Root Kit....Zero Access

Page 5 of 11 Previous  1, 2, 3, 4, 5, 6 ... 9, 10, 11  Next

View previous topic View next topic Go down

Root Kit....Zero Access

Post by JonEJet on Wed 30 May 2012, 3:26 am

First topic message reminder :

Having problems with the laptop. Tried running combo fix, but it won't run, It keeps wanting me to reboot the computer.

Says I have a Root Kit, Zero Access.

Please help

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down


Re: Root Kit....Zero Access

Post by JonEJet on Thu 14 Jun 2012, 6:42 am

scan still going...been a few hours

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by DragonMaster Jay on Thu 14 Jun 2012, 7:14 am

It shouldn't take more than 30 minutes at the max.!

Cancel the scan and try again, please...


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Thu 14 Jun 2012, 7:28 am

I stopped it at this point....will try new scan again

Running from: C:\Users\JonEJet\Desktop\Win32kDiag.exe

Log file at : C:\Users\JonEJet\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\catroot2\edb00286.log

[1] 2012-06-08 01:22:59 65536 C:\Windows\System32\catroot2\edb00286.log ()



Cannot access: C:\Windows\System32\config\BCD-Template

[1] 2008-01-05 07:22:50 262144 C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.0.6001.18000_none_282474660318747d\BCD-Template ()

[1] 2007-11-06 16:41:23 262144 C:\Windows\System32\config\BCD-Template ()

[1] 2006-11-02 08:34:29 262144 C:\Windows\winsxs\x86_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.0.6000.16386_none_25edb26a062d63a9\BCD-Template ()

[1] 2008-01-05 04:22:52 262144 C:\Windows\winsxs\x86_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.0.6001.18000_none_282474660318747d\BCD-Template ()



Cannot access: C:\Windows\System32\config\BCD-Template.LOG

[1] 2007-11-06 16:41:23 37888 C:\Windows\System32\config\BCD-Template.LOG ()



Cannot access: C:\Windows\System32\config\BCD-Template.LOG1

[1] 2006-11-02 08:43:50 0 C:\Windows\System32\config\BCD-Template.LOG1 ()



Cannot access: C:\Windows\System32\config\BCD-Template.LOG2

[1] 2006-11-02 08:43:50 0 C:\Windows\System32\config\BCD-Template.LOG2 ()



Cannot access: C:\Windows\System32\config\COMPONENTS.LOG

[1] 2006-11-02 06:43:16 1024 C:\Windows\System32\config\COMPONENTS.LOG ()



Cannot access: C:\Windows\System32\config\COMPONENTS.SAV

[1] 2007-11-06 16:41:12 6602752 C:\Windows\System32\config\COMPONENTS.SAV ()



Cannot access: C:\Windows\System32\config\DEFAULT.LOG

[1] 2006-11-02 11:28:20 1024 C:\Windows\System32\config\DEFAULT.LOG ()



Cannot access: C:\Windows\System32\config\DEFAULT.SAV

[1] 2007-11-06 16:41:11 102400 C:\Windows\System32\config\DEFAULT.SAV ()



Cannot access: C:\Windows\System32\config\RegBack\COMPONENTS.LOG1

[1] 2012-06-13 10:26:31 262144 C:\Windows\System32\config\COMPONENTS.LOG1 ()

[1] 2012-02-11 00:09:09 262144 C:\Windows\System32\config\RegBack\COMPONENTS.LOG1 ()



Cannot access: C:\Windows\System32\config\RegBack\COMPONENTS.LOG2

[1] 2006-11-02 08:33:34 0 C:\Windows\System32\config\COMPONENTS.LOG2 ()

[1] 2006-11-02 09:07:24 0 C:\Windows\System32\config\RegBack\COMPONENTS.LOG2 ()



Cannot access: C:\Windows\System32\config\RegBack\DEFAULT.LOG1

[1] 2012-06-13 10:48:06 262144 C:\Windows\System32\config\DEFAULT.LOG1 ()

[1] 2012-05-28 15:08:24 262144 C:\Windows\System32\config\RegBack\DEFAULT.LOG1 ()



Cannot access: C:\Windows\System32\config\RegBack\DEFAULT.LOG2

[1] 2006-11-02 08:33:34 0 C:\Windows\System32\config\DEFAULT.LOG2 ()

[1] 2006-11-02 09:07:11 0 C:\Windows\System32\config\RegBack\DEFAULT.LOG2 ()



Cannot access: C:\Windows\System32\config\RegBack\SAM.LOG1

[1] 2011-01-28 17:18:38 262144 C:\Windows\System32\config\RegBack\SAM.LOG1 ()

[1] 2012-06-13 10:24:16 262144 C:\Windows\System32\config\SAM.LOG1 ()



Cannot access: C:\Windows\System32\config\RegBack\SAM.LOG2

[1] 2006-11-02 09:07:11 0 C:\Windows\System32\config\RegBack\SAM.LOG2 ()

[1] 2006-11-02 08:33:34 0 C:\Windows\System32\config\SAM.LOG2 ()



Cannot access: C:\Windows\System32\config\RegBack\SECURITY.LOG1

[1] 2012-05-28 15:08:03 262144 C:\Windows\System32\config\RegBack\SECURITY.LOG1 ()

[1] 2012-06-13 10:26:16 262144 C:\Windows\System32\config\SECURITY.LOG1 ()



Cannot access: C:\Windows\System32\config\RegBack\SECURITY.LOG2

[1] 2006-11-02 09:06:26 0 C:\Windows\System32\config\RegBack\SECURITY.LOG2 ()

[1] 2006-11-02 08:33:34 0 C:\Windows\System32\config\SECURITY.LOG2 ()



Cannot access: C:\Windows\System32\config\RegBack\SOFTWARE.LOG1

[1] 2012-05-28 15:08:17 262144 C:\Windows\System32\config\RegBack\SOFTWARE.LOG1 ()

[1] 2012-06-13 14:19:00 262144 C:\Windows\System32\config\SOFTWARE.LOG1 ()



Cannot access: C:\Windows\System32\config\RegBack\SOFTWARE.LOG2

[1] 2006-11-02 09:06:57 0 C:\Windows\System32\config\RegBack\SOFTWARE.LOG2 ()

[1] 2012-05-26 23:38:30 262144 C:\Windows\System32\config\SOFTWARE.LOG2 ()



Cannot access: C:\Windows\System32\config\RegBack\SYSTEM.LOG1

[1] 2012-05-28 15:08:22 1310720 C:\Windows\System32\config\RegBack\SYSTEM.LOG1 ()

[1] 2012-06-13 13:56:05 262144 C:\Windows\System32\config\SYSTEM.LOG1 ()



Cannot access: C:\Windows\System32\config\RegBack\SYSTEM.LOG2

[1] 2006-11-02 09:07:11 0 C:\Windows\System32\config\RegBack\SYSTEM.LOG2 ()

[1] 2006-11-02 08:33:34 0 C:\Windows\System32\config\SYSTEM.LOG2 ()



Cannot access: C:\Windows\System32\config\SAM.LOG

[1] 2007-11-06 16:59:48 0 C:\Windows\Debug\sam.log ()

[1] 2006-11-02 06:35:37 1024 C:\Windows\System32\config\SAM.LOG ()



Cannot access: C:\Windows\System32\config\SECURITY.LOG

[1] 2006-11-02 06:35:37 1024 C:\Windows\System32\config\SECURITY.LOG ()



Cannot access: C:\Windows\System32\config\SECURITY.SAV

[1] 2007-11-06 16:41:13 20480 C:\Windows\System32\config\SECURITY.SAV ()



Cannot access: C:\Windows\System32\config\SOFTWARE.LOG

[1] 2012-06-04 13:06:26 1024 C:\Windows\System32\config\SOFTWARE.LOG ()



Cannot access: C:\Windows\System32\config\SOFTWARE.SAV

[1] 2007-11-06 16:41:20 15556608 C:\Windows\System32\config\SOFTWARE.SAV ()



Cannot access: C:\Windows\System32\config\SYSTEM.LOG

[1] 2012-06-04 13:06:26 1024 C:\Windows\System32\config\SYSTEM.LOG ()



Cannot access: C:\Windows\System32\config\SYSTEM.SAV

[1] 2007-11-06 16:41:21 6012928 C:\Windows\System32\config\SYSTEM.SAV ()



Cannot access: C:\Windows\System32\config\systemprofile\ntuser.dat

[1] 2012-06-13 10:26:47 262144 C:\Windows\ServiceProfiles\LocalService\ntuser.dat ()

[1] 2012-06-13 10:26:55 524288 C:\Windows\ServiceProfiles\NetworkService\ntuser.dat ()

[1] 2012-06-08 04:47:06 262144 C:\Windows\System32\config\systemprofile\ntuser.dat ()



Cannot access: C:\Windows\System32\config\systemprofile\ntuser.dat.LOG

[1] 2006-11-02 11:28:20 1024 C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG ()

[1] 2006-11-02 11:28:20 1024 C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG ()

[1] 2006-11-02 11:28:20 1024 C:\Windows\System32\config\systemprofile\ntuser.dat.LOG ()



Cannot access: C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1

[1] 2012-06-13 10:26:46 136192 C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 ()

[1] 2012-06-13 10:26:53 262144 C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 ()

[1] 2011-04-05 22:43:31 9216 C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 ()



Cannot access: C:\Windows\System32\config\systemprofile\ntuser.dat.LOG2

[1] 2006-11-02 08:47:53 0 C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 ()

[1] 2006-11-02 08:47:52 0 C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 ()

[1] 2006-11-02 08:43:31 0 C:\Windows\System32\config\systemprofile\ntuser.dat.LOG2 ()



Cannot access: C:\Windows\System32\config\systemprofile\ntuser.dat{6b265b38-8caa-11dc-8cea-806e6f6e6963}.TM.blf

[1] 2011-04-05 22:43:31 65536 C:\Windows\System32\config\systemprofile\ntuser.dat{6b265b38-8caa-11dc-8cea-806e6f6e6963}.TM.blf ()



Cannot access: C:\Windows\System32\config\systemprofile\ntuser.dat{6b265b38-8caa-11dc-8cea-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[1] 2011-04-05 22:43:31 524288 C:\Windows\System32\config\systemprofile\ntuser.dat{6b265b38-8caa-11dc-8cea-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms ()



Cannot access: C:\Windows\System32\config\systemprofile\ntuser.dat{6b265b38-8caa-11dc-8cea-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[1] 2007-11-06 16:54:22 524288 C:\Windows\System32\config\systemprofile\ntuser.dat{6b265b38-8caa-11dc-8cea-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms ()



Cannot access: C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms

[1] 2011-06-16 08:57:17 5242880 C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms ()



Cannot access: C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms

[1] 2011-01-30 07:36:13 5242880 C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms ()



Cannot access: C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms

[1] 2011-02-26 10:14:26 5242880 C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms ()



Cannot access: C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101A}.TxR.3.regtrans-ms

[1] 2012-06-13 10:23:18 5242880 C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101A}.TxR.3.regtrans-ms ()



Cannot access: C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101A}.TxR.4.regtrans-ms

[1] 2011-01-30 07:36:13 5242880 C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101A}.TxR.4.regtrans-ms ()



Cannot access: C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf

[1] 2012-06-13 10:23:18 65536 C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf ()



Cannot access: C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf

[1] 2012-06-13 10:23:02 65536 C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf ()



Cannot access: C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms

[1] 2011-05-03 03:49:39 524288 C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms ()



Cannot access: C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms

[1] 2012-06-13 10:23:02 524288 C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms ()



Cannot access: C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms

[1] 2011-07-14 03:28:39 524288 C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms ()



Cannot access: C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms

[1] 2012-06-05 10:49:40 524288 C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms ()



Cannot access: C:\Windows\System32\DriverStore\FileRepository\netrtx32.inf_f093b1d0\netrtx32.PNF

[1] 2012-06-02 11:05:33 24256 C:\Windows\inf\netrtx32.PNF ()

[1] 2012-06-02 11:05:32 24256 C:\Windows\System32\DriverStore\FileRepository\netrtx32.inf_f093b1d0\netrtx32.PNF ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2012-06-13 10:24:43 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2012-06-13 10:24:10 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2012-06-13 10:24:10 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2012-06-13 10:24:10 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\networklist\icons\{2E8371A6-4CD4-413A-B786-989216C1F6BF}_16.bin

[1] 2012-04-21 19:48:23 1112 C:\Windows\System32\networklist\icons\{2E8371A6-4CD4-413A-B786-989216C1F6BF}_16.bin ()



Cannot access: C:\Windows\System32\networklist\icons\{2E8371A6-4CD4-413A-B786-989216C1F6BF}_24.bin

[1] 2012-04-21 19:48:23 2456 C:\Windows\System32\networklist\icons\{2E8371A6-4CD4-413A-B786-989216C1F6BF}_24.bin ()



Cannot access: C:\Windows\System32\networklist\icons\{2E8371A6-4CD4-413A-B786-989216C1F6BF}_32.bin

[1] 2012-04-21 19:48:23 4280 C:\Windows\System32\networklist\icons\{2E8371A6-4CD4-413A-B786-989216C1F6BF}_32.bin ()



Cannot access: C:\Windows\System32\networklist\icons\{2E8371A6-4CD4-413A-B786-989216C1F6BF}_48.bin

[1] 2012-04-21 19:48:23 9560 C:\Windows\System32\networklist\icons\{2E8371A6-4CD4-413A-B786-989216C1F6BF}_48.bin ()



Cannot access: C:\Windows\System32\networklist\icons\{6AE8DF8C-ECB6-4AC8-8C6B-316507035617}_16.bin

[1] 2012-06-09 19:42:09 1112 C:\Windows\System32\networklist\icons\{6AE8DF8C-ECB6-4AC8-8C6B-316507035617}_16.bin ()



Cannot access: C:\Windows\System32\networklist\icons\{6AE8DF8C-ECB6-4AC8-8C6B-316507035617}_24.bin

[1] 2012-06-09 19:42:09 2456 C:\Windows\System32\networklist\icons\{6AE8DF8C-ECB6-4AC8-8C6B-316507035617}_24.bin ()



Cannot access: C:\Windows\System32\networklist\icons\{6AE8DF8C-ECB6-4AC8-8C6B-316507035617}_32.bin

[1] 2012-06-09 19:42:09 4280 C:\Windows\System32\networklist\icons\{6AE8DF8C-ECB6-4AC8-8C6B-316507035617}_32.bin ()



Cannot access: C:\Windows\System32\networklist\icons\{6AE8DF8C-ECB6-4AC8-8C6B-316507035617}_48.bin

[1] 2012-06-09 19:42:09 9560 C:\Windows\System32\networklist\icons\{6AE8DF8C-ECB6-4AC8-8C6B-316507035617}_48.bin ()



Cannot access: C:\Windows\System32\networklist\icons\{E550DE9B-5A4F-4951-80A5-3ACD738DD518}_16.bin

[1] 2012-05-05 20:05:59 1112 C:\Windows\System32\networklist\icons\{E550DE9B-5A4F-4951-80A5-3ACD738DD518}_16.bin ()



Cannot access: C:\Windows\System32\networklist\icons\{E550DE9B-5A4F-4951-80A5-3ACD738DD518}_24.bin

[1] 2012-05-05 20:05:59 2456 C:\Windows\System32\networklist\icons\{E550DE9B-5A4F-4951-80A5-3ACD738DD518}_24.bin ()



Cannot access: C:\Windows\System32\networklist\icons\{E550DE9B-5A4F-4951-80A5-3ACD738DD518}_32.bin

[1] 2012-05-05 20:05:59 4280 C:\Windows\System32\networklist\icons\{E550DE9B-5A4F-4951-80A5-3ACD738DD518}_32.bin ()



Cannot access: C:\Windows\System32\networklist\icons\{E550DE9B-5A4F-4951-80A5-3ACD738DD518}_48.bin

[1] 2012-05-05 20:05:59 9560 C:\Windows\System32\networklist\icons\{E550DE9B-5A4F-4951-80A5-3ACD738DD518}_48.bin ()



Cannot access: C:\Windows\System32\spool\drivers\w32x86\3\msonpdrv.dll

[1] 2006-10-26 23:56:16 864080 C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSONPDRV.DLL (Microsoft Corporation)

[1] 2009-02-27 04:42:02 863128 C:\Windows\System32\spool\drivers\w32x86\3\msonpdrv.dll ()

[1] 2009-02-27 04:42:02 863128 C:\Windows\System32\spool\drivers\w32x86\msonpdrv.dll (Microsoft Corporation)



Cannot access: C:\Windows\System32\spool\drivers\w32x86\3\msonpui.dll

[1] 2006-10-26 23:56:14 67408 C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSONPUI.DLL (Microsoft Corporation)

[1] 2009-02-27 04:42:04 66440 C:\Windows\System32\spool\drivers\w32x86\3\msonpui.dll ()

[1] 2009-02-27 04:42:04 66440 C:\Windows\System32\spool\drivers\w32x86\msonpui.dll (Microsoft Corporation)



Cannot access: C:\Windows\System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan

[1] 2012-06-12 10:24:42 3504 C:\Windows\System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan ()



Cannot access: C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{000c67f9-0f8d-42e6-b7bc-c8e0e73fc435}\snapshot.etl

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{000c67f9-0f8d-42e6-b7bc-c8e0e73fc435}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{409290dd-2d84-4586-9359-801261ff6a77}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{99bf3265-ddc1-4985-9050-a3a2aeff7e88}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{da80fb81-edd5-4efe-ac05-de9a34f87d04}\snapshot.etl ()

[1] 2012-06-13 10:24:03 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{01f32406-bd3b-49d3-9171-f1deb13db9b9}\snapshot.etl ()

[1] 2012-06-11 15:08:22 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3252b13-cf58-4ec1-ad1f-da06cf818b16}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{146aeae5-3f2f-4ea0-8511-6814e172f5d4}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{c3d31e67-c290-490d-893d-41f11faf066d}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{d9cb2f36-e79b-4d9f-a359-4b44cb4b0fc2}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{f566f45a-2e45-42ac-b948-4ff4ad7cab29}\snapshot.etl ()



Cannot access: C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{409290dd-2d84-4586-9359-801261ff6a77}\snapshot.etl

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{000c67f9-0f8d-42e6-b7bc-c8e0e73fc435}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{409290dd-2d84-4586-9359-801261ff6a77}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{99bf3265-ddc1-4985-9050-a3a2aeff7e88}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{da80fb81-edd5-4efe-ac05-de9a34f87d04}\snapshot.etl ()

[1] 2012-06-13 10:24:03 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{01f32406-bd3b-49d3-9171-f1deb13db9b9}\snapshot.etl ()

[1] 2012-06-11 15:08:22 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3252b13-cf58-4ec1-ad1f-da06cf818b16}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{146aeae5-3f2f-4ea0-8511-6814e172f5d4}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{c3d31e67-c290-490d-893d-41f11faf066d}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{d9cb2f36-e79b-4d9f-a359-4b44cb4b0fc2}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{f566f45a-2e45-42ac-b948-4ff4ad7cab29}\snapshot.etl ()



Cannot access: C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{99bf3265-ddc1-4985-9050-a3a2aeff7e88}\snapshot.etl

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{000c67f9-0f8d-42e6-b7bc-c8e0e73fc435}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{409290dd-2d84-4586-9359-801261ff6a77}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{99bf3265-ddc1-4985-9050-a3a2aeff7e88}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{da80fb81-edd5-4efe-ac05-de9a34f87d04}\snapshot.etl ()

[1] 2012-06-13 10:24:03 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{01f32406-bd3b-49d3-9171-f1deb13db9b9}\snapshot.etl ()

[1] 2012-06-11 15:08:22 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3252b13-cf58-4ec1-ad1f-da06cf818b16}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{146aeae5-3f2f-4ea0-8511-6814e172f5d4}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{c3d31e67-c290-490d-893d-41f11faf066d}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{d9cb2f36-e79b-4d9f-a359-4b44cb4b0fc2}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{f566f45a-2e45-42ac-b948-4ff4ad7cab29}\snapshot.etl ()



Cannot access: C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{da80fb81-edd5-4efe-ac05-de9a34f87d04}\snapshot.etl

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{000c67f9-0f8d-42e6-b7bc-c8e0e73fc435}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{409290dd-2d84-4586-9359-801261ff6a77}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{99bf3265-ddc1-4985-9050-a3a2aeff7e88}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{da80fb81-edd5-4efe-ac05-de9a34f87d04}\snapshot.etl ()

[1] 2012-06-13 10:24:03 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{01f32406-bd3b-49d3-9171-f1deb13db9b9}\snapshot.etl ()

[1] 2012-06-11 15:08:22 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3252b13-cf58-4ec1-ad1f-da06cf818b16}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{146aeae5-3f2f-4ea0-8511-6814e172f5d4}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{c3d31e67-c290-490d-893d-41f11faf066d}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{d9cb2f36-e79b-4d9f-a359-4b44cb4b0fc2}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{f566f45a-2e45-42ac-b948-4ff4ad7cab29}\snapshot.etl ()



Cannot access: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{01f32406-bd3b-49d3-9171-f1deb13db9b9}\snapshot.etl

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{000c67f9-0f8d-42e6-b7bc-c8e0e73fc435}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{409290dd-2d84-4586-9359-801261ff6a77}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{99bf3265-ddc1-4985-9050-a3a2aeff7e88}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{da80fb81-edd5-4efe-ac05-de9a34f87d04}\snapshot.etl ()

[1] 2012-06-13 10:24:03 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{01f32406-bd3b-49d3-9171-f1deb13db9b9}\snapshot.etl ()

[1] 2012-06-11 15:08:22 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3252b13-cf58-4ec1-ad1f-da06cf818b16}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{146aeae5-3f2f-4ea0-8511-6814e172f5d4}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{c3d31e67-c290-490d-893d-41f11faf066d}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{d9cb2f36-e79b-4d9f-a359-4b44cb4b0fc2}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{f566f45a-2e45-42ac-b948-4ff4ad7cab29}\snapshot.etl ()



Cannot access: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3252b13-cf58-4ec1-ad1f-da06cf818b16}\snapshot.etl

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{000c67f9-0f8d-42e6-b7bc-c8e0e73fc435}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{409290dd-2d84-4586-9359-801261ff6a77}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{99bf3265-ddc1-4985-9050-a3a2aeff7e88}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{da80fb81-edd5-4efe-ac05-de9a34f87d04}\snapshot.etl ()

[1] 2012-06-13 10:24:03 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{01f32406-bd3b-49d3-9171-f1deb13db9b9}\snapshot.etl ()

[1] 2012-06-11 15:08:22 294912 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3252b13-cf58-4ec1-ad1f-da06cf818b16}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{146aeae5-3f2f-4ea0-8511-6814e172f5d4}\snapshot.etl ()

[1] 2012-06-11 15:08:22 1605632 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{c3d31e67-c290-490d-893d-41f11faf066d}\snapshot.etl ()

[1] 2012-06-11 15:08:22 999424 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{d9cb2f36-e79b-4d9f-a359-4b44cb4b0fc2}\snapshot.etl ()

[1] 2012-06-11 15:08:22 2097152 C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{f566f45a-2e45-42ac-b948-4ff4ad7cab29}\snapshot.etl ()



Cannot access: C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{47cb6cb0-c5ff-493a-a179-954101c9ee05}\krundown.etl

[1] 2012-06-13 10:32:55 2359296 C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{47cb6cb0-c5ff-493a-a179-954101c9ee05}\krundown.etl ()

[1] 2012-06-12 20:56:14 2424832 C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{eab453ee-1a8e-43ff-87ae-974ec71eff1c}\krundown.etl ()

[1] 2012-06-11 20:19:04 2949120 C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{f5603adf-9ef2-4cdb-b34e-9962801dccc1}\krundown.etl ()



Cannot access: C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{47cb6cb0-c5ff-493a-a179-954101c9ee05}\ksnapshot.etl

[1] 2012-06-13 10:32:56 4128768 C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{47cb6cb0-c5ff-493a-a179-954101c9ee05}\ksnapshot.etl ()

[1] 2012-06-12 20:56:15 4128768 C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{eab453ee-1a8e-43ff-87ae-974ec71eff1c}\ksnapshot.etl ()

[1] 2012-06-11 20:19:05 4128768 C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{f5603adf-9ef2-4cdb-b34e-9962801dccc1}\ksnapshot.etl ()



Cannot access: C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{eab453ee-1a8e-43ff-87ae-974ec71eff1c}\krundown.etl

[1] 2012-06-13 10:32:55 2359296 C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{47cb6cb0-c5ff-493a-a179-954101c9ee05}\krundown.etl ()

[1] 2012-06-12 20:56:14 2424832 C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{eab453ee-1a8e-43ff-87ae-974ec71eff1c}\krundown.etl ()

[1] 2012-06-11 20:19:04 2949120 C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{f5603adf-9ef2-4cdb-b34e-9962801dccc1}\krundown.etl ()



Cannot access: C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{eab453ee-1a8e-43ff-87ae-974ec71eff1c}\ksnapshot.etl



JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Thu 14 Jun 2012, 7:57 am

Well, I'm 30 minutes in on the new scan, and it's giving me the same exact scan....same results, but still scanning

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by DragonMaster Jay on Thu 14 Jun 2012, 8:04 am

Let's go to OTL at this time. Post a new log please.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Thu 14 Jun 2012, 8:16 am

OTL logfile created on: 6/13/2012 5:07:47 PM - Run 3
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\JonEJet\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 38.61% Memory free
4.21 Gb Paging File | 2.43 Gb Available in Paging File | 57.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 59.84 Gb Free Space | 54.24% Space Free | Partition Type: NTFS
Drive D: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JONEJET-PC | User Name: JonEJet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/06 11:50:57 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/04 15:50:17 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2012/06/04 15:50:15 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2012/06/01 10:16:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTL.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/10/14 18:45:05 | 000,589,824 | ---- | M] ( ) -- C:\Windows\System32\lxducoms.exe
PRC - [2010/02/01 23:02:21 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/19 15:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/08/15 19:31:50 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/15 18:58:02 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/04/25 15:14:16 | 004,444,160 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/29 14:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/02/26 01:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/11/15 00:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 22:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/06 11:50:56 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/04 15:50:17 | 000,014,112 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2011/08/28 10:57:23 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009/05/06 09:04:36 | 000,466,944 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\resource.dll
MOD - [2009/05/06 09:03:44 | 000,372,736 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\toolband.dll
MOD - [2007/09/13 19:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MpsSvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe -- (MozillaMaintenance)
SRV - File not found [On_Demand | Stopped] -- -- (BFE)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/10/14 18:45:05 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device)
SRV - [2008/07/27 14:00:25 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/19 21:17:50 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/01/19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 00:34:54 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008/01/19 00:34:46 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2007/09/24 21:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/09/19 15:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 14:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/26 01:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/15 00:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 22:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\UP_date\PEDrv.sys -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.5\CO_Mon.sys -- (CWMonitor)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\SeviceFix13496S\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/06/30 13:20:45 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/30 13:20:45 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/01/18 22:49:18 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/18 22:28:10 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2007/09/19 14:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/06/01 17:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/01/24 18:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 02:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 02:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/09 02:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2006/11/02 05:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2006/11/02 05:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 05:49:20 | 000,013,416 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2006/11/02 05:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006/11/02 04:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 04:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 04:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 04:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2006/11/02 04:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006/11/02 04:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 04:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 04:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 04:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006/11/02 04:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2006/11/02 04:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006/11/02 04:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2006/11/02 04:35:03 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2006/11/02 04:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2006/11/02 04:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006/11/02 04:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006/11/02 04:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006/11/02 04:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/10/18 15:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 02:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/09/27 08:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\kr3npxp.sys -- (KR3NPXP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{BC37B0C6-1699-454D-815B-74DB6873EE31}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {21475A23-BD73-3152-6CAC-741072CD9B98}
IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{21475A23-BD73-3152-6CAC-741072CD9B98}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{BC37B0C6-1699-454D-815B-74DB6873EE31}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_sp_"
FF - prefs.js..keyword.URL: "http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_ff_us_display?ie=UTF8&tag=bds-amzn-serp-us-ff-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_ab_&query="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/07 13:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/06 11:51:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/04 19:44:19 | 000,000,000 | ---D | M]

[2012/01/16 23:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JonEJet\AppData\Roaming\Mozilla\Extensions
[2012/03/12 20:07:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\6llx2x2q.default\extensions
[2012/06/01 10:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\okcrvxtn.default\extensions
[2012/06/06 11:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/01 10:11:28 | 000,502,682 | ---- | M] () (No name found) -- C:\USERS\JONEJET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OKCRVXTN.DEFAULT\EXTENSIONS\ABB@AMAZON.COM.XPI
[2012/03/12 20:07:50 | 000,004,728 | ---- | M] () (No name found) -- C:\USERS\JONEJET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OKCRVXTN.DEFAULT\EXTENSIONS\COOIJLURCQ@COOIJLURCQ.ORG.XPI
[2012/06/06 11:50:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/28 15:04:42 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Amazon (Enabled)
CHR - default_search_provider: search_url = [You must be registered and logged in to see this link.]
CHR - default_search_provider: suggest_url = [You must be registered and logged in to see this link.]
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\JonEJet\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: avast! WebRep = C:\Users\JonEJet\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

O1 HOSTS File: ([2012/06/08 01:18:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BCB3EAE-FB8F-4141-8934-8A0E11E5B570}: DhcpNameServer = 10.61.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBCEC8C8-8DDA-4014-B428-FED0EEFC40F8}: DhcpNameServer = 208.59.247.45 208.59.247.46
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/11 15:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/06/08 14:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/08 01:49:17 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Local\temp
[2012/06/08 01:18:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/08 01:14:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/07 23:23:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/07 07:41:09 | 000,000,000 | ---D | C] -- C:\SeviceFix
[2012/06/05 09:49:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/06/05 09:35:14 | 007,287,176 | ---- | C] (SurfRight B.V.) -- C:\Users\JonEJet\Desktop\HitmanPro36.exe
[2012/06/03 12:29:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\JonEJet\Documents\OTL.exe
[2012/06/02 14:55:01 | 098,077,435 | ---- | C] (Igor Pavlov) -- C:\Users\JonEJet\Desktop\OTLPEStd.exe
[2012/06/01 12:59:23 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Local\Seven Zip
[2012/06/01 12:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/01 10:16:29 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTL.exe
[2012/05/31 21:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2012/05/31 21:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon Browser Bar
[2012/05/31 10:23:14 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\Documents\OneNote Notebooks
[2012/05/31 10:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/31 09:27:33 | 000,201,728 | ---- | C] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTC.exe
[2012/05/30 11:04:58 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\JonEJet\Desktop\aswMBR.exe
[2012/05/30 10:20:51 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Roaming\FixZeroAccess
[2012/05/30 09:45:58 | 001,805,736 | ---- | C] (Symantec Corporation) -- C:\Users\JonEJet\Desktop\FixZeroAccess.exe
[2012/05/29 11:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Free Download Manager
[2012/05/29 11:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/05/29 11:22:35 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Roaming\Babylon
[2012/05/28 15:04:14 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Local\blekkotb_031
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/13 16:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/13 16:24:48 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 16:24:48 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 12:06:28 | 000,047,616 | ---- | M] () -- C:\Users\JonEJet\Desktop\Win32kDiag.exe
[2012/06/13 10:24:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/13 10:24:02 | 2137,415,680 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/12 01:00:48 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/09 13:40:35 | 000,059,246 | ---- | M] () -- C:\Users\JonEJet\Documents\marci.jpg
[2012/06/08 14:13:22 | 000,001,356 | ---- | M] () -- C:\Users\JonEJet\AppData\Local\d3d9caps.dat
[2012/06/08 01:18:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/08 00:48:21 | 179,672,641 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/07 23:30:59 | 001,415,784 | ---- | M] () -- C:\Users\JonEJet\Desktop\yorkyt.exe
[2012/06/07 14:14:40 | 000,604,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/07 14:14:40 | 000,104,356 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/07 11:03:06 | 000,080,384 | ---- | M] () -- C:\Users\JonEJet\Documents\MBRCheck.exe
[2012/06/06 23:37:06 | 000,015,494 | ---- | M] () -- C:\Users\JonEJet\log.xml
[2012/06/06 12:26:20 | 007,287,176 | ---- | M] (SurfRight B.V.) -- C:\Users\JonEJet\Desktop\HitmanPro36.exe
[2012/06/05 09:49:42 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/06/02 14:55:07 | 098,077,435 | ---- | M] (Igor Pavlov) -- C:\Users\JonEJet\Desktop\OTLPEStd.exe
[2012/06/01 12:27:43 | 000,000,881 | ---- | M] () -- C:\Users\JonEJet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/01 12:27:43 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/01 10:16:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Documents\OTL.exe
[2012/06/01 10:16:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTL.exe
[2012/05/31 10:23:11 | 000,001,122 | ---- | M] () -- C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/05/31 09:27:39 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTC.exe
[2012/05/31 09:19:25 | 000,349,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/30 11:05:05 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\JonEJet\Desktop\aswMBR.exe
[2012/05/30 09:46:03 | 001,805,736 | ---- | M] (Symantec Corporation) -- C:\Users\JonEJet\Desktop\FixZeroAccess.exe
[2012/05/28 12:15:03 | 000,005,120 | ---- | M] () -- C:\Users\JonEJet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/27 10:01:18 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/13 12:06:22 | 000,047,616 | ---- | C] () -- C:\Users\JonEJet\Desktop\Win32kDiag.exe
[2012/06/09 13:40:30 | 000,059,246 | ---- | C] () -- C:\Users\JonEJet\Documents\marci.jpg
[2012/06/08 14:17:37 | 2137,415,680 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/07 23:30:54 | 001,415,784 | ---- | C] () -- C:\Users\JonEJet\Desktop\yorkyt.exe
[2012/06/07 11:02:55 | 000,080,384 | ---- | C] () -- C:\Users\JonEJet\Documents\MBRCheck.exe
[2012/06/06 23:37:06 | 000,015,494 | ---- | C] () -- C:\Users\JonEJet\log.xml
[2012/06/01 12:24:16 | 000,000,881 | ---- | C] () -- C:\Users\JonEJet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/01 12:24:16 | 000,000,869 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/01 12:24:16 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/31 10:23:11 | 000,001,122 | ---- | C] () -- C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/05/18 16:44:04 | 000,001,356 | ---- | C] () -- C:\Users\JonEJet\AppData\Local\d3d9caps.dat
[2011/01/30 04:50:10 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/30 04:50:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/28 12:48:12 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2010/12/28 12:48:09 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
[2010/12/28 12:48:06 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2010/12/28 12:48:04 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxducfg.exe
[2010/12/28 12:48:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2010/12/28 12:48:02 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2010/12/28 12:48:01 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxduih.exe
[2010/12/28 12:45:37 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXDUPMON.DLL
[2010/12/28 12:45:37 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXDUFXPU.DLL
[2010/12/28 12:45:15 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxduoem.dll
[2010/12/28 12:32:53 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll
[2010/12/28 12:32:52 | 000,446,464 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll
[2010/12/28 12:32:51 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2010/12/28 12:32:50 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2010/12/28 12:32:46 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2010/12/28 12:32:44 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2010/12/28 12:32:39 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2010/12/28 12:32:24 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxducoms.exe
[2010/12/28 12:32:13 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
[2010/12/28 12:23:12 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxducoin.dll
[2010/12/28 12:22:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll
[2010/12/28 12:22:08 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll
[2010/12/28 12:22:06 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll
[2010/10/12 21:44:13 | 000,000,282 | ---- | C] () -- C:\Users\JonEJet\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2012/01/30 22:44:31 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\30EF7
[2011/01/03 14:09:41 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\5600-6600 Series
[2012/05/29 11:22:35 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\Babylon
[2012/05/30 10:20:51 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\FixZeroAccess
[2011/01/03 13:57:23 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\Lexmark Productivity Studio
[2011/04/03 11:17:53 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\OpenOffice.org
[2008/05/05 17:55:23 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\Sirius
[2012/06/01 11:35:56 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\SoftGrid Client
[2011/10/08 17:34:20 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\StreamTorrent
[2010/10/12 21:44:18 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\Template
[2009/06/17 11:39:53 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\TOSHIBA
[2011/01/28 17:36:21 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\TP
[2008/03/31 20:10:41 | 000,000,000 | ---D | M] -- C:\Users\JonEJet\AppData\Roaming\WinBatch
[2012/06/13 10:22:35 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Thu 14 Jun 2012, 8:24 am

Also, not sure where that Amazon google search came from???

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Belahzur on Thu 14 Jun 2012, 11:23 am

Something in your OTL log, do you know this IP address? 10.61.32.1


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Thu 14 Jun 2012, 12:20 pm

No, have no idea what that IP address is

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by DragonMaster Jay on Thu 14 Jun 2012, 5:11 pm

Thanks Belahzur!

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :otl
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BCB3EAE-FB8F-4141-8934-8A0E11E5B570}: DhcpNameServer = 10.61.32.1
    CHR - default_search_provider: Amazon (Enabled)
    CHR - default_search_provider: search_url = [You must be registered and logged in to see this link.]
    FF - prefs.js..browser.startup.homepage: "http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_sp_"
    FF - prefs.js..keyword.URL: "http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_ff_us_display?ie=UTF8&tag=bds-amzn-serp-us-ff-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_ab_&query="
    IE - HKCU\..\SearchScopes\{21475A23-BD73-3152-6CAC-741072CD9B98}: "URL" = [You must be registered and logged in to see this link.]
    IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = [You must be registered and logged in to see this link.]
    IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = [You must be registered and logged in to see this link.]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

    :commands
    [emptytemp]
    [reboot]

  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)





Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be neutralized then choose the delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Fri 15 Jun 2012, 12:39 am

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3BCB3EAE-FB8F-4141-8934-8A0E11E5B570}\\DhcpNameServer| /E : value set successfully!
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Prefs.js: "http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_sp_" removed from browser.startup.homepage
Prefs.js: "http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_ff_us_display?ie=UTF8&tag=bds-amzn-serp-us-ff-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_ab_&query=" removed from keyword.URL
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{21475A23-BD73-3152-6CAC-741072CD9B98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21475A23-BD73-3152-6CAC-741072CD9B98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: JonEJet
->Temp folder emptied: 225442345 bytes
->Temporary Internet Files folder emptied: 101693646 bytes
->Java cache emptied: 12308864 bytes
->FireFox cache emptied: 111239166 bytes
->Google Chrome cache emptied: 6962424 bytes
->Flash cache emptied: 355310 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15766 bytes
RecycleBin emptied: 62849844 bytes

Total Files Cleaned = 497.00 mb


OTL by OldTimer - Version 3.2.45.0 log created on 06142012_091807


< End of report >


Last edited by JonEJet on Fri 15 Jun 2012, 1:07 am; edited 1 time in total

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Gabethebabe on Fri 15 Jun 2012, 1:01 am

Hey JonEJet, the big guns are helping you now.

Seems you posted an OTL log you already posted before.

Assuming you ran the OTL "Run Fix" script that DragonMaster Jay requested in his previous post, the log should be located in C:\_OTL\Moved Files

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Fri 15 Jun 2012, 1:04 am

I thought so....looking again

Thanks Gabe, fixed previous post using todays scan

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Fri 15 Jun 2012, 1:09 am

Fixed...see above

Thank you

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Gabethebabe on Fri 15 Jun 2012, 1:15 am

OK

How about the AVP scan in safe mode, as indicated by DMJ?

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Fri 15 Jun 2012, 1:19 am

Scanning right now under safe mode

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Fri 15 Jun 2012, 4:49 am

This scan is 3.5 hours in, and still has a ways to go...is that normal?

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by DragonMaster Jay on Fri 15 Jun 2012, 5:09 am

It can take a while. Don't know why it is taking that long. Give it a bit longer.

Does it say if it has detected anything? If so...what's the detection?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Fri 15 Jun 2012, 5:16 am

nothing detected as of yet

44% done,says I have 5 hours left???

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by DragonMaster Jay on Fri 15 Jun 2012, 5:51 am

That seems a bit ridiculous, to be honest. I have successfully run that tool in 2 hours or less.

Let's switch to Dr Web CureIt, please:

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Fri 15 Jun 2012, 10:24 am

OTL infected with Trojan.Siggen4.2299

Did the quick scan, now on custom scan which is 3hrs in....not sure why these are going so slow, but not stopping now

Has found 7 infections, 13 curious thusfar

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Fri 15 Jun 2012, 1:21 pm

Okay, I have the log saved....but it is so long i can't paste it here

What can I do so you can see it?

Also have a quarantine file saved in my documents.........should I delete them all?

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by DragonMaster Jay on Fri 15 Jun 2012, 5:01 pm

Submit that to [You must be registered and logged in to see this link.] and then post the download link here, please.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Sat 16 Jun 2012, 12:01 am

[You must be registered and logged in to see this link.]


Here is quarantine

[You must be registered and logged in to see this link.]

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by DragonMaster Jay on Sat 16 Jun 2012, 1:43 am

Taking a look at your quarantine pic there...

OTL was detected incorrectly by Dr. Web. It happens all the time.

Anyway, it's interesting that GetAd.JS was quarantined. GetAd.js contains scripting code to redirect web searches. All those GetAd*.aspx were all special ad pages by the malware. It's a scripting/macro virus aimed at displaying individual ads to you while browsing the internet (AKA redirecting your searches). I have all the locations outlined below.

Coders work with this advertising model, but some have done it scammy: [You must be registered and logged in to see this link.]

It's a legit type of idea, but definitely used maliciously in this case of yours!!


From the Scan Log:

C:\Users\JonEJet\Documents\My Pictures\LL_files\GetAd.js - archive contains infected objects - moved
C:\Users\JonEJet\Documents\My Pictures\LL_files\getjs.js - archive JS-HTML
C:\Users\JonEJet\Documents\My Pictures\LL_files\GetAd.js - probably infected with SCRIPT.Virus
C:\Users\JonEJet\Documents\My Pictures\LL_files\GetAd.js - archive JS-HTML
>C:\Users\JonEJet\Documents\My Pictures\LL_files\GetAd.js/JSFile_1[0][919] - probably infected with SCRIPT.Virus
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[1].aspx - probably infected with SCRIPT.Virus
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[1].aspx - archive JS-HTML
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[1].aspx/JSFile_1[0][615] - probably infected with SCRIPT.Virus
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[1].aspx/JSWrite_2[185] - OK
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[1].aspx/IFrame_3[98] - OK
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[1].aspx - archive contains infected objects - moved
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[2].aspx - probably infected with SCRIPT.Virus
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[2].aspx - archive JS-HTML
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[2].aspx/JSFile_1[0][612] - probably infected with SCRIPT.Virus
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[2].aspx/JSWrite_2[185] - OK
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[2].aspx/IFrame_3[98] - OK
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[2].aspx - archive contains infected objects - moved
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[3].aspx - probably infected with SCRIPT.Virus
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[3].aspx - archive JS-HTML
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[3].aspx/JSFile_1[0][741] - probably infected with SCRIPT.Virus
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[3].aspx/JSWrite_2[1e2] - OK
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[3].aspx/IFrame_3[f5] - OK
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN99C74\GetAd[3].aspx - archive contains infected objects - moved
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPVKWOSX\GetAd[1].aspx - probably infected with SCRIPT.Virus
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPVKWOSX\GetAd[1].aspx - archive JS-HTML
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPVKWOSX\GetAd[1].aspx/JSFile_1[0][741] - probably infected with SCRIPT.Virus
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPVKWOSX\GetAd[1].aspx/JSWrite_2[1e2] - OK
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPVKWOSX\GetAd[1].aspx/IFrame_3[f5] - OK
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPVKWOSX\GetAd[1].aspx - archive contains infected objects - moved
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0WF783Q\ros[2] - probably infected with SCRIPT.Virus
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0WF783Q\GetAd[1].aspx - probably infected with SCRIPT.Virus
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0WF783Q\GetAd[1].aspx - archive JS-HTML
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0WF783Q\GetAd[1].aspx/JSFile_1[0][61c] - probably infected with SCRIPT.Virus
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0WF783Q\GetAd[1].aspx/JSWrite_2[185] - OK
>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0WF783Q\GetAd[1].aspx/IFrame_3[98] - OK
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0WF783Q\GetAd[1].aspx - archive contains infected objects - moved

C:\Documents and Settings\JonEJet\DoctorWeb\Quarantine\yorkyt.exe infected with Trojan.MulDrop3.44950 - incurable - moved

What was yorkyt.exe - did you rename a tool?

Do you know what the LL_files directory was? It's really strange to see detections within My Pictures. Usually the user put infected files there.

Redirects should be gone now, yes?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Root Kit....Zero Access

Post by Sponsored content Today at 11:17 am


Sponsored content


Back to top Go down

Page 5 of 11 Previous  1, 2, 3, 4, 5, 6 ... 9, 10, 11  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum