Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan.SHarpro.Gen search redirect

Started by json4639 , Oct 31 2011 07:49 PM

Please log in to reply

#1
json4639

Posted 31 October 2011 - 07:49 PM

New Member

Member
6 posts

I've known some people that have gotten some great helpt on this site, so I'm hoping someone can help me as well. I started getting my google searches redirected a couple weeks ago. I did a scan with Malwarebytes and it discovered something called Trojan.SHarpro.Gen. It said it was quarantined but after I rebooted, I kept having the same problem. I've seen other people on this site and others who've had the same problem but I don't know which commands I'm supposed to put into OTL to fix this. I looked into my firefox history and I started getting the redirects on 10/19 20:57, at the exact same time as the file C:\ProgramData\JavaTrayProfile.dll was created. I can even see the site I was looking at, peopleofwalmart.com. Below is my OTL log.

OTL logfile created on: 10/31/2011 7:58:37 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jason\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 68.53% Memory free
7.60 Gb Paging File | 6.01 Gb Available in Paging File | 79.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244.28 Gb Total Space | 94.69 Gb Free Space | 38.76% Space Free | Partition Type: NTFS
Drive F: | 39.06 Gb Total Space | 14.25 Gb Free Space | 36.47% Space Free | Partition Type: NTFS

Computer Name: JASON-PC | User Name: jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/21 20:54:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jason\Desktop\OTL.exe
PRC - [2011/10/02 20:25:02 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/11/11 14:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/11/11 14:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/17 16:37:16 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/17 16:34:12 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/12/23 17:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/02 20:25:02 | 001,015,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/09/22 20:32:09 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/17 16:29:08 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/03/17 16:27:52 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/12/16 21:16:30 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/11 14:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 14:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 14:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/19 14:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/17 16:37:16 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/17 16:34:12 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/23 17:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/26 10:20:36 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/11/11 14:32:32 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/11/11 14:32:20 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/11/11 14:30:34 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/11/11 14:30:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/11/11 13:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/11/11 11:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/11/11 11:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010/11/11 11:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/17 16:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/17 16:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/17 16:33:06 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2010/03/17 16:27:14 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/02/26 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/12/17 10:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/16 21:16:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/12/16 21:16:18 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2009/12/16 21:16:14 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/09/15 20:45:08 | 000,174,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2009/09/15 11:40:42 | 006,952,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/08/19 14:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111008
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 30 C2 EE 12 F2 C0 25 4D AD C7 71 11 94 AD BF 5F [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {2d739eed-b857-4a61-9721-dabb2778415d}:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/23 16:45:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/02 20:25:03 | 000,000,000 | ---D | M]

[2010/07/29 20:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jason\AppData\Roaming\Mozilla\Extensions
[2011/10/31 07:59:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\5onum4dd.default\extensions
[2011/10/19 20:57:42 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\5onum4dd.default\extensions\{2d739eed-b857-4a61-9721-dabb2778415d}
[2011/03/10 05:56:56 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\5onum4dd.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/03/10 05:56:53 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\5onum4dd.default\extensions\[email protected]
[2011/10/08 16:29:58 | 000,001,945 | ---- | M] () -- C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\5onum4dd.default\searchplugins\bing-zugo.xml
[2011/10/08 17:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/12 15:18:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/12 15:18:02 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/04/30 15:56:09 | 000,001,798 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKCU..\Run: [JavaTrayProfile] C:\ProgramData\JavaTrayProfile.dll (Sony Corporation)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E25D5AE8-E6C8-4C6B-AD6D-A6E7D6DC3020}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{69fcd123-a24a-11df-b405-c4461925ef45}\Shell - "" = AutoRun
O33 - MountPoints2\{69fcd123-a24a-11df-b405-c4461925ef45}\Shell\AutoRun\command - "" = H:\AutoRun.exe InFocusDisplayLinkManagerSetup.exe
O33 - MountPoints2\{8ef3f742-c3f1-11df-b6cb-a4badbd86029}\Shell - "" = AutoRun
O33 - MountPoints2\{8ef3f742-c3f1-11df-b6cb-a4badbd86029}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{a7ddf19a-9fa0-11df-8678-fc96bc8549f3}\Shell - "" = AutoRun
O33 - MountPoints2\{a7ddf19a-9fa0-11df-8678-fc96bc8549f3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/30 15:35:45 | 000,000,000 | ---D | C] -- C:\windows\pss
[2011/10/22 07:30:37 | 000,000,000 | ---D | C] -- C:\Users\jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/22 07:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/10/21 22:03:41 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/10/21 20:54:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\jason\Desktop\OTL.exe
[2011/10/21 20:53:24 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\jason\Desktop\aswMBR.exe
[2011/10/19 20:57:34 | 000,200,192 | ---- | C] (Sony Corporation) -- C:\ProgramData\JavaTrayProfile.dll
[2011/10/18 20:31:31 | 000,000,000 | ---D | C] -- C:\Users\jason\Desktop\Django-1.3.1.tar
[2011/10/18 20:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
[2011/10/18 20:20:59 | 000,000,000 | ---D | C] -- C:\Python27
[2011/10/16 08:00:47 | 000,000,000 | ---D | C] -- C:\Users\jason\Desktop\murgia
[2011/10/15 09:45:24 | 000,000,000 | ---D | C] -- C:\Users\jason\AppData\Local\Microsoft Games

========== Files - Modified Within 30 Days ==========

[2011/10/31 19:59:00 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/31 19:38:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/31 07:30:15 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cbf8a97fbe3efa.job
[2011/10/30 15:44:44 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/30 15:44:44 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/30 15:42:13 | 000,744,932 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/10/30 15:42:13 | 000,636,308 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/10/30 15:42:13 | 000,112,178 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/10/30 15:37:11 | 3062,804,480 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/22 07:30:37 | 000,002,975 | ---- | M] () -- C:\Users\jason\Desktop\HiJackThis.lnk
[2011/10/22 07:04:10 | 001,402,880 | ---- | M] () -- C:\Users\jason\Desktop\HiJackThis.msi
[2011/10/22 06:55:01 | 000,000,512 | ---- | M] () -- C:\Users\jason\Desktop\MBR.dat
[2011/10/21 22:03:35 | 761,835,322 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/10/21 20:54:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jason\Desktop\OTL.exe
[2011/10/21 20:53:37 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\jason\Desktop\aswMBR.exe
[2011/10/18 20:31:15 | 006,514,564 | ---- | M] () -- C:\Users\jason\Desktop\Django-1.3.1.tar.gz
[2011/10/18 20:19:47 | 016,334,848 | ---- | M] () -- C:\Users\jason\Desktop\python-2.7.2.amd64.msi
[2011/10/16 15:43:51 | 000,414,553 | ---- | M] () -- C:\Users\jason\Documents\dirs.png
[2011/10/16 13:19:13 | 000,000,132 | ---- | M] () -- C:\Users\jason\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/10/13 03:28:06 | 004,968,608 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/10/02 09:30:04 | 000,009,728 | ---- | M] () -- C:\Users\jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/10/22 07:30:37 | 000,002,975 | ---- | C] () -- C:\Users\jason\Desktop\HiJackThis.lnk
[2011/10/22 07:04:08 | 001,402,880 | ---- | C] () -- C:\Users\jason\Desktop\HiJackThis.msi
[2011/10/21 22:03:35 | 761,835,322 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/10/21 21:07:05 | 000,000,512 | ---- | C] () -- C:\Users\jason\Desktop\MBR.dat
[2011/10/18 20:31:15 | 006,514,564 | ---- | C] () -- C:\Users\jason\Desktop\Django-1.3.1.tar.gz
[2011/10/18 20:19:18 | 016,334,848 | ---- | C] () -- C:\Users\jason\Desktop\python-2.7.2.amd64.msi
[2011/10/16 15:31:09 | 000,414,553 | ---- | C] () -- C:\Users\jason\Documents\dirs.png
[2011/09/25 21:25:17 | 000,001,456 | ---- | C] () -- C:\Users\jason\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/09/25 21:21:30 | 000,000,132 | ---- | C] () -- C:\Users\jason\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/09/25 17:44:01 | 000,009,728 | ---- | C] () -- C:\Users\jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/18 22:40:10 | 000,000,132 | ---- | C] () -- C:\Users\jason\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/10/15 21:01:15 | 000,001,644 | ---- | C] () -- C:\windows\ODBCINST.INI
[2010/10/15 21:01:15 | 000,000,288 | ---- | C] () -- C:\windows\ODBC.INI
[2010/08/25 20:34:30 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/08/25 20:34:30 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/07/30 21:08:13 | 000,761,156 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/07/14 07:10:57 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/07/14 07:10:57 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/07/14 07:10:57 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2010/07/14 07:03:59 | 000,000,193 | ---- | C] () -- C:\windows\Prelaunch.ini
[2010/07/14 07:03:59 | 000,000,147 | ---- | C] () -- C:\windows\WisPriority.ini
[2010/07/14 07:03:59 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2010/07/14 07:03:59 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2010/07/14 07:03:59 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2010/07/14 07:03:59 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2010/07/14 07:03:59 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/04/10 21:44:10 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\Artisteer
[2011/04/03 00:05:26 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/26 10:30:22 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\DAEMON Tools Lite
[2010/07/30 07:30:27 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\Echo Software
[2011/06/20 21:08:33 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\FileZilla
[2011/05/22 09:10:35 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\gtk-2.0
[2011/02/21 19:59:20 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\PACE Anti-Piracy
[2010/08/01 09:55:48 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\SoftGrid Client
[2011/02/21 20:06:02 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/05/27 22:49:56 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\Subversion
[2010/07/30 21:08:57 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\TP
[2011/10/22 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\jason\AppData\Roaming\uTorrent
[2009/07/14 00:08:49 | 000,026,678 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 990 bytes -> C:\Users\jason\AppData\Local\Temp:Dn5bA7i8kvgo2aNls

< End of report >

#2
RKinner

Posted 01 November 2011 - 07:10 PM

Malware Expert

Expert
24,625 posts

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 30 C2 EE 12 F2 C0 25 4D AD C7 71 11 94 AD BF 5F [binary data]
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {2d739eed-b857-4a61-9721-dabb2778415d}:1.0
[2011/10/19 20:57:42 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\5onum4dd.default\extensions\{2d739eed-b857-4a61-9721-dabb2778415d}
[2010/12/12 15:18:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
@Alternate Data Stream - 990 bytes -> C:\Users\jason\AppData\Local\Temp:Dn5bA7i8kvgo2aNls

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C


:Commands
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

Ron
You should get two logs. Please copy and paste both of them.

#3
json4639

Posted 02 November 2011 - 07:27 PM

New Member

Topic Starter
Member
6 posts

When I ran aswMBR, the fix button wasn't enabled. The redirects seem to have stopped. This should be all the logs.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8066

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/2/2011 1:16:01 AM
mbam-log-2011-11-02 (01-16-01).txt

Scan type: Quick scan
Objects scanned: 174604
Time elapsed: 2 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 11-11-02.01 - jason 11/02/2011 1:24.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2512 [GMT -5:00]
Running from: c:\users\jason\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\ST6UNST.000
.
.
((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 )))))))))))))))))))))))))))))))
.
.
2011-11-02 06:31 . 2011-11-02 06:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-02 06:12 . 2011-11-02 06:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-02 06:11 . 2011-11-02 06:11 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9219709D-803A-4E60-9F3C-989CE01A7A8E}\offreg.dll
2011-11-02 06:11 . 2011-10-18 07:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9219709D-803A-4E60-9F3C-989CE01A7A8E}\mpengine.dll
2011-11-02 06:06 . 2011-11-02 06:06 -------- d-----w- C:\_OTL
2011-10-26 01:23 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-26 01:23 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-23 22:07 . 2011-05-25 00:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-10-22 12:30 . 2011-10-22 12:30 388096 ----a-r- c:\users\jason\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-22 12:30 . 2011-10-22 12:30 -------- d-----w- c:\program files (x86)\Trend Micro
2011-10-20 01:57 . 2011-10-20 01:57 200192 ----a-w- c:\windows\SysWow64\srrstr.dll
2011-10-19 01:20 . 2011-10-19 01:22 -------- d-----w- C:\Python27
2011-10-15 14:45 . 2011-10-15 14:50 -------- d-----w- c:\users\jason\AppData\Local\Microsoft Games
2011-10-13 00:40 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-23 01:32 . 2011-09-23 01:32 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-16 23:43 . 2010-10-16 02:00 286720 ------w- c:\windows\Setup1.exe
2011-09-16 23:43 . 2010-10-16 02:00 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-08-31 22:00 . 2011-06-25 14:51 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-19 136176]
R3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-19 136176]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-03-17 89600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-17 2320920]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cbf8a97fbe3efa.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-19 14:51]
.
2011-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-19 14:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-17 5470208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\5onum4dd.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Firebug: [email protected] - %profile%\extensions\[email protected]
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-WildTangentGameProvider-dell-genres - c:\program files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\Uninstall.exe
AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-02 01:33:58
ComboFix-quarantined-files.txt 2011-11-02 06:33
.
Pre-Run: 101,264,322,560 bytes free
Post-Run: 101,780,701,184 bytes free
.
- - End Of File - - FEB09C243C5AFAB09F9710E3E8F502DD

19:49:14.0270 3968 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
19:49:14.0660 3968 ============================================================
19:49:14.0660 3968 Current date / time: 2011/11/02 19:49:14.0660
19:49:14.0660 3968 SystemInfo:
19:49:14.0660 3968
19:49:14.0660 3968 OS Version: 6.1.7600 ServicePack: 0.0
19:49:14.0660 3968 Product type: Workstation
19:49:14.0660 3968 ComputerName: JASON-PC
19:49:14.0660 3968 UserName: jason
19:49:14.0660 3968 Windows directory: C:\windows
19:49:14.0660 3968 System windows directory: C:\windows
19:49:14.0660 3968 Running under WOW64
19:49:14.0660 3968 Processor architecture: Intel x64
19:49:14.0660 3968 Number of processors: 4
19:49:14.0660 3968 Page size: 0x1000
19:49:14.0660 3968 Boot type: Normal boot
19:49:14.0660 3968 ============================================================
19:49:15.0503 3968 Initialize success
19:50:22.0017 1416 ============================================================
19:50:22.0017 1416 Scan started
19:50:22.0017 1416 Mode: Manual;
19:50:22.0017 1416 ============================================================
19:50:23.0717 1416 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\windows\system32\DRIVERS\1394ohci.sys
19:50:23.0733 1416 1394ohci - ok
19:50:24.0123 1416 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
19:50:24.0139 1416 ACPI - ok
19:50:24.0435 1416 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
19:50:24.0451 1416 AcpiPmi - ok
19:50:24.0731 1416 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
19:50:24.0747 1416 adp94xx - ok
19:50:25.0090 1416 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
19:50:25.0106 1416 adpahci - ok
19:50:25.0371 1416 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
19:50:25.0371 1416 adpu320 - ok
19:50:25.0761 1416 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
19:50:25.0777 1416 AFD - ok
19:50:26.0011 1416 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
19:50:26.0057 1416 agp440 - ok
19:50:26.0510 1416 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
19:50:26.0510 1416 aliide - ok
19:50:26.0915 1416 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
19:50:26.0915 1416 amdide - ok
19:50:27.0368 1416 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
19:50:27.0383 1416 AmdK8 - ok
19:50:27.0820 1416 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
19:50:27.0836 1416 AmdPPM - ok
19:50:28.0226 1416 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
19:50:28.0257 1416 amdsata - ok
19:50:28.0725 1416 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
19:50:28.0756 1416 amdsbs - ok
19:50:28.0990 1416 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
19:50:29.0021 1416 amdxata - ok
19:50:29.0443 1416 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
19:50:29.0458 1416 AppID - ok
19:50:29.0848 1416 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
19:50:29.0864 1416 arc - ok
19:50:30.0363 1416 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
19:50:30.0394 1416 arcsas - ok
19:50:30.0800 1416 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:50:30.0815 1416 AsyncMac - ok
19:50:31.0221 1416 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
19:50:31.0237 1416 atapi - ok
19:50:31.0861 1416 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
19:50:31.0892 1416 b06bdrv - ok
19:50:32.0329 1416 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:50:32.0329 1416 b57nd60a - ok
19:50:32.0750 1416 BCM42RLY (5c0f919666954885d7760dffe4b29a25) C:\windows\system32\drivers\BCM42RLY.sys
19:50:32.0750 1416 BCM42RLY - ok
19:50:34.0076 1416 BCM43XX (bab887a2b2786310a966881f074f4a99) C:\windows\system32\DRIVERS\bcmwl664.sys
19:50:34.0185 1416 BCM43XX - ok
19:50:34.0481 1416 BcmVWL (d98f22c21d2969dad4f1faad8cd4faac) C:\windows\system32\DRIVERS\bcmvwl64.sys
19:50:34.0481 1416 BcmVWL - ok
19:50:34.0575 1416 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:50:34.0591 1416 Beep - ok
19:50:34.0653 1416 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:50:34.0653 1416 blbdrive - ok
19:50:34.0731 1416 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
19:50:34.0747 1416 bowser - ok
19:50:34.0793 1416 bpmp (7057339774618e38cfefe0b5d1fdd58e) C:\windows\system32\DRIVERS\bpmp.sys
19:50:34.0793 1416 bpmp - ok
19:50:34.0825 1416 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:50:34.0825 1416 BrFiltLo - ok
19:50:34.0840 1416 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:50:34.0840 1416 BrFiltUp - ok
19:50:34.0918 1416 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:50:34.0918 1416 Brserid - ok
19:50:34.0965 1416 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:50:34.0996 1416 BrSerWdm - ok
19:50:35.0012 1416 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:50:35.0027 1416 BrUsbMdm - ok
19:50:35.0043 1416 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:50:35.0043 1416 BrUsbSer - ok
19:50:35.0074 1416 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
19:50:35.0074 1416 BTHMODEM - ok
19:50:35.0105 1416 catchme - ok
19:50:35.0152 1416 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:50:35.0168 1416 cdfs - ok
19:50:35.0199 1416 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
19:50:35.0199 1416 cdrom - ok
19:50:35.0246 1416 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
19:50:35.0246 1416 circlass - ok
19:50:35.0293 1416 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:50:35.0308 1416 CLFS - ok
19:50:35.0371 1416 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:50:35.0402 1416 CmBatt - ok
19:50:35.0433 1416 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
19:50:35.0433 1416 cmdide - ok
19:50:35.0480 1416 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
19:50:35.0495 1416 CNG - ok
19:50:35.0527 1416 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
19:50:35.0527 1416 Compbatt - ok
19:50:35.0558 1416 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
19:50:35.0558 1416 CompositeBus - ok
19:50:35.0589 1416 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
19:50:35.0589 1416 crcdisk - ok
19:50:35.0667 1416 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\windows\system32\DRIVERS\CtClsFlt.sys
19:50:35.0683 1416 CtClsFlt - ok
19:50:35.0761 1416 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
19:50:35.0761 1416 DfsC - ok
19:50:35.0839 1416 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:50:35.0854 1416 discache - ok
19:50:35.0885 1416 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
19:50:35.0885 1416 Disk - ok
19:50:35.0948 1416 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:50:35.0948 1416 drmkaud - ok
19:50:36.0260 1416 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
19:50:36.0291 1416 DXGKrnl - ok
19:50:37.0305 1416 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
19:50:37.0399 1416 ebdrv - ok
19:50:38.0023 1416 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
19:50:38.0054 1416 elxstor - ok
19:50:38.0350 1416 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
19:50:38.0381 1416 ErrDev - ok
19:50:38.0475 1416 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:50:38.0475 1416 exfat - ok
19:50:38.0506 1416 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:50:38.0506 1416 fastfat - ok
19:50:38.0553 1416 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
19:50:38.0553 1416 fdc - ok
19:50:38.0584 1416 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:50:38.0584 1416 FileInfo - ok
19:50:38.0600 1416 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:50:38.0600 1416 Filetrace - ok
19:50:38.0647 1416 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
19:50:38.0678 1416 flpydisk - ok
19:50:38.0709 1416 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
19:50:38.0709 1416 FltMgr - ok
19:50:38.0740 1416 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:50:38.0740 1416 FsDepends - ok
19:50:38.0771 1416 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
19:50:38.0771 1416 Fs_Rec - ok
19:50:38.0803 1416 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
19:50:38.0803 1416 fvevol - ok
19:50:38.0834 1416 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
19:50:38.0834 1416 gagp30kx - ok
19:50:38.0881 1416 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:50:38.0912 1416 GEARAspiWDM - ok
19:50:39.0395 1416 hcmon (ba207b48aa3d9d73fd4856400f852458) C:\windows\system32\drivers\hcmon.sys
19:50:39.0411 1416 hcmon - ok
19:50:39.0785 1416 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:50:39.0801 1416 hcw85cir - ok
19:50:40.0160 1416 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
19:50:40.0175 1416 HdAudAddService - ok
19:50:40.0207 1416 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
19:50:40.0207 1416 HDAudBus - ok
19:50:40.0253 1416 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
19:50:40.0253 1416 HECIx64 - ok
19:50:40.0285 1416 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
19:50:40.0285 1416 HidBatt - ok
19:50:40.0300 1416 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
19:50:40.0300 1416 HidBth - ok
19:50:40.0331 1416 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
19:50:40.0347 1416 HidIr - ok
19:50:40.0456 1416 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
19:50:40.0456 1416 HidUsb - ok
19:50:40.0519 1416 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
19:50:40.0519 1416 HpSAMD - ok
19:50:40.0550 1416 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
19:50:40.0565 1416 HTTP - ok
19:50:40.0597 1416 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
19:50:40.0597 1416 hwpolicy - ok
19:50:40.0643 1416 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
19:50:40.0643 1416 i8042prt - ok
19:50:40.0690 1416 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\windows\system32\DRIVERS\iaStor.sys
19:50:40.0706 1416 iaStor - ok
19:50:40.0815 1416 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
19:50:40.0815 1416 iaStorV - ok
19:50:42.0391 1416 igfx (677aa5991026a65ada128c4b59cf2bad) C:\windows\system32\DRIVERS\igdkmd64.sys
19:50:42.0609 1416 igfx - ok
19:50:42.0999 1416 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
19:50:43.0015 1416 iirsp - ok
19:50:43.0061 1416 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
19:50:43.0077 1416 Impcd - ok
19:50:43.0155 1416 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys
19:50:43.0155 1416 IntcDAud - ok
19:50:43.0202 1416 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
19:50:43.0202 1416 intelide - ok
19:50:43.0264 1416 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:50:43.0264 1416 intelppm - ok
19:50:43.0311 1416 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:50:43.0311 1416 IpFilterDriver - ok
19:50:43.0342 1416 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
19:50:43.0358 1416 IPMIDRV - ok
19:50:43.0358 1416 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:50:43.0373 1416 IPNAT - ok
19:50:43.0405 1416 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:50:43.0405 1416 IRENUM - ok
19:50:43.0436 1416 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
19:50:43.0436 1416 isapnp - ok
19:50:43.0467 1416 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
19:50:43.0467 1416 iScsiPrt - ok
19:50:43.0514 1416 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
19:50:43.0529 1416 kbdclass - ok
19:50:43.0561 1416 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
19:50:43.0561 1416 kbdhid - ok
19:50:43.0623 1416 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
19:50:43.0623 1416 KSecDD - ok
19:50:43.0701 1416 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
19:50:43.0717 1416 KSecPkg - ok
19:50:43.0748 1416 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:50:43.0748 1416 ksthunk - ok
19:50:43.0810 1416 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:50:43.0810 1416 lltdio - ok
19:50:43.0873 1416 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
19:50:43.0873 1416 LSI_FC - ok
19:50:43.0888 1416 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
19:50:43.0904 1416 LSI_SAS - ok
19:50:43.0919 1416 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:50:43.0919 1416 LSI_SAS2 - ok
19:50:43.0935 1416 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:50:43.0935 1416 LSI_SCSI - ok
19:50:43.0966 1416 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:50:43.0982 1416 luafv - ok
19:50:44.0013 1416 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
19:50:44.0013 1416 megasas - ok
19:50:44.0044 1416 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
19:50:44.0044 1416 MegaSR - ok
19:50:44.0060 1416 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:50:44.0075 1416 Modem - ok
19:50:44.0091 1416 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:50:44.0091 1416 monitor - ok
19:50:44.0122 1416 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:50:44.0138 1416 mouclass - ok
19:50:44.0169 1416 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:50:44.0169 1416 mouhid - ok
19:50:44.0185 1416 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
19:50:44.0200 1416 mountmgr - ok
19:50:44.0231 1416 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
19:50:44.0247 1416 mpio - ok
19:50:44.0263 1416 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:50:44.0263 1416 mpsdrv - ok
19:50:44.0294 1416 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
19:50:44.0294 1416 MRxDAV - ok
19:50:44.0372 1416 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
19:50:44.0372 1416 mrxsmb - ok
19:50:44.0419 1416 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:50:44.0419 1416 mrxsmb10 - ok
19:50:44.0450 1416 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:50:44.0450 1416 mrxsmb20 - ok
19:50:44.0481 1416 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\windows\system32\DRIVERS\msahci.sys
19:50:44.0481 1416 msahci - ok
19:50:44.0528 1416 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
19:50:44.0528 1416 msdsm - ok
19:50:44.0559 1416 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:50:44.0575 1416 Msfs - ok
19:50:44.0606 1416 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:50:44.0621 1416 mshidkmdf - ok
19:50:44.0653 1416 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
19:50:44.0653 1416 msisadrv - ok
19:50:44.0684 1416 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:50:44.0684 1416 MSKSSRV - ok
19:50:44.0699 1416 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:50:44.0715 1416 MSPCLOCK - ok
19:50:44.0731 1416 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:50:44.0731 1416 MSPQM - ok
19:50:44.0762 1416 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
19:50:44.0777 1416 MsRPC - ok
19:50:44.0793 1416 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
19:50:44.0793 1416 mssmbios - ok
19:50:44.0824 1416 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:50:44.0840 1416 MSTEE - ok
19:50:44.0871 1416 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
19:50:44.0871 1416 MTConfig - ok
19:50:44.0887 1416 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:50:44.0887 1416 Mup - ok
19:50:44.0933 1416 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:50:44.0949 1416 NativeWifiP - ok
19:50:44.0996 1416 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
19:50:45.0027 1416 NDIS - ok
19:50:45.0058 1416 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:50:45.0058 1416 NdisCap - ok
19:50:45.0089 1416 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:50:45.0089 1416 NdisTapi - ok
19:50:45.0105 1416 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
19:50:45.0121 1416 Ndisuio - ok
19:50:45.0136 1416 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
19:50:45.0136 1416 NdisWan - ok
19:50:45.0167 1416 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
19:50:45.0167 1416 NDProxy - ok
19:50:45.0230 1416 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:50:45.0230 1416 NetBIOS - ok
19:50:45.0261 1416 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
19:50:45.0261 1416 NetBT - ok
19:50:46.0337 1416 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\windows\system32\DRIVERS\NETw5s64.sys
19:50:46.0369 1416 Suspicious file (Forged): C:\windows\system32\DRIVERS\NETw5s64.sys. Real md5: 4d85a450edef10c38882182753a49aae, Fake md5: 111aeb39d8812c197cc9d154e6c11cb7
19:50:46.0384 1416 NETw5s64 ( ForgedFile.Multi.Generic ) - warning
19:50:46.0384 1416 NETw5s64 - detected ForgedFile.Multi.Generic (1)
19:50:47.0461 1416 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys
19:50:47.0492 1416 Suspicious file (Forged): C:\windows\system32\DRIVERS\netw5v64.sys. Real md5: 64428dfdaf6e88366cb51f45a79c5f69, Fake md5: d577d3454871588824ed403afed6a8c4
19:50:47.0507 1416 netw5v64 ( ForgedFile.Multi.Generic ) - warning
19:50:47.0507 1416 netw5v64 - detected ForgedFile.Multi.Generic (1)
19:50:47.0788 1416 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
19:50:47.0788 1416 nfrd960 - ok
19:50:47.0819 1416 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:50:47.0819 1416 Npfs - ok
19:50:47.0882 1416 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:50:47.0897 1416 nsiproxy - ok
19:50:48.0100 1416 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
19:50:48.0131 1416 Ntfs - ok
19:50:48.0350 1416 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:50:48.0350 1416 Null - ok
19:50:48.0428 1416 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
19:50:48.0428 1416 nvraid - ok
19:50:48.0459 1416 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
19:50:48.0459 1416 nvstor - ok
19:50:48.0506 1416 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
19:50:48.0506 1416 nv_agp - ok
19:50:48.0615 1416 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
19:50:48.0646 1416 ohci1394 - ok
19:50:48.0709 1416 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
19:50:48.0709 1416 Parport - ok
19:50:48.0724 1416 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
19:50:48.0724 1416 partmgr - ok
19:50:48.0755 1416 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
19:50:48.0755 1416 pci - ok
19:50:48.0833 1416 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
19:50:48.0833 1416 pciide - ok
19:50:48.0849 1416 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
19:50:48.0865 1416 pcmcia - ok
19:50:48.0880 1416 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:50:48.0880 1416 pcw - ok
19:50:48.0911 1416 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:50:48.0927 1416 PEAUTH - ok
19:50:49.0005 1416 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
19:50:49.0005 1416 PptpMiniport - ok
19:50:49.0021 1416 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
19:50:49.0021 1416 Processor - ok
19:50:49.0067 1416 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
19:50:49.0067 1416 Psched - ok
19:50:49.0114 1416 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\windows\system32\Drivers\PxHlpa64.sys
19:50:49.0130 1416 PxHlpa64 - ok
19:50:49.0192 1416 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
19:50:49.0223 1416 ql2300 - ok
19:50:49.0255 1416 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
19:50:49.0255 1416 ql40xx - ok
19:50:49.0270 1416 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:50:49.0286 1416 QWAVEdrv - ok
19:50:49.0286 1416 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:50:49.0286 1416 RasAcd - ok
19:50:49.0333 1416 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:50:49.0348 1416 RasAgileVpn - ok
19:50:49.0364 1416 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
19:50:49.0364 1416 Rasl2tp - ok
19:50:49.0395 1416 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:50:49.0395 1416 RasPppoe - ok
19:50:49.0411 1416 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:50:49.0426 1416 RasSstp - ok
19:50:49.0442 1416 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
19:50:49.0457 1416 rdbss - ok
19:50:49.0473 1416 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
19:50:49.0473 1416 rdpbus - ok
19:50:49.0504 1416 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:50:49.0504 1416 RDPCDD - ok
19:50:49.0535 1416 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:50:49.0535 1416 RDPENCDD - ok
19:50:49.0551 1416 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:50:49.0551 1416 RDPREFMP - ok
19:50:49.0567 1416 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
19:50:49.0567 1416 RDPWD - ok
19:50:49.0629 1416 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
19:50:49.0629 1416 rdyboost - ok
19:50:49.0691 1416 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:50:49.0691 1416 rspndr - ok
19:50:49.0785 1416 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\windows\system32\DRIVERS\Rt64win7.sys
19:50:49.0801 1416 RTL8167 - ok
19:50:49.0879 1416 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
19:50:49.0894 1416 sbp2port - ok
19:50:49.0925 1416 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
19:50:49.0925 1416 scfilter - ok
19:50:49.0972 1416 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:50:49.0988 1416 secdrv - ok
19:50:50.0035 1416 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
19:50:50.0035 1416 Serenum - ok
19:50:50.0081 1416 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
19:50:50.0081 1416 Serial - ok
19:50:50.0128 1416 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
19:50:50.0128 1416 sermouse - ok
19:50:50.0159 1416 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
19:50:50.0159 1416 sffdisk - ok
19:50:50.0175 1416 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
19:50:50.0175 1416 sffp_mmc - ok
19:50:50.0191 1416 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
19:50:50.0191 1416 sffp_sd - ok
19:50:50.0206 1416 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
19:50:50.0206 1416 sfloppy - ok
19:50:50.0284 1416 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\windows\system32\DRIVERS\Sftfslh.sys
19:50:50.0300 1416 Sftfs - ok
19:50:50.0440 1416 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\windows\system32\DRIVERS\Sftplaylh.sys
19:50:50.0456 1416 Sftplay - ok
19:50:50.0487 1416 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\windows\system32\DRIVERS\Sftredirlh.sys
19:50:50.0487 1416 Sftredir - ok
19:50:50.0503 1416 Sftvol (393b22addd89979eb1c60898f51c3648) C:\windows\system32\DRIVERS\Sftvollh.sys
19:50:50.0503 1416 Sftvol - ok
19:50:50.0565 1416 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:50:50.0565 1416 SiSRaid2 - ok
19:50:50.0596 1416 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
19:50:50.0596 1416 SiSRaid4 - ok
19:50:50.0612 1416 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:50:50.0612 1416 Smb - ok
19:50:50.0659 1416 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:50:50.0659 1416 spldr - ok
19:50:50.0768 1416 sptd (602884696850c86434530790b110e8eb) C:\windows\system32\Drivers\sptd.sys
19:50:50.0768 1416 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
19:50:50.0768 1416 sptd ( LockedFile.Multi.Generic ) - warning
19:50:50.0768 1416 sptd - detected LockedFile.Multi.Generic (1)
19:50:50.0893 1416 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
19:50:50.0908 1416 srv - ok
19:50:50.0939 1416 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
19:50:50.0939 1416 srv2 - ok
19:50:50.0986 1416 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
19:50:51.0002 1416 srvnet - ok
19:50:51.0049 1416 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
19:50:51.0064 1416 stexstor - ok
19:50:51.0189 1416 STHDA (caf5a9708671b14b9670260735b22c4e) C:\windows\system32\DRIVERS\stwrt64.sys
19:50:51.0205 1416 STHDA - ok
19:50:51.0236 1416 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
19:50:51.0236 1416 swenum - ok
19:50:51.0376 1416 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\windows\system32\DRIVERS\SynTP.sys
19:50:51.0392 1416 SynTP - ok
19:50:51.0782 1416 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\drivers\tcpip.sys
19:50:51.0813 1416 Tcpip - ok
19:50:52.0312 1416 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\DRIVERS\tcpip.sys
19:50:52.0328 1416 TCPIP6 - ok
19:50:52.0624 1416 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
19:50:52.0640 1416 tcpipreg - ok
19:50:52.0671 1416 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:50:52.0671 1416 TDPIPE - ok
19:50:52.0687 1416 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
19:50:52.0687 1416 TDTCP - ok
19:50:52.0702 1416 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
19:50:52.0702 1416 tdx - ok
19:50:52.0718 1416 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
19:50:52.0718 1416 TermDD - ok
19:50:52.0765 1416 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
19:50:52.0765 1416 tssecsrv - ok
19:50:52.0796 1416 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
19:50:52.0796 1416 tunnel - ok
19:50:52.0827 1416 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
19:50:52.0827 1416 uagp35 - ok
19:50:52.0889 1416 udfs (31ba4a33afab6a69ea092b18017f737f) C:\windows\system32\DRIVERS\udfs.sys
19:50:52.0905 1416 udfs - ok
19:50:52.0952 1416 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
19:50:52.0967 1416 uliagpkx - ok
19:50:52.0983 1416 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
19:50:52.0999 1416 umbus - ok
19:50:53.0030 1416 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
19:50:53.0030 1416 UmPass - ok
19:50:53.0108 1416 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\windows\system32\Drivers\usbaapl64.sys
19:50:53.0123 1416 USBAAPL64 - ok
19:50:53.0186 1416 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys
19:50:53.0186 1416 usbaudio - ok
19:50:53.0233 1416 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
19:50:53.0248 1416 usbccgp - ok
19:50:53.0295 1416 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
19:50:53.0295 1416 usbcir - ok
19:50:53.0311 1416 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys
19:50:53.0311 1416 usbehci - ok
19:50:53.0451 1416 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
19:50:53.0467 1416 usbhub - ok
19:50:53.0513 1416 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
19:50:53.0513 1416 usbohci - ok
19:50:53.0545 1416 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
19:50:53.0560 1416 usbprint - ok
19:50:53.0623 1416 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:50:53.0623 1416 USBSTOR - ok
19:50:53.0654 1416 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
19:50:53.0654 1416 usbuhci - ok
19:50:53.0716 1416 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
19:50:53.0716 1416 usbvideo - ok
19:50:53.0763 1416 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
19:50:53.0779 1416 vdrvroot - ok
19:50:53.0794 1416 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:50:53.0794 1416 vga - ok
19:50:53.0825 1416 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:50:53.0825 1416 VgaSave - ok
19:50:53.0841 1416 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
19:50:53.0841 1416 vhdmp - ok
19:50:53.0888 1416 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
19:50:53.0903 1416 viaide - ok
19:50:53.0950 1416 vmci (3d810a11c3e7fd4682a8824f54c1a04f) C:\windows\system32\drivers\vmci.sys
19:50:53.0950 1416 vmci - ok
19:50:54.0028 1416 vmkbd (1af6462718e5ab0ed55014a6ef3790ef) C:\windows\system32\drivers\VMkbd.sys
19:50:54.0028 1416 vmkbd - ok
19:50:54.0075 1416 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\windows\system32\DRIVERS\vmnetadapter.sys
19:50:54.0075 1416 VMnetAdapter - ok
19:50:54.0106 1416 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\windows\system32\DRIVERS\vmnetbridge.sys
19:50:54.0106 1416 VMnetBridge - ok
19:50:54.0153 1416 VMnetuserif (daf5e04eb56cd0ed945fb2fdd94812db) C:\windows\system32\drivers\vmnetuserif.sys
19:50:54.0153 1416 VMnetuserif - ok
19:50:54.0200 1416 vmusb (415b167695c4b5960a13098622ef3d80) C:\windows\system32\Drivers\vmusb.sys
19:50:54.0200 1416 vmusb - ok
19:50:54.0262 1416 vmx86 (ae7f667db83e108e83c86a56b821e9a6) C:\windows\system32\drivers\vmx86.sys
19:50:54.0278 1416 vmx86 - ok
19:50:54.0309 1416 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
19:50:54.0309 1416 volmgr - ok
19:50:54.0356 1416 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
19:50:54.0356 1416 volmgrx - ok
19:50:54.0387 1416 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
19:50:54.0387 1416 volsnap - ok
19:50:54.0418 1416 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
19:50:54.0418 1416 vsmraid - ok
19:50:54.0543 1416 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
19:50:54.0559 1416 vstor2-ws60 - ok
19:50:54.0590 1416 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:50:54.0590 1416 vwifibus - ok
19:50:54.0605 1416 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:50:54.0605 1416 vwififlt - ok
19:50:54.0637 1416 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
19:50:54.0637 1416 vwifimp - ok
19:50:54.0668 1416 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
19:50:54.0668 1416 WacomPen - ok
19:50:54.0715 1416 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
19:50:54.0715 1416 WANARP - ok
19:50:54.0730 1416 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
19:50:54.0730 1416 Wanarpv6 - ok
19:50:54.0761 1416 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
19:50:54.0761 1416 Wd - ok
19:50:54.0808 1416 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:50:54.0808 1416 Wdf01000 - ok
19:50:54.0871 1416 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:50:54.0871 1416 WfpLwf - ok
19:50:54.0917 1416 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
19:50:54.0917 1416 WimFltr - ok
19:50:54.0933 1416 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:50:54.0933 1416 WIMMount - ok
19:50:55.0027 1416 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\windows\system32\DRIVERS\WinUsb.sys
19:50:55.0042 1416 WinUsb - ok
19:50:55.0073 1416 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
19:50:55.0073 1416 WmiAcpi - ok
19:50:55.0105 1416 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:50:55.0105 1416 ws2ifsl - ok
19:50:55.0151 1416 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\windows\system32\drivers\WudfPf.sys
19:50:55.0151 1416 WudfPf - ok
19:50:55.0183 1416 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\windows\system32\DRIVERS\WUDFRd.sys
19:50:55.0183 1416 WUDFRd - ok
19:50:55.0229 1416 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\windows\system32\DRIVERS\yk62x64.sys
19:50:55.0245 1416 yukonw7 - ok
19:50:55.0354 1416 MBR (0x1B8) (c3220eb08add62e3ed9f72a1f4e4b1bb) \Device\Harddisk0\DR0
19:50:55.0385 1416 \Device\Harddisk0\DR0 - ok
19:50:55.0401 1416 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
19:50:55.0401 1416 \Device\Harddisk0\DR0\Partition0 - ok
19:50:55.0432 1416 Boot (0x1200) (dc8c0f3c2c3719ec9f72221eee71fc75) \Device\Harddisk0\DR0\Partition1
19:50:55.0432 1416 \Device\Harddisk0\DR0\Partition1 - ok
19:50:55.0463 1416 Boot (0x1200) (10b852f4fe8ecd2bd7462887a33923d9) \Device\Harddisk0\DR0\Partition2
19:50:55.0463 1416 \Device\Harddisk0\DR0\Partition2 - ok
19:50:55.0463 1416 ============================================================
19:50:55.0463 1416 Scan finished
19:50:55.0463 1416 ============================================================
19:50:55.0479 4616 Detected object count: 3
19:50:55.0479 4616 Actual detected object count: 3
19:51:42.0497 4616 NETw5s64 ( ForgedFile.Multi.Generic ) - skipped by user
19:51:42.0497 4616 NETw5s64 ( ForgedFile.Multi.Generic ) - User select action: Skip
19:51:42.0497 4616 netw5v64 ( ForgedFile.Multi.Generic ) - skipped by user
19:51:42.0497 4616 netw5v64 ( ForgedFile.Multi.Generic ) - User select action: Skip
19:51:42.0497 4616 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:51:42.0497 4616 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-02 19:54:17
-----------------------------
19:54:17.539 OS Version: Windows x64 6.1.7600
19:54:17.539 Number of processors: 4 586 0x2502
19:54:17.539 ComputerName: JASON-PC UserName: jason
19:54:19.083 Initialize success
19:54:33.129 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:54:33.129 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 3
19:54:33.129 Disk 0 MBR read error 0
19:54:33.129 Disk 0 MBR scan
19:54:33.145 Disk 0 unknown MBR code
19:54:33.145 MBR BIOS signature not found 0
19:54:33.145 Service scanning
19:54:33.738 Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32
19:54:34.299 Modules scanning
19:54:34.299 Scan finished successfully
19:54:44.533 Disk 0 MBR has been saved successfully to "C:\Users\jason\Desktop\MBR.dat"
19:54:44.564 The log file has been saved successfully to "C:\Users\jason\Desktop\aswMBR.txt"

OTL Extras logfile created on: 11/2/2011 7:55:38 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jason\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 71.09% Memory free
7.60 Gb Paging File | 6.14 Gb Available in Paging File | 80.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244.28 Gb Total Space | 94.90 Gb Free Space | 38.85% Space Free | Partition Type: NTFS
Drive F: | 39.06 Gb Total Space | 14.25 Gb Free Space | 36.48% Space Free | Partition Type: NTFS

Computer Name: JASON-PC | User Name: jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java™ 6 Update 23 (64-bit)
"{2E295B5B-1AD4-4d36-97C2-A316084722C0}" = Python 2.7.2 (64-bit)
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java™ SE Development Kit 6 Update 23 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24762012-C6C8-4AAD-A02D-71A009FA1683}" = Adobe Flash Player 10 ActiveX
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java™ SE Development Kit 6 Update 23
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1" = Programmer's Notepad 2
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Android SDK Tools" = Android SDK Tools
"Artisteer 2" = Artisteer 2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dell Webcam Central" = Dell Webcam Central
"FileZilla Client" = FileZilla Client 3.3.4.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Soulseek2" = SoulSeek 157 NS 13e
"ST6UNST #1" = NavFit98A
"ST6UNST #2" = NavFit98A (c:\Program Files (x86)\NavFit98A_2\)
"VLC media player" = VLC media player 1.1.0
"VMware_Player" = VMware Player
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/23/2011 6:24:20 AM | Computer Name = jason-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/23/2011 6:24:20 AM | Computer Name = jason-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6069

Error - 10/23/2011 6:24:20 AM | Computer Name = jason-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6069

Error - 10/23/2011 6:24:21 AM | Computer Name = jason-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/23/2011 6:24:21 AM | Computer Name = jason-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7067

Error - 10/23/2011 6:24:21 AM | Computer Name = jason-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7067

Error - 10/23/2011 6:24:22 AM | Computer Name = jason-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/23/2011 6:24:22 AM | Computer Name = jason-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8065

Error - 10/23/2011 6:24:22 AM | Computer Name = jason-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8065

Error - 10/23/2011 5:41:38 PM | Computer Name = jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 1.9.2.4280,
time stamp: 0x4e78bec7 Faulting module name: ntdll.dll, version: 6.1.7600.16695,
time stamp: 0x4cc7ab86 Exception code: 0xc0000005 Fault offset: 0x00022262 Faulting
process id: 0x2140 Faulting application start time: 0x01cc91ad88de50c4 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\windows\SysWOW64\ntdll.dll Report Id: c8e92c77-fdbf-11e0-9bb8-e1b40f7fc34d

[ System Events ]
Error - 5/3/2011 8:43:16 AM | Computer Name = jason-PC | Source = WudfUsbccidDriver | ID = 12
Description =

Error - 5/12/2011 4:18:55 AM | Computer Name = jason-PC | Source = Service Control Manager | ID = 7000
Description = The Dock Login Service service failed to start due to the following
error: %%2

Error - 5/15/2011 2:56:03 PM | Computer Name = jason-PC | Source = Service Control Manager | ID = 7000
Description = The Dock Login Service service failed to start due to the following
error: %%2

Error - 5/15/2011 4:27:59 PM | Computer Name = jason-PC | Source = Service Control Manager | ID = 7000
Description = The Dock Login Service service failed to start due to the following
error: %%2

Error - 6/16/2011 4:23:16 AM | Computer Name = jason-PC | Source = Service Control Manager | ID = 7000
Description = The Dock Login Service service failed to start due to the following
error: %%2

Error - 6/19/2011 4:16:24 PM | Computer Name = jason-PC | Source = bowser | ID = 8003
Description =

Error - 6/29/2011 4:18:26 AM | Computer Name = jason-PC | Source = Service Control Manager | ID = 7000
Description = The Dock Login Service service failed to start due to the following
error: %%2

Error - 6/30/2011 8:08:35 AM | Computer Name = jason-PC | Source = DCOM | ID = 10010
Description =

Error - 6/30/2011 10:11:10 PM | Computer Name = jason-PC | Source = Service Control Manager | ID = 7000
Description = The Dock Login Service service failed to start due to the following
error: %%2

Error - 7/1/2011 4:30:54 AM | Computer Name = jason-PC | Source = Service Control Manager | ID = 7000
Description = The Dock Login Service service failed to start due to the following
error: %%2

< End of report >

OTL logfile created on: 11/2/2011 7:55:38 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jason\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 71.09% Memory free
7.60 Gb Paging File | 6.14 Gb Available in Paging File | 80.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244.28 Gb Total Space | 94.90 Gb Free Space | 38.85% Space Free | Partition Type: NTFS
Drive F: | 39.06 Gb Total Space | 14.25 Gb Free Space | 36.48% Space Free | Partition Type: NTFS

Computer Name: JASON-PC | User Name: jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/21 20:54:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jason\Desktop\OTL.exe
PRC - [2011/10/02 20:25:02 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/11/11 14:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/11/11 14:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/17 16:37:16 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/17 16:34:12 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/12/23 17:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/02 20:25:02 | 001,015,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/17 16:29:08 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/03/17 16:27:52 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/12/16 21:16:30 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/11 14:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 14:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 14:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/19 14:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/17 16:37:16 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/17 16:34:12 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/23 17:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/26 10:20:36 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/11/11 14:32:32 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/11/11 14:32:20 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/11/11 14:30:34 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/11/11 14:30:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/11/11 13:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/11/11 11:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/11/11 11:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010/11/11 11:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/17 16:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/17 16:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/17 16:33:06 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2010/03/17 16:27:14 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/02/26 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/12/17 10:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/16 21:16:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/12/16 21:16:18 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2009/12/16 21:16:14 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/09/15 20:45:08 | 000,174,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2009/09/15 11:40:42 | 006,952,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/08/19 14:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111008
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/23 16:45:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/02 20:25:03 | 000,000,000 | ---D | M]

[2010/07/29 20:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jason\AppData\Roaming\Mozilla\Extensions
[2011/11/02 01:08:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\5onum4dd.default\extensions
[2011/03/10 05:56:56 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\5onum4dd.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/03/10 05:56:53 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\5onum4dd.default\extensions\[email protected]
[2011/10/08 16:29:58 | 000,001,945 | ---- | M] () -- C:\Users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\5onum4dd.default\searchplugins\bing-zugo.xml
[2011/10/08 17:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/12 15:18:02 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/11/02 01:31:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E25D5AE8-E6C8-4C6B-AD6D-A6E7D6DC3020}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/02 01:34:00 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/11/02 01:23:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/11/02 01:23:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/11/02 01:23:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/11/02 01:23:26 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/11/02 01:23:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/02 01:23:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/02 01:22:34 | 004,280,506 | R--- | C] (Swearware) -- C:\Users\jason\Desktop\ComboFix.exe
[2011/11/02 01:20:52 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\jason\Desktop\tdsskiller.exe
[2011/11/02 01:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/02 01:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/02 01:10:40 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\jason\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/02 01:06:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/30 15:35:45 | 000,000,000 | ---D | C] -- C:\windows\pss
[2011/10/22 07:30:37 | 000,000,000 | ---D | C] -- C:\Users\jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/22 07:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/10/21 22:03:41 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/10/21 20:54:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\jason\Desktop\OTL.exe
[2011/10/21 20:53:24 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\jason\Desktop\aswMBR.exe
[2011/10/19 20:57:37 | 000,200,192 | ---- | C] (Sony Corporation) -- C:\windows\SysWow64\srrstr.dll
[2011/10/18 20:31:31 | 000,000,000 | ---D | C] -- C:\Users\jason\Desktop\Django-1.3.1.tar
[2011/10/18 20:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
[2011/10/18 20:20:59 | 000,000,000 | ---D | C] -- C:\Python27
[2011/10/16 08:00:47 | 000,000,000 | ---D | C] -- C:\Users\jason\Desktop\murgia
[2011/10/15 09:45:24 | 000,000,000 | ---D | C] -- C:\Users\jason\AppData\Local\Microsoft Games
[2011/10/12 19:41:25 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2011/10/12 19:41:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2011/10/12 19:41:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2011/10/12 19:41:23 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2011/10/12 19:41:23 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2011/10/12 19:41:23 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2011/10/12 19:41:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2011/10/12 19:41:21 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2011/10/12 19:41:21 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2011/10/12 19:41:21 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2011/10/12 19:41:21 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2011/10/12 19:41:21 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2011/10/12 19:41:21 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2011/10/12 19:41:21 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2011/10/12 19:41:21 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2011/10/12 19:40:52 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisdecd.dll
[2011/10/12 19:40:52 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisdecd.dll
[2011/10/12 19:40:52 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSNP.ax
[2011/10/12 19:40:52 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSNP.ax
[2011/10/12 19:40:52 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisrndr.ax
[2011/10/12 19:40:52 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Mpeg2Data.ax
[2011/10/12 19:40:52 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisrndr.ax
[2011/10/12 19:40:52 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Mpeg2Data.ax
[2011/10/12 19:40:51 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSDvbNP.ax
[2011/10/12 19:40:51 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSDvbNP.ax
[2011/10/12 19:40:48 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2011/10/12 19:40:48 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleacc.dll

========== Files - Modified Within 30 Days ==========

[2011/11/02 19:54:44 | 000,000,512 | ---- | M] () -- C:\Users\jason\Desktop\MBR.dat
[2011/11/02 19:51:53 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cbf8a97fbe3efa.job
[2011/11/02 19:46:20 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/02 19:46:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/11/02 01:31:29 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2011/11/02 01:22:46 | 004,280,506 | R--- | M] (Swearware) -- C:\Users\jason\Desktop\ComboFix.exe
[2011/11/02 01:20:56 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\jason\Desktop\tdsskiller.exe
[2011/11/02 01:14:28 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/02 01:14:28 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/02 01:14:00 | 000,744,932 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/11/02 01:14:00 | 000,636,308 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/11/02 01:14:00 | 000,112,178 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/11/02 01:12:21 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/02 01:10:53 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\jason\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/02 01:06:56 | 3062,804,480 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/22 07:30:37 | 000,002,975 | ---- | M] () -- C:\Users\jason\Desktop\HiJackThis.lnk
[2011/10/22 07:04:10 | 001,402,880 | ---- | M] () -- C:\Users\jason\Desktop\HiJackThis.msi
[2011/10/21 22:03:35 | 761,835,322 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/10/21 20:54:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jason\Desktop\OTL.exe
[2011/10/21 20:53:37 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\jason\Desktop\aswMBR.exe
[2011/10/19 20:57:33 | 000,200,192 | ---- | M] (Sony Corporation) -- C:\windows\SysWow64\srrstr.dll
[2011/10/18 20:31:15 | 006,514,564 | ---- | M] () -- C:\Users\jason\Desktop\Django-1.3.1.tar.gz
[2011/10/18 20:19:47 | 016,334,848 | ---- | M] () -- C:\Users\jason\Desktop\python-2.7.2.amd64.msi
[2011/10/16 15:43:51 | 000,414,553 | ---- | M] () -- C:\Users\jason\Documents\dirs.png
[2011/10/16 13:19:13 | 000,000,132 | ---- | M] () -- C:\Users\jason\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/10/13 03:28:06 | 004,968,608 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/11/02 01:23:29 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/11/02 01:23:29 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/11/02 01:23:29 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/11/02 01:23:29 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/11/02 01:23:29 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/11/02 01:12:21 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/22 07:30:37 | 000,002,975 | ---- | C] () -- C:\Users\jason\Desktop\HiJackThis.lnk
[2011/10/22 07:04:08 | 001,402,880 | ---- | C] () -- C:\Users\jason\Desktop\HiJackThis.msi
[2011/10/21 22:03:35 | 761,835,322 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/10/21 21:07:05 | 000,000,512 | ---- | C] () -- C:\Users\jason\Desktop\MBR.dat
[2011/10/18 20:31:15 | 006,514,564 | ---- | C] () -- C:\Users\jason\Desktop\Django-1.3.1.tar.gz
[2011/10/18 20:19:18 | 016,334,848 | ---- | C] () -- C:\Users\jason\Desktop\python-2.7.2.amd64.msi
[2011/10/16 15:31:09 | 000,414,553 | ---- | C] () -- C:\Users\jason\Documents\dirs.png
[2011/09/25 21:25:17 | 000,001,456 | ---- | C] () -- C:\Users\jason\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/09/25 21:21:30 | 000,000,132 | ---- | C] () -- C:\Users\jason\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/09/25 17:44:01 | 000,009,728 | ---- | C] () -- C:\Users\jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/18 22:40:10 | 000,000,132 | ---- | C] () -- C:\Users\jason\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/10/15 21:01:15 | 000,001,644 | ---- | C] () -- C:\windows\ODBCINST.INI
[2010/10/15 21:01:15 | 000,000,288 | ---- | C] () -- C:\windows\ODBC.INI
[2010/08/25 20:34:30 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/08/25 20:34:30 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/07/30 21:08:13 | 000,761,156 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/07/14 07:10:57 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/07/14 07:10:57 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/07/14 07:10:57 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2010/07/14 07:03:59 | 000,000,193 | ---- | C] () -- C:\windows\Prelaunch.ini
[2010/07/14 07:03:59 | 000,000,147 | ---- | C] () -- C:\windows\WisPriority.ini
[2010/07/14 07:03:59 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2010/07/14 07:03:59 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2010/07/14 07:03:59 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2010/07/14 07:03:59 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2010/07/14 07:03:59 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

< End of report >

#4
RKinner

Posted 02 November 2011 - 08:06 PM

Malware Expert

Expert
24,625 posts

Go to http://virustotal.com and submit these files:

c:\windows\system32\DRIVERS\NETw5s64.sys
c:\windows\system32\DRIVERS\netw5s64.sys (if not the same as the above)
C:\windows\System32\Drivers\sptd.sys

If you don't get 0/43 results please copy and paste the report you get.

#5
json4639

Posted 03 November 2011 - 07:20 PM

New Member

Topic Starter
Member
6 posts

There's something weird going on, when I went to that site and tried to upload the files I got the file upload dialog but when I navigated to that folder, it only had a handful of files in it. However, when I use the regular windows explorer to navigate to the folder, there are many files there. So I tried copy and pasting those files from the drivers folder to somewhere else and then uploading them from there. It worked for the two net* files and they came back with 0/43 hits. The sptd file couldn't be copied from the drivers folder because it said it was in use by System. I guess that's why tdsskiller called it a locked file. I don't know what to do about that one.

#6
RKinner

Posted 03 November 2011 - 08:14 PM

Malware Expert

Expert
24,625 posts

sptd is used by Daemon tools and by winamp. neither is on your system so let's get rid of it as some malware has learned to hide behind it.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\System32\Drivers\sptd.sys

Driver::
sptd

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron

#7
json4639

Posted 06 November 2011 - 07:29 AM

New Member

Topic Starter
Member
6 posts

Alright here's the log:

ComboFix 11-11-02.01 - jason 11/06/2011 6:51.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2855 [GMT -6:00]
Running from: c:\users\jason\Desktop\ComboFix.exe
Command switches used :: c:\users\jason\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\Drivers\sptd.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\Drivers\sptd.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SPTD
-------\Service_sptd
.
.
((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))
.
.
2011-11-06 13:03 . 2011-11-06 13:03 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BBDF8D5-8129-423C-8627-75850B6B39A2}\offreg.dll
2011-11-06 12:58 . 2011-11-06 12:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-05 00:32 . 2011-10-18 07:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BBDF8D5-8129-423C-8627-75850B6B39A2}\mpengine.dll
2011-11-04 01:18 . 2011-11-04 01:18 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-02 06:12 . 2011-11-02 06:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-02 06:06 . 2011-11-02 06:06 -------- d-----w- C:\_OTL
2011-10-26 01:23 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-26 01:23 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-23 22:07 . 2011-05-25 00:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-10-22 12:30 . 2011-10-22 12:30 388096 ----a-r- c:\users\jason\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-22 12:30 . 2011-10-22 12:30 -------- d-----w- c:\program files (x86)\Trend Micro
2011-10-20 01:57 . 2011-10-20 01:57 200192 ----a-w- c:\windows\SysWow64\srrstr.dll
2011-10-19 01:20 . 2011-10-19 01:22 -------- d-----w- C:\Python27
2011-10-15 14:45 . 2011-10-15 14:50 -------- d-----w- c:\users\jason\AppData\Local\Microsoft Games
2011-10-13 00:40 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-23 01:32 . 2011-09-23 01:32 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-16 23:43 . 2010-10-16 02:00 286720 ------w- c:\windows\Setup1.exe
2011-09-16 23:43 . 2010-10-16 02:00 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-08-31 22:00 . 2011-06-25 14:51 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-02_06.31.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-11-02 06:06 . 2011-11-02 06:06 13639 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-11-06 12:59 . 2011-11-06 12:59 13639 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 04:54 . 2011-11-06 13:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-02 06:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-06 13:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-02 06:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-06 13:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-02 06:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-30 05:09 . 2011-11-02 06:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-30 05:09 . 2011-11-06 13:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-30 05:09 . 2011-11-06 13:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-30 05:09 . 2011-11-02 06:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-30 05:09 . 2011-11-02 06:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-30 05:09 . 2011-11-06 13:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-30 00:29 . 2011-11-06 13:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-30 00:29 . 2011-11-02 06:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-30 00:29 . 2011-11-02 06:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-30 00:29 . 2011-11-06 13:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-15 08:17 . 2011-11-06 12:59 3556 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-09-15 08:17 . 2011-10-23 21:46 3556 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-11-06 13:00 . 2011-11-06 13:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-02 06:07 . 2011-11-02 06:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-02 06:07 . 2011-11-02 06:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-06 13:00 . 2011-11-06 13:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-07-31 15:16 . 2011-11-06 12:24 322292 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-07-30 05:09 . 2011-11-06 04:55 358296 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-11-02 06:14 636308 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-06 13:05 636308 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-02 06:14 112178 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-06 13:05 112178 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-11-02 06:06 469252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-06 12:59 469252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-11-02 06:23 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-11-05 22:01 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-19 136176]
R3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-19 136176]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-03-17 89600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-17 2320920]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cbf8a97fbe3efa.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-19 14:51]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-19 14:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-17 5470208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"combofix"="c:\combofix\CF5742.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\jason\AppData\Roaming\Mozilla\Firefox\Profiles\5onum4dd.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Firebug: [email protected] - %profile%\extensions\[email protected]
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Completion time: 2011-11-06 07:12:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-06 13:12
ComboFix2.txt 2011-11-02 06:33
.
Pre-Run: 101,093,588,992 bytes free
Post-Run: 100,691,943,424 bytes free
.
- - End Of File - - 4C16706C5FC786D93AC353B3E221EA53

#8
RKinner

Posted 06 November 2011 - 08:41 AM

Malware Expert

Expert
24,625 posts

Run TDSSKiller again and let's see if there is any change. I am not happy leaving the two forged files there even if no one thinks they are dirty. They appear to be part of the Intel graphics driver. Can you go to your PC maker's site and download the latest video driver? Perhaps it will replace them. What make and model PC is this?

Ron

#9
json4639

Posted 07 November 2011 - 08:02 PM

New Member

Topic Starter
Member
6 posts

I was able to update the graphics driver but the two files are still showing up when I run tdsskiller. The computer is a Dell Inspiron.

#10
RKinner

Posted 07 November 2011 - 10:37 PM

Malware Expert

Expert
24,625 posts

Appears that the first reference I found was in error. The file is part of Intel® Wireless WiFi Link Adapter software. Is there a new version on the Dell site?

Ron

#11
json4639

Posted 09 November 2011 - 08:39 PM

New Member

Topic Starter
Member
6 posts

I don't think I have that software. I can't find it anywhere and my wireless card appears to be a Broadcom DW1501 Wireless-N WLAN Half-Mini card (according to Device Manager).

#12
RKinner

Posted 10 November 2011 - 12:40 AM

Malware Expert

Expert
24,625 posts

Let's just get rid of them. The files will be moved to something like C:\Qoobox\Quarantined\C\windows\system32\DRIVERS\ and will get a .vir added to them. IF you can't get back on line just rename them to get rid of the .vir and move them to c:\windows\system32\DRIVERS then run a System Restore.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

File::
c:\windows\system32\DRIVERS\NETw5s64.sys
c:\windows\system32\DRIVERS\netw5v64.sys

Driver::
NETw5s64
netw5v64

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron