Windows Installer
IconCodecService.dll 6fab0000 24576 C:\Windows\system32\IconCodecService.dll 6.0.6000.16386 (vista_rtm.061101-2205) Converts a PNG part of the icon to a legacy bmp icon
Secur32.dll 75cc0000 81920 C:\Windows\system32\Secur32.dll 6.0.6001.18272 (vistasp1_gdr.090615-0258) Security Support Provider Interface
rsaenh.dll 751d0000 241664 C:\Windows\system32\rsaenh.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft Enhanced Cryptographic Provider
timedate.cpl 6f770000 729088 C:\Windows\system32\timedate.cpl 6.0.6001.18000 (longhorn_rtm.080118-1840) Time Date Control Panel Applet
ATL.DLL 736a0000 81920 C:\Windows\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
NETAPI32.dll 75950000 479232 C:\Windows\system32\NETAPI32.dll 6.0.6001.18157 (vistasp1_gdr.081015-1604) Net Win32 API DLL
PSAPI.DLL 75e60000 28672 C:\Windows\system32\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Process Status Helper
OLEACC.dll 737f0000 233472 C:\Windows\system32\OLEACC.dll 4.2.5406.0 (longhorn_rtm.080118-1840) Active Accessibility Core Component
actxprxy.dll 6f660000 339968 C:\Windows\System32\actxprxy.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) ActiveX Interface Marshaling Library
USERENV.dll 75ce0000 122880 C:\Windows\system32\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205) Userenv
wmpband.dll 6fd20000 110592 C:\PROGRA~1\WI4EB4~1\wmpband.dll 11.0.6000.6324 (vista_rtm.061101-2205) Windows Media Player Deskband
MPR.dll 75860000 81920 C:\Windows\system32\MPR.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multiple Provider Router DLL
WINBRAND.dll 75290000 880640 C:\Windows\system32\WINBRAND.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Branding Resources
shacct.dll 737b0000 90112 C:\Windows\System32\shacct.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Shell Accounts Classes
SAMLIB.dll 758e0000 69632 C:\Windows\System32\SAMLIB.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) SAM Library DLL
msshsq.dll 6f9b0000 245760 C:\Windows\System32\msshsq.dll 7.00.6001.18528 (vistasp1_gdr_oobsvc.100919-1500) Structured Query
NaturalLanguage6.dll 6f150000 811008 C:\Windows\System32\NaturalLanguage6.dll 6.0.6001.18098 (vistasp1_gdr.080625-1507) Natural Language Development Platform 6
CRYPT32.dll 75760000 987136 C:\Windows\System32\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Crypto API32
MSASN1.dll 758c0000 73728 C:\Windows\System32\MSASN1.dll 6.0.6001.18326 (vistasp1_gdr.090903-2340) ASN.1 Runtime APIs
authui.dll 73b90000 1998848 C:\Windows\system32\authui.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Authentication UI
MSIMG32.dll 750a0000 20480 C:\Windows\system32\MSIMG32.dll 6.0.6000.16386 (vista_rtm.061101-2205) GDIEXT Client DLL
LINKINFO.dll 6fd50000 36864 C:\Windows\system32\LINKINFO.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Volume Tracking
urlmon.dll 77250000 1220608 C:\Windows\system32\urlmon.dll 7.00.6001.18000 (longhorn_rtm.080118-1840) OLE32 Extensions for Win32
iertutil.dll 77810000 286720 C:\Windows\system32\iertutil.dll 7.00.6001.18639 (vistasp1_gdr.110421-0338) Run time utility for Internet Explorer
NTMARTA.DLL 75150000 135168 C:\Windows\system32\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Windows NT MARTA provider
WLDAP32.dll 777c0000 303104 C:\Windows\system32\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Win32 LDAP API DLL
WS2_32.dll 76ea0000 184320 C:\Windows\system32\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Socket 2.0 32-Bit DLL
NSI.dll 76b00000 24576 C:\Windows\system32\NSI.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) NSI User-mode interface DLL
ieframe.dll 6d9c0000 6094848 C:\Windows\system32\ieframe.dll 7.00.6000.16386 (vista_rtm.061101-2205) Internet Explorer
WINMM.dll 73a10000 204800 C:\Windows\system32\WINMM.dll 6.0.6000.16386 (vista_rtm.061101-2205) MCI API DLL
wdmaud.drv 739e0000 192512 C:\Windows\system32\wdmaud.drv 6.0.6000.16386 (vista_rtm.061101-2205) Winmm audio system driver
ksuser.dll 74b10000 16384 C:\Windows\system32\ksuser.dll 6.0.6000.16386 (vista_rtm.061101-2205) User CSA Library
MMDevAPI.DLL 74ba0000 159744 C:\Windows\system32\MMDevAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) MMDevice API
AVRT.dll 75090000 28672 C:\Windows\system32\AVRT.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Multimedia Realtime Runtime
thumbcache.dll 6d610000 90112 C:\Windows\system32\thumbcache.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Thumbnail Cache
ntshrui.dll 6d390000 303104 C:\Windows\system32\ntshrui.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell extensions for sharing
SETUPAPI.dll 76bb0000 1613824 C:\Windows\system32\SETUPAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Setup API
cscapi.dll 6f520000 45056 C:\Windows\system32\cscapi.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Offline Files Win32 API
WINTRUST.dll 74b40000 184320 C:\Windows\system32\WINTRUST.dll 6.0.6001.18387 (vistasp1_gdr.091222-2238) Microsoft Trust Verification APIs
imagehlp.dll 77220000 167936 C:\Windows\system32\imagehlp.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows NT Image Helper
msiltcfg.dll 6df90000 28672 C:\Windows\system32\msiltcfg.dll 4.0.6000.16386 (vista_rtm.061101-2205) Windows Installer Configuration API Stub
VERSION.dll 75110000 32768 C:\Windows\system32\VERSION.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Version Checking and File Installation Libraries
ExplorerFrame.dll 6d7a0000 36864 C:\Windows\system32\ExplorerFrame.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) ExplorerFrame
WININET.dll 77140000 856064 C:\Windows\system32\WININET.dll 7.00.6000.16386 (vista_rtm.061101-2205) Internet Extensions for Win32
Normaliz.dll 76ba0000 12288 C:\Windows\system32\Normaliz.dll 6.0.6000.16386 (vista_rtm.061101-2205) Unicode Normalization DLL
AUDIOSES.DLL 736c0000 135168 C:\Windows\system32\AUDIOSES.DLL 6.0.6001.18000 (longhorn_rtm.080118-1840) Audio Session
audioeng.dll 720e0000 417792 C:\Windows\system32\audioeng.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Audio Engine
msacm32.drv 73af0000 36864 C:\Windows\system32\msacm32.drv 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Sound Mapper
MSACM32.dll 735b0000 81920 C:\Windows\system32\MSACM32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft ACM Audio Filter
midimap.dll 73690000 28672 C:\Windows\system32\midimap.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft MIDI Mapper
NLSData0009.dll 6c8f0000 4886528 C:\Windows\System32\NLSData0009.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft English Natural Language Server Data and Code
NLSLexicons0009.dll 6c660000 2650112 C:\Windows\System32\NLSLexicons0009.dll 6.0.6001.18098 (vistasp1_gdr.080625-1507) Microsoft English Natural Language Server Data and Code
stobject.dll 6e870000 598016 C:\Windows\system32\stobject.dll 6.0.6000.16386 (vista_rtm.061101-2205) Systray shell service object
BatMeter.dll 6e7b0000 745472 C:\Windows\system32\BatMeter.dll 6.0.6000.16386 (vista_rtm.061101-2205) Battery Meter Helper DLL
WTSAPI32.dll 750c0000 40960 C:\Windows\system32\WTSAPI32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Terminal Server SDK APIs
WINSTA.dll 75550000 151552 C:\Windows\system32\WINSTA.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Winstation Library
es.dll 71fc0000 290816 C:\Windows\system32\es.dll 2001.12.6931.18057 (vistasp1_gdr.080417-1550) COM+
SndVolSSO.dll 6e610000 196608 C:\Windows\System32\SndVolSSO.dll 6.0.6000.16386 (vista_rtm.061101-2205) SCA Volume
ehSSO.dll 6c420000 135168 C:\Windows\ehome\ehSSO.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Media Center Shell Service Object
HID.DLL 720d0000 36864 C:\Windows\system32\HID.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Hid User Library
netshell.dll 6b680000 3190784 C:\Windows\System32\netshell.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network Connections Shell
IPHLPAPI.DLL 75650000 102400 C:\Windows\System32\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) IP Helper API
dhcpcsvc.DLL 75690000 217088 C:\Windows\System32\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205) DHCP Client Service
DNSAPI.dll 75920000 180224 C:\Windows\System32\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) DNS Client API DLL
WINNSI.DLL 75750000 28672 C:\Windows\System32\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-1840) Network Store Information RPC interface
dhcpcsvc6.DLL 75620000 135168 C:\Windows\System32\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205) DHCPv6 Client
nlaapi.dll 74660000 61440 C:\Windows\System32\nlaapi.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Network Location Awareness 2
FirewallAPI.dll 74db0000 417792 C:\Windows\system32\FirewallAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Firewall API
pnidui.dll 6bf00000 1830912 C:\Windows\system32\pnidui.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network System Icon
QUtil.dll 6f130000 94208 C:\Windows\system32\QUtil.dll 6.0.6000.16386 (vista_rtm.061101-2205) Quarantine Utilities
wevtapi.dll 756d0000 262144 C:\Windows\system32\wevtapi.dll 6.0.6000.16386 (vista_rtm.061101-2205) Eventing Consumption and Configuration API
wlanutil.dll 71b60000 24576 C:\Windows\system32\wlanutil.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Wireless LAN 802.11 Utility DLL
FunDisc.dll 6d800000 159744 C:\Windows\system32\FunDisc.dll 6.0.6000.16386 (vista_rtm.061101-2205) Function Discovery Dll
fdproxy.dll 737d0000 36864 C:\Windows\system32\fdproxy.dll 6.0.6000.16386 (vista_rtm.061101-2205) Function Discovery Proxy Dll
msxml3.dll 6d4c0000 1269760 C:\Windows\System32\msxml3.dll 8.100.4002.0 MSXML 3.0 SP10
SXS.DLL 75c40000 389120 C:\Windows\system32\SXS.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Fusion 2.5
oobefldr.dll 6bca0000 2162688 C:\Windows\system32\oobefldr.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Welcome Center
toolband.dll 10000000 380928 C:\Program Files\Lexmark Toolbar\toolband.dll
WINSPOOL.DRV 6e470000 270336 C:\Windows\system32\WINSPOOL.DRV 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Spooler Driver
resource.dll 6fe0000 466944 C:\Program Files\Lexmark Toolbar\resource.dll
npmproxy.dll 6eb80000 32768 C:\Windows\System32\npmproxy.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network List Manager Proxy
Wlanapi.dll 6ed20000 73728 C:\Windows\system32\Wlanapi.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows WLAN AutoConfig Client Side API DLL
OneX.DLL 718f0000 1556480 C:\Windows\system32\OneX.DLL 6.0.6001.18000 (longhorn_rtm.080118-1840) IEEE 802.1X supplicant library
eappprxy.dll 71c90000 57344 C:\Windows\system32\eappprxy.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft EAPHost Peer Client DLL
eappcfg.dll 71b70000 147456 C:\Windows\system32\eappcfg.dll 6.0.6000.16386 (vista_rtm.061101-2205) Eap Peer Config
bcrypt.dll 75590000 282624 C:\Windows\system32\bcrypt.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Cryptographic Primitives Library
AltTab.dll 69ef0000 53248 C:\Windows\System32\AltTab.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Shell Alt Tab
wpdshserviceobj.dll 69bc0000 143360 C:\Windows\system32\wpdshserviceobj.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Portable Device Shell Service Object
WINHTTP.dll 6f540000 393216 C:\Windows\system32\WINHTTP.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows HTTP Services
srchadmin.dll 69320000 315392 C:\Windows\System32\srchadmin.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Indexing Options
webcheck.dll 69a30000 245760 C:\Windows\system32\webcheck.dll 7.00.6000.16386 (vista_rtm.061101-2205) Web Site Monitor
mssprxy.dll 6a670000 45056 C:\Windows\system32\mssprxy.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Microsoft Search Proxy
SyncCenter.dll 69810000 2211840 C:\Windows\System32\SyncCenter.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Sync Center
bthprops.cpl 69050000 1019904 C:\Windows\system32\bthprops.cpl 6.0.6000.16386 (vista_rtm.061101-2205) Bluetooth Control Panel Applet
imapi2.dll 69260000 331776 C:\Windows\system32\imapi2.dll 6.0.6000.16386 (vista_rtm.061101-2205) Image Mastering API v2
PortableDeviceTypes.dll 69a80000 176128 C:\Windows\system32\PortableDeviceTypes.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Portable Device (Parameter) Types Component
PortableDeviceApi.dll 6cdc0000 253952 C:\Windows\system32\PortableDeviceApi.dll 6.0.6001.18160 (vistasp1_gdr.081021-1528) Windows Portable Device API Components
ntlanman.dll 69d70000 77824 C:\Windows\System32\ntlanman.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft® Lan Manager
drprov.dll 69eb0000 32768 C:\Windows\System32\drprov.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Terminal Server Network Provider
davclnt.dll 69df0000 61440 C:\Windows\System32\davclnt.dll 6.0.6000.16386 (vista_rtm.061101-2205) Web DAV Client DLL
MLANG.dll 69e20000 196608 C:\Windows\system32\MLANG.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multi Language Support DLL
mscms.dll 6b9f0000 401408 C:\Windows\system32\mscms.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Color Matching System DLL
WinSATAPI.dll 67e60000 393216 C:\Windows\system32\WinSATAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows System Assessment Tool API
msxml6.dll 70a50000 1417216 C:\Windows\System32\msxml6.dll 6.20.4001.0 MSXML 6.0 SP2
Cabinet.dll 74a60000 86016 C:\Windows\system32\Cabinet.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft® Cabinet File API
QAgent.dll 6f0f0000 188416 C:\Windows\System32\QAgent.dll 6.0.6000.16386 (vista_rtm.061101-2205) Quarantine Agent Proxy
fwpuclnt.dll 6ed60000 614400 C:\Windows\System32\fwpuclnt.dll 6.0.6000.16386 (vista_rtm.061101-2205) FWP/IPsec User-Mode API
wbemprox.dll 6e910000 45056 C:\Windows\system32\wbem\wbemprox.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) WMI
wbemcomn.dll 6e040000 372736 C:\Windows\system32\wbemcomn.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) WMI
wbemsvc.dll 6bab0000 65536 C:\Windows\system32\wbem\wbemsvc.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) WMI
fastprox.dll 6a6d0000 626688 C:\Windows\system32\wbem\fastprox.dll 6.0.6001.18226 (vistasp1_gdr.090302-1506) WMI Custom Marshaller
NTDSAPI.dll 758a0000 98304 C:\Windows\system32\NTDSAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Active Directory Domain Services API
tquery.dll 6b080000 1593344 C:\Windows\system32\tquery.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) tquery.dll
zipfldr.dll 6e930000 356352 C:\Windows\system32\zipfldr.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Compressed (zipped) Folders
mbamext.dll 6d840000 98304 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 1.61.0.0000 Malwarebytes Anti-Malware
syncui.dll 68b90000 188416 C:\Windows\system32\syncui.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Briefcase
SYNCENG.dll 6a530000 90112 C:\Windows\system32\SYNCENG.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Briefcase Engine
MpOav.dll 6d420000 90112 C:\Program Files\Windows Defender\MpOav.dll 1.1.1600.0 IOfficeAntiVirus Module
tiptsf.dll 68ce0000 393216 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 6.0.6000.16386 (vista_rtm.061101-2205) Tablet PC Input Panel Text Services Framework
AcroIEHelper.dll 2a30000 65536 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 8.3.1.289 Adobe PDF Helper for Internet Explorer
MSVCR80.dll 74eb0000 634880 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\MSVCR80.dll 8.00.50727.3053 Microsoft® C Runtime Library
xmllite.dll 74b70000 192512 C:\Windows\system32\xmllite.dll 1.2.1009.0 Microsoft XmlLite Library

******************************************
EOF

Re: Root Kit....Zero Access13th June 2012, 2:41 pm

SVCHOST Diag

~~~~~Services loaded under SVCHOST~~~~~

Image Name: svchost.exe
PID: 900
Services: DcomLaunch
PlugPlay

Image Name: svchost.exe
PID: 1020
Services: RpcSs

Image Name: svchost.exe
PID: 1060
Services: Audiosrv
Dhcp
Eventlog
lmhosts
wscsvc

Image Name: svchost.exe
PID: 1152
Services: AudioEndpointBuilder
EMDMgmt
hidserv
Netman
PcaSvc
SysMain
TabletInputService
TrkWks
UxSms
WdiSystemHost
Wlansvc
WPDBusEnum
wudfsvc

Image Name: svchost.exe
PID: 1168
Services: AeLookupSvc
Appinfo
BITS
Browser
EapHost
gpsvc
iphlpsvc
LanmanServer
MMCSS
ProfSvc
RasMan
Schedule
seclogon
SENS
ShellHWDetection
Themes
Winmgmt
wuauserv

Image Name: svchost.exe
PID: 1372
Services: EventSystem
fdPHost
FDResPub
LanmanWorkstation
netprofm
nsi
SSDPSRV
SstpSvc
W32Time
WebClient
WinHttpAutoProxySvc

Image Name: svchost.exe
PID: 1556
Services: CryptSvc
Dnscache
KtmRm
NlaSvc
TapiSrv
TermService

Image Name: svchost.exe
PID: 2100
Services: DPS

Image Name: svchost.exe
PID: 2780
Services: stisvc

Image Name: svchost.exe
PID: 3300
Services: WerSvc

~~~~~Modules loaded under SVCHOST~~~~~

Image Name: svchost.exe
PID: 900
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
umpnpmgr.dll
USER32.dll
GDI32.dll
USERENV.dll
Secur32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
POWRPROF.dll
GPAPI.dll
slc.dll
rpcss.dll
WS2_32.dll
NSI.dll
FirewallAPI.dll
OLEAUT32.dll
ole32.dll
VERSION.dll
CRYPT32.dll
MSASN1.dll
credssp.dll
schannel.dll
NETAPI32.dll
PSAPI.DLL
SETUPAPI.dll
Cabinet.dll
NTMARTA.DLL
WLDAP32.dll
SAMLIB.dll
WINSTA.dll
CLBCatQ.DLL
apphelp.dll
WTSAPI32.dll

Image Name: svchost.exe
PID: 1020
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
rpcss.dll
WS2_32.dll
NSI.dll
Secur32.dll
FirewallAPI.dll
USER32.dll
GDI32.dll
OLEAUT32.dll
ole32.dll
VERSION.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
CRYPT32.dll
MSASN1.dll
USERENV.dll
credssp.dll
schannel.dll
NETAPI32.dll
PSAPI.DLL
rsaenh.dll
mswsock.dll
wshtcpip.dll
wship6.dll
CLBCatQ.DLL
WTSAPI32.dll
WINSTA.dll

Image Name: svchost.exe
PID: 1060
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
wevtsvc.dll
USERENV.dll
Secur32.dll
USER32.dll
GDI32.dll
VERSION.dll
GPAPI.dll
slc.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
CRYPT32.dll
MSASN1.dll
credssp.dll
schannel.dll
NETAPI32.dll
PSAPI.DLL
WS2_32.dll
NSI.dll
mswsock.dll
wshtcpip.dll
wship6.dll
audiosrv.dll
ole32.dll
OLEAUT32.dll
MMDevAPI.DLL
SHLWAPI.dll
WTSAPI32.dll
WINSTA.dll
comctl32.dll
CLBCatQ.DLL
SETUPAPI.dll
WINTRUST.dll
imagehlp.dll
rsaenh.dll
audioses.dll
audioeng.dll
AVRT.dll
lmhsvc.dll
IPHLPAPI.DLL
dhcpcsvc.DLL
DNSAPI.dll
WINNSI.DLL
dhcpcsvc6.DLL
wscsvc.dll
FirewallAPI.dll
dbghelp.dll
wbemprox.dll
wbemcomn.dll
wbemsvc.dll
fastprox.dll
NTDSAPI.dll
WLDAP32.dll
ncrypt.dll
BCRYPT.dll
wuapi.dll
Cabinet.dll

Image Name: svchost.exe
PID: 1152
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
NTMARTA.DLL
USER32.dll
GDI32.dll
WLDAP32.dll
WS2_32.dll
NSI.dll
PSAPI.DLL
SAMLIB.dll
ole32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
audiosrv.dll
OLEAUT32.dll
MMDevAPI.DLL
SHLWAPI.dll
WTSAPI32.dll
WINSTA.dll
comctl32.dll
CLBCatQ.DLL
SETUPAPI.dll
WINTRUST.dll
CRYPT32.dll
MSASN1.dll
USERENV.dll
Secur32.dll
imagehlp.dll
uxsms.dll
tabsvc.dll
HID.DLL
slc.dll
wudfsvc.dll
WUDFPlatform.dll
VERSION.dll
wevtapi.dll
wlansvc.dll
NETAPI32.dll
SHELL32.dll
WLANMSM.DLL
WLANSEC.dll
OneX.DLL
eappprxy.dll
eappcfg.dll
gdiplus.dll
DUser.dll
UxTheme.dll
OLEACC.dll
AUTHZ.dll
dhcpcsvc.DLL
DNSAPI.dll
WINNSI.DLL
wlgpclnt.dll
l2gpstore.dll
wlanutil.dll
SYSNTFY.dll
WinSCard.dll
IPHLPAPI.DLL
dhcpcsvc6.DLL
bcrypt.dll
msxml6.dll
rsaenh.dll
credssp.dll
schannel.dll
kerberos.dll
cryptdll.dll
apphelp.dll
netcfgx.dll
Cabinet.dll
emdmgmt.dll
WDSCORE.dll
SLWGA.dll
urlmon.dll
iertutil.dll
hidserv.dll
pcasvc.dll
netman.dll
RASAPI32.dll
rasman.dll
TAPI32.dll
rtutils.dll
WINMM.dll
sysmain.dll
trkwks.dll
netshell.dll
nlaapi.dll
wpdbusenum.dll
GPAPI.dll
PortableDeviceApi.dll
wdi.dll
pcadm.dll
RASDLG.dll
MPRAPI.dll
ACTIVEDS.dll
adsldpc.dll
credui.dll
ATL.DLL
hnetcfg.dll
WINHTTP.dll
mswsock.dll
wshtcpip.dll
upnp.dll
SSDPAPI.dll
SXS.DLL
msxml3.dll
wbemprox.dll
wbemcomn.dll
wbemsvc.dll
fastprox.dll
NTDSAPI.dll
radardt.dll

Image Name: svchost.exe
PID: 1168
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
NTMARTA.DLL
USER32.dll
GDI32.dll
WLDAP32.dll
WS2_32.dll
NSI.dll
PSAPI.DLL
SAMLIB.dll
ole32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
mmcss.dll
AVRT.dll
gpsvc.dll
Secur32.dll
NETAPI32.dll
NTDSAPI.dll
DNSAPI.dll
WTSAPI32.dll
OLEAUT32.dll
USERENV.dll
GPAPI.dll
slc.dll
AUTHZ.dll
SYSNTFY.dll
WINSTA.dll
nlaapi.dll
IPHLPAPI.DLL
dhcpcsvc.DLL
WINNSI.DLL
dhcpcsvc6.DLL
profsvc.dll
ATL.DLL
shsvcs.dll
sens.dll
UxTheme.dll
rsaenh.dll
eapsvc.dll
eapphost.dll
CLBCatQ.DLL
umb.dll
SETUPAPI.dll
WINTRUST.dll
CRYPT32.dll
MSASN1.dll
imagehlp.dll
PROPSYS.dll
SXS.DLL
COMCTL32.dll
schedsvc.dll
SHLWAPI.dll
wevtapi.dll
ktmw32.dll
comctl32.dll
credssp.dll
schannel.dll
wiarpc.dll
taskcomp.dll
VERSION.dll
mswsock.dll
wshtcpip.dll
wship6.dll
apphelp.dll
tschannel.dll
srvsvc.dll
SSCORE.DLL
FirewallAPI.DLL
CLUSAPI.DLL
cryptdll.dll
ACTIVEDS.dll
adsldpc.dll
credui.dll
SHELL32.dll
RESUTILS.DLL
browser.dll
aelupsvc.dll
seclogon.dll
wmisvc.dll
wbemcomn.dll
iphlpsvc.dll
fwpuclnt.dll
rtutils.dll
sqmapi.dll
bcrypt.dll
rasmans.dll
Cabinet.dll
rastapi.dll
TAPI32.dll
WINMM.dll
OLEACC.dll
rasppp.dll
MPRAPI.dll
RASAPI32.dll
rasman.dll
kerberos.dll
RASQEC.DLL
QUtil.dll
raschap.dll
rastls.dll
CRYPTUI.dll
MSIMG32.dll
WinSCard.dll
VSSAPI.DLL
vsstrace.dll
XmlLite.dll
MPR.dll
wbemcore.dll
esscli.dll
FastProx.dll
wbemsvc.dll
wmiutils.dll
repdrvfs.dll
wmiprvsd.dll
NCObjAPI.DLL
wbemess.dll
napinsp.dll
pnrpnsp.dll
winrnr.dll
rasadhlp.dll
appinfo.dll
ncprov.dll
qmgr.dll
SHFOLDER.dll
WINHTTP.dll
bitsperf.dll
bitsigd.dll
upnp.dll
SSDPAPI.dll
msxml3.dll
urlmon.dll
iertutil.dll
wuaueng.dll
ESENT.dll
WINSPOOL.DRV
mspatcha.dll
WMsgAPI.dll
wer.dll
SensApi.dll
ncrypt.dll
wups2.dll
dssenh.dll
qmgrprxy.dll

Image Name: svchost.exe
PID: 1372
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
NTMARTA.DLL
USER32.dll
GDI32.dll
WLDAP32.dll
WS2_32.dll
NSI.dll
PSAPI.DLL
SAMLIB.dll
ole32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
es.dll
OLEAUT32.dll
PROPSYS.dll
rsaenh.dll
CLBCatQ.DLL
nsisvc.dll
secur32.dll
CRYPT32.dll
MSASN1.dll
USERENV.dll
credssp.dll
schannel.dll
NETAPI32.dll
SXS.DLL
webclnt.dll
WINHTTP.dll
SHLWAPI.dll
urlmon.dll
iertutil.dll
comctl32.dll
shell32.dll
WinInet.dll
Normaliz.dll
wkssvc.dll
IPHLPAPI.DLL
dhcpcsvc.DLL
DNSAPI.dll
WINNSI.DLL
dhcpcsvc6.DLL
NTDSAPI.dll
WINBRAND.dll
fdrespub.dll
wsdapi.dll
HTTPAPI.dll
WINTRUST.dll
imagehlp.dll
XmlLite.dll
FirewallAPI.dll
VERSION.dll
FunDisc.dll
ATL.DLL
SETUPAPI.dll
mswsock.dll
wshtcpip.dll
wship6.dll
msxml3.dll
sstpsvc.dll
rtutils.dll
w32time.dll
cryptdll.dll
GPAPI.dll
slc.dll
netprofm.dll
nlaapi.dll
npmproxy.dll
fdphost.dll
fdwsd.dll
MLANG.dll
fdssdp.dll
SSDPAPI.dll
fdproxy.dll
ssdpsrv.dll
napinsp.dll
pnrpnsp.dll
winrnr.dll
rasadhlp.dll

Image Name: svchost.exe
PID: 1556
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
NTMARTA.DLL
USER32.dll
GDI32.dll
WLDAP32.dll
WS2_32.dll
NSI.dll
PSAPI.DLL
SAMLIB.dll
ole32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
dnsrslvr.dll
DNSAPI.dll
dhcpcsvc.DLL
Secur32.dll
WINNSI.DLL
dhcpcsvc6.DLL
IPHLPAPI.DLL
mswsock.dll
wship6.dll
wshtcpip.dll
cryptsvc.dll
OLEAUT32.dll
VSSAPI.DLL
ATL.DLL
vsstrace.dll
AUTHZ.dll
XmlLite.dll
NETAPI32.dll
MPR.dll
SETUPAPI.dll
CRYPT32.dll
MSASN1.dll
USERENV.dll
nlasvc.dll
wevtapi.dll
ncsi.dll
WINHTTP.dll
SHLWAPI.dll
WTSAPI32.dll
bcrypt.dll
CFGMGR32.dll
comctl32.dll
rsaenh.dll
credssp.dll
schannel.dll
CLBCatQ.DLL
es.dll
PROPSYS.dll
ssdpapi.dll
tapisrv.dll
ACTIVEDS.dll
adsldpc.dll
credui.dll
SHELL32.dll
rtutils.dll
WINMM.dll
OLEACC.dll
termsrv.dll
ICAAPI.dll
WINTRUST.dll
imagehlp.dll
WINSTA.dll
unimdm.tsp
uniplat.dll
unimdmat.dll
VERSION.dll
modemui.dll
kmddsp.tsp
ndptsp.tsp
hidphone.tsp
HID.DLL
napinsp.dll
pnrpnsp.dll
winrnr.dll
rasadhlp.dll
msdtckrm.dll
ktmw32.dll
CLUSAPI.dll
NTDSAPI.dll
cryptdll.dll
CRYPTNET.dll
SensApi.dll
ESENT.dll

Image Name: svchost.exe
PID: 2100
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
dps.dll
wdi.dll
USER32.dll
GDI32.dll
USERENV.dll
Secur32.dll
OLEAUT32.dll
ole32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
CLBCatQ.DLL
taskschd.dll
SHLWAPI.dll
XmlLite.dll
comctl32.dll
GPAPI.dll
slc.dll
diagperf.dll
SHELL32.dll
pnpts.dll
VERSION.dll
iphlpapi.dll
dhcpcsvc.DLL
DNSAPI.dll
WS2_32.dll
NSI.dll
WINNSI.DLL
dhcpcsvc6.DLL
WINTRUST.dll
CRYPT32.dll
MSASN1.dll
imagehlp.dll

Image Name: svchost.exe
PID: 2780
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
wiaservc.dll
USER32.dll
GDI32.dll
OLEAUT32.dll
ole32.dll
VERSION.dll
COMDLG32.dll
SHLWAPI.dll
COMCTL32.dll
SHELL32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
comctl32.dll
wiatrace.dll
secur32.dll
CRYPT32.dll
MSASN1.dll
USERENV.dll
credssp.dll
schannel.dll
NETAPI32.dll
PSAPI.DLL
msv1_0.dll
cryptdll.dll
WS2_32.dll
NSI.dll
WSDCHNGR.DLL
CLBCatQ.DLL
FunDisc.dll
ATL.DLL
SETUPAPI.dll
msxml3.dll
WINTRUST.dll
imagehlp.dll
rsaenh.dll
CFGMGR32.dll

Image Name: svchost.exe
PID: 3300
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
wersvc.dll

~~~~~SVCHOST service~~~~~

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"LocalService"=hex(7):6e,00,73,00,69,00,00,00,6c,00,6c,00,74,00,64,00,73,00,76,\
00,63,00,00,00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,75,00,70,00,\
6e,00,70,00,68,00,6f,00,73,00,74,00,00,00,53,00,43,00,61,00,72,00,64,00,53,\
00,76,00,72,00,00,00,77,00,33,00,32,00,74,00,69,00,6d,00,65,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,00,\
00,00,57,00,69,00,6e,00,48,00,74,00,74,00,70,00,41,00,75,00,74,00,6f,00,50,\
00,72,00,6f,00,78,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,6d,00,\
61,00,6e,00,77,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,\
00,00,00,54,00,42,00,53,00,00,00,53,00,4c,00,55,00,49,00,4e,00,6f,00,74,00,\
69,00,66,00,79,00,00,00,54,00,48,00,52,00,45,00,41,00,44,00,4f,00,52,00,44,\
00,45,00,52,00,00,00,66,00,64,00,72,00,65,00,73,00,70,00,75,00,62,00,00,00,\
6e,00,65,00,74,00,70,00,72,00,6f,00,66,00,6d,00,00,00,66,00,64,00,70,00,68,\
00,6f,00,73,00,74,00,00,00,77,00,63,00,6e,00,63,00,73,00,76,00,63,00,00,00,\
51,00,57,00,41,00,56,00,45,00,00,00,4d,00,63,00,78,00,32,00,53,00,76,00,63,\
00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,53,00,\
73,00,74,00,70,00,53,00,76,00,63,00,00,00,00,00
"LocalSystemNetworkRestricted"=hex(7):68,00,69,00,64,00,73,00,65,00,72,00,76,\
00,00,00,55,00,78,00,53,00,6d,00,73,00,00,00,57,00,64,00,69,00,53,00,79,00,\
73,00,74,00,65,00,6d,00,48,00,6f,00,73,00,74,00,00,00,4e,00,65,00,74,00,6d,\
00,61,00,6e,00,00,00,74,00,72,00,6b,00,77,00,6b,00,73,00,00,00,41,00,75,00,\
64,00,69,00,6f,00,45,00,6e,00,64,00,70,00,6f,00,69,00,6e,00,74,00,42,00,75,\
00,69,00,6c,00,64,00,65,00,72,00,00,00,57,00,55,00,44,00,46,00,53,00,76,00,\
63,00,00,00,69,00,72,00,6d,00,6f,00,6e,00,00,00,73,00,79,00,73,00,6d,00,61,\
00,69,00,6e,00,00,00,49,00,50,00,42,00,75,00,73,00,45,00,6e,00,75,00,6d,00,\
00,00,64,00,6f,00,74,00,33,00,73,00,76,00,63,00,00,00,50,00,63,00,61,00,53,\
00,76,00,63,00,00,00,45,00,4d,00,44,00,4d,00,67,00,6d,00,74,00,00,00,54,00,\
61,00,62,00,6c,00,65,00,74,00,49,00,6e,00,70,00,75,00,74,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,00,00,77,00,6c,00,61,00,6e,00,73,00,76,00,63,00,\
00,00,57,00,50,00,44,00,42,00,75,00,73,00,45,00,6e,00,75,00,6d,00,00,00,00,\
00
"NetworkServiceNetworkRestricted"=hex(7):50,00,6f,00,6c,00,69,00,63,00,79,00,\
41,00,67,00,65,00,6e,00,74,00,00,00,00,00
"LocalServiceNoNetwork"=hex(7):50,00,4c,00,41,00,00,00,44,00,50,00,53,00,00,00,\
42,00,46,00,45,00,00,00,6d,00,70,00,73,00,73,00,76,00,63,00,00,00,65,00,68,\
00,73,00,74,00,61,00,72,00,74,00,00,00,00,00
"NetworkService"=hex(7):43,00,72,00,79,00,70,00,74,00,53,00,76,00,63,00,00,00,\
44,00,48,00,43,00,50,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,00,00,4b,00,74,00,6d,00,52,00,6d,00,00,00,44,00,4e,00,\
53,00,43,00,61,00,63,00,68,00,65,00,00,00,4e,00,61,00,70,00,41,00,67,00,65,\
00,6e,00,74,00,00,00,6e,00,6c,00,61,00,73,00,76,00,63,00,00,00,57,00,69,00,\
6e,00,52,00,4d,00,00,00,57,00,45,00,43,00,53,00,56,00,43,00,00,00,54,00,61,\
00,70,00,69,00,73,00,72,00,76,00,00,00,00,00
"termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,00,00
"WerSvcGroup"=hex(7):77,00,65,00,72,00,73,00,76,00,63,00,00,00,00,00
"netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,\
63,00,00,00,77,00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,\
00,72,00,74,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,43,00,65,00,\
72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,00,00,00,53,00,43,00,50,\
00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,\
6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,00,00,00,67,00,70,00,73,\
00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,54,00,00,00,41,00,75,00,\
64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,00,73,00,74,00,55,00,73,\
00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,\
6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,\
00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,6c,00,\
61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,\
00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,\
4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,\
00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,\
00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,\
00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,\
61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,\
57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,\
00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,\
77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,\
00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,\
63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,6f,\
00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,64,00,69,00,74,00,00,00,\
68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,00,70,00,6c,00,6f,00,61,\
00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,\
63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,41,00,70,\
00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,69,00,73,00,63,00,73,00,\
69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,50,00,72,00,6f,00,66,00,53,\
00,76,00,63,00,00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,77,00,\
69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,73,00,63,00,68,00,65,00,64,00,75,\
00,6c,00,65,00,00,00,53,00,65,00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,\
76,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,68,00,6b,00,6d,\
00,73,00,76,00,63,00,00,00,00,00
"swprv"=hex(7):73,00,77,00,70,00,72,00,76,00,00,00,00,00
"LocalServiceNetworkRestricted"=hex(7):44,00,48,00,43,00,50,00,00,00,65,00,76,\
00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,41,00,75,00,64,00,69,00,6f,00,\
53,00,72,00,76,00,00,00,4c,00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,77,\
00,73,00,63,00,73,00,76,00,63,00,00,00,70,00,32,00,70,00,69,00,6d,00,73,00,\
76,00,63,00,00,00,50,00,4e,00,52,00,50,00,53,00,76,00,63,00,00,00,70,00,32,\
00,70,00,73,00,76,00,63,00,00,00,57,00,50,00,43,00,53,00,76,00,63,00,00,00,\
50,00,6e,00,72,00,70,00,41,00,75,00,74,00,6f,00,52,00,65,00,67,00,00,00,00,\
00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"regsvc"=hex(7):52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,00,69,00,73,\
00,74,00,72,00,79,00,00,00,00,00
"wcssvc"=hex(7):57,00,63,00,73,00,50,00,6c,00,75,00,67,00,49,00,6e,00,53,00,65,\
00,72,00,76,00,69,00,63,00,65,00,00,00,00,00
"DcomLaunch"=hex(7):50,00,6c,00,75,00,67,00,50,00,6c,00,61,00,79,00,00,00,44,\
00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,68,00,00,00,00,00
"wdisvc"=hex(7):57,00,64,00,69,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,48,\
00,6f,00,73,00,74,00,00,00,00,00
"sdrsvc"=hex(7):73,00,64,00,72,00,73,00,76,00,63,00,00,00,00,00
"imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
"secsvcs"=hex(7):57,00,69,00,6e,00,44,00,65,00,66,00,65,00,6e,00,64,00,00,00,\
00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
"AuthenticationCapabilities"=dword:00002000
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
"DefaultRpcStackSize"=dword:00000040

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:0000001c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
"CoInitializeSecurityParam"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
"CoInitializeSecurityParam"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
"CoInitializeSecurityParam"=dword:00000001
"CoInitializeSecurityAppID"="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001

~~~~~SVCHOST MD5~~~~~

3794B461C45882E06856F282EEF025AF C:\Windows\system32\svchost.exe

~~~~~END OF FILE!~~~~~

Re: Root Kit....Zero Access13th June 2012, 3:09 pm

While we look at these logs, we scan a file that is most likely legit, but gotta make sure.

Please go to the Virustotal website by clicking here
Click the Choose File button and in the Name field paste:
c:\windows\system32\wbem\wbemess.dll
Click Open and click Scan It!
If Virustotal informs you that "File already analysed", click Reanalyse
An analysis report will appear. Copy and paste the url (something like http://www.virustotal.com/analisis/blabla) into your next reply.

Re: Root Kit....Zero Access13th June 2012, 3:39 pm

FYI I am still being redirected...woooohooooo this is fun...lol

https://www.virustotal.com/file/2d283a83359584defed9dd7c10649c560acc588e56086c04aa455bde84ee3b89/analysis/1339601834/

Re: Root Kit....Zero Access13th June 2012, 4:02 pm

Hello!

I'm going to step in for a moment to ask a few random questions, so we can further diagnose this together...

1. How are you using the search engines? Are you being redirected in normal browsing on any website, or just a search engine? What is your usual web browser?

2. Post the following information from this tool:

Download Win32kDiag from any of the following locations and save it to your Desktop.

Double-click Win32kDiag.exe to run Win32kDiag and let it finish.

When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.

Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

Re: Root Kit....Zero Access13th June 2012, 4:22 pm

My normal web browser is google....and yes, anytime I use this feature I get redirected under most searches....like this

hxxp://8.26.70.252/see/display.php?q=pogo&affsub=7095258_46938-12780&subid=e10

Doing scan now

Re: Root Kit....Zero Access13th June 2012, 5:58 pm

Just searches?

Where did you download Google Chrome? ((Google.com?) Or another source?)

After you post the scan log from Win32kDiag, post a Quick Scan from OTL please.

I think we got this wrapped up here...

Re: Root Kit....Zero Access13th June 2012, 7:22 pm

Don't remember about the gooogle chrome....don't need it, never use it

Re: Root Kit....Zero Access13th June 2012, 7:41 pm

Okay. How's it going on the scan logs? Post them whenever done, please.

Re: Root Kit....Zero Access13th June 2012, 7:42 pm

scan still going...been a few hours

Re: Root Kit....Zero Access13th June 2012, 8:14 pm

It shouldn't take more than 30 minutes at the max.!

Cancel the scan and try again, please...

Re: Root Kit....Zero Access13th June 2012, 8:28 pm

I stopped it at this point....will try new scan again

Running from: C:\Users\JonEJet\Desktop\Win32kDiag.exe

Log file at : C:\Users\JonEJet\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...

Cannot access: C:\Windows\System32\catroot2\edb00286.log

[1] 2012-06-08 01:22:59 65536 C:\Windows\System32\catroot2\edb00286.log ()

Cannot access: C:\Windows\System32\config\BCD-Template

[1] 2008-01-05 07:22:50 262144 C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.0.6001.18000_none_282474660318747d\BCD-Template ()

[1] 2007-11-06 16:41:23 262144 C:\Windows\System32\config\BCD-Template ()

[1] 2006-11-02 08:34:29 262144 C:\Windows\winsxs\x86_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.0.6000.16386_none_25edb26a062d63a9\BCD-Template ()

[1] 2008-01-05 04:22:52 262144 C:\Windows\winsxs\x86_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.0.6001.18000_none_282474660318747d\BCD-Template ()

Cannot access: C:\Windows\System32\config\BCD-Template.LOG

[1] 2007-11-06 16:41:23 37888 C:\Windows\System32\config\BCD-Template.LOG ()

Cannot access: C:\Windows\System32\config\BCD-Template.LOG1

[1] 2006-11-02 08:43:50 0 C:\Windows\System32\config\BCD-Template.LOG1 ()

Cannot access: C:\Windows\System32\config\BCD-Template.LOG2

[1] 2006-11-02 08:43:50 0 C:\Windows\System32\config\BCD-Template.LOG2 ()

Cannot access: C:\Windows\System32\config\COMPONENTS.LOG

[1] 2006-11-02 06:43:16 1024 C:\Windows\System32\config\COMPONENTS.LOG ()

Cannot access: C:\Windows\System32\config\COMPONENTS.SAV

[1] 2007-11-06 16:41:12 6602752 C:\Windows\System32\config\COMPONENTS.SAV ()

Cannot access: C:\Windows\System32\config\DEFAULT.LOG

[1] 2006-11-02 11:28:20 1024 C:\Windows\System32\config\DEFAULT.LOG ()

Cannot access: C:\Windows\System32\config\DEFAULT.SAV

[1] 2007-11-06 16:41:11 102400 C:\Windows\System32\config\DEFAULT.SAV ()

Cannot access: C:\Windows\System32\config\RegBack\COMPONENTS.LOG1

[1] 2012-06-13 10:26:31 262144 C:\Windows\System32\config\COMPONENTS.LOG1 ()

[1] 2012-02-11 00:09:09 262144 C:\Windows\System32\config\RegBack\COMPONENTS.LOG1 ()

Cannot access: C:\Windows\System32\config\RegBack\COMPONENTS.LOG2

[1] 2006-11-02 08:33:34 0 C:\Windows\System32\config\COMPONENTS.LOG2 ()

[1] 2006-11-02 09:07:24 0 C:\Windows\System32\config\RegBack\COMPONENTS.LOG2 ()

Cannot access: C:\Windows\System32\config\RegBack\DEFAULT.LOG1

[1] 2012-06-13 10:48:06 262144 C:\Windows\System32\config\DEFAULT.LOG1 ()

[1] 2012-05-28 15:08:24 262144 C:\Windows\System32\config\RegBack\DEFAULT.LOG1 ()

Cannot access: C:\Windows\System32\config\RegBack\DEFAULT.LOG2

[1] 2006-11-02 08:33:34 0 C:\Windows\System32\config\DEFAULT.LOG2 ()

[1] 2006-11-02 09:07:11 0 C:\Windows\System32\config\RegBack\DEFAULT.LOG2 ()

Cannot access: C:\Windows\System32\config\RegBack\SAM.LOG1

[1] 2011-01-28 17:18:38 262144 C:\Windows\System32\config\RegBack\SAM.LOG1 ()

[1] 2012-06-13 10:24:16 262144 C:\Windows\System32\config\SAM.LOG1 ()

Cannot access: C:\Windows\System32\config\RegBack\SAM.LOG2

[1] 2006-11-02 09:07:11 0 C:\Windows\System32\config\RegBack\SAM.LOG2 ()

[1] 2006-11-02 08:33:34 0 C:\Windows\System32\config\SAM.LOG2 ()

Cannot access: C:\Windows\System32\config\RegBack\SECURITY.LOG1

[1] 2012-05-28 15:08:03 262144 C:\Windows\System32\config\RegBack\SECURITY.LOG1 ()

[1] 2012-06-13 10:26:16 262144 C:\Windows\System32\config\SECURITY.LOG1 ()

Cannot access: C:\Windows\System32\config\RegBack\SECURITY.LOG2

[1] 2006-11-02 09:06:26 0 C:\Windows\System32\config\RegBack\SECURITY.LOG2 ()

[1] 2006-11-02 08:33:34 0 C:\Windows\System32\config\SECURITY.LOG2 ()

Cannot access: C:\Windows\System32\config\RegBack\SOFTWARE.LOG1

[1] 2012-05-28 15:08:17 262144 C:\Windows\System32\config\RegBack\SOFTWARE.LOG1 ()

[1] 2012-06-13 14:19:00 262144 C:\Windows\System32\config\SOFTWARE.LOG1 ()

Cannot access: C:\Windows\System32\config\RegBack\SOFTWARE.LOG2

[1] 2006-11-02 09:06:57 0 C:\Windows\System32\config\RegBack\SOFTWARE.LOG2 ()

[1] 2012-05-26 23:38:30 262144 C:\Windows\System32\config\SOFTWARE.LOG2 ()

Cannot access: C:\Windows\System32\config\RegBack\SYSTEM.LOG1

[1] 2012-05-28 15:08:22 1310720 C:\Windows\System32\config\RegBack\SYSTEM.LOG1 ()

[1] 2012-06-13 13:56:05 262144 C:\Windows\System32\config\SYSTEM.LOG1 ()

Cannot access: C:\Windows\System32\config\RegBack\SYSTEM.LOG2

[1] 2006-11-02 09:07:11 0 C:\Windows\System32\config\RegBack\SYSTEM.LOG2 ()

[1] 2006-11-02 08:33:34 0 C:\Windows\System32\config\SYSTEM.LOG2 ()

Cannot access: C:\Windows\System32\config\SAM.LOG

[1] 2007-11-06 16:59:48 0 C:\Windows\Debug\sam.log ()

[1] 2006-11-02 06:35:37 1024 C:\Windows\System32\config\SAM.LOG ()

Cannot access: C:\Windows\System32\config\SECURITY.LOG

[1] 2006-11-02 06:35:37 1024 C:\Windows\System32\config\SECURITY.LOG ()

Cannot access: C:\Windows\System32\config\SECURITY.SAV

[1] 2007-11-06 16:41:13 20480 C:\Windows\System32\config\SECURITY.SAV ()

Cannot access: C:\Windows\System32\config\SOFTWARE.LOG

[1] 2012-06-04 13:06:26 1024 C:\Windows\System32\config\SOFTWARE.LOG ()

Cannot access: C:\Windows\System32\config\SOFTWARE.SAV

[1] 2007-11-06 16:41:20 15556608 C:\Windows\System32\config\SOFTWARE.SAV ()

Cannot access: C:\Windows\System32\config\SYSTEM.LOG

[1] 2012-06-04 13:06:26 1024 C:\Windows\System32\config\SYSTEM.LOG ()

Cannot access: C:\Windows\System32\config\SYSTEM.SAV

[1] 2007-11-06 16:41:21 6012928 C:\Windows\System32\config\SYSTEM.SAV ()

Cannot access: C:\Windows\System32\config\systemprofile\ntuser.dat

[1] 2012-06-13 10:26:47 262144 C:\Windows\ServiceProfiles\LocalService\ntuser.dat ()

[1] 2012-06-13 10:26:55 524288 C:\Windows\ServiceProfiles\NetworkService\ntuser.dat ()

[1] 2012-06-08 04:47:06 262144 C:\Windows\System32\config\systemprofile\ntuser.dat ()

Cannot access: C:\Windows\System32\config\systemprofile\ntuser.dat.LOG

[1] 2006-11-02 11:28:20 1024 C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG ()

[1] 2006-11-02 11:28:20 1024 C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG ()

[1] 2006-11-02 11:28:20 1024 C:\Windows\System32\config\systemprofile\ntuser.dat.LOG ()

Cannot access: C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1

[1] 2012-06-13 10:26:46 136192 C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 ()

[1] 2012-06-13 10:26:53 262144 C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 ()

[1] 2011-04-05 22:43:31 9216 C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 ()

Cannot access: C:\Windows\System32\config\systemprofile\ntuser.dat.LOG2

[1] 2006-11-02 08:47:53 0 C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 ()

[1] 2006-11-02 08:47:52 0 C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 ()

[1] 2006-11-02 08:43:31 0 C:\Windows\System32\config\systemprofile\ntuser.dat.LOG2 ()

Cannot access: C:\Windows\System32\config\systemprofile\ntuser.dat{6b265b38-8caa-11dc-8cea-806e6f6e6963}.TM.blf

[1] 2011-04-05 22:43:31 65536 C:\Windows\System32\config\systemprofile\ntuser.dat{6b265b38-8caa-11dc-8cea-806e6f6e6963}.TM.blf ()

Cannot access: C:\Windows\System32\config\systemprofile\ntuser.dat{6b265b38-8caa-11dc-8cea-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[1] 2011-04-05 22:43:31 524288 C:\Windows\System32\config\systemprofile\ntuser.dat{6b265b38-8caa-11dc-8cea-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms ()

Cannot access: C:\Windows\System32\config\systemprofile\ntuser.dat{6b265b38-8caa-11dc-8cea-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[1] 2007-11-06 16:54:22 524288 C:\Windows\System32\config\systemprofile\ntuser.dat{6b265b38-8caa-11dc-8cea-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms ()

Cannot access: C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms

[1] 2011-06-16 08:57:17 5242880 C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms ()

Cannot access: C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms

[1] 2011-01-30 07:36:13 5242880 C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms ()

Cannot access: C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms

[1] 2011-02-26 10:14:26 5242880 C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms ()

Cannot access: C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101A}.TxR.3.regtrans-ms

[1] 2012-06-13 10:23:18 5242880 C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101A}.TxR.3.regtrans-ms ()

Cannot access: C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101A}.TxR.4.regtrans-ms

[1] 2011-01-30 07:36:13 5242880 C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101A}.TxR.4.regtrans-ms ()

Cannot access: C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf

[1] 2012-06-13 10:23:18 65536 C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf ()

Cannot access: C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf

[1] 2012-06-13 10:23:02 65536 C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf ()

Cannot access: C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms

[1] 2011-05-03 03:49:39 524288 C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms ()

Cannot access: C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms

[1] 2012-06-13 10:23:02 524288 C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms ()

Cannot access: C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms

[1] 2011-07-14 03:28:39 524288 C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms ()

Cannot access: C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms

[1] 2012-06-05 10:49:40 524288 C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms ()

Cannot access: C:\Windows\System32\DriverStore\FileRepository\netrtx32.inf_f093b1d0\netrtx32.PNF

[1] 2012-06-02 11:05:33 24256 C:\Windows\inf\netrtx32.PNF ()

[1] 2012-06-02 11:05:32 24256 C:\Windows\System32\DriverStore\FileRepository\netrtx32.inf_f093b1d0\netrtx32.PNF ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2012-06-13 10:24:43 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2012-06-13 10:24:10 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2012-06-13 10:24:10 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2012-06-13 10:24:10 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()

Cannot access: C:\Windows\System32\networklist\icons\{2E8371A6-4CD4-413A-B786-989216C1F6BF}_16.bin

[1] 2012-04-21 19:48:23 1112 C:\Windows\System32\networklist\icons\{2E8371A6-4CD4-413A-B786-989216C1F6BF}_16.bin ()

Cannot access: C:\Windows\System32\networklist\icons\{2E8371A6-4CD4-413A-B786-989216C1F6BF}_24.bin

[1] 2012-04-21 19:48:23 2456 C:\Windows\System32\networklist\icons\{2E8371A6-4CD4-413A-B786-989216C1F6BF}_24.bin ()

Cannot access: C:\Windows\System32\networklist\icons\{2E8371A6-4CD4-413A-B786-989216C1F6BF}_32.bin

[1] 2012-04-21 19:48:23 4280 C:\Windows\System32\networklist\icons\{2E8371A6-4CD4-413A-B786-989216C1F6BF}_32.bin ()

Cannot access: C:\Windows\System32\networklist\icons\{2E8371A6-4CD4-413A-B786-989216C1F6BF}_48.bin

[1] 2012-04-21 19:48:23 9560 C:\Windows\System32\networklist\icons\{2E8371A6-4CD4-413A-B786-989216C1F6BF}_48.bin ()

Cannot access: C:\Windows\System32\networklist\icons\{6AE8DF8C-ECB6-4AC8-8C6B-316507035617}_16.bin

[1] 2012-06-09 19:42:09 1112 C:\Windows\System32\networklist\icons\{6AE8DF8C-ECB6-4AC8-8C6B-316507035617}_16.bin ()

Cannot access: C:\Windows\System32\networklist\icons\{6AE8DF8C-ECB6-4AC8-8C6B-316507035617}_24.bin

[1] 2012-06-09 19:42:09 2456 C:\Windows\System32\networklist\icons\{6AE8DF8C-ECB6-4AC8-8C6B-316507035617}_24.bin ()

Cannot access: C:\Windows\System32\networklist\icons\{6AE8DF8C-ECB6-4AC8-8C6B-316507035617}_32.bin

[1] 2012-06-09 19:42:09 4280 C:\Windows\System32\networklist\icons\{6AE8DF8C-ECB6-4AC8-8C6B-316507035617}_32.bin ()

Cannot access: C:\Windows\System32\networklist\icons\{6AE8DF8C-ECB6-4AC8-8C6B-316507035617}_48.bin

[1] 2012-06-09 19:42:09 9560 C:\Windows\System32\networklist\icons\{6AE8DF8C-ECB6-4AC8-8C6B-316507035617}_48.bin ()

Cannot access: C:\Windows\System32\networklist\icons\{E550DE9B-5A4F-4951-80A5-3ACD738DD518}_16.bin

[1] 2012-05-05 20:05:59 1112 C:\Windows\System32\networklist\icons\{E550DE9B-5A4F-4951-80A5-3ACD738DD518}_16.bin ()

Cannot access: C:\Windows\System32\networklist\icons\{E550DE9B-5A4F-4951-80A5-3ACD738DD518}_24.bin

[1] 2012-05-05 20:05:59 2456 C:\Windows\System32\networklist\icons\{E550DE9B-5A4F-4951-80A5-3ACD738DD518}_24.bin ()

Cannot access: C:\Windows\System32\networklist\icons\{E550DE9B-5A4F-4951-80A5-3ACD738DD518}_32.bin

[1] 2012-05-05 20:05:59 4280 C:\Windows\System32\networklist\icons\{E550DE9B-5A4F-4951-80A5-3ACD738DD518}_32.bin ()

Cannot access: C:\Windows\System32\networklist\icons\{E550DE9B-5A4F-4951-80A5-3ACD738DD518}_48.bin

[1] 2012-05-05 20:05:59 9560 C:\Windows\System32\networklist\icons\{E550DE9B-5A4F-4951-80A5-3ACD738DD518}_48.bin ()

Cannot access: C:\Windows\System32\spool\drivers\w32x86\3\msonpdrv.dll

[1] 2006-10-26 23:56:16 864080 C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSONPDRV.DLL (Microsoft Corporation)

[1] 2009-02-27 04:42:02 863128 C:\Windows\System32\spool\drivers\w32x86\3\msonpdrv.dll ()

[1] 2009-02-27 04:42:02 863128 C:\Windows\System32\spool\drivers\w32x86\msonpdrv.dll (Microsoft Corporation)

Cannot access: C:\Windows\System32\spool\drivers\w32x86\3\msonpui.dll

[1] 2006-10-26 23:56:14 67408 C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSONPUI.DLL (Microsoft Corporation)

[1] 2009-02-27 04:42:04 66440 C:\Windows\System32\spool\drivers\w32x86\3\msonpui.dll ()

[1] 2009-02-27 04:42:04 66440 C:\Windows\System32\spool\drivers\w32x86\msonpui.dll (Microsoft Corporation)

Cannot access: C:\Windows\System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan

[1] 2012-06-12 10:24:42 3504 C:\Windows\System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan ()

Cannot access: C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{000c67f9-0f8d-42e6-b7bc-c8e0e73fc435}\snapshot.etl

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{000c67f9-0f8d-42e6-b7bc-c8e0e73fc435}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{409290dd-2d84-4586-9359-801261ff6a77}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{99bf3265-ddc1-4985-9050-a3a2aeff7e88}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{da80fb81-edd5-4efe-ac05-de9a34f87d04}\snapshot.etl ()

[1] 2012-06-13 10:24:03 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{01f32406-bd3b-49d3-9171-f1deb13db9b9}\snapshot.etl ()

[1] 2012-06-11 15:08:22 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3252b13-cf58-4ec1-ad1f-da06cf818b16}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{146aeae5-3f2f-4ea0-8511-6814e172f5d4}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{c3d31e67-c290-490d-893d-41f11faf066d}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{d9cb2f36-e79b-4d9f-a359-4b44cb4b0fc2}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{f566f45a-2e45-42ac-b948-4ff4ad7cab29}\snapshot.etl ()

Cannot access: C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{409290dd-2d84-4586-9359-801261ff6a77}\snapshot.etl

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{000c67f9-0f8d-42e6-b7bc-c8e0e73fc435}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{409290dd-2d84-4586-9359-801261ff6a77}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{99bf3265-ddc1-4985-9050-a3a2aeff7e88}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{da80fb81-edd5-4efe-ac05-de9a34f87d04}\snapshot.etl ()

[1] 2012-06-13 10:24:03 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{01f32406-bd3b-49d3-9171-f1deb13db9b9}\snapshot.etl ()

[1] 2012-06-11 15:08:22 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3252b13-cf58-4ec1-ad1f-da06cf818b16}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{146aeae5-3f2f-4ea0-8511-6814e172f5d4}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{c3d31e67-c290-490d-893d-41f11faf066d}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{d9cb2f36-e79b-4d9f-a359-4b44cb4b0fc2}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{f566f45a-2e45-42ac-b948-4ff4ad7cab29}\snapshot.etl ()

Cannot access: C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{99bf3265-ddc1-4985-9050-a3a2aeff7e88}\snapshot.etl

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{000c67f9-0f8d-42e6-b7bc-c8e0e73fc435}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{409290dd-2d84-4586-9359-801261ff6a77}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{99bf3265-ddc1-4985-9050-a3a2aeff7e88}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{da80fb81-edd5-4efe-ac05-de9a34f87d04}\snapshot.etl ()

[1] 2012-06-13 10:24:03 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{01f32406-bd3b-49d3-9171-f1deb13db9b9}\snapshot.etl ()

[1] 2012-06-11 15:08:22 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3252b13-cf58-4ec1-ad1f-da06cf818b16}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{146aeae5-3f2f-4ea0-8511-6814e172f5d4}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{c3d31e67-c290-490d-893d-41f11faf066d}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{d9cb2f36-e79b-4d9f-a359-4b44cb4b0fc2}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{f566f45a-2e45-42ac-b948-4ff4ad7cab29}\snapshot.etl ()

Cannot access: C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{da80fb81-edd5-4efe-ac05-de9a34f87d04}\snapshot.etl

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{000c67f9-0f8d-42e6-b7bc-c8e0e73fc435}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{409290dd-2d84-4586-9359-801261ff6a77}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{99bf3265-ddc1-4985-9050-a3a2aeff7e88}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{da80fb81-edd5-4efe-ac05-de9a34f87d04}\snapshot.etl ()

[1] 2012-06-13 10:24:03 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{01f32406-bd3b-49d3-9171-f1deb13db9b9}\snapshot.etl ()

[1] 2012-06-11 15:08:22 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3252b13-cf58-4ec1-ad1f-da06cf818b16}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{146aeae5-3f2f-4ea0-8511-6814e172f5d4}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{c3d31e67-c290-490d-893d-41f11faf066d}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{d9cb2f36-e79b-4d9f-a359-4b44cb4b0fc2}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{f566f45a-2e45-42ac-b948-4ff4ad7cab29}\snapshot.etl ()

Cannot access: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{01f32406-bd3b-49d3-9171-f1deb13db9b9}\snapshot.etl

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{000c67f9-0f8d-42e6-b7bc-c8e0e73fc435}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{409290dd-2d84-4586-9359-801261ff6a77}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{99bf3265-ddc1-4985-9050-a3a2aeff7e88}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{da80fb81-edd5-4efe-ac05-de9a34f87d04}\snapshot.etl ()

[1] 2012-06-13 10:24:03 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{01f32406-bd3b-49d3-9171-f1deb13db9b9}\snapshot.etl ()

[1] 2012-06-11 15:08:22 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3252b13-cf58-4ec1-ad1f-da06cf818b16}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{146aeae5-3f2f-4ea0-8511-6814e172f5d4}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{c3d31e67-c290-490d-893d-41f11faf066d}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{d9cb2f36-e79b-4d9f-a359-4b44cb4b0fc2}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{f566f45a-2e45-42ac-b948-4ff4ad7cab29}\snapshot.etl ()

Cannot access: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3252b13-cf58-4ec1-ad1f-da06cf818b16}\snapshot.etl

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{000c67f9-0f8d-42e6-b7bc-c8e0e73fc435}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{409290dd-2d84-4586-9359-801261ff6a77}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{99bf3265-ddc1-4985-9050-a3a2aeff7e88}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{da80fb81-edd5-4efe-ac05-de9a34f87d04}\snapshot.etl ()

[1] 2012-06-13 10:24:03 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{01f32406-bd3b-49d3-9171-f1deb13db9b9}\snapshot.etl ()

[1] 2012-06-11 15:08:22 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3252b13-cf58-4ec1-ad1f-da06cf818b16}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{146aeae5-3f2f-4ea0-8511-6814e172f5d4}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{c3d31e67-c290-490d-893d-41f11faf066d}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{d9cb2f36-e79b-4d9f-a359-4b44cb4b0fc2}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{f566f45a-2e45-42ac-b948-4ff4ad7cab29}\snapshot.etl ()

Cannot access: C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{47cb6cb0-c5ff-493a-a179-954101c9ee05}\krundown.etl

[1] 2012-06-13 10:32:55 2359296 C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{47cb6cb0-c5ff-493a-a179-954101c9ee05}\krundown.etl ()

[1] 2012-06-12 20:56:14 2424832 C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{eab453ee-1a8e-43ff-87ae-974ec71eff1c}\krundown.etl ()

[1] 2012-06-11 20:19:04 2949120 C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{f5603adf-9ef2-4cdb-b34e-9962801dccc1}\krundown.etl ()

Cannot access: C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{47cb6cb0-c5ff-493a-a179-954101c9ee05}\ksnapshot.etl

[1] 2012-06-13 10:32:56 4128768 C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{47cb6cb0-c5ff-493a-a179-954101c9ee05}\ksnapshot.etl ()

[1] 2012-06-12 20:56:15 4128768 C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{eab453ee-1a8e-43ff-87ae-974ec71eff1c}\ksnapshot.etl ()

[1] 2012-06-11 20:19:05 4128768 C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{f5603adf-9ef2-4cdb-b34e-9962801dccc1}\ksnapshot.etl ()

Cannot access: C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{eab453ee-1a8e-43ff-87ae-974ec71eff1c}\krundown.etl

[1] 2012-06-13 10:32:55 2359296 C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{47cb6cb0-c5ff-493a-a179-954101c9ee05}\krundown.etl ()

[1] 2012-06-12 20:56:14 2424832 C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{eab453ee-1a8e-43ff-87ae-974ec71eff1c}\krundown.etl ()

[1] 2012-06-11 20:19:04 2949120 C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{f5603adf-9ef2-4cdb-b34e-9962801dccc1}\krundown.etl ()

Cannot access: C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{eab453ee-1a8e-43ff-87ae-974ec71eff1c}\ksnapshot.etl

Re: Root Kit....Zero Access13th June 2012, 8:57 pm

Well, I'm 30 minutes in on the new scan, and it's giving me the same exact scan....same results, but still scanning

Re: Root Kit....Zero Access13th June 2012, 9:04 pm

Let's go to OTL at this time. Post a new log please.

Re: Root Kit....Zero Access13th June 2012, 9:16 pm

OTL logfile created on: 6/13/2012 5:07:47 PM - Run 3
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\JonEJet\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 38.61% Memory free
4.21 Gb Paging File | 2.43 Gb Available in Paging File | 57.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 59.84 Gb Free Space | 54.24% Space Free | Partition Type: NTFS
Drive D: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JONEJET-PC | User Name: JonEJet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/06 11:50:57 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/04 15:50:17 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2012/06/04 15:50:15 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2012/06/01 10:16:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTL.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/10/14 18:45:05 | 000,589,824 | ---- | M] ( ) -- C:\Windows\System32\lxducoms.exe
PRC - [2010/02/01 23:02:21 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/19 15:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/08/15 19:31:50 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/15 18:58:02 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/04/25 15:14:16 | 004,444,160 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/29 14:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/02/26 01:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/11/15 00:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 22:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/06 11:50:56 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/04 15:50:17 | 000,014,112 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2011/08/28 10:57:23 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009/05/06 09:04:36 | 000,466,944 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\resource.dll
MOD - [2009/05/06 09:03:44 | 000,372,736 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\toolband.dll
MOD - [2007/09/13 19:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MpsSvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe -- (MozillaMaintenance)
SRV - File not found [On_Demand | Stopped] -- -- (BFE)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/10/14 18:45:05 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device)
SRV - [2008/07/27 14:00:25 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/19 21:17:50 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/01/19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 00:34:54 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008/01/19 00:34:46 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2007/09/24 21:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/09/19 15:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 14:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/26 01:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/15 00:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 22:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\UP_date\PEDrv.sys -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.5\CO_Mon.sys -- (CWMonitor)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\SeviceFix13496S\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/06/30 13:20:45 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/30 13:20:45 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/01/18 22:49:18 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/18 22:28:10 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2007/09/19 14:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/06/01 17:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/01/24 18:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 02:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 02:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/09 02:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2006/11/02 05:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2006/11/02 05:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 05:49:20 | 000,013,416 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2006/11/02 05:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006/11/02 04:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 04:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 04:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 04:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2006/11/02 04:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006/11/02 04:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 04:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 04:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 04:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006/11/02 04:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2006/11/02 04:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006/11/02 04:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2006/11/02 04:35:03 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2006/11/02 04:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2006/11/02 04:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006/11/02 04:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006/11/02 04:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006/11/02 04:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/10/18 15:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 02:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/09/27 08:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\kr3npxp.sys -- (KR3NPXP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{BC37B0C6-1699-454D-815B-74DB6873EE31}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ie_sp_
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {21475A23-BD73-3152-6CAC-741072CD9B98}
IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{21475A23-BD73-3152-6CAC-741072CD9B98}: "URL" = http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_ie_us_display?ie=UTF8&tag=bds-amzn-serp-us-ie-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ie_ds_&query={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=078E4B36CE8D139AA3721C4FC3CC31B5&q={searchTerms}
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKCU\..\SearchScopes\{BC37B0C6-1699-454D-815B-74DB6873EE31}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_sp_"
FF - prefs.js..keyword.URL: "http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_ff_us_display?ie=UTF8&tag=bds-amzn-serp-us-ff-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_ab_&query="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/07 13:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/06 11:51:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/04 19:44:19 | 000,000,000 | ---D | M]

[2012/01/16 23:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JonEJet\AppData\Roaming\Mozilla\Extensions
[2012/03/12 20:07:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\6llx2x2q.default\extensions
[2012/06/01 10:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\okcrvxtn.default\extensions
[2012/06/06 11:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/01 10:11:28 | 000,502,682 | ---- | M] () (No name found) -- C:\USERS\JONEJET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OKCRVXTN.DEFAULT\EXTENSIONS\ABB@AMAZON.COM.XPI
[2012/03/12 20:07:50 | 000,004,728 | ---- | M] () (No name found) -- C:\USERS\JONEJET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OKCRVXTN.DEFAULT\EXTENSIONS\COOIJLURCQ@COOIJLURCQ.ORG.XPI
[2012/06/06 11:50:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/28 15:04:42 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Amazon (Enabled)
CHR - default_search_provider: search_url = http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_cr_us_display?ie=UTF8&tag=bds-amzn-serp-us-cr-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_cr_ds_&query={searchTerms}
CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?q={searchTerms}&output=chrome,
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\JonEJet\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: avast! WebRep = C:\Users\JonEJet\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

O1 HOSTS File: ([2012/06/08 01:18:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BCB3EAE-FB8F-4141-8934-8A0E11E5B570}: DhcpNameServer = 10.61.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBCEC8C8-8DDA-4014-B428-FED0EEFC40F8}: DhcpNameServer = 208.59.247.45 208.59.247.46
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/11 15:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/06/08 14:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/08 01:49:17 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Local\temp
[2012/06/08 01:18:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/08 01:14:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/07 23:23:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/07 07:41:09 | 000,000,000 | ---D | C] -- C:\SeviceFix
[2012/06/05 09:49:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/06/05 09:35:14 | 007,287,176 | ---- | C] (SurfRight B.V.) -- C:\Users\JonEJet\Desktop\HitmanPro36.exe
[2012/06/03 12:29:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\JonEJet\Documents\OTL.exe
[2012/06/02 14:55:01 | 098,077,435 | ---- | C] (Igor Pavlov) -- C:\Users\JonEJet\Desktop\OTLPEStd.exe
[2012/06/01 12:59:23 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Local\Seven Zip
[2012/06/01 12:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/01 10:16:29 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTL.exe
[2012/05/31 21:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2012/05/31 21:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon Browser Bar
[2012/05/31 10:23:14 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\Documents\OneNote Notebooks
[2012/05/31 10:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/31 09:27:33 | 000,201,728 | ---- | C] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTC.exe
[2012/05/30 11:04:58 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\JonEJet\Desktop\aswMBR.exe
[2012/05/30 10:20:51 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Roaming\FixZeroAccess
[2012/05/30 09:45:58 | 001,805,736 | ---- | C] (Symantec Corporation) -- C:\Users\JonEJet\Desktop\FixZeroAccess.exe
[2012/05/29 11:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Free Download Manager
[2012/05/29 11:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/05/29 11:22:35 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Roaming\Babylon
[2012/05/28 15:04:14 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Local\blekkotb_031
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/13 16:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/13 16:24:48 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 16:24:48 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 12:06:28 | 000,047,616 | ---- | M] () -- C:\Users\JonEJet\Desktop\Win32kDiag.exe
[2012/06/13 10:24:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/13 10:24:02 | 2137,415,680 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/12 01:00:48 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/09 13:40:35 | 000,059,246 | ---- | M] () -- C:\Users\JonEJet\Documents\marci.jpg
[2012/06/08 14:13:22 | 000,001,356 | ---- | M] () -- C:\Users\JonEJet\AppData\Local\d3d9caps.dat
[2012/06/08 01:18:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/08 00:48:21 | 179,672,641 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/07 23:30:59 | 001,415,784 | ---- | M] () -- C:\Users\JonEJet\Desktop\yorkyt.exe
[2012/06/07 14:14:40 | 000,604,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/07 14:14:40 | 000,104,356 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/07 11:03:06 | 000,080,384 | ---- | M] () -- C:\Users\JonEJet\Documents\MBRCheck.exe
[2012/06/06 23:37:06 | 000,015,494 | ---- | M] () -- C:\Users\JonEJet\log.xml
[2012/06/06 12:26:20 | 007,287,176 | ---- | M] (SurfRight B.V.) -- C:\Users\JonEJet\Desktop\HitmanPro36.exe
[2012/06/05 09:49:42 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/06/02 14:55:07 | 098,077,435 | ---- | M] (Igor Pavlov) -- C:\Users\JonEJet\Desktop\OTLPEStd.exe
[2012/06/01 12:27:43 | 000,000,881 | ---- | M] () -- C:\Users\JonEJet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/01 12:27:43 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/01 10:16:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Documents\OTL.exe
[2012/06/01 10:16:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTL.exe
[2012/05/31 10:23:11 | 000,001,122 | ---- | M] () -- C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/05/31 09:27:39 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTC.exe
[2012/05/31 09:19:25 | 000,349,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/30 11:05:05 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\JonEJet\Desktop\aswMBR.exe
[2012/05/30 09:46:03 | 001,805,736 | ---- | M] (Symantec Corporation) -- C:\Users\JonEJet\Desktop\FixZeroAccess.exe
[2012/05/28 12:15:03 | 000,005,120 | ---- | M] () -- C:\Users\JonEJet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/27 10:01:18 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/13 12:06:22 | 000,047,616 | ---- | C] () -- C:\Users\JonEJet\Desktop\Win32kDiag.exe
[2012/06/09 13:40:30 | 000,059,246 | ---- | C] () -- C:\Users\JonEJet\Documents\marci.jpg
[2012/06/08 14:17:37 | 2137,415,680 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/07 23:30:54 | 001,415,784 | ---- | C] () -- C:\Users\JonEJet\Desktop\yorkyt.exe
[2012/06/07 11:02:55 | 000,080,384 | ---- | C] () -- C:\Users\JonEJet\Documents\MBRCheck.exe
[2012/06/06 23:37:06 | 000,015,494 | ---- | C] () -- C:\Users\JonEJet\log.xml
[2012/06/01 12:24:16 | 000,000,881 | ---- | C] () -- C:\Users\JonEJet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/01 12:24:16 | 000,000,869 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/01 12:24:16 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/31 10:23:11 | 000,001,122 | ---- | C] () -- C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/05/18 16:44:04 | 000,001,356 | ---- | C] () -- C:\Users\JonEJet\AppData\Local\d3d9caps.dat
[2011/01/30 04:50:10 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/30 04:50:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/28 12:48:12 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2010/12/28 12:48:09 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
[2010/12/28 12:48:06 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2010/12/28 12:48:04 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxducfg.exe
[2010/12/28 12:48:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2010/12/28 12:48:02 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2010/12/28 12:48:01 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxduih.exe
[2010/12/28 12:45:37 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXDUPMON.DLL
[2010/12/28 12:45:37 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXDUFXPU.DLL
[2010/12/28 12:45:15 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxduoem.dll
[2010/12/28 12:32:53 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll
[2010/12/28 12:32:52 | 000,446,464 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll
[2010/12/28 12:32:51 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2010/12/28 12:32:50 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2010/12/28 12:32:46 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2010/12/28 12:32:44 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2010/12/28 12:32:39 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2010/12/28 12:32:24 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxducoms.exe
[2010/12/28 12:32:13 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
[2010/12/28 12:23:12 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxducoin.dll
[2010/12/28 12:22:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll
[2010/12/28 12:22:08 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll
[2010/12/28 12:22:06 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll
[2010/10/12 21:44:13 | 000,000,282 | ---- | C] () -- C:\Users\JonEJet\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2012/01/30 22:44:31 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\30EF7
[2011/01/03 14:09:41 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\5600-6600 Series
[2012/05/29 11:22:35 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\Babylon
[2012/05/30 10:20:51 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\FixZeroAccess
[2011/01/03 13:57:23 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\Lexmark Productivity Studio
[2011/04/03 11:17:53 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\OpenOffice.org
[2008/05/05 17:55:23 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\Sirius
[2012/06/01 11:35:56 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\SoftGrid Client
[2011/10/08 17:34:20 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\StreamTorrent
[2010/10/12 21:44:18 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\Template
[2009/06/17 11:39:53 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\TOSHIBA
[2011/01/28 17:36:21 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\TP
[2008/03/31 20:10:41 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\WinBatch
[2012/06/13 10:22:35 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Re: Root Kit....Zero Access13th June 2012, 9:24 pm

Also, not sure where that Amazon google search came from???

Re: Root Kit....Zero Access14th June 2012, 12:23 am

Something in your OTL log, do you know this IP address? 10.61.32.1

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Root Kit....Zero Access - Page 3 DXwU4

Re: Root Kit....Zero Access14th June 2012, 1:20 am

No, have no idea what that IP address is

Re: Root Kit....Zero Access14th June 2012, 6:11 am

Thanks Belahzur!

Please run OTL

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:otl
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BCB3EAE-FB8F-4141-8934-8A0E11E5B570}: DhcpNameServer = 10.61.32.1
CHR - default_search_provider: Amazon (Enabled)
CHR - default_search_provider: search_url = http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_cr_us_display?ie=UTF8&tag=bds-amzn-serp-us-cr-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_cr_ds_&query={searchTerms}
FF - prefs.js..browser.startup.homepage: "http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_sp_"
FF - prefs.js..keyword.URL: "http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_ff_us_display?ie=UTF8&tag=bds-amzn-serp-us-ff-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_ab_&query="
IE - HKCU\..\SearchScopes\{21475A23-BD73-3152-6CAC-741072CD9B98}: "URL" = http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_ie_us_display?ie=UTF8&tag=bds-amzn-serp-us-ie-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ie_ds_&query={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=078E4B36CE8D139AA3721C4FC3CC31B5&q={searchTerms}
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ie_sp_

:commands
[emptytemp]
[reboot]
Then click the Run Fix button at the top.
Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the License agreement and click on next.
It will, by default, install it to your desktop folder. Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.

Hidden Startup Objects

System Memory

Disk Boot Sectors.

My Computer.

Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

Then click on Scan at the to right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left un-neutralized then click the button that says Neutralize all
If it says it cannot be neutralized then choose the delete option when prompted.
After that is done click on the reports button at the bottom and save it to file name it Kas.
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Re: Root Kit....Zero Access14th June 2012, 1:39 pm

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3BCB3EAE-FB8F-4141-8934-8A0E11E5B570}\\DhcpNameServer| /E : value set successfully!
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Prefs.js: "http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_sp_" removed from browser.startup.homepage
Prefs.js: "http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_ff_us_display?ie=UTF8&tag=bds-amzn-serp-us-ff-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_ab_&query=" removed from keyword.URL
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{21475A23-BD73-3152-6CAC-741072CD9B98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21475A23-BD73-3152-6CAC-741072CD9B98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: JonEJet
->Temp folder emptied: 225442345 bytes
->Temporary Internet Files folder emptied: 101693646 bytes
->Java cache emptied: 12308864 bytes
->FireFox cache emptied: 111239166 bytes
->Google Chrome cache emptied: 6962424 bytes
->Flash cache emptied: 355310 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15766 bytes
RecycleBin emptied: 62849844 bytes

Total Files Cleaned = 497.00 mb

OTL by OldTimer - Version 3.2.45.0 log created on 06142012_091807

< End of report >

Last edited by JonEJet on 14th June 2012, 2:07 pm; edited 1 time in total

Re: Root Kit....Zero Access14th June 2012, 2:01 pm

Hey JonEJet, the big guns are helping you now.

Seems you posted an OTL log you already posted before.

Assuming you ran the OTL "Run Fix" script that DragonMaster Jay requested in his previous post, the log should be located in C:\_OTL\Moved Files

Re: Root Kit....Zero Access14th June 2012, 2:04 pm

I thought so....looking again

Thanks Gabe, fixed previous post using todays scan

Re: Root Kit....Zero Access14th June 2012, 2:09 pm

Fixed...see above

Thank you

Re: Root Kit....Zero Access14th June 2012, 2:15 pm

OK

How about the AVP scan in safe mode, as indicated by DMJ?

Re: Root Kit....Zero Access14th June 2012, 2:19 pm

Scanning right now under safe mode Thank You!

Re: Root Kit....Zero Access14th June 2012, 5:49 pm

This scan is 3.5 hours in, and still has a ways to go...is that normal?

Re: Root Kit....Zero Access14th June 2012, 6:09 pm

It can take a while. Don't know why it is taking that long. Give it a bit longer.

Does it say if it has detected anything? If so...what's the detection?

Re: Root Kit....Zero Access14th June 2012, 6:16 pm

nothing detected as of yet

44% done,says I have 5 hours left???

Re: Root Kit....Zero Access14th June 2012, 6:51 pm

That seems a bit ridiculous, to be honest. I have successfully run that tool in 2 hours or less.

Let's switch to Dr Web CureIt, please:

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

Double-click on drweb-cureit.exe to start the program.
An Express Scan of your PC notice will appear.
Under Start the Express Scan Now, Click OK to start the scan.
This is a short scan that will scan the files currently running in memory.
If something is found, click the Yes button when it asks you if you want to cure it.
Once the short scan has finished, Click Options > Change settings
Choose the Scan tab and UNcheck Heuristic analysis
Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
When finished, a message will be displayed at the bottom advising if any viruses were found.
Click Yes to all if it asks if you want to cure/move the file.
When the scan has finished, look if you can see the icon next to the files found.
If so, click it, then click the next icon right below and select Move incurable.
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
Save the DrWeb.csv report to your Desktop.
Exit Dr.Web Cureit when you have finished.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Re: Root Kit....Zero Access14th June 2012, 11:24 pm

OTL infected with Trojan.Siggen4.2299

Did the quick scan, now on custom scan which is 3hrs in....not sure why these are going so slow, but not stopping now

Has found 7 infections, 13 curious thusfar

Re: Root Kit....Zero Access15th June 2012, 2:21 am

Okay, I have the log saved....but it is so long i can't paste it here

What can I do so you can see it?

Also have a quarantine file saved in my documents.........should I delete them all?

Re: Root Kit....Zero Access15th June 2012, 6:01 am

Submit that to http://www.mediafire.com and then post the download link here, please.

Re: Root Kit....Zero Access15th June 2012, 1:01 pm

http://www.mediafire.com/?z6dg6xycdm5zgx5

Here is quarantine

http://www.mediafire.com/i/?kdub20h2ief5g0m

Re: Root Kit....Zero Access15th June 2012, 2:43 pm

Taking a look at your quarantine pic there...

OTL was detected incorrectly by Dr. Web. It happens all the time.

Anyway, it's interesting that GetAd.JS was quarantined. GetAd.js contains scripting code to redirect web searches. All those GetAd*.aspx were all special ad pages by the malware. It's a scripting/macro virus aimed at displaying individual ads to you while browsing the internet (AKA redirecting your searches). I have all the locations outlined below.

Coders work with this advertising model, but some have done it scammy: http://www.aspfree.com/c/a/ASP.NET/Programming-an-InText-Advertising-System-under-ASPNET-35/

It's a legit type of idea, but definitely used maliciously in this case of yours!!

From the Scan Log:

C:\Users\JonEJet\Documents\My Pictures\LL_files\GetAd.js - archive contains infected objects - moved
C:\Users\JonEJet\Documents\My Pictures\LL_files\getjs.js - archive JS-HTML
C:\Users\JonEJet\Documents\My Pictures\LL_files\GetAd.js - probably infected with SCRIPT.Virus
C:\Users\JonEJet\Documents\My Pictures\LL_files\GetAd.js - archive JS-HTML
>C:\Users\JonEJet\Documents\My Pictures\LL_files\GetAd.js/JSFile_1[0][919] - probably infected with SCRIPT.Virus
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[1].aspx - probably infected with SCRIPT.Virus
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[1].aspx - archive JS-HTML
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[1].aspx/JSFile_1[0][615] - probably infected with SCRIPT.Virus
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[1].aspx/JSWrite_2[185] - OK
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[1].aspx/IFrame_3[98] - OK
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[1].aspx - archive contains infected objects - moved
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[2].aspx - probably infected with SCRIPT.Virus
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[2].aspx - archive JS-HTML
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[2].aspx/JSFile_1[0][612] - probably infected with SCRIPT.Virus
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[2].aspx/JSWrite_2[185] - OK
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[2].aspx/IFrame_3[98] - OK
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[2].aspx - archive contains infected objects - moved
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[3].aspx - probably infected with SCRIPT.Virus
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[3].aspx - archive JS-HTML
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[3].aspx/JSFile_1[0][741] - probably infected with SCRIPT.Virus
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[3].aspx/JSWrite_2[1e2] - OK
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[3].aspx/IFrame_3[f5] - OK
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[3].aspx - archive contains infected objects - moved
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPVKWOSX\GetAd[1].aspx - probably infected with SCRIPT.Virus
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPVKWOSX\GetAd[1].aspx - archive JS-HTML
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPVKWOSX\GetAd[1].aspx/JSFile_1[0][741] - probably infected with SCRIPT.Virus
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPVKWOSX\GetAd[1].aspx/JSWrite_2[1e2] - OK
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPVKWOSX\GetAd[1].aspx/IFrame_3[f5] - OK
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPVKWOSX\GetAd[1].aspx - archive contains infected objects - moved
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0WF783Q\ros[2] - probably infected with SCRIPT.Virus
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0WF783Q\GetAd[1].aspx - probably infected with SCRIPT.Virus
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0WF783Q\GetAd[1].aspx - archive JS-HTML
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0WF783Q\GetAd[1].aspx/JSFile_1[0][61c] - probably infected with SCRIPT.Virus
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0WF783Q\GetAd[1].aspx/JSWrite_2[185] - OK
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0WF783Q\GetAd[1].aspx/IFrame_3[98] - OK
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0WF783Q\GetAd[1].aspx - archive contains infected objects - moved

C:\Documents and Settings\JonEJet\DoctorWeb\Quarantine\yorkyt.exe infected with Trojan.MulDrop3.44950 - incurable - moved

What was yorkyt.exe - did you rename a tool?

Do you know what the LL_files directory was? It's really strange to see detections within My Pictures. Usually the user put infected files there.

Redirects should be gone now, yes?

Root Kit....Zero Access

descriptionRe: Root Kit....Zero Access8th June 2012, 2:08 pm

descriptionRe: Root Kit....Zero Access10th June 2012, 6:43 pm

descriptionRe: Root Kit....Zero Access10th June 2012, 6:50 pm

descriptionRe: Root Kit....Zero Access10th June 2012, 6:58 pm

descriptionRe: Root Kit....Zero Access10th June 2012, 7:00 pm

descriptionRe: Root Kit....Zero Access10th June 2012, 7:03 pm

descriptionRe: Root Kit....Zero Access10th June 2012, 8:39 pm

descriptionRe: Root Kit....Zero Access10th June 2012, 9:39 pm

descriptionRe: Root Kit....Zero Access10th June 2012, 11:19 pm

descriptionRe: Root Kit....Zero Access11th June 2012, 12:39 pm

descriptionRe: Root Kit....Zero Access11th June 2012, 1:29 pm

descriptionRe: Root Kit....Zero Access12th June 2012, 8:30 am

descriptionRe: Root Kit....Zero Access12th June 2012, 2:28 pm

descriptionRe: Root Kit....Zero Access12th June 2012, 2:30 pm

descriptionRe: Root Kit....Zero Access12th June 2012, 2:34 pm

descriptionRe: Root Kit....Zero Access13th June 2012, 10:06 am

descriptionRe: Root Kit....Zero Access13th June 2012, 2:36 pm

descriptionRe: Root Kit....Zero Access13th June 2012, 2:41 pm

descriptionRe: Root Kit....Zero Access13th June 2012, 3:09 pm

descriptionRe: Root Kit....Zero Access13th June 2012, 3:39 pm

descriptionRe: Root Kit....Zero Access13th June 2012, 4:02 pm

descriptionRe: Root Kit....Zero Access13th June 2012, 4:22 pm

descriptionRe: Root Kit....Zero Access13th June 2012, 5:58 pm

descriptionRe: Root Kit....Zero Access13th June 2012, 7:22 pm

descriptionRe: Root Kit....Zero Access13th June 2012, 7:41 pm

descriptionRe: Root Kit....Zero Access13th June 2012, 7:42 pm

descriptionRe: Root Kit....Zero Access13th June 2012, 8:14 pm

descriptionRe: Root Kit....Zero Access13th June 2012, 8:28 pm

descriptionRe: Root Kit....Zero Access13th June 2012, 8:57 pm

descriptionRe: Root Kit....Zero Access13th June 2012, 9:04 pm

descriptionRe: Root Kit....Zero Access13th June 2012, 9:16 pm

descriptionRe: Root Kit....Zero Access13th June 2012, 9:24 pm

descriptionRe: Root Kit....Zero Access14th June 2012, 12:23 am

descriptionRe: Root Kit....Zero Access14th June 2012, 1:20 am

descriptionRe: Root Kit....Zero Access14th June 2012, 6:11 am

descriptionRe: Root Kit....Zero Access14th June 2012, 1:39 pm

descriptionRe: Root Kit....Zero Access14th June 2012, 2:01 pm

descriptionRe: Root Kit....Zero Access14th June 2012, 2:04 pm

descriptionRe: Root Kit....Zero Access14th June 2012, 2:09 pm

descriptionRe: Root Kit....Zero Access14th June 2012, 2:15 pm

descriptionRe: Root Kit....Zero Access14th June 2012, 2:19 pm

descriptionRe: Root Kit....Zero Access14th June 2012, 5:49 pm

descriptionRe: Root Kit....Zero Access14th June 2012, 6:09 pm

descriptionRe: Root Kit....Zero Access14th June 2012, 6:16 pm

descriptionRe: Root Kit....Zero Access14th June 2012, 6:51 pm

descriptionRe: Root Kit....Zero Access14th June 2012, 11:24 pm

descriptionRe: Root Kit....Zero Access15th June 2012, 2:21 am

descriptionRe: Root Kit....Zero Access15th June 2012, 6:01 am

descriptionRe: Root Kit....Zero Access15th June 2012, 1:01 pm

descriptionRe: Root Kit....Zero Access15th June 2012, 2:43 pm

descriptionRe: Root Kit....Zero Access

Re: Root Kit....Zero Access8th June 2012, 2:08 pm

Re: Root Kit....Zero Access10th June 2012, 6:43 pm

Re: Root Kit....Zero Access10th June 2012, 6:50 pm

Re: Root Kit....Zero Access10th June 2012, 6:58 pm

Re: Root Kit....Zero Access10th June 2012, 7:00 pm

Re: Root Kit....Zero Access10th June 2012, 7:03 pm

Re: Root Kit....Zero Access10th June 2012, 8:39 pm

Re: Root Kit....Zero Access10th June 2012, 9:39 pm

Re: Root Kit....Zero Access10th June 2012, 11:19 pm

Re: Root Kit....Zero Access11th June 2012, 12:39 pm

Re: Root Kit....Zero Access11th June 2012, 1:29 pm

Re: Root Kit....Zero Access12th June 2012, 8:30 am

Re: Root Kit....Zero Access12th June 2012, 2:28 pm

Re: Root Kit....Zero Access12th June 2012, 2:30 pm

Re: Root Kit....Zero Access12th June 2012, 2:34 pm

Re: Root Kit....Zero Access13th June 2012, 10:06 am

Re: Root Kit....Zero Access13th June 2012, 2:36 pm

Re: Root Kit....Zero Access13th June 2012, 2:41 pm

Re: Root Kit....Zero Access13th June 2012, 3:09 pm

Re: Root Kit....Zero Access13th June 2012, 3:39 pm

Re: Root Kit....Zero Access13th June 2012, 4:02 pm

Re: Root Kit....Zero Access13th June 2012, 4:22 pm

Re: Root Kit....Zero Access13th June 2012, 5:58 pm

Re: Root Kit....Zero Access13th June 2012, 7:22 pm

Re: Root Kit....Zero Access13th June 2012, 7:41 pm

Re: Root Kit....Zero Access13th June 2012, 7:42 pm

Re: Root Kit....Zero Access13th June 2012, 8:14 pm

Re: Root Kit....Zero Access13th June 2012, 8:28 pm

Re: Root Kit....Zero Access13th June 2012, 8:57 pm

Re: Root Kit....Zero Access13th June 2012, 9:04 pm

Re: Root Kit....Zero Access13th June 2012, 9:16 pm

Re: Root Kit....Zero Access13th June 2012, 9:24 pm

Re: Root Kit....Zero Access14th June 2012, 12:23 am

Re: Root Kit....Zero Access14th June 2012, 1:20 am

Re: Root Kit....Zero Access14th June 2012, 6:11 am

Re: Root Kit....Zero Access14th June 2012, 1:39 pm

Re: Root Kit....Zero Access14th June 2012, 2:01 pm

Re: Root Kit....Zero Access14th June 2012, 2:04 pm

Re: Root Kit....Zero Access14th June 2012, 2:09 pm

Re: Root Kit....Zero Access14th June 2012, 2:15 pm

Re: Root Kit....Zero Access14th June 2012, 2:19 pm

Re: Root Kit....Zero Access14th June 2012, 5:49 pm

Re: Root Kit....Zero Access14th June 2012, 6:09 pm

Re: Root Kit....Zero Access14th June 2012, 6:16 pm

Re: Root Kit....Zero Access14th June 2012, 6:51 pm

Re: Root Kit....Zero Access14th June 2012, 11:24 pm

Re: Root Kit....Zero Access15th June 2012, 2:21 am

Re: Root Kit....Zero Access15th June 2012, 6:01 am

Re: Root Kit....Zero Access15th June 2012, 1:01 pm

Re: Root Kit....Zero Access15th June 2012, 2:43 pm

Re: Root Kit....Zero Access