Jump to content

HEUR:Trojan.Win32.Generic


Recommended Posts

I have both Kaspersky Internet Security and MBAM Pro. I scanned the computer with MBAM and it found two items which I removed. However, the computer continued to behave strangely, so I decided to request help. While posting this topic, a warning box from Kaspersky appeared stating that my computer has a virus. I am including the two .txt files from the DDS scan. Thank you in advance for your help.

Attach.txt

DDS.txt

Link to post
Share on other sites

Hello krompir and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not install software or hardware while we working on the machine.

I would like to see what Malwarebytes' Anti-Malware is found. Please run the Malwarebytes' Anti-Malware, open the Logs tab, double click on the last reports (on the top) to find where are they are and finally post the log file here.

Link to post
Share on other sites

Thank you for your prompt response. Included is the report from Malwarebytes from today. I also included the reports when Malwarebytes first detected the problem prior to me posting this topic. Although this latest scan is clear, Kaspersky immediately detects the trojan, which is the same that Malwarebytes detected when I first believed that my computer was infected. I should mention that the moment I opended the internet, I was directed to a strange site (this is no longer happening). I have not attempted to remove the trojan through Kaspersky and will not do anything unless you tell me to do so.

Malwarebytes Anti-Malware (PRO) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.22.03

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Dragan and Dianne :: MOZAK [administrator]

Protection: Enabled

1/25/2012 7:08:11 PM

mbam-log-2012-01-25 (19-08-11).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 337419

Time elapsed: 1 hour(s), 50 minute(s), 8 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Malwarebytes Anti-Malware (PRO) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.22.03

Windows Vista Service Pack 2 x86 NTFS (Safe Mode)

Internet Explorer 9.0.8112.16421

Dragan and Dianne :: MOZAK [administrator]

Protection: Disabled

1/22/2012 8:50:33 PM

mbam-log-2012-01-22 (20-50-33).txt

Scan type: Flash scan

Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: Registry | File System

Objects scanned: 125440

Time elapsed: 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Users\Dragan and Dianne\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Users\Dragan and Dianne\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Dragan and Dianne\AppData\Local\dplaysvr.exe (Trojan.QHost.BG) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware (PRO) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.20.02

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Dragan and Dianne :: MOZAK [administrator]

Protection: Enabled

1/22/2012 1:56:01 PM

mbam-log-2012-01-22 (13-56-01).txt

Scan type: Custom scan

Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: Memory | Startup | Registry | Heuristics/Extra

Objects scanned: 1

Time elapsed: 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Dragan and Dianne\Desktop\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

(end)

Thank you.

Link to post
Share on other sites

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, please include:

  • TDSSKiller log
  • OTL.Txt and Extras.Txt

Link to post
Share on other sites

Following scan with TDSSKiller, there was no option for cure, I selected skip as instructed. I was not able to post everything at once...post too long error.

13:44:16.0573 5872 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27

13:44:17.0202 5872 ============================================================

13:44:17.0202 5872 Current date / time: 2012/01/27 13:44:17.0202

13:44:17.0202 5872 SystemInfo:

13:44:17.0202 5872

13:44:17.0202 5872 OS Version: 6.0.6002 ServicePack: 2.0

13:44:17.0202 5872 Product type: Workstation

13:44:17.0202 5872 ComputerName: MOZAK

13:44:17.0203 5872 UserName: Dragan and Dianne

13:44:17.0203 5872 Windows directory: C:\Windows

13:44:17.0203 5872 System windows directory: C:\Windows

13:44:17.0203 5872 Processor architecture: Intel x86

13:44:17.0203 5872 Number of processors: 2

13:44:17.0203 5872 Page size: 0x1000

13:44:17.0203 5872 Boot type: Normal boot

13:44:17.0203 5872 ============================================================

13:44:19.0364 5872 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x64F1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050

13:44:19.0438 5872 Initialize success

13:44:35.0872 4884 ============================================================

13:44:35.0872 4884 Scan started

13:44:35.0872 4884 Mode: Manual; SigCheck; TDLFS;

13:44:35.0872 4884 ============================================================

13:44:38.0071 4884 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

13:44:38.0275 4884 ACPI - ok

13:44:38.0417 4884 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

13:44:38.0491 4884 adp94xx - ok

13:44:38.0565 4884 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

13:44:38.0584 4884 adpahci - ok

13:44:38.0667 4884 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

13:44:38.0682 4884 adpu160m - ok

13:44:38.0807 4884 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

13:44:38.0823 4884 adpu320 - ok

13:44:39.0023 4884 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

13:44:39.0075 4884 AFD - ok

13:44:39.0201 4884 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

13:44:39.0216 4884 agp440 - ok

13:44:39.0304 4884 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

13:44:39.0319 4884 aic78xx - ok

13:44:39.0570 4884 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

13:44:39.0610 4884 aliide - ok

13:44:39.0781 4884 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

13:44:39.0808 4884 amdagp - ok

13:44:39.0882 4884 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

13:44:39.0908 4884 amdide - ok

13:44:39.0974 4884 amdiox86 - ok

13:44:40.0055 4884 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

13:44:40.0164 4884 AmdK7 - ok

13:44:40.0243 4884 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

13:44:40.0280 4884 AmdK8 - ok

13:44:40.0638 4884 amdkmdag (68d791d78454684340433e52059eb45e) C:\Windows\system32\DRIVERS\atikmdag.sys

13:44:42.0586 4884 amdkmdag - ok

13:44:42.0735 4884 amdkmdap (96cd7053a516c30e61a05df9757da7de) C:\Windows\system32\DRIVERS\atikmpag.sys

13:44:42.0757 4884 amdkmdap - ok

13:44:42.0986 4884 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

13:44:43.0001 4884 arc - ok

13:44:43.0091 4884 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

13:44:43.0107 4884 arcsas - ok

13:44:43.0209 4884 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

13:44:43.0244 4884 AsyncMac - ok

13:44:43.0297 4884 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

13:44:43.0312 4884 atapi - ok

13:44:43.0437 4884 AtiHDAudioService - ok

13:44:43.0607 4884 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys

13:44:43.0786 4884 BCM43XV - ok

13:44:43.0911 4884 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

13:44:43.0947 4884 Beep - ok

13:44:44.0018 4884 blbdrive - ok

13:44:44.0126 4884 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

13:44:44.0145 4884 bowser - ok

13:44:44.0225 4884 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

13:44:44.0256 4884 BrFiltLo - ok

13:44:44.0370 4884 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

13:44:44.0398 4884 BrFiltUp - ok

13:44:44.0484 4884 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

13:44:44.0544 4884 Brserid - ok

13:44:44.0872 4884 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

13:44:44.0938 4884 BrSerWdm - ok

13:44:45.0099 4884 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

13:44:45.0156 4884 BrUsbMdm - ok

13:44:45.0221 4884 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

13:44:45.0279 4884 BrUsbSer - ok

13:44:45.0370 4884 BTCFilterService - ok

13:44:45.0501 4884 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

13:44:45.0599 4884 BTHMODEM - ok

13:44:45.0762 4884 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

13:44:45.0796 4884 cdfs - ok

13:44:45.0852 4884 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

13:44:45.0878 4884 cdrom - ok

13:44:45.0988 4884 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

13:44:46.0047 4884 circlass - ok

13:44:46.0108 4884 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

13:44:46.0129 4884 CLFS - ok

13:44:46.0344 4884 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

13:44:46.0370 4884 cmdide - ok

13:44:46.0544 4884 cmudaxp (395c5ff5358b1bbe8cabcfce01954922) C:\Windows\system32\drivers\cmudaxp.sys

13:44:47.0002 4884 cmudaxp ( UnsignedFile.Multi.Generic ) - warning

13:44:47.0003 4884 cmudaxp - detected UnsignedFile.Multi.Generic (1)

13:44:47.0127 4884 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

13:44:47.0152 4884 Compbatt - ok

13:44:47.0215 4884 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

13:44:47.0241 4884 crcdisk - ok

13:44:47.0282 4884 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

13:44:47.0341 4884 Crusoe - ok

13:44:47.0673 4884 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

13:44:47.0714 4884 DfsC - ok

13:44:47.0972 4884 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

13:44:48.0002 4884 disk - ok

13:44:48.0113 4884 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

13:44:48.0184 4884 Dot4 - ok

13:44:48.0247 4884 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

13:44:48.0283 4884 Dot4Print - ok

13:44:48.0368 4884 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

13:44:48.0399 4884 dot4usb - ok

13:44:48.0547 4884 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

13:44:48.0571 4884 drmkaud - ok

13:44:48.0709 4884 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

13:44:48.0843 4884 DXGKrnl - ok

13:44:49.0093 4884 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

13:44:49.0201 4884 E1G60 - ok

13:44:49.0334 4884 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

13:44:49.0355 4884 Ecache - ok

13:44:49.0434 4884 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

13:44:49.0458 4884 elxstor - ok

13:44:49.0614 4884 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

13:44:49.0637 4884 exfat - ok

13:44:49.0700 4884 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

13:44:49.0730 4884 fastfat - ok

13:44:49.0835 4884 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

13:44:49.0888 4884 fdc - ok

13:44:50.0361 4884 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

13:44:50.0391 4884 FileInfo - ok

13:44:50.0494 4884 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

13:44:50.0560 4884 Filetrace - ok

13:44:50.0773 4884 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

13:44:50.0835 4884 flpydisk - ok

13:44:50.0967 4884 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

13:44:50.0990 4884 FltMgr - ok

13:44:51.0102 4884 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

13:44:51.0164 4884 Fs_Rec - ok

13:44:51.0219 4884 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

13:44:51.0237 4884 gagp30kx - ok

13:44:51.0336 4884 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

13:44:51.0353 4884 GEARAspiWDM - ok

13:44:51.0519 4884 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

13:44:51.0571 4884 HdAudAddService - ok

13:44:51.0699 4884 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:44:51.0830 4884 HDAudBus - ok

13:44:51.0929 4884 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

13:44:51.0983 4884 HidBth - ok

13:44:52.0217 4884 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

13:44:52.0277 4884 HidIr - ok

13:44:52.0386 4884 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

13:44:52.0411 4884 HidUsb - ok

13:44:52.0453 4884 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

13:44:52.0466 4884 HpCISSs - ok

13:44:52.0617 4884 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys

13:44:52.0773 4884 HSF_DP - ok

13:44:53.0004 4884 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys

13:44:53.0042 4884 HSXHWBS2 - ok

13:44:53.0116 4884 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

13:44:53.0205 4884 HTTP - ok

13:44:53.0341 4884 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

13:44:53.0356 4884 i2omp - ok

13:44:53.0470 4884 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

13:44:53.0498 4884 i8042prt - ok

13:44:53.0571 4884 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

13:44:53.0591 4884 iaStorV - ok

13:44:53.0727 4884 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

13:44:53.0741 4884 iirsp - ok

13:44:54.0202 4884 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys

13:44:54.0754 4884 IntcAzAudAddService - ok

13:44:54.0883 4884 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

13:44:54.0898 4884 intelide - ok

13:44:55.0027 4884 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

13:44:55.0087 4884 intelppm - ok

13:44:55.0330 4884 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:44:55.0397 4884 IpFilterDriver - ok

13:44:55.0809 4884 IpInIp - ok

13:44:56.0132 4884 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

13:44:56.0255 4884 IPMIDRV - ok

13:44:56.0371 4884 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

13:44:56.0406 4884 IPNAT - ok

13:44:56.0553 4884 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

13:44:56.0587 4884 IRENUM - ok

13:44:56.0626 4884 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

13:44:56.0641 4884 isapnp - ok

13:44:56.0712 4884 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

13:44:56.0731 4884 iScsiPrt - ok

13:44:56.0811 4884 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

13:44:56.0825 4884 iteatapi - ok

13:44:56.0942 4884 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

13:44:56.0968 4884 iteraid - ok

13:44:57.0028 4884 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

13:44:57.0057 4884 kbdclass - ok

13:44:57.0227 4884 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

13:44:57.0282 4884 kbdhid - ok

13:44:57.0467 4884 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys

13:44:57.0531 4884 KL1 - ok

13:44:57.0578 4884 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys

13:44:57.0594 4884 kl2 - ok

13:44:57.0654 4884 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys

13:44:57.0737 4884 KLIF - ok

13:44:57.0912 4884 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys

13:44:57.0941 4884 KLIM6 - ok

13:44:58.0018 4884 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys

13:44:58.0031 4884 klmouflt - ok

13:44:58.0178 4884 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

13:44:58.0291 4884 KSecDD - ok

13:44:58.0434 4884 L8042Kbd (ac728768de636093b4d5ae6361cfadae) C:\Windows\system32\DRIVERS\L8042Kbd.sys

13:44:58.0459 4884 L8042Kbd - ok

13:44:58.0559 4884 L8042mou (02d869562e114db8867271992408bb2d) C:\Windows\system32\DRIVERS\L8042mou.Sys

13:44:58.0587 4884 L8042mou - ok

13:44:58.0704 4884 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys

13:44:58.0728 4884 LHidFilt - ok

13:44:58.0937 4884 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

13:44:58.0971 4884 lltdio - ok

13:44:59.0156 4884 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys

13:44:59.0171 4884 LMouFilt - ok

13:44:59.0229 4884 LMouKE (b286865ac2747ee3b5ea78b5231f8c57) C:\Windows\system32\DRIVERS\LMouKE.Sys

13:44:59.0256 4884 LMouKE - ok

13:44:59.0383 4884 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

13:44:59.0398 4884 LSI_FC - ok

13:44:59.0458 4884 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

13:44:59.0475 4884 LSI_SAS - ok

13:44:59.0623 4884 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

13:44:59.0653 4884 LSI_SCSI - ok

13:44:59.0721 4884 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

13:44:59.0758 4884 luafv - ok

13:44:59.0943 4884 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

13:44:59.0957 4884 MBAMProtector - ok

13:45:00.0150 4884 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

13:45:00.0183 4884 mdmxsdk - ok

13:45:00.0457 4884 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

13:45:00.0472 4884 megasas - ok

13:45:00.0563 4884 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

13:45:00.0596 4884 Modem - ok

13:45:00.0686 4884 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

13:45:00.0718 4884 monitor - ok

13:45:00.0796 4884 motccgp - ok

13:45:00.0892 4884 motccgpfl - ok

13:45:00.0985 4884 MotioninJoyXFilter (61448ba3cca3063541437694a5527af2) C:\Windows\system32\DRIVERS\MijXfilt.sys

13:45:01.0000 4884 MotioninJoyXFilter - ok

13:45:01.0146 4884 motmodem - ok

13:45:01.0213 4884 MotoSwitchService - ok

13:45:01.0254 4884 Motousbnet - ok

13:45:01.0313 4884 motusbdevice - ok

13:45:01.0353 4884 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

13:45:01.0369 4884 mouclass - ok

13:45:01.0417 4884 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

13:45:01.0454 4884 mouhid - ok

13:45:01.0511 4884 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

13:45:01.0527 4884 MountMgr - ok

13:45:01.0581 4884 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

13:45:01.0597 4884 mpio - ok

13:45:01.0676 4884 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

13:45:01.0722 4884 mpsdrv - ok

13:45:01.0793 4884 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

13:45:01.0807 4884 Mraid35x - ok

13:45:01.0935 4884 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

13:45:01.0942 4884 MREMP50 ( UnsignedFile.Multi.Generic ) - warning

13:45:01.0942 4884 MREMP50 - detected UnsignedFile.Multi.Generic (1)

13:45:01.0952 4884 MREMP50a64 - ok

13:45:01.0962 4884 MREMPR5 - ok

13:45:01.0971 4884 MRENDIS5 - ok

13:45:02.0049 4884 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

13:45:02.0055 4884 MRESP50 ( UnsignedFile.Multi.Generic ) - warning

13:45:02.0056 4884 MRESP50 - detected UnsignedFile.Multi.Generic (1)

13:45:02.0063 4884 MRESP50a64 - ok

13:45:02.0241 4884 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

13:45:02.0289 4884 MRxDAV - ok

13:45:02.0358 4884 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:45:02.0401 4884 mrxsmb - ok

13:45:02.0501 4884 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:45:02.0547 4884 mrxsmb10 - ok

13:45:02.0654 4884 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:45:02.0692 4884 mrxsmb20 - ok

13:45:02.0734 4884 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

13:45:02.0762 4884 msahci - ok

13:45:02.0895 4884 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

13:45:02.0912 4884 msdsm - ok

13:45:02.0961 4884 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

13:45:02.0997 4884 Msfs - ok

13:45:03.0147 4884 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

13:45:03.0175 4884 msisadrv - ok

13:45:03.0317 4884 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

13:45:03.0352 4884 MSKSSRV - ok

13:45:03.0419 4884 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

13:45:03.0455 4884 MSPCLOCK - ok

13:45:03.0498 4884 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

13:45:03.0533 4884 MSPQM - ok

13:45:03.0718 4884 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

13:45:03.0754 4884 MsRPC - ok

13:45:03.0838 4884 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

13:45:03.0853 4884 mssmbios - ok

13:45:03.0943 4884 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

13:45:03.0978 4884 MSTEE - ok

13:45:04.0030 4884 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

13:45:04.0048 4884 Mup - ok

13:45:04.0301 4884 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

13:45:04.0343 4884 NativeWifiP - ok

13:45:04.0461 4884 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

13:45:04.0540 4884 NDIS - ok

13:45:04.0642 4884 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

13:45:04.0667 4884 NdisTapi - ok

13:45:04.0792 4884 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

13:45:04.0830 4884 Ndisuio - ok

13:45:04.0891 4884 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

13:45:04.0917 4884 NdisWan - ok

13:45:04.0982 4884 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

13:45:05.0007 4884 NDProxy - ok

13:45:05.0127 4884 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

13:45:05.0159 4884 NetBIOS - ok

13:45:05.0261 4884 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

13:45:05.0291 4884 netbt - ok

13:45:05.0399 4884 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

13:45:05.0477 4884 nfrd960 - ok

13:45:05.0592 4884 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

13:45:05.0643 4884 Npfs - ok

13:45:05.0724 4884 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

13:45:05.0756 4884 nsiproxy - ok

13:45:06.0010 4884 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

13:45:06.0283 4884 Ntfs - ok

13:45:06.0496 4884 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

13:45:06.0597 4884 ntrigdigi - ok

13:45:06.0699 4884 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

13:45:06.0730 4884 Null - ok

13:45:06.0811 4884 NVENETFD (74c825c573aa6e115590d94e7bf86901) C:\Windows\system32\DRIVERS\nvmfdx32.sys

13:45:07.0003 4884 NVENETFD - ok

13:45:07.0615 4884 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:45:10.0454 4884 nvlddmkm - ok

13:45:10.0573 4884 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

13:45:10.0587 4884 nvraid - ok

13:45:10.0648 4884 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

13:45:10.0663 4884 nvstor - ok

13:45:10.0733 4884 nvstor32 (019054d997f65358dca63ecae5103f97) C:\Windows\system32\drivers\nvstor32.sys

13:45:10.0748 4884 nvstor32 - ok

13:45:10.0814 4884 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

13:45:10.0831 4884 nv_agp - ok

13:45:10.0867 4884 NwlnkFlt - ok

13:45:10.0930 4884 NwlnkFwd - ok

13:45:11.0012 4884 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

13:45:11.0107 4884 ohci1394 - ok

13:45:11.0162 4884 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

13:45:11.0220 4884 Parport - ok

13:45:11.0277 4884 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

13:45:11.0293 4884 partmgr - ok

13:45:11.0329 4884 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

13:45:11.0388 4884 Parvdm - ok

13:45:11.0811 4884 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

13:45:11.0829 4884 pci - ok

13:45:12.0276 4884 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

13:45:12.0306 4884 pciide - ok

13:45:12.0370 4884 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

13:45:12.0404 4884 pcmcia - ok

13:45:12.0686 4884 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys

13:45:12.0721 4884 pcouffin - ok

13:45:12.0847 4884 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

13:45:13.0044 4884 PEAUTH - ok

13:45:13.0317 4884 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

13:45:13.0356 4884 PptpMiniport - ok

13:45:13.0416 4884 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

13:45:13.0481 4884 Processor - ok

13:45:13.0564 4884 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

13:45:13.0603 4884 PSched - ok

13:45:13.0736 4884 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys

13:45:13.0768 4884 PxHelp20 - ok

13:45:13.0926 4884 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

13:45:14.0213 4884 ql2300 - ok

13:45:14.0316 4884 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

13:45:14.0330 4884 ql40xx - ok

13:45:14.0402 4884 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

13:45:14.0421 4884 QWAVEdrv - ok

13:45:14.0468 4884 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

13:45:14.0500 4884 RasAcd - ok

13:45:14.0580 4884 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:45:14.0614 4884 Rasl2tp - ok

13:45:14.0754 4884 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

13:45:14.0782 4884 RasPppoe - ok

13:45:14.0849 4884 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

13:45:14.0869 4884 RasSstp - ok

13:45:14.0957 4884 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

13:45:14.0988 4884 rdbss - ok

13:45:15.0082 4884 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:45:15.0149 4884 RDPCDD - ok

13:45:15.0234 4884 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

13:45:15.0326 4884 rdpdr - ok

13:45:15.0382 4884 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

13:45:15.0417 4884 RDPENCDD - ok

13:45:15.0564 4884 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

13:45:15.0594 4884 RDPWD - ok

13:45:15.0757 4884 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

13:45:15.0793 4884 rspndr - ok

13:45:15.0882 4884 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

13:45:15.0900 4884 sbp2port - ok

13:45:15.0948 4884 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

13:45:16.0006 4884 secdrv - ok

13:45:16.0058 4884 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

13:45:16.0117 4884 Serenum - ok

13:45:16.0187 4884 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

13:45:16.0240 4884 Serial - ok

13:45:16.0336 4884 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

13:45:16.0367 4884 sermouse - ok

13:45:16.0575 4884 sfdrv01 (aad95fe3e005489c7156fa111f744eaf) C:\Windows\system32\drivers\sfdrv01.sys

13:45:16.0590 4884 sfdrv01 - ok

13:45:16.0667 4884 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

13:45:16.0726 4884 sffdisk - ok

13:45:16.0786 4884 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

13:45:16.0844 4884 sffp_mmc - ok

13:45:16.0920 4884 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

13:45:16.0980 4884 sffp_sd - ok

13:45:17.0086 4884 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys

13:45:17.0111 4884 sfhlp02 - ok

13:45:17.0235 4884 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

13:45:17.0344 4884 sfloppy - ok

13:45:17.0449 4884 sfvfs02 (197cef62eb4bc043e1578529fa2b9a48) C:\Windows\system32\drivers\sfvfs02.sys

13:45:17.0479 4884 sfvfs02 - ok

13:45:17.0591 4884 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

13:45:17.0620 4884 sisagp - ok

13:45:17.0681 4884 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

13:45:17.0700 4884 SiSRaid2 - ok

13:45:17.0760 4884 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

13:45:17.0774 4884 SiSRaid4 - ok

13:45:17.0971 4884 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

13:45:17.0998 4884 Smb - ok

13:45:18.0069 4884 SndTDriverV32 (63522ddc83bf6fca7f7efa44a140192b) C:\Windows\system32\drivers\SndTDriverV32.sys

13:45:18.0078 4884 SndTDriverV32 ( UnsignedFile.Multi.Generic ) - warning

13:45:18.0078 4884 SndTDriverV32 - detected UnsignedFile.Multi.Generic (1)

13:45:18.0152 4884 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

13:45:18.0168 4884 spldr - ok

13:45:18.0242 4884 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

13:45:18.0266 4884 srv - ok

13:45:18.0395 4884 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

13:45:18.0437 4884 srv2 - ok

13:45:18.0528 4884 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

13:45:18.0550 4884 srvnet - ok

13:45:18.0603 4884 SSKBFD (8564bc9598be1705477b7fa61d657c2b) C:\Windows\system32\Drivers\sskbfd.sys

13:45:18.0616 4884 SSKBFD - ok

13:45:18.0717 4884 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

13:45:18.0732 4884 swenum - ok

13:45:18.0892 4884 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

13:45:18.0919 4884 Symc8xx - ok

13:45:18.0968 4884 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

13:45:18.0992 4884 Sym_hi - ok

13:45:19.0032 4884 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

13:45:19.0051 4884 Sym_u3 - ok

13:45:19.0172 4884 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

13:45:19.0367 4884 Tcpip - ok

13:45:19.0735 4884 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

13:45:19.0954 4884 Tcpip6 - ok

13:45:20.0060 4884 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

13:45:20.0084 4884 tcpipreg - ok

13:45:20.0154 4884 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

13:45:20.0193 4884 TDPIPE - ok

13:45:20.0290 4884 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

13:45:20.0363 4884 TDTCP - ok

13:45:20.0469 4884 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

13:45:20.0502 4884 tdx - ok

13:45:20.0746 4884 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

13:45:20.0780 4884 TermDD - ok

13:45:20.0880 4884 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:45:20.0921 4884 tssecsrv - ok

13:45:21.0043 4884 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

13:45:21.0064 4884 tunmp - ok

13:45:21.0155 4884 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

13:45:21.0175 4884 tunnel - ok

13:45:21.0271 4884 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

13:45:21.0289 4884 uagp35 - ok

13:45:21.0393 4884 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

13:45:21.0458 4884 udfs - ok

13:45:21.0596 4884 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

13:45:21.0611 4884 uliagpkx - ok

13:45:21.0707 4884 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

13:45:21.0726 4884 uliahci - ok

13:45:21.0822 4884 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

13:45:21.0840 4884 UlSata - ok

13:45:21.0955 4884 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

13:45:21.0975 4884 ulsata2 - ok

13:45:22.0056 4884 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

13:45:22.0096 4884 umbus - ok

13:45:22.0438 4884 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

13:45:22.0476 4884 USBAAPL - ok

13:45:22.0617 4884 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

13:45:22.0644 4884 usbaudio - ok

13:45:22.0725 4884 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

13:45:22.0751 4884 usbccgp - ok

13:45:22.0799 4884 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

13:45:22.0855 4884 usbcir - ok

13:45:22.0913 4884 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

13:45:22.0942 4884 usbehci - ok

13:45:22.0997 4884 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

13:45:23.0026 4884 usbhub - ok

13:45:23.0149 4884 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

13:45:23.0177 4884 usbohci - ok

13:45:23.0273 4884 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

13:45:23.0312 4884 usbprint - ok

13:45:23.0468 4884 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

13:45:23.0498 4884 usbscan - ok

13:45:23.0597 4884 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys

13:45:23.0625 4884 usbser - ok

13:45:23.0670 4884 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:45:23.0701 4884 USBSTOR - ok

13:45:23.0765 4884 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

13:45:23.0837 4884 usbuhci - ok

13:45:23.0980 4884 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

13:45:24.0015 4884 usbvideo - ok

13:45:24.0148 4884 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

13:45:24.0182 4884 vga - ok

13:45:24.0242 4884 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

13:45:24.0277 4884 VgaSave - ok

13:45:24.0388 4884 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

13:45:24.0405 4884 viaagp - ok

13:45:24.0470 4884 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

13:45:24.0530 4884 ViaC7 - ok

13:45:24.0585 4884 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

13:45:24.0601 4884 viaide - ok

13:45:24.0713 4884 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

13:45:24.0744 4884 volmgr - ok

13:45:24.0808 4884 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

13:45:24.0830 4884 volmgrx - ok

13:45:24.0903 4884 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

13:45:24.0923 4884 volsnap - ok

13:45:25.0006 4884 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

13:45:25.0023 4884 vsmraid - ok

13:45:25.0285 4884 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

13:45:25.0612 4884 VST_DPV - ok

13:45:25.0860 4884 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

13:45:25.0974 4884 WacomPen - ok

13:45:26.0135 4884 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

13:45:26.0162 4884 Wanarp - ok

13:45:26.0188 4884 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

13:45:26.0213 4884 Wanarpv6 - ok

13:45:26.0312 4884 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

13:45:26.0328 4884 Wd - ok

13:45:26.0484 4884 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

13:45:26.0567 4884 Wdf01000 - ok

13:45:26.0732 4884 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

13:45:26.0897 4884 winachsf - ok

13:45:27.0060 4884 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

13:45:27.0114 4884 WmiAcpi - ok

13:45:27.0272 4884 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

13:45:27.0290 4884 WpdUsb - ok

13:45:27.0395 4884 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

13:45:27.0430 4884 ws2ifsl - ok

13:45:28.0068 4884 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:45:28.0135 4884 WUDFRd - ok

13:45:28.0417 4884 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys

13:45:28.0450 4884 XAudio - ok

13:45:28.0540 4884 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys

13:45:28.0558 4884 xusb21 - ok

13:45:28.0602 4884 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0

13:45:28.0830 4884 \Device\Harddisk0\DR0 - ok

13:45:28.0839 4884 Boot (0x1200) (1aff519d45350696e65237b2211bab63) \Device\Harddisk0\DR0\Partition0

13:45:28.0841 4884 \Device\Harddisk0\DR0\Partition0 - ok

13:45:28.0862 4884 Boot (0x1200) (f5e0e481b11a59be3a697141e73291b7) \Device\Harddisk0\DR0\Partition1

13:45:28.0864 4884 \Device\Harddisk0\DR0\Partition1 - ok

13:45:28.0866 4884 ============================================================

13:45:28.0866 4884 Scan finished

13:45:28.0866 4884 ============================================================

13:45:28.0895 3472 Detected object count: 4

13:45:28.0895 3472 Actual detected object count: 4

13:45:33.0901 3472 cmudaxp ( UnsignedFile.Multi.Generic ) - skipped by user

13:45:33.0901 3472 cmudaxp ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:45:33.0905 3472 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user

13:45:33.0905 3472 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:45:33.0908 3472 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user

13:45:33.0908 3472 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:45:33.0910 3472 SndTDriverV32 ( UnsignedFile.Multi.Generic ) - skipped by user

13:45:33.0911 3472 SndTDriverV32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:45:37.0838 4444 Deinitialize success

Link to post
Share on other sites

OTL logfile created on: 1/27/2012 1:20:26 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dragan and Dianne\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 64.16% Memory free

7.18 Gb Paging File | 5.80 Gb Available in Paging File | 80.84% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 177.55 Gb Total Space | 60.96 Gb Free Space | 34.33% Space Free | Partition Type: NTFS

Drive D: | 8.76 Gb Total Space | 1.01 Gb Free Space | 11.52% Space Free | Partition Type: NTFS

Computer Name: MOZAK | User Name: Dragan and Dianne | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/27 13:19:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dragan and Dianne\Downloads\OTL.exe

PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/10/29 16:08:00 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe

PRC - [2011/08/10 11:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

PRC - [2011/08/08 14:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

PRC - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2011/07/28 13:35:52 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2011/07/28 13:35:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2011/04/24 22:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/05/01 22:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe

PRC - [2008/05/01 22:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/05 00:08:28 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll

MOD - [2012/01/05 00:07:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll

MOD - [2011/10/12 12:42:13 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll

MOD - [2011/10/12 12:42:00 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll

MOD - [2011/10/12 12:40:09 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll

MOD - [2011/10/12 12:39:51 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MOD - [2011/08/08 14:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

MOD - [2011/07/28 15:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MOD - [2011/07/28 12:52:38 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/04/24 22:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll

MOD - [2011/04/24 22:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll

MOD - [2011/04/24 22:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll

MOD - [2011/04/24 22:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll

MOD - [2011/04/24 22:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll

MOD - [2011/04/24 22:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll

MOD - [2011/04/20 18:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/08/10 11:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)

SRV - [2011/07/28 13:35:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2011/04/24 22:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)

SRV - [2008/05/01 22:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2008/03/03 20:33:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/07/18 11:07:22 | 000,184,320 | ---- | M] (SoundMovieServer) [On_Demand | Stopped] -- C:\Windows\System32\snmvtsvc.exe -- (SoundMovieServer)

========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/07/28 14:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV - [2011/07/28 12:53:46 | 000,247,296 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2011/04/20 13:50:14 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)

DRV - [2011/03/10 17:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)

DRV - [2011/03/04 12:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)

DRV - [2011/03/04 12:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)

DRV - [2011/01/01 09:12:18 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)

DRV - [2010/07/10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/11/02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)

DRV - [2008/07/09 06:51:43 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2008/07/09 06:51:43 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)

DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)

DRV - [2008/02/28 23:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2008/02/28 23:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2008/01/22 20:54:42 | 001,780,352 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudaxp.sys -- (cmudaxp)

DRV - [2008/01/04 17:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)

DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/09/21 00:10:54 | 000,078,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)

DRV - [2007/09/21 00:10:26 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)

DRV - [2007/09/21 00:10:20 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2007/07/18 11:17:54 | 000,022,528 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SndTDriverV32.sys -- (SndTDriverV32)

DRV - [2007/05/03 22:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2007/03/19 05:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2007/02/08 09:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)

DRV - [2006/07/05 04:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2006/06/14 06:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3530771688-3326990877-449892454-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-3530771688-3326990877-449892454-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3530771688-3326990877-449892454-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3530771688-3326990877-449892454-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Dragan and Dianne\AppData\Roaming\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/29 16:08:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011/11/09 12:49:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011/11/09 12:49:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011/11/09 12:49:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/09 14:54:49 | 000,000,000 | ---D | M]

[2012/01/22 14:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/05/04 16:23:21 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak

[2011/05/04 16:22:54 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak

File not found (No name found) -- C:\PROGRAM FILES\MOZILLA THUNDERBIRD\EXTENSIONS\TALKBACK@MOZILLA.ORG

[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/19 15:45:16 | 000,000,761 | RH-- | M]) - C:\Windows\System32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-3530771688-3326990877-449892454-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-3530771688-3326990877-449892454-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [Cmaudio8788] "RunDll32" cmicnfgp.cpl,CMICtrlWnd File not found

O4 - HKLM..\Run: [Cmaudio8788Hook] C:\Windows\system\ComHookMonitor.exe File not found

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3530771688-3326990877-449892454-1000..\Run: [doubleTwist] "C:\Program Files\doubleTwist 2.0\doubleTwist.DeviceHelper.exe" File not found

O4 - HKU\S-1-5-21-3530771688-3326990877-449892454-1000..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini File not found

O4 - HKU\S-1-5-21-3530771688-3326990877-449892454-1000..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe File not found

O4 - HKU\S-1-5-21-3530771688-3326990877-449892454-1000..\Run: [Hobbyist Software iTunes Helper] C:\Program Files\Hobbyist Software\iTunes Remote Helper\iTunesRemoteHelper.exe /server File not found

O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found

O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9381DB96-D8E2-49E2-8B34-D8BCF26C222D}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDAB9E39-E97A-4CB1-AFF7-4448531C2148}: DhcpNameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)

O24 - Desktop WallPaper: C:\Users\Dragan and Dianne\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Dragan and Dianne\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/05/06 13:09:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{dba729a8-ef8c-11e0-9f57-001bfc082295}\Shell - "" = AutoRun

O33 - MountPoints2\{dba729a8-ef8c-11e0-9f57-001bfc082295}\Shell\AutoRun\command - "" = M:\setup.exe -a

O33 - MountPoints2\{e878b296-35d7-11df-932e-001bfc082295}\Shell\Auto\command - "" = rejoi2301.exe

O33 - MountPoints2\{e878b296-35d7-11df-932e-001bfc082295}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL rejoi2301.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/22 12:12:35 | 000,000,000 | ---D | C] -- C:\Users\Dragan and Dianne\New Folder

[2012/01/22 12:08:08 | 000,000,000 | ---D | C] -- C:\Users\Dragan and Dianne\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/01/17 18:02:00 | 000,000,000 | ---D | C] -- C:\Users\Dragan and Dianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hardwood Euchre

[2012/01/17 18:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\SilverCreekCommonFiles

[2012/01/17 18:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\Hardwood Euchre

[2012/01/11 08:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Device Agent

[2012/01/11 08:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\TrainingPeaks

[2012/01/09 15:03:20 | 000,000,000 | ---D | C] -- C:\Users\Dragan and Dianne\AppData\Local\DDMSettings

[2012/01/06 14:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/01/06 14:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/01/06 14:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2007/08/05 13:55:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Dragan and Dianne\AppData\Roaming\pcouffin.sys

[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/27 13:22:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/01/27 13:07:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/01/27 13:07:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/27 13:07:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/27 13:07:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/01/22 23:59:06 | 000,001,356 | ---- | M] () -- C:\Users\Dragan and Dianne\AppData\Local\d3d9caps.dat

[2012/01/22 20:22:19 | 000,000,980 | ---- | M] () -- C:\Users\Dragan and Dianne\Desktop\Internet Explorer.lnk

[2012/01/22 13:29:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2012/01/22 13:22:06 | 000,617,226 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/01/22 13:22:06 | 000,108,360 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/01/21 10:54:12 | 000,002,441 | ---- | M] () -- C:\Users\Dragan and Dianne\Desktop\Adobe Acrobat 8 Professional.lnk

[2012/01/17 18:02:00 | 000,000,902 | ---- | M] () -- C:\Users\Dragan and Dianne\Desktop\Play Euchre.lnk

[2012/01/14 09:44:51 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012/01/11 08:00:57 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Device Agent.lnk

[2012/01/10 13:47:04 | 000,151,360 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat

[2012/01/06 14:23:20 | 000,001,701 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/01/05 18:00:37 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/22 20:22:19 | 000,000,980 | ---- | C] () -- C:\Users\Dragan and Dianne\Desktop\Internet Explorer.lnk

[2012/01/17 18:02:00 | 000,000,902 | ---- | C] () -- C:\Users\Dragan and Dianne\Desktop\Play Euchre.lnk

[2012/01/14 09:44:51 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012/01/14 09:44:51 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012/01/11 08:00:57 | 000,001,978 | ---- | C] () -- C:\Users\Public\Desktop\Device Agent.lnk

[2012/01/06 14:23:20 | 000,001,701 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/01/05 18:00:37 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011/09/13 15:40:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/09/08 08:51:22 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll

[2011/08/26 06:34:14 | 000,234,855 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2011/07/28 16:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll

[2011/05/04 16:22:33 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat

[2011/05/04 16:22:33 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat

[2011/03/17 09:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat

[2011/03/11 11:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat

[2011/03/04 15:18:51 | 000,002,558 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Local\packet

[2011/03/03 10:32:38 | 000,221,554 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\WavePad.dmp

[2010/10/11 14:09:55 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll

[2010/01/24 18:00:46 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib

[2009/11/27 20:01:46 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini

[2009/11/13 12:32:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/11/13 12:32:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/11/10 08:35:14 | 000,000,760 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\setup_ldm.iss

[2009/09/28 19:45:30 | 000,163,211 | ---- | C] () -- C:\Windows\hpoins37.dat

[2009/09/19 14:20:08 | 000,071,961 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/09/19 14:11:26 | 000,000,054 | ---- | C] () -- C:\Windows\System32\cmasiop.ini

[2009/09/19 14:09:40 | 000,002,205 | ---- | C] () -- C:\Windows\cmudaxp.ini

[2009/09/19 14:04:04 | 000,071,961 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/07/08 06:40:39 | 000,000,632 | ---- | C] () -- C:\Windows\hpomdl37.dat

[2009/01/02 15:11:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2008/10/21 20:22:27 | 000,458,752 | ---- | C] () -- C:\Windows\System32\Cmeauoxy.exe

[2008/10/21 20:22:10 | 000,000,524 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl

[2008/10/21 20:19:30 | 000,004,722 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg

[2008/10/21 20:19:30 | 000,001,704 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi

[2008/08/13 18:44:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/07/11 10:23:34 | 002,337,865 | ---- | C] () -- C:\Windows\System32\pbsvc.exe

[2008/03/03 13:58:27 | 000,151,360 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2008/01/30 04:35:30 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2008/01/30 00:01:35 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin

[2007/12/16 00:25:17 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2007/12/16 00:25:15 | 000,022,328 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\PnkBstrK.sys

[2007/12/16 00:25:00 | 000,271,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2007/12/16 00:24:47 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2007/12/16 00:24:44 | 000,000,060 | ---- | C] () -- C:\Windows\game.ini

[2007/08/23 19:16:53 | 000,120,832 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2007/08/23 08:53:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll

[2007/08/08 10:12:37 | 000,001,356 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Local\d3d9caps.dat

[2007/08/06 08:44:13 | 000,106,496 | ---- | C] () -- C:\Windows\VMix.dll

[2007/08/05 16:30:58 | 000,015,360 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/08/05 13:55:05 | 000,087,608 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\inst.exe

[2007/08/05 13:55:05 | 000,007,887 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\pcouffin.cat

[2007/08/05 13:55:05 | 000,001,144 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\pcouffin.inf

[2007/05/06 12:53:31 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat

[2007/05/06 12:32:44 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe

[2007/05/06 12:29:51 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll

[2007/05/06 12:29:51 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll

[2007/03/06 00:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2007/01/12 06:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2007/01/12 06:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 04:47:37 | 000,342,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 02:33:01 | 000,617,226 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 02:33:01 | 000,108,360 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2012/01/22 12:08:08 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/01/22 14:14:47 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\DC++

[2011/03/03 07:56:09 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\NCH Swift Sound

[2007/08/05 12:42:03 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\Snapfish

[2009/01/02 15:14:20 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\Thunderbird

[2011/06/29 08:06:45 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\Vso

[2007/08/06 13:08:30 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\WinBatch

[2012/01/25 21:32:13 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:D87527570B48DB4F

@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E7393FC

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 1/27/2012 1:20:26 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dragan and Dianne\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 64.16% Memory free

7.18 Gb Paging File | 5.80 Gb Available in Paging File | 80.84% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 177.55 Gb Total Space | 60.96 Gb Free Space | 34.33% Space Free | Partition Type: NTFS

Drive D: | 8.76 Gb Total Space | 1.01 Gb Free Space | 11.52% Space Free | Partition Type: NTFS

Computer Name: MOZAK | User Name: Dragan and Dianne | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3530771688-3326990877-449892454-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07D46977-D101-4C26-961E-E23000AEAC1A}" = rport=138 | protocol=17 | dir=out | app=system |

"{11A9D33E-4913-44E7-B1AA-E2AA05EB1722}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1C2F0E9B-0BD6-46B9-A2C3-9559C616D147}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{30E6936D-E701-45A1-BBA6-1858798A34A7}" = lport=139 | protocol=6 | dir=in | app=system |

"{32262C05-78B9-4208-8924-2C306AD7C517}" = rport=445 | protocol=6 | dir=out | app=system |

"{4B4C30A0-11DB-46C5-B94A-AB5C51B78DDE}" = lport=138 | protocol=17 | dir=in | app=system |

"{66413F1C-46A5-4642-8EF3-8B0463994B13}" = rport=139 | protocol=6 | dir=out | app=system |

"{8AE7C899-E76D-4AEC-BE92-1D53426296E7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{977C6217-F6C4-4790-8EB8-16A00D3DC7E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{991AAA24-06A8-4070-95AA-FFB454B5B6A6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9EEE3AE6-9441-4817-8406-11931A63FD35}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B697FD4B-FEF1-4EFE-B7BC-D6E76BCDE3B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |

"{B6BC3236-BB40-4032-B8BF-F20C7337B51D}" = lport=10243 | protocol=6 | dir=in | app=system |

"{BB29BB0B-E190-4329-B944-855F47F40688}" = lport=445 | protocol=6 | dir=in | app=system |

"{D4891AA4-908E-492C-8F49-5FA5C44A508E}" = rport=10243 | protocol=6 | dir=out | app=system |

"{DE354ACE-D9E1-4210-9AC7-04E064B63B64}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |

"{E433FD76-435D-4C36-8E25-426910EC2398}" = lport=2869 | protocol=6 | dir=in | app=system |

"{EE33B6E2-B4A2-4370-8E92-6FD2E0225C25}" = rport=137 | protocol=17 | dir=out | app=system |

"{F15FA914-80A0-4B4F-8D50-FE225A9232AD}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0422F8AE-1742-469E-A7D6-4DCC3D25A26C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{05B34A40-0F05-4277-8081-CEC852609489}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |

"{098C6F15-262C-4192-A01C-712F9E8334F4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |

"{0A321889-E6AA-49CE-A9A4-70FE8052440F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0B3941AD-E6E4-4393-93D0-ABBDACBE3C9E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

"{1256D27B-F6FD-4C82-842A-19374C88CE72}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{1760E8F5-1913-41EC-BF39-250C9A664DE7}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{1B78CB37-35AA-459E-8364-532BAE7F64C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{1E889A7E-D6A8-4368-B34E-F03308A380F2}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\itunes remote helper\itunesremotehelper.exe |

"{1F9F57F9-71B6-4EA4-A453-B9DADE919E40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{227D3424-CD70-4B33-BFDB-F52363C76C40}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{238226DE-788E-46CC-87BF-D515D5C1E2A9}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"{27A47C4E-2EA3-4A6D-A9AB-7D7B40C7FA97}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |

"{28ADB941-822E-4708-9981-3607397C6F7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{351F1021-853E-48FD-9E26-746506C1E141}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{39363043-8BAE-4813-B7E3-243229DA16FA}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |

"{40E838FF-D52C-4FBE-B12D-9D0F77027646}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{43FA509C-785B-4AC7-A5A7-254C803B5304}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |

"{445CA786-E1E6-47EE-8C07-666F14DF95CE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |

"{49005AE5-A213-4E2B-96EF-A26EDDA4E969}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |

"{52EFE1F8-C10D-49E8-9432-674E37A492E3}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\itunes remote helper\itunesremotehelper.exe |

"{5529EE8D-CD3D-415D-B5AB-B4322267E703}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{59F2D171-82AE-4740-AEAE-52B15526DB7B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{5A6EA51E-DC71-4032-B9EB-9AD3820D0226}" = protocol=6 | dir=out | app=system |

"{5CE7C62A-F19B-4648-9446-B2796479ECB8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{61792B2F-77E7-4EF0-AFF4-068AA168C878}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |

"{6A68B9C6-9FAB-4665-A30F-A2BB99517F8F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6ECC7211-F42A-4B92-BA16-42B338055A66}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\itunes remote helper\itunesremotehelper.exe |

"{6F086771-0208-4031-8DBF-94FF9C50833C}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{71462991-1A78-4AFF-AF94-AE751C475309}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{770E6D62-A573-412B-886D-532ACFFEA94D}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{8336E42D-957B-4F7A-B12C-19F2F5F0A3C5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{87F5221D-FFE4-4308-9761-0EA1A3B20557}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\itunes remote helper\itunesremotehelper.exe |

"{916C4866-8605-4AEA-AD46-7DDB2CA69444}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\itunes remote helper\itunesremotehelper.exe |

"{9190574D-4AD0-43C2-86B8-25CDD08115C6}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |

"{91FD376E-8E90-4A85-B74D-5E3D39723067}" = protocol=6 | dir=in | app=c:\users\dragan and dianne\appdata\local\temp\7zs189e.tmp\symnrt.exe |

"{94E071CA-B1A8-4B58-868A-EA09AF65106E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{98A3F528-3D8B-49F2-96A9-40CC7E83F4F4}" = protocol=6 | dir=in | app=c:\users\dragan and dianne\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{A1CA3957-1FAD-45C8-9C98-C12D58D95BD8}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{A2AC21AA-4143-4206-A9D6-688A9CE2CAAA}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |

"{A2F96933-B659-4388-A1B8-C969B3525651}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |

"{A3ED4352-1B1B-4865-8427-66EA53EECD0D}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |

"{A79BEF92-1488-474F-9C33-35BF6D234815}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |

"{A79C0B29-8A0A-4C6C-8551-F9DBE917FC4B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{A7C37BE0-180B-42D8-BD53-F66F30663B21}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |

"{AD36D940-5D06-44DF-B7DF-3C5F23463FEE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{AE2CFB7F-A769-4FA9-B52C-0F2A1D2B5B4E}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"{AF3A965C-EC1A-4C73-8E0C-C589F4F972E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |

"{B495F7F9-F3A6-4212-9170-EFE656C50805}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{B63C0B7A-0502-470C-A2B1-FD44CCF8AAC2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{BFEF0A8A-2AED-4EA0-A6ED-2E30BC50082B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{C34236D7-6F1E-4B8A-A989-EB0F57C982E8}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\itunes remote helper\itunesremotehelper.exe |

"{C7ABB510-7496-404F-A534-B939858DA4F8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |

"{D31CE99A-96E0-4D86-88DD-9218A1D50184}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{D9523C8A-79B3-49E8-BE20-EE6E7752537A}" = protocol=17 | dir=in | app=c:\users\dragan and dianne\appdata\local\temp\7zs189e.tmp\symnrt.exe |

"{E00A3BA6-DC38-4F80-BE58-839195A8B7BB}" = protocol=17 | dir=in | app=c:\users\dragan and dianne\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{E1B9AE83-D8EA-4F95-95A5-011AA91FEB3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E2AA857C-99D1-4B53-A95B-AD235565D89C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{EA0D206F-66C7-4E8A-8766-B895B4337359}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{F608AB89-DD30-4CCA-99A2-4E161D040A7A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F8B4859A-EAD9-45D0-8CBE-5FCD8C7B266F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{FDB3F613-840F-4331-89E5-D40CF9CF9AAF}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"TCP Query User{4541ABA8-5BB6-4335-B9D9-4EA0E006DBCC}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"TCP Query User{808FF08A-B8BE-430A-8D6D-CDA2F42847E9}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

"TCP Query User{992B071D-1122-42FB-BCE9-65D9F390C05C}C:\program files\attc\mccibrowser.exe" = protocol=6 | dir=in | app=c:\program files\attc\mccibrowser.exe |

"TCP Query User{EA882DAB-5194-4B6C-9F87-B077D9D6D838}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |

"TCP Query User{EE221E0F-6758-49C7-91A3-AC26D3166E70}C:\users\dragan and dianne\desktop\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\users\dragan and dianne\desktop\pfportchecker\pfportchecker.exe |

"UDP Query User{13828367-106E-4F25-A819-5EDA4BB85837}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"UDP Query User{301D8B77-7EA8-4D9A-A0DC-45B0D11E0908}C:\program files\attc\mccibrowser.exe" = protocol=17 | dir=in | app=c:\program files\attc\mccibrowser.exe |

"UDP Query User{6755F7BD-973F-4F19-A113-82DC9445F75E}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

"UDP Query User{B8305600-BBB1-48F3-A90D-7995A7915957}C:\users\dragan and dianne\desktop\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\users\dragan and dianne\desktop\pfportchecker\pfportchecker.exe |

"UDP Query User{DCEAB8FC-120A-4A41-8F07-E88D8CBB55E1}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 29

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox

"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012

"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4FBA8A80-0BB2-4A53-0EBD-F01763803252}" = AMD VISION Engine Control Center

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5

"{6130D52A-5C06-4b2d-85C6-D40E98134BB5}" = TrainingPeaks Device Agent

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400

"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9

"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9CE4B7FA-8626-316B-B483-FCEF49E27430}" = AMD Catalyst Install Manager

"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback

"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements

"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes

"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1

"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{F940D29F-DDAB-390B-1307-B132C693DD39}" = Catalyst Control Center InstallProxy

"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.0 Professional

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"C-Media Oxygen HD Audio Driver" = Bgears

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP

"DC++" = DC++ 0.782

"DivX Setup" = DivX Setup

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVDFab 8 Qt_is1" = DVDFab 8.1.0.0 (16/06/2011) Qt

"Google Updater" = Google Updater

"Hardwood Euchre" = Hardwood Euchre

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator

"RealPlayer 12.0" = RealPlayer

"Rhapsody" = Rhapsody

"SoundTaxi_is1" = SoundTaxi 2.7.2

"SystemRequirementsLab" = System Requirements Lab

"WavePad" = WavePad Sound Editor

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 1/23/2012 12:44:40 AM | Computer Name = Mozak | Source = EventSystem | ID = 4609

Description =

Error - 1/23/2012 12:55:53 AM | Computer Name = Mozak | Source = EventSystem | ID = 4609

Description =

Error - 1/23/2012 3:53:19 AM | Computer Name = Mozak | Source = EventSystem | ID = 4609

Description =

Error - 1/23/2012 4:31:38 AM | Computer Name = Mozak | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description =

Error - 1/23/2012 4:32:17 AM | Computer Name = Mozak | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description =

Error - 1/23/2012 4:36:02 PM | Computer Name = Mozak | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 1570 Start Time: 01ccd9e656b3fd2b Termination Time: 31

Error - 1/23/2012 4:38:33 PM | Computer Name = Mozak | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 116c Start Time: 01ccda0eb1d7df54 Termination Time: 59

Error - 1/23/2012 4:51:44 PM | Computer Name = Mozak | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 14b0 Start Time: 01ccda0eb19b22e6 Termination Time: 125

Error - 1/23/2012 4:56:48 PM | Computer Name = Mozak | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: e6c Start Time: 01ccda11173fb7c1 Termination Time: 1480

Error - 1/23/2012 5:09:17 PM | Computer Name = Mozak | Source = EventSystem | ID = 4609

Description =

[ Media Center Events ]

Error - 8/6/2007 9:48:34 PM | Computer Name = Mozak | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]

Error - 1/23/2012 6:59:17 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7000

Description =

Error - 1/23/2012 6:59:17 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7026

Description =

Error - 1/23/2012 7:45:02 PM | Computer Name = Mozak | Source = DCOM | ID = 10010

Description =

Error - 1/25/2012 11:07:33 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7000

Description =

Error - 1/25/2012 11:07:33 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7026

Description =

Error - 1/26/2012 1:32:06 AM | Computer Name = Mozak | Source = DCOM | ID = 10010

Description =

Error - 1/27/2012 5:09:13 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7000

Description =

Error - 1/27/2012 5:09:13 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7026

Description =

Error - 1/27/2012 5:09:26 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7009

Description =

Error - 1/27/2012 5:09:26 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7000

Description =

< End of report >

Link to post
Share on other sites

Step 1

Please uninstall this application: DC++ . Take a look at our rules:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O33 - MountPoints2\{e878b296-35d7-11df-932e-001bfc082295}\Shell\Auto\command - "" = rejoi2301.exe
    [2007/08/05 13:55:05 | 000,087,608 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\inst.exe
    [2007/08/05 13:55:05 | 000,007,887 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\pcouffin.cat
    [2007/08/05 13:55:05 | 000,001,144 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\pcouffin.inf

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log file.

Link to post
Share on other sites

DC++ uninstalled.

All processes killed

Error: Unable to interpret <:OTLO33 - MountPoints2\{e878b296-35d7-11df-932e-001bfc082295}\Shell\Auto\command - "" = rejoi2301.exe[2007/08/05 13:55:05 | 000,087,608 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\inst.exe[2007/08/05 13:55:05 | 000,007,887 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\pcouffin.cat[2007/08/05 13:55:05 | 000,001,144 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\pcouffin.inf:Commands[emptytemp]> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 01282012_081107

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

I realized the same after reading the error message. After I ran OTL with commands on a new line, OTL stopped responding, and all the icons desapeared from the desktop. I restarted the computer and this is the message I have now.

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Hi Maniac,

I appreaciate your help thus far. I have a question: during the combofix scan, Kaspersky detected a catchme.3xe file associated with combofix. I allowed it to run as this was the only way to continue with the scan and report. What is this file? why does Kasperky think it is malicious? Thank you. Below is the log file.

ComboFix 12-01-29.02 - Dragan and Dianne 01/29/2012 9:21.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3582.2233 [GMT -8:00]

Running from: c:\users\Dragan and Dianne\Downloads\ComboFix.exe

AV: Kaspersky Internet Security *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - Windows: deleted 24 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\windows\system32\odbcad32.exe

.

Infected copy of c:\windows\system32\userinit.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 )))))))))))))))))))))))))))))))

.

.

2012-01-29 17:35 . 2012-01-29 17:40 -------- d-----w- c:\users\Dragan and Dianne\AppData\Local\temp

2012-01-29 17:35 . 2012-01-29 17:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-28 16:11 . 2012-01-28 16:11 -------- dc----w- C:\_OTL

2012-01-23 08:34 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11703328-47C3-42A5-8BA6-F3C3D77BEE9B}\mpengine.dll

2012-01-22 20:12 . 2012-01-22 20:12 -------- d-----w- c:\users\Dragan and Dianne\New Folder

2012-01-22 20:08 . 2012-01-22 20:08 -------- d-----w- c:\users\Dragan and Dianne\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

2012-01-18 02:01 . 2012-01-18 02:01 -------- dc----w- c:\program files\SilverCreekCommonFiles

2012-01-18 02:01 . 2012-01-18 02:02 -------- dc----w- c:\program files\Hardwood Euchre

2012-01-13 21:23 . 2009-03-16 22:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll

2012-01-13 19:01 . 2006-07-28 17:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll

2012-01-13 19:01 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2012-01-11 16:00 . 2012-01-11 16:00 -------- dc----w- c:\program files\TrainingPeaks

2012-01-10 18:17 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2012-01-10 18:17 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll

2012-01-10 18:17 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll

2012-01-10 18:16 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll

2012-01-10 18:16 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll

2012-01-10 18:16 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll

2012-01-10 18:16 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll

2012-01-10 18:16 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll

2012-01-10 18:15 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-01-10 18:15 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll

2012-01-10 18:15 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll

2012-01-10 18:15 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2012-01-10 18:15 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll

2012-01-10 18:15 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe

2012-01-09 23:03 . 2012-01-09 23:03 -------- d-----w- c:\users\Dragan and Dianne\AppData\Local\DDMSettings

2012-01-06 22:23 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-01-06 22:23 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2012-01-06 22:21 . 2012-01-06 22:21 -------- dc----w- c:\program files\iPod

2012-01-06 22:20 . 2012-01-06 22:23 -------- dc----w- c:\program files\iTunes

2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 23:24 . 2011-11-01 15:25 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-23 13:37 . 2011-12-15 21:52 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-16 20:31 . 2011-05-13 13:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-15 22:29 . 2009-10-04 00:58 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-11-08 14:42 . 2011-12-15 21:51 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-03 22:47 . 2011-12-15 21:58 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-11-03 22:40 . 2011-12-15 21:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-03 22:39 . 2011-12-15 21:58 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-11-03 22:31 . 2011-12-15 21:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-29 336384]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"TkBellExe"="c:\program files\Real\realplayer\update\realsched.exe" [2011-10-30 273528]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-18 805392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-27 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-05 14:40]

.

2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 23:44]

.

2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 23:44]

.

2007-10-04 c:\windows\Tasks\HPCeeScheduleForDragan and Dianne.job

- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-05-06 18:56]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Hobbyist Software iTunes Helper - c:\program files\Hobbyist Software\iTunes Remote Helper\iTunesRemoteHelper.exe

HKCU-Run-DS3 Tool - c:\program files\MotioninJoy\ds3\DS3_Tool.exe

HKCU-Run-HLBackupScheduler - c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

HKCU-Run-doubleTwist - c:\program files\doubleTwist 2.0\doubleTwist.DeviceHelper.exe

HKLM-Run-Cmaudio8788 - cmicnfgp.cpl

HKLM-Run-Cmaudio8788Hook - c:\windows\system\ComHookMonitor.exe

AddRemove-WavePad - c:\program files\NCH Swift Sound\WavePad\uninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-29 09:41

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3530771688-3326990877-449892454-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:1a,80,2a,3f,b2,18,39,ac,0e,0b,31,cf,74,0f,18,09,71,d3,10,b1,69,fc,5a,

1f,14,90,61,13,d5,e1,43,6e,54,28,30,d9,93,ba,ec,e1,fe,8c,89,e5,a5,7a,8c,4d,\

"??"=hex:c3,f8,4e,db,37,06,25,96,83,ee,47,db,f5,15,9d,bc

.

[HKEY_USERS\S-1-5-21-3530771688-3326990877-449892454-1000\Software\SecuROM\License information*]

"datasecu"=hex:f4,a8,81,af,b1,bb,a1,aa,84,24,02,a0,8a,0d,95,d2,7c,02,3d,eb,19,

df,5a,3b,01,7e,3d,56,13,6d,a0,9b,e9,d8,ba,d6,27,66,40,a2,09,e0,96,27,53,5a,\

"rkeysecu"=hex:be,d2,1d,1a,38,8a,c3,fb,59,1e,63,4a,25,d2,40,08

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(5736)

c:\program files\Logitech\SetPoint\GameHook.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\atiesrxx.exe

c:\windows\system32\atieclxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Motorola\MotoHelper\MotoHelperService.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe

c:\windows\System32\rundll32.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\ehome\ehmsas.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2012-01-29 09:55:26 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-29 17:49

.

Pre-Run: 72,222,957,568 bytes free

Post-Run: 78,248,554,496 bytes free

.

- - End Of File - - 7BE7C94D10E661A0CA4B71B4141DB89E

Link to post
Share on other sites

I have a question: during the combofix scan, Kaspersky detected a catchme.3xe file associated with combofix. I allowed it to run as this was the only way to continue with the scan and report. What is this file? why does Kasperky think it is malicious?

Antivirus companies generally have a problem with tools like ComboFix, because they do not like their approach and consider it dangerous. I can assure you that everything is fine with the tool. Now please:

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version. If you already have difficulty, for your convenience we have video on YouTube, which shows visually how to do that.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Next,

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Post both of them in your next reply.

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.29.02

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Dragan and Dianne :: MOZAK [administrator]

Protection: Enabled

1/29/2012 2:22:49 PM

mbam-log-2012-01-29 (14-22-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 181141

Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=57d7dbe5d19c574d9d993628de74fea5

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=false

# utc_time=2012-01-30 03:31:30

# local_time=2012-01-29 07:31:30 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1280 16777215 100 0 12532825 12532825 0 0

# compatibility_mode=5892 16776573 100 100 0 164494605 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=172449

# found=0

# cleaned=0

# scan_time=7212

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.