Jump to content


Photo
- - - - -

HEUR:Trojan.Win32.Generic


  • This topic is locked This topic is locked
25 replies to this topic

#1 krompir

krompir

    New Member

  • Members
  • Pip
  • 14 posts

Posted 23 January 2012 - 06:43 PM

I have both Kaspersky Internet Security and MBAM Pro. I scanned the computer with MBAM and it found two items which I removed. However, the computer continued to behave strangely, so I decided to request help. While posting this topic, a warning box from Kaspersky appeared stating that my computer has a virus. I am including the two .txt files from the DDS scan. Thank you in advance for your help.

Attached Files



#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 23 January 2012 - 07:11 PM

Hello krompir and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not install software or hardware while we working on the machine.

I would like to see what Malwarebytes' Anti-Malware is found. Please run the Malwarebytes' Anti-Malware, open the Logs tab, double click on the last reports (on the top) to find where are they are and finally post the log file here.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 krompir

krompir

    New Member

  • Members
  • Pip
  • 14 posts

Posted 26 January 2012 - 12:29 AM

Thank you for your prompt response. Included is the report from Malwarebytes from today. I also included the reports when Malwarebytes first detected the problem prior to me posting this topic. Although this latest scan is clear, Kaspersky immediately detects the trojan, which is the same that Malwarebytes detected when I first believed that my computer was infected. I should mention that the moment I opended the internet, I was directed to a strange site (this is no longer happening). I have not attempted to remove the trojan through Kaspersky and will not do anything unless you tell me to do so.

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.22.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Dragan and Dianne :: MOZAK [administrator]
Protection: Enabled
1/25/2012 7:08:11 PM
mbam-log-2012-01-25 (19-08-11).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 337419
Time elapsed: 1 hour(s), 50 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)


Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.22.03
Windows Vista Service Pack 2 x86 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Dragan and Dianne :: MOZAK [administrator]
Protection: Disabled
1/22/2012 8:50:33 PM
mbam-log-2012-01-22 (20-50-33).txt
Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: Registry | File System
Objects scanned: 125440
Time elapsed: 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Users\Dragan and Dianne\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Users\Dragan and Dianne\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Dragan and Dianne\AppData\Local\dplaysvr.exe (Trojan.QHost.BG) -> Quarantined and deleted successfully.
(end)


Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.20.02
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Dragan and Dianne :: MOZAK [administrator]
Protection: Enabled
1/22/2012 1:56:01 PM
mbam-log-2012-01-22 (13-56-01).txt
Scan type: Custom scan
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra
Objects scanned: 1
Time elapsed: 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Dragan and Dianne\Desktop\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
(end)


Thank you.

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 26 January 2012 - 04:30 AM

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 2

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
In your next reply, please include:
  • TDSSKiller log
  • OTL.Txt and Extras.Txt

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 krompir

krompir

    New Member

  • Members
  • Pip
  • 14 posts

Posted 27 January 2012 - 04:46 PM

Following scan with TDSSKiller, there was no option for cure, I selected skip as instructed. I was not able to post everything at once...post too long error.

13:44:16.0573 5872 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
13:44:17.0202 5872 ============================================================
13:44:17.0202 5872 Current date / time: 2012/01/27 13:44:17.0202
13:44:17.0202 5872 SystemInfo:
13:44:17.0202 5872
13:44:17.0202 5872 OS Version: 6.0.6002 ServicePack: 2.0
13:44:17.0202 5872 Product type: Workstation
13:44:17.0202 5872 ComputerName: MOZAK
13:44:17.0203 5872 UserName: Dragan and Dianne
13:44:17.0203 5872 Windows directory: C:\Windows
13:44:17.0203 5872 System windows directory: C:\Windows
13:44:17.0203 5872 Processor architecture: Intel x86
13:44:17.0203 5872 Number of processors: 2
13:44:17.0203 5872 Page size: 0x1000
13:44:17.0203 5872 Boot type: Normal boot
13:44:17.0203 5872 ============================================================
13:44:19.0364 5872 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x64F1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
13:44:19.0438 5872 Initialize success
13:44:35.0872 4884 ============================================================
13:44:35.0872 4884 Scan started
13:44:35.0872 4884 Mode: Manual; SigCheck; TDLFS;
13:44:35.0872 4884 ============================================================
13:44:38.0071 4884 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:44:38.0275 4884 ACPI - ok
13:44:38.0417 4884 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:44:38.0491 4884 adp94xx - ok
13:44:38.0565 4884 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:44:38.0584 4884 adpahci - ok
13:44:38.0667 4884 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:44:38.0682 4884 adpu160m - ok
13:44:38.0807 4884 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:44:38.0823 4884 adpu320 - ok
13:44:39.0023 4884 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:44:39.0075 4884 AFD - ok
13:44:39.0201 4884 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
13:44:39.0216 4884 agp440 - ok
13:44:39.0304 4884 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:44:39.0319 4884 aic78xx - ok
13:44:39.0570 4884 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
13:44:39.0610 4884 aliide - ok
13:44:39.0781 4884 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
13:44:39.0808 4884 amdagp - ok
13:44:39.0882 4884 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
13:44:39.0908 4884 amdide - ok
13:44:39.0974 4884 amdiox86 - ok
13:44:40.0055 4884 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:44:40.0164 4884 AmdK7 - ok
13:44:40.0243 4884 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
13:44:40.0280 4884 AmdK8 - ok
13:44:40.0638 4884 amdkmdag (68d791d78454684340433e52059eb45e) C:\Windows\system32\DRIVERS\atikmdag.sys
13:44:42.0586 4884 amdkmdag - ok
13:44:42.0735 4884 amdkmdap (96cd7053a516c30e61a05df9757da7de) C:\Windows\system32\DRIVERS\atikmpag.sys
13:44:42.0757 4884 amdkmdap - ok
13:44:42.0986 4884 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:44:43.0001 4884 arc - ok
13:44:43.0091 4884 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:44:43.0107 4884 arcsas - ok
13:44:43.0209 4884 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:44:43.0244 4884 AsyncMac - ok
13:44:43.0297 4884 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:44:43.0312 4884 atapi - ok
13:44:43.0437 4884 AtiHDAudioService - ok
13:44:43.0607 4884 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
13:44:43.0786 4884 BCM43XV - ok
13:44:43.0911 4884 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:44:43.0947 4884 Beep - ok
13:44:44.0018 4884 blbdrive - ok
13:44:44.0126 4884 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:44:44.0145 4884 bowser - ok
13:44:44.0225 4884 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:44:44.0256 4884 BrFiltLo - ok
13:44:44.0370 4884 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:44:44.0398 4884 BrFiltUp - ok
13:44:44.0484 4884 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:44:44.0544 4884 Brserid - ok
13:44:44.0872 4884 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:44:44.0938 4884 BrSerWdm - ok
13:44:45.0099 4884 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:44:45.0156 4884 BrUsbMdm - ok
13:44:45.0221 4884 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:44:45.0279 4884 BrUsbSer - ok
13:44:45.0370 4884 BTCFilterService - ok
13:44:45.0501 4884 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:44:45.0599 4884 BTHMODEM - ok
13:44:45.0762 4884 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:44:45.0796 4884 cdfs - ok
13:44:45.0852 4884 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:44:45.0878 4884 cdrom - ok
13:44:45.0988 4884 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:44:46.0047 4884 circlass - ok
13:44:46.0108 4884 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:44:46.0129 4884 CLFS - ok
13:44:46.0344 4884 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
13:44:46.0370 4884 cmdide - ok
13:44:46.0544 4884 cmudaxp (395c5ff5358b1bbe8cabcfce01954922) C:\Windows\system32\drivers\cmudaxp.sys
13:44:47.0002 4884 cmudaxp ( UnsignedFile.Multi.Generic ) - warning
13:44:47.0003 4884 cmudaxp - detected UnsignedFile.Multi.Generic (1)
13:44:47.0127 4884 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
13:44:47.0152 4884 Compbatt - ok
13:44:47.0215 4884 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:44:47.0241 4884 crcdisk - ok
13:44:47.0282 4884 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:44:47.0341 4884 Crusoe - ok
13:44:47.0673 4884 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:44:47.0714 4884 DfsC - ok
13:44:47.0972 4884 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:44:48.0002 4884 disk - ok
13:44:48.0113 4884 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
13:44:48.0184 4884 Dot4 - ok
13:44:48.0247 4884 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:44:48.0283 4884 Dot4Print - ok
13:44:48.0368 4884 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
13:44:48.0399 4884 dot4usb - ok
13:44:48.0547 4884 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:44:48.0571 4884 drmkaud - ok
13:44:48.0709 4884 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:44:48.0843 4884 DXGKrnl - ok
13:44:49.0093 4884 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:44:49.0201 4884 E1G60 - ok
13:44:49.0334 4884 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:44:49.0355 4884 Ecache - ok
13:44:49.0434 4884 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:44:49.0458 4884 elxstor - ok
13:44:49.0614 4884 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:44:49.0637 4884 exfat - ok
13:44:49.0700 4884 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:44:49.0730 4884 fastfat - ok
13:44:49.0835 4884 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
13:44:49.0888 4884 fdc - ok
13:44:50.0361 4884 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:44:50.0391 4884 FileInfo - ok
13:44:50.0494 4884 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:44:50.0560 4884 Filetrace - ok
13:44:50.0773 4884 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
13:44:50.0835 4884 flpydisk - ok
13:44:50.0967 4884 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:44:50.0990 4884 FltMgr - ok
13:44:51.0102 4884 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:44:51.0164 4884 Fs_Rec - ok
13:44:51.0219 4884 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:44:51.0237 4884 gagp30kx - ok
13:44:51.0336 4884 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
13:44:51.0353 4884 GEARAspiWDM - ok
13:44:51.0519 4884 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
13:44:51.0571 4884 HdAudAddService - ok
13:44:51.0699 4884 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:44:51.0830 4884 HDAudBus - ok
13:44:51.0929 4884 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:44:51.0983 4884 HidBth - ok
13:44:52.0217 4884 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:44:52.0277 4884 HidIr - ok
13:44:52.0386 4884 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:44:52.0411 4884 HidUsb - ok
13:44:52.0453 4884 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:44:52.0466 4884 HpCISSs - ok
13:44:52.0617 4884 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
13:44:52.0773 4884 HSF_DP - ok
13:44:53.0004 4884 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
13:44:53.0042 4884 HSXHWBS2 - ok
13:44:53.0116 4884 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:44:53.0205 4884 HTTP - ok
13:44:53.0341 4884 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:44:53.0356 4884 i2omp - ok
13:44:53.0470 4884 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:44:53.0498 4884 i8042prt - ok
13:44:53.0571 4884 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:44:53.0591 4884 iaStorV - ok
13:44:53.0727 4884 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:44:53.0741 4884 iirsp - ok
13:44:54.0202 4884 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
13:44:54.0754 4884 IntcAzAudAddService - ok
13:44:54.0883 4884 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
13:44:54.0898 4884 intelide - ok
13:44:55.0027 4884 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
13:44:55.0087 4884 intelppm - ok
13:44:55.0330 4884 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:44:55.0397 4884 IpFilterDriver - ok
13:44:55.0809 4884 IpInIp - ok
13:44:56.0132 4884 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:44:56.0255 4884 IPMIDRV - ok
13:44:56.0371 4884 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:44:56.0406 4884 IPNAT - ok
13:44:56.0553 4884 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:44:56.0587 4884 IRENUM - ok
13:44:56.0626 4884 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
13:44:56.0641 4884 isapnp - ok
13:44:56.0712 4884 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:44:56.0731 4884 iScsiPrt - ok
13:44:56.0811 4884 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:44:56.0825 4884 iteatapi - ok
13:44:56.0942 4884 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:44:56.0968 4884 iteraid - ok
13:44:57.0028 4884 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:44:57.0057 4884 kbdclass - ok
13:44:57.0227 4884 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:44:57.0282 4884 kbdhid - ok
13:44:57.0467 4884 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
13:44:57.0531 4884 KL1 - ok
13:44:57.0578 4884 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
13:44:57.0594 4884 kl2 - ok
13:44:57.0654 4884 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
13:44:57.0737 4884 KLIF - ok
13:44:57.0912 4884 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
13:44:57.0941 4884 KLIM6 - ok
13:44:58.0018 4884 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
13:44:58.0031 4884 klmouflt - ok
13:44:58.0178 4884 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
13:44:58.0291 4884 KSecDD - ok
13:44:58.0434 4884 L8042Kbd (ac728768de636093b4d5ae6361cfadae) C:\Windows\system32\DRIVERS\L8042Kbd.sys
13:44:58.0459 4884 L8042Kbd - ok
13:44:58.0559 4884 L8042mou (02d869562e114db8867271992408bb2d) C:\Windows\system32\DRIVERS\L8042mou.Sys
13:44:58.0587 4884 L8042mou - ok
13:44:58.0704 4884 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:44:58.0728 4884 LHidFilt - ok
13:44:58.0937 4884 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:44:58.0971 4884 lltdio - ok
13:44:59.0156 4884 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:44:59.0171 4884 LMouFilt - ok
13:44:59.0229 4884 LMouKE (b286865ac2747ee3b5ea78b5231f8c57) C:\Windows\system32\DRIVERS\LMouKE.Sys
13:44:59.0256 4884 LMouKE - ok
13:44:59.0383 4884 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:44:59.0398 4884 LSI_FC - ok
13:44:59.0458 4884 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:44:59.0475 4884 LSI_SAS - ok
13:44:59.0623 4884 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:44:59.0653 4884 LSI_SCSI - ok
13:44:59.0721 4884 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:44:59.0758 4884 luafv - ok
13:44:59.0943 4884 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
13:44:59.0957 4884 MBAMProtector - ok
13:45:00.0150 4884 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:45:00.0183 4884 mdmxsdk - ok
13:45:00.0457 4884 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:45:00.0472 4884 megasas - ok
13:45:00.0563 4884 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:45:00.0596 4884 Modem - ok
13:45:00.0686 4884 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:45:00.0718 4884 monitor - ok
13:45:00.0796 4884 motccgp - ok
13:45:00.0892 4884 motccgpfl - ok
13:45:00.0985 4884 MotioninJoyXFilter (61448ba3cca3063541437694a5527af2) C:\Windows\system32\DRIVERS\MijXfilt.sys
13:45:01.0000 4884 MotioninJoyXFilter - ok
13:45:01.0146 4884 motmodem - ok
13:45:01.0213 4884 MotoSwitchService - ok
13:45:01.0254 4884 Motousbnet - ok
13:45:01.0313 4884 motusbdevice - ok
13:45:01.0353 4884 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:45:01.0369 4884 mouclass - ok
13:45:01.0417 4884 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:45:01.0454 4884 mouhid - ok
13:45:01.0511 4884 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:45:01.0527 4884 MountMgr - ok
13:45:01.0581 4884 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:45:01.0597 4884 mpio - ok
13:45:01.0676 4884 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:45:01.0722 4884 mpsdrv - ok
13:45:01.0793 4884 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:45:01.0807 4884 Mraid35x - ok
13:45:01.0935 4884 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
13:45:01.0942 4884 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
13:45:01.0942 4884 MREMP50 - detected UnsignedFile.Multi.Generic (1)
13:45:01.0952 4884 MREMP50a64 - ok
13:45:01.0962 4884 MREMPR5 - ok
13:45:01.0971 4884 MRENDIS5 - ok
13:45:02.0049 4884 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
13:45:02.0055 4884 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
13:45:02.0056 4884 MRESP50 - detected UnsignedFile.Multi.Generic (1)
13:45:02.0063 4884 MRESP50a64 - ok
13:45:02.0241 4884 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:45:02.0289 4884 MRxDAV - ok
13:45:02.0358 4884 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:45:02.0401 4884 mrxsmb - ok
13:45:02.0501 4884 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:45:02.0547 4884 mrxsmb10 - ok
13:45:02.0654 4884 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:45:02.0692 4884 mrxsmb20 - ok
13:45:02.0734 4884 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
13:45:02.0762 4884 msahci - ok
13:45:02.0895 4884 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:45:02.0912 4884 msdsm - ok
13:45:02.0961 4884 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:45:02.0997 4884 Msfs - ok
13:45:03.0147 4884 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:45:03.0175 4884 msisadrv - ok
13:45:03.0317 4884 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:45:03.0352 4884 MSKSSRV - ok
13:45:03.0419 4884 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:45:03.0455 4884 MSPCLOCK - ok
13:45:03.0498 4884 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:45:03.0533 4884 MSPQM - ok
13:45:03.0718 4884 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:45:03.0754 4884 MsRPC - ok
13:45:03.0838 4884 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:45:03.0853 4884 mssmbios - ok
13:45:03.0943 4884 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:45:03.0978 4884 MSTEE - ok
13:45:04.0030 4884 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:45:04.0048 4884 Mup - ok
13:45:04.0301 4884 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:45:04.0343 4884 NativeWifiP - ok
13:45:04.0461 4884 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:45:04.0540 4884 NDIS - ok
13:45:04.0642 4884 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:45:04.0667 4884 NdisTapi - ok
13:45:04.0792 4884 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:45:04.0830 4884 Ndisuio - ok
13:45:04.0891 4884 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:45:04.0917 4884 NdisWan - ok
13:45:04.0982 4884 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:45:05.0007 4884 NDProxy - ok
13:45:05.0127 4884 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:45:05.0159 4884 NetBIOS - ok
13:45:05.0261 4884 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:45:05.0291 4884 netbt - ok
13:45:05.0399 4884 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:45:05.0477 4884 nfrd960 - ok
13:45:05.0592 4884 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:45:05.0643 4884 Npfs - ok
13:45:05.0724 4884 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:45:05.0756 4884 nsiproxy - ok
13:45:06.0010 4884 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:45:06.0283 4884 Ntfs - ok
13:45:06.0496 4884 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:45:06.0597 4884 ntrigdigi - ok
13:45:06.0699 4884 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:45:06.0730 4884 Null - ok
13:45:06.0811 4884 NVENETFD (74c825c573aa6e115590d94e7bf86901) C:\Windows\system32\DRIVERS\nvmfdx32.sys
13:45:07.0003 4884 NVENETFD - ok
13:45:07.0615 4884 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:45:10.0454 4884 nvlddmkm - ok
13:45:10.0573 4884 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
13:45:10.0587 4884 nvraid - ok
13:45:10.0648 4884 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
13:45:10.0663 4884 nvstor - ok
13:45:10.0733 4884 nvstor32 (019054d997f65358dca63ecae5103f97) C:\Windows\system32\drivers\nvstor32.sys
13:45:10.0748 4884 nvstor32 - ok
13:45:10.0814 4884 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
13:45:10.0831 4884 nv_agp - ok
13:45:10.0867 4884 NwlnkFlt - ok
13:45:10.0930 4884 NwlnkFwd - ok
13:45:11.0012 4884 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
13:45:11.0107 4884 ohci1394 - ok
13:45:11.0162 4884 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:45:11.0220 4884 Parport - ok
13:45:11.0277 4884 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:45:11.0293 4884 partmgr - ok
13:45:11.0329 4884 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:45:11.0388 4884 Parvdm - ok
13:45:11.0811 4884 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:45:11.0829 4884 pci - ok
13:45:12.0276 4884 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:45:12.0306 4884 pciide - ok
13:45:12.0370 4884 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:45:12.0404 4884 pcmcia - ok
13:45:12.0686 4884 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
13:45:12.0721 4884 pcouffin - ok
13:45:12.0847 4884 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:45:13.0044 4884 PEAUTH - ok
13:45:13.0317 4884 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:45:13.0356 4884 PptpMiniport - ok
13:45:13.0416 4884 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:45:13.0481 4884 Processor - ok
13:45:13.0564 4884 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:45:13.0603 4884 PSched - ok
13:45:13.0736 4884 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
13:45:13.0768 4884 PxHelp20 - ok
13:45:13.0926 4884 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:45:14.0213 4884 ql2300 - ok
13:45:14.0316 4884 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:45:14.0330 4884 ql40xx - ok
13:45:14.0402 4884 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:45:14.0421 4884 QWAVEdrv - ok
13:45:14.0468 4884 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:45:14.0500 4884 RasAcd - ok
13:45:14.0580 4884 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:45:14.0614 4884 Rasl2tp - ok
13:45:14.0754 4884 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:45:14.0782 4884 RasPppoe - ok
13:45:14.0849 4884 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:45:14.0869 4884 RasSstp - ok
13:45:14.0957 4884 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:45:14.0988 4884 rdbss - ok
13:45:15.0082 4884 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:45:15.0149 4884 RDPCDD - ok
13:45:15.0234 4884 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
13:45:15.0326 4884 rdpdr - ok
13:45:15.0382 4884 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:45:15.0417 4884 RDPENCDD - ok
13:45:15.0564 4884 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
13:45:15.0594 4884 RDPWD - ok
13:45:15.0757 4884 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:45:15.0793 4884 rspndr - ok
13:45:15.0882 4884 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:45:15.0900 4884 sbp2port - ok
13:45:15.0948 4884 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:45:16.0006 4884 secdrv - ok
13:45:16.0058 4884 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:45:16.0117 4884 Serenum - ok
13:45:16.0187 4884 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:45:16.0240 4884 Serial - ok
13:45:16.0336 4884 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:45:16.0367 4884 sermouse - ok
13:45:16.0575 4884 sfdrv01 (aad95fe3e005489c7156fa111f744eaf) C:\Windows\system32\drivers\sfdrv01.sys
13:45:16.0590 4884 sfdrv01 - ok
13:45:16.0667 4884 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
13:45:16.0726 4884 sffdisk - ok
13:45:16.0786 4884 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
13:45:16.0844 4884 sffp_mmc - ok
13:45:16.0920 4884 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
13:45:16.0980 4884 sffp_sd - ok
13:45:17.0086 4884 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
13:45:17.0111 4884 sfhlp02 - ok
13:45:17.0235 4884 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:45:17.0344 4884 sfloppy - ok
13:45:17.0449 4884 sfvfs02 (197cef62eb4bc043e1578529fa2b9a48) C:\Windows\system32\drivers\sfvfs02.sys
13:45:17.0479 4884 sfvfs02 - ok
13:45:17.0591 4884 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
13:45:17.0620 4884 sisagp - ok
13:45:17.0681 4884 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:45:17.0700 4884 SiSRaid2 - ok
13:45:17.0760 4884 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:45:17.0774 4884 SiSRaid4 - ok
13:45:17.0971 4884 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:45:17.0998 4884 Smb - ok
13:45:18.0069 4884 SndTDriverV32 (63522ddc83bf6fca7f7efa44a140192b) C:\Windows\system32\drivers\SndTDriverV32.sys
13:45:18.0078 4884 SndTDriverV32 ( UnsignedFile.Multi.Generic ) - warning
13:45:18.0078 4884 SndTDriverV32 - detected UnsignedFile.Multi.Generic (1)
13:45:18.0152 4884 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:45:18.0168 4884 spldr - ok
13:45:18.0242 4884 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:45:18.0266 4884 srv - ok
13:45:18.0395 4884 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:45:18.0437 4884 srv2 - ok
13:45:18.0528 4884 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:45:18.0550 4884 srvnet - ok
13:45:18.0603 4884 SSKBFD (8564bc9598be1705477b7fa61d657c2b) C:\Windows\system32\Drivers\sskbfd.sys
13:45:18.0616 4884 SSKBFD - ok
13:45:18.0717 4884 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:45:18.0732 4884 swenum - ok
13:45:18.0892 4884 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:45:18.0919 4884 Symc8xx - ok
13:45:18.0968 4884 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:45:18.0992 4884 Sym_hi - ok
13:45:19.0032 4884 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:45:19.0051 4884 Sym_u3 - ok
13:45:19.0172 4884 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
13:45:19.0367 4884 Tcpip - ok
13:45:19.0735 4884 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
13:45:19.0954 4884 Tcpip6 - ok
13:45:20.0060 4884 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:45:20.0084 4884 tcpipreg - ok
13:45:20.0154 4884 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:45:20.0193 4884 TDPIPE - ok
13:45:20.0290 4884 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:45:20.0363 4884 TDTCP - ok
13:45:20.0469 4884 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:45:20.0502 4884 tdx - ok
13:45:20.0746 4884 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:45:20.0780 4884 TermDD - ok
13:45:20.0880 4884 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:45:20.0921 4884 tssecsrv - ok
13:45:21.0043 4884 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:45:21.0064 4884 tunmp - ok
13:45:21.0155 4884 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:45:21.0175 4884 tunnel - ok
13:45:21.0271 4884 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:45:21.0289 4884 uagp35 - ok
13:45:21.0393 4884 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:45:21.0458 4884 udfs - ok
13:45:21.0596 4884 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
13:45:21.0611 4884 uliagpkx - ok
13:45:21.0707 4884 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:45:21.0726 4884 uliahci - ok
13:45:21.0822 4884 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:45:21.0840 4884 UlSata - ok
13:45:21.0955 4884 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:45:21.0975 4884 ulsata2 - ok
13:45:22.0056 4884 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:45:22.0096 4884 umbus - ok
13:45:22.0438 4884 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:45:22.0476 4884 USBAAPL - ok
13:45:22.0617 4884 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
13:45:22.0644 4884 usbaudio - ok
13:45:22.0725 4884 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:45:22.0751 4884 usbccgp - ok
13:45:22.0799 4884 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:45:22.0855 4884 usbcir - ok
13:45:22.0913 4884 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:45:22.0942 4884 usbehci - ok
13:45:22.0997 4884 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:45:23.0026 4884 usbhub - ok
13:45:23.0149 4884 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
13:45:23.0177 4884 usbohci - ok
13:45:23.0273 4884 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:45:23.0312 4884 usbprint - ok
13:45:23.0468 4884 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:45:23.0498 4884 usbscan - ok
13:45:23.0597 4884 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
13:45:23.0625 4884 usbser - ok
13:45:23.0670 4884 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:45:23.0701 4884 USBSTOR - ok
13:45:23.0765 4884 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
13:45:23.0837 4884 usbuhci - ok
13:45:23.0980 4884 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
13:45:24.0015 4884 usbvideo - ok
13:45:24.0148 4884 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:45:24.0182 4884 vga - ok
13:45:24.0242 4884 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:45:24.0277 4884 VgaSave - ok
13:45:24.0388 4884 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
13:45:24.0405 4884 viaagp - ok
13:45:24.0470 4884 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:45:24.0530 4884 ViaC7 - ok
13:45:24.0585 4884 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
13:45:24.0601 4884 viaide - ok
13:45:24.0713 4884 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:45:24.0744 4884 volmgr - ok
13:45:24.0808 4884 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:45:24.0830 4884 volmgrx - ok
13:45:24.0903 4884 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:45:24.0923 4884 volsnap - ok
13:45:25.0006 4884 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:45:25.0023 4884 vsmraid - ok
13:45:25.0285 4884 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
13:45:25.0612 4884 VST_DPV - ok
13:45:25.0860 4884 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:45:25.0974 4884 WacomPen - ok
13:45:26.0135 4884 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:45:26.0162 4884 Wanarp - ok
13:45:26.0188 4884 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:45:26.0213 4884 Wanarpv6 - ok
13:45:26.0312 4884 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:45:26.0328 4884 Wd - ok
13:45:26.0484 4884 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:45:26.0567 4884 Wdf01000 - ok
13:45:26.0732 4884 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:45:26.0897 4884 winachsf - ok
13:45:27.0060 4884 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
13:45:27.0114 4884 WmiAcpi - ok
13:45:27.0272 4884 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:45:27.0290 4884 WpdUsb - ok
13:45:27.0395 4884 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:45:27.0430 4884 ws2ifsl - ok
13:45:28.0068 4884 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:45:28.0135 4884 WUDFRd - ok
13:45:28.0417 4884 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
13:45:28.0450 4884 XAudio - ok
13:45:28.0540 4884 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
13:45:28.0558 4884 xusb21 - ok
13:45:28.0602 4884 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
13:45:28.0830 4884 \Device\Harddisk0\DR0 - ok
13:45:28.0839 4884 Boot (0x1200) (1aff519d45350696e65237b2211bab63) \Device\Harddisk0\DR0\Partition0
13:45:28.0841 4884 \Device\Harddisk0\DR0\Partition0 - ok
13:45:28.0862 4884 Boot (0x1200) (f5e0e481b11a59be3a697141e73291b7) \Device\Harddisk0\DR0\Partition1
13:45:28.0864 4884 \Device\Harddisk0\DR0\Partition1 - ok
13:45:28.0866 4884 ============================================================
13:45:28.0866 4884 Scan finished
13:45:28.0866 4884 ============================================================
13:45:28.0895 3472 Detected object count: 4
13:45:28.0895 3472 Actual detected object count: 4
13:45:33.0901 3472 cmudaxp ( UnsignedFile.Multi.Generic ) - skipped by user
13:45:33.0901 3472 cmudaxp ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:45:33.0905 3472 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
13:45:33.0905 3472 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:45:33.0908 3472 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
13:45:33.0908 3472 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:45:33.0910 3472 SndTDriverV32 ( UnsignedFile.Multi.Generic ) - skipped by user
13:45:33.0911 3472 SndTDriverV32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:45:37.0838 4444 Deinitialize success

#6 krompir

krompir

    New Member

  • Members
  • Pip
  • 14 posts

Posted 27 January 2012 - 04:47 PM

OTL logfile created on: 1/27/2012 1:20:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dragan and Dianne\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 64.16% Memory free
7.18 Gb Paging File | 5.80 Gb Available in Paging File | 80.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 177.55 Gb Total Space | 60.96 Gb Free Space | 34.33% Space Free | Partition Type: NTFS
Drive D: | 8.76 Gb Total Space | 1.01 Gb Free Space | 11.52% Space Free | Partition Type: NTFS

Computer Name: MOZAK | User Name: Dragan and Dianne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/27 13:19:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dragan and Dianne\Downloads\OTL.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/10/29 16:08:00 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/08/10 11:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/08/08 14:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/28 13:35:52 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/07/28 13:35:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/04/24 22:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/01 22:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/01 22:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/05 00:08:28 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2012/01/05 00:07:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 12:42:13 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/12 12:42:00 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/12 12:40:09 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 12:39:51 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/08/08 14:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/07/28 15:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/07/28 12:52:38 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/24 22:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/24 22:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/24 22:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/24 22:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/24 22:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/24 22:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 18:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/10 11:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/07/28 13:35:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/04/24 22:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2008/05/01 22:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/03/03 20:33:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/18 11:07:22 | 000,184,320 | ---- | M] (SoundMovieServer) [On_Demand | Stopped] -- C:\Windows\System32\snmvtsvc.exe -- (SoundMovieServer)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/28 14:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/07/28 12:53:46 | 000,247,296 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/20 13:50:14 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011/03/10 17:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011/03/04 12:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 12:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2011/01/01 09:12:18 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010/07/10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008/07/09 06:51:43 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/07/09 06:51:43 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/02/28 23:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/28 23:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/01/22 20:54:42 | 001,780,352 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudaxp.sys -- (cmudaxp)
DRV - [2008/01/04 17:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/21 00:10:54 | 000,078,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/09/21 00:10:26 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/09/21 00:10:20 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/07/18 11:17:54 | 000,022,528 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SndTDriverV32.sys -- (SndTDriverV32)
DRV - [2007/05/03 22:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/03/19 05:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/02/08 09:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006/07/05 04:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006/06/14 06:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3530771688-3326990877-449892454-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3530771688-3326990877-449892454-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3530771688-3326990877-449892454-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3530771688-3326990877-449892454-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Dragan and Dianne\AppData\Roaming\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/29 16:08:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011/11/09 12:49:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011/11/09 12:49:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011/11/09 12:49:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/09 14:54:49 | 000,000,000 | ---D | M]

[2012/01/22 14:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/04 16:23:21 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2011/05/04 16:22:54 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA THUNDERBIRD\EXTENSIONS\TALKBACK@MOZILLA.ORG
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/19 15:45:16 | 000,000,761 | RH-- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3530771688-3326990877-449892454-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3530771688-3326990877-449892454-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Cmaudio8788] "RunDll32" cmicnfgp.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [Cmaudio8788Hook] C:\Windows\system\ComHookMonitor.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3530771688-3326990877-449892454-1000..\Run: [doubleTwist] "C:\Program Files\doubleTwist 2.0\doubleTwist.DeviceHelper.exe" File not found
O4 - HKU\S-1-5-21-3530771688-3326990877-449892454-1000..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini File not found
O4 - HKU\S-1-5-21-3530771688-3326990877-449892454-1000..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe File not found
O4 - HKU\S-1-5-21-3530771688-3326990877-449892454-1000..\Run: [Hobbyist Software iTunes Helper] C:\Program Files\Hobbyist Software\iTunes Remote Helper\iTunesRemoteHelper.exe /server File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9381DB96-D8E2-49E2-8B34-D8BCF26C222D}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDAB9E39-E97A-4CB1-AFF7-4448531C2148}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Dragan and Dianne\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dragan and Dianne\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/06 13:09:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{dba729a8-ef8c-11e0-9f57-001bfc082295}\Shell - "" = AutoRun
O33 - MountPoints2\{dba729a8-ef8c-11e0-9f57-001bfc082295}\Shell\AutoRun\command - "" = M:\setup.exe -a
O33 - MountPoints2\{e878b296-35d7-11df-932e-001bfc082295}\Shell\Auto\command - "" = rejoi2301.exe
O33 - MountPoints2\{e878b296-35d7-11df-932e-001bfc082295}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL rejoi2301.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/22 12:12:35 | 000,000,000 | ---D | C] -- C:\Users\Dragan and Dianne\New Folder
[2012/01/22 12:08:08 | 000,000,000 | ---D | C] -- C:\Users\Dragan and Dianne\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/17 18:02:00 | 000,000,000 | ---D | C] -- C:\Users\Dragan and Dianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hardwood Euchre
[2012/01/17 18:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\SilverCreekCommonFiles
[2012/01/17 18:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\Hardwood Euchre
[2012/01/11 08:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Device Agent
[2012/01/11 08:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\TrainingPeaks
[2012/01/09 15:03:20 | 000,000,000 | ---D | C] -- C:\Users\Dragan and Dianne\AppData\Local\DDMSettings
[2012/01/06 14:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/06 14:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/06 14:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2007/08/05 13:55:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Dragan and Dianne\AppData\Roaming\pcouffin.sys
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/27 13:22:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/27 13:07:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/27 13:07:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 13:07:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 13:07:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/22 23:59:06 | 000,001,356 | ---- | M] () -- C:\Users\Dragan and Dianne\AppData\Local\d3d9caps.dat
[2012/01/22 20:22:19 | 000,000,980 | ---- | M] () -- C:\Users\Dragan and Dianne\Desktop\Internet Explorer.lnk
[2012/01/22 13:29:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/01/22 13:22:06 | 000,617,226 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/22 13:22:06 | 000,108,360 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/21 10:54:12 | 000,002,441 | ---- | M] () -- C:\Users\Dragan and Dianne\Desktop\Adobe Acrobat 8 Professional.lnk
[2012/01/17 18:02:00 | 000,000,902 | ---- | M] () -- C:\Users\Dragan and Dianne\Desktop\Play Euchre.lnk
[2012/01/14 09:44:51 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/11 08:00:57 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Device Agent.lnk
[2012/01/10 13:47:04 | 000,151,360 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2012/01/06 14:23:20 | 000,001,701 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/05 18:00:37 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/22 20:22:19 | 000,000,980 | ---- | C] () -- C:\Users\Dragan and Dianne\Desktop\Internet Explorer.lnk
[2012/01/17 18:02:00 | 000,000,902 | ---- | C] () -- C:\Users\Dragan and Dianne\Desktop\Play Euchre.lnk
[2012/01/14 09:44:51 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/14 09:44:51 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/11 08:00:57 | 000,001,978 | ---- | C] () -- C:\Users\Public\Desktop\Device Agent.lnk
[2012/01/06 14:23:20 | 000,001,701 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/05 18:00:37 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/09/13 15:40:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/08 08:51:22 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/08/26 06:34:14 | 000,234,855 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/07/28 16:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/05/04 16:22:33 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/05/04 16:22:33 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/03/17 09:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/03/11 11:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011/03/04 15:18:51 | 000,002,558 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Local\packet
[2011/03/03 10:32:38 | 000,221,554 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\WavePad.dmp
[2010/10/11 14:09:55 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2010/01/24 18:00:46 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/11/27 20:01:46 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/11/13 12:32:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/13 12:32:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/10 08:35:14 | 000,000,760 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\setup_ldm.iss
[2009/09/28 19:45:30 | 000,163,211 | ---- | C] () -- C:\Windows\hpoins37.dat
[2009/09/19 14:20:08 | 000,071,961 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/19 14:11:26 | 000,000,054 | ---- | C] () -- C:\Windows\System32\cmasiop.ini
[2009/09/19 14:09:40 | 000,002,205 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2009/09/19 14:04:04 | 000,071,961 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/08 06:40:39 | 000,000,632 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2009/01/02 15:11:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/10/21 20:22:27 | 000,458,752 | ---- | C] () -- C:\Windows\System32\Cmeauoxy.exe
[2008/10/21 20:22:10 | 000,000,524 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2008/10/21 20:19:30 | 000,004,722 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2008/10/21 20:19:30 | 000,001,704 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2008/08/13 18:44:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/11 10:23:34 | 002,337,865 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2008/03/03 13:58:27 | 000,151,360 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2008/01/30 04:35:30 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/01/30 00:01:35 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/12/16 00:25:17 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2007/12/16 00:25:15 | 000,022,328 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\PnkBstrK.sys
[2007/12/16 00:25:00 | 000,271,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2007/12/16 00:24:47 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2007/12/16 00:24:44 | 000,000,060 | ---- | C] () -- C:\Windows\game.ini
[2007/08/23 19:16:53 | 000,120,832 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2007/08/23 08:53:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2007/08/08 10:12:37 | 000,001,356 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Local\d3d9caps.dat
[2007/08/06 08:44:13 | 000,106,496 | ---- | C] () -- C:\Windows\VMix.dll
[2007/08/05 16:30:58 | 000,015,360 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/05 13:55:05 | 000,087,608 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\inst.exe
[2007/08/05 13:55:05 | 000,007,887 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\pcouffin.cat
[2007/08/05 13:55:05 | 000,001,144 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\pcouffin.inf
[2007/05/06 12:53:31 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/05/06 12:32:44 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/05/06 12:29:51 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/05/06 12:29:51 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 00:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 06:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 06:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,342,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,617,226 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,108,360 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2012/01/22 12:08:08 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/22 14:14:47 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\DC++
[2011/03/03 07:56:09 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\NCH Swift Sound
[2007/08/05 12:42:03 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\Snapfish
[2009/01/02 15:14:20 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\Thunderbird
[2011/06/29 08:06:45 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\Vso
[2007/08/06 13:08:30 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\WinBatch
[2012/01/25 21:32:13 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:D87527570B48DB4F
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E7393FC
< End of report >

#7 krompir

krompir

    New Member

  • Members
  • Pip
  • 14 posts

Posted 27 January 2012 - 04:47 PM

OTL Extras logfile created on: 1/27/2012 1:20:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dragan and Dianne\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 64.16% Memory free
7.18 Gb Paging File | 5.80 Gb Available in Paging File | 80.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 177.55 Gb Total Space | 60.96 Gb Free Space | 34.33% Space Free | Partition Type: NTFS
Drive D: | 8.76 Gb Total Space | 1.01 Gb Free Space | 11.52% Space Free | Partition Type: NTFS

Computer Name: MOZAK | User Name: Dragan and Dianne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3530771688-3326990877-449892454-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07D46977-D101-4C26-961E-E23000AEAC1A}" = rport=138 | protocol=17 | dir=out | app=system |
"{11A9D33E-4913-44E7-B1AA-E2AA05EB1722}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C2F0E9B-0BD6-46B9-A2C3-9559C616D147}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{30E6936D-E701-45A1-BBA6-1858798A34A7}" = lport=139 | protocol=6 | dir=in | app=system |
"{32262C05-78B9-4208-8924-2C306AD7C517}" = rport=445 | protocol=6 | dir=out | app=system |
"{4B4C30A0-11DB-46C5-B94A-AB5C51B78DDE}" = lport=138 | protocol=17 | dir=in | app=system |
"{66413F1C-46A5-4642-8EF3-8B0463994B13}" = rport=139 | protocol=6 | dir=out | app=system |
"{8AE7C899-E76D-4AEC-BE92-1D53426296E7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{977C6217-F6C4-4790-8EB8-16A00D3DC7E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{991AAA24-06A8-4070-95AA-FFB454B5B6A6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9EEE3AE6-9441-4817-8406-11931A63FD35}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B697FD4B-FEF1-4EFE-B7BC-D6E76BCDE3B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{B6BC3236-BB40-4032-B8BF-F20C7337B51D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BB29BB0B-E190-4329-B944-855F47F40688}" = lport=445 | protocol=6 | dir=in | app=system |
"{D4891AA4-908E-492C-8F49-5FA5C44A508E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DE354ACE-D9E1-4210-9AC7-04E064B63B64}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{E433FD76-435D-4C36-8E25-426910EC2398}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EE33B6E2-B4A2-4370-8E92-6FD2E0225C25}" = rport=137 | protocol=17 | dir=out | app=system |
"{F15FA914-80A0-4B4F-8D50-FE225A9232AD}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0422F8AE-1742-469E-A7D6-4DCC3D25A26C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{05B34A40-0F05-4277-8081-CEC852609489}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{098C6F15-262C-4192-A01C-712F9E8334F4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{0A321889-E6AA-49CE-A9A4-70FE8052440F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B3941AD-E6E4-4393-93D0-ABBDACBE3C9E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{1256D27B-F6FD-4C82-842A-19374C88CE72}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1760E8F5-1913-41EC-BF39-250C9A664DE7}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{1B78CB37-35AA-459E-8364-532BAE7F64C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E889A7E-D6A8-4368-B34E-F03308A380F2}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\itunes remote helper\itunesremotehelper.exe |
"{1F9F57F9-71B6-4EA4-A453-B9DADE919E40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{227D3424-CD70-4B33-BFDB-F52363C76C40}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{238226DE-788E-46CC-87BF-D515D5C1E2A9}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{27A47C4E-2EA3-4A6D-A9AB-7D7B40C7FA97}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{28ADB941-822E-4708-9981-3607397C6F7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{351F1021-853E-48FD-9E26-746506C1E141}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{39363043-8BAE-4813-B7E3-243229DA16FA}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{40E838FF-D52C-4FBE-B12D-9D0F77027646}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{43FA509C-785B-4AC7-A5A7-254C803B5304}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{445CA786-E1E6-47EE-8C07-666F14DF95CE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{49005AE5-A213-4E2B-96EF-A26EDDA4E969}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{52EFE1F8-C10D-49E8-9432-674E37A492E3}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\itunes remote helper\itunesremotehelper.exe |
"{5529EE8D-CD3D-415D-B5AB-B4322267E703}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{59F2D171-82AE-4740-AEAE-52B15526DB7B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5A6EA51E-DC71-4032-B9EB-9AD3820D0226}" = protocol=6 | dir=out | app=system |
"{5CE7C62A-F19B-4648-9446-B2796479ECB8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{61792B2F-77E7-4EF0-AFF4-068AA168C878}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{6A68B9C6-9FAB-4665-A30F-A2BB99517F8F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6ECC7211-F42A-4B92-BA16-42B338055A66}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\itunes remote helper\itunesremotehelper.exe |
"{6F086771-0208-4031-8DBF-94FF9C50833C}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{71462991-1A78-4AFF-AF94-AE751C475309}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{770E6D62-A573-412B-886D-532ACFFEA94D}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8336E42D-957B-4F7A-B12C-19F2F5F0A3C5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{87F5221D-FFE4-4308-9761-0EA1A3B20557}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\itunes remote helper\itunesremotehelper.exe |
"{916C4866-8605-4AEA-AD46-7DDB2CA69444}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\itunes remote helper\itunesremotehelper.exe |
"{9190574D-4AD0-43C2-86B8-25CDD08115C6}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{91FD376E-8E90-4A85-B74D-5E3D39723067}" = protocol=6 | dir=in | app=c:\users\dragan and dianne\appdata\local\temp\7zs189e.tmp\symnrt.exe |
"{94E071CA-B1A8-4B58-868A-EA09AF65106E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98A3F528-3D8B-49F2-96A9-40CC7E83F4F4}" = protocol=6 | dir=in | app=c:\users\dragan and dianne\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A1CA3957-1FAD-45C8-9C98-C12D58D95BD8}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A2AC21AA-4143-4206-A9D6-688A9CE2CAAA}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{A2F96933-B659-4388-A1B8-C969B3525651}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{A3ED4352-1B1B-4865-8427-66EA53EECD0D}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{A79BEF92-1488-474F-9C33-35BF6D234815}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{A79C0B29-8A0A-4C6C-8551-F9DBE917FC4B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A7C37BE0-180B-42D8-BD53-F66F30663B21}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{AD36D940-5D06-44DF-B7DF-3C5F23463FEE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{AE2CFB7F-A769-4FA9-B52C-0F2A1D2B5B4E}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{AF3A965C-EC1A-4C73-8E0C-C589F4F972E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{B495F7F9-F3A6-4212-9170-EFE656C50805}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B63C0B7A-0502-470C-A2B1-FD44CCF8AAC2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BFEF0A8A-2AED-4EA0-A6ED-2E30BC50082B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C34236D7-6F1E-4B8A-A989-EB0F57C982E8}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\itunes remote helper\itunesremotehelper.exe |
"{C7ABB510-7496-404F-A534-B939858DA4F8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{D31CE99A-96E0-4D86-88DD-9218A1D50184}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D9523C8A-79B3-49E8-BE20-EE6E7752537A}" = protocol=17 | dir=in | app=c:\users\dragan and dianne\appdata\local\temp\7zs189e.tmp\symnrt.exe |
"{E00A3BA6-DC38-4F80-BE58-839195A8B7BB}" = protocol=17 | dir=in | app=c:\users\dragan and dianne\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{E1B9AE83-D8EA-4F95-95A5-011AA91FEB3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E2AA857C-99D1-4B53-A95B-AD235565D89C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{EA0D206F-66C7-4E8A-8766-B895B4337359}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F608AB89-DD30-4CCA-99A2-4E161D040A7A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F8B4859A-EAD9-45D0-8CBE-5FCD8C7B266F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{FDB3F613-840F-4331-89E5-D40CF9CF9AAF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{4541ABA8-5BB6-4335-B9D9-4EA0E006DBCC}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{808FF08A-B8BE-430A-8D6D-CDA2F42847E9}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{992B071D-1122-42FB-BCE9-65D9F390C05C}C:\program files\attc\mccibrowser.exe" = protocol=6 | dir=in | app=c:\program files\attc\mccibrowser.exe |
"TCP Query User{EA882DAB-5194-4B6C-9F87-B077D9D6D838}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"TCP Query User{EE221E0F-6758-49C7-91A3-AC26D3166E70}C:\users\dragan and dianne\desktop\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\users\dragan and dianne\desktop\pfportchecker\pfportchecker.exe |
"UDP Query User{13828367-106E-4F25-A819-5EDA4BB85837}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{301D8B77-7EA8-4D9A-A0DC-45B0D11E0908}C:\program files\attc\mccibrowser.exe" = protocol=17 | dir=in | app=c:\program files\attc\mccibrowser.exe |
"UDP Query User{6755F7BD-973F-4F19-A113-82DC9445F75E}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{B8305600-BBB1-48F3-A90D-7995A7915957}C:\users\dragan and dianne\desktop\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\users\dragan and dianne\desktop\pfportchecker\pfportchecker.exe |
"UDP Query User{DCEAB8FC-120A-4A41-8F07-E88D8CBB55E1}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBA8A80-0BB2-4A53-0EBD-F01763803252}" = AMD VISION Engine Control Center
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
"{6130D52A-5C06-4b2d-85C6-D40E98134BB5}" = TrainingPeaks Device Agent
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE4B7FA-8626-316B-B483-FCEF49E27430}" = AMD Catalyst Install Manager
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F940D29F-DDAB-390B-1307-B132C693DD39}" = Catalyst Control Center InstallProxy
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"C-Media Oxygen HD Audio Driver" = Bgears
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"DC++" = DC++ 0.782
"DivX Setup" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab 8 Qt_is1" = DVDFab 8.1.0.0 (16/06/2011) Qt
"Google Updater" = Google Updater
"Hardwood Euchre" = Hardwood Euchre
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"RealPlayer 12.0" = RealPlayer
"Rhapsody" = Rhapsody
"SoundTaxi_is1" = SoundTaxi 2.7.2
"SystemRequirementsLab" = System Requirements Lab
"WavePad" = WavePad Sound Editor

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/23/2012 12:44:40 AM | Computer Name = Mozak | Source = EventSystem | ID = 4609
Description =

Error - 1/23/2012 12:55:53 AM | Computer Name = Mozak | Source = EventSystem | ID = 4609
Description =

Error - 1/23/2012 3:53:19 AM | Computer Name = Mozak | Source = EventSystem | ID = 4609
Description =

Error - 1/23/2012 4:31:38 AM | Computer Name = Mozak | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 1/23/2012 4:32:17 AM | Computer Name = Mozak | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 1/23/2012 4:36:02 PM | Computer Name = Mozak | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1570 Start Time: 01ccd9e656b3fd2b Termination Time: 31

Error - 1/23/2012 4:38:33 PM | Computer Name = Mozak | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 116c Start Time: 01ccda0eb1d7df54 Termination Time: 59

Error - 1/23/2012 4:51:44 PM | Computer Name = Mozak | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 14b0 Start Time: 01ccda0eb19b22e6 Termination Time: 125

Error - 1/23/2012 4:56:48 PM | Computer Name = Mozak | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: e6c Start Time: 01ccda11173fb7c1 Termination Time: 1480

Error - 1/23/2012 5:09:17 PM | Computer Name = Mozak | Source = EventSystem | ID = 4609
Description =

[ Media Center Events ]
Error - 8/6/2007 9:48:34 PM | Computer Name = Mozak | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 1/23/2012 6:59:17 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7000
Description =

Error - 1/23/2012 6:59:17 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7026
Description =

Error - 1/23/2012 7:45:02 PM | Computer Name = Mozak | Source = DCOM | ID = 10010
Description =

Error - 1/25/2012 11:07:33 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7000
Description =

Error - 1/25/2012 11:07:33 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7026
Description =

Error - 1/26/2012 1:32:06 AM | Computer Name = Mozak | Source = DCOM | ID = 10010
Description =

Error - 1/27/2012 5:09:13 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7000
Description =

Error - 1/27/2012 5:09:13 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7026
Description =

Error - 1/27/2012 5:09:26 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7009
Description =

Error - 1/27/2012 5:09:26 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7000
Description =


< End of report >


#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 28 January 2012 - 09:53 AM

Step 1

Please uninstall this application: DC++ . Take a look at our rules:
http://forums.malwar...showtopic=97700


Step 2

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{e878b296-35d7-11df-932e-001bfc082295}\Shell\Auto\command - "" = rejoi2301.exe
    [2007/08/05 13:55:05 | 000,087,608 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\inst.exe
    [2007/08/05 13:55:05 | 000,007,887 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\pcouffin.cat
    [2007/08/05 13:55:05 | 000,001,144 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\pcouffin.inf
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log file.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 krompir

krompir

    New Member

  • Members
  • Pip
  • 14 posts

Posted 28 January 2012 - 11:20 AM

DC++ uninstalled.


All processes killed
Error: Unable to interpret <:OTLO33 - MountPoints2\{e878b296-35d7-11df-932e-001bfc082295}\Shell\Auto\command - "" = rejoi2301.exe[2007/08/05 13:55:05 | 000,087,608 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\inst.exe[2007/08/05 13:55:05 | 000,007,887 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\pcouffin.cat[2007/08/05 13:55:05 | 000,001,144 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\pcouffin.inf:Commands[emptytemp]> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 01282012_081107
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

#10 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 28 January 2012 - 11:21 AM

:OTL part of the script was not activated, because there is some mistakes in the log. Everything should be on a new line. Please try again.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#11 krompir

krompir

    New Member

  • Members
  • Pip
  • 14 posts

Posted 28 January 2012 - 11:39 AM

I realized the same after reading the error message. After I ran OTL with commands on a new line, OTL stopped responding, and all the icons desapeared from the desktop. I restarted the computer and this is the message I have now.


Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

#12 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 28 January 2012 - 11:46 AM

Please reboot your PC and let me know.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#13 krompir

krompir

    New Member

  • Members
  • Pip
  • 14 posts

Posted 28 January 2012 - 04:23 PM

Same thing. I ran OTL, it stops working, windows closes program down, icons disappear.

#14 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 29 January 2012 - 05:43 AM

Please follow the instructions here:
http://www.bleepingc...se-combofix#use

Post the log file here.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#15 krompir

krompir

    New Member

  • Members
  • Pip
  • 14 posts

Posted 29 January 2012 - 01:01 PM

Hi Maniac,

I appreaciate your help thus far. I have a question: during the combofix scan, Kaspersky detected a catchme.3xe file associated with combofix. I allowed it to run as this was the only way to continue with the scan and report. What is this file? why does Kasperky think it is malicious? Thank you. Below is the log file.


ComboFix 12-01-29.02 - Dragan and Dianne 01/29/2012 9:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3582.2233 [GMT -8:00]
Running from: c:\users\Dragan and Dianne\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\system32\odbcad32.exe
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 )))))))))))))))))))))))))))))))
.
.
2012-01-29 17:35 . 2012-01-29 17:40 -------- d-----w- c:\users\Dragan and Dianne\AppData\Local\temp
2012-01-29 17:35 . 2012-01-29 17:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-28 16:11 . 2012-01-28 16:11 -------- dc----w- C:\_OTL
2012-01-23 08:34 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11703328-47C3-42A5-8BA6-F3C3D77BEE9B}\mpengine.dll
2012-01-22 20:12 . 2012-01-22 20:12 -------- d-----w- c:\users\Dragan and Dianne\New Folder
2012-01-22 20:08 . 2012-01-22 20:08 -------- d-----w- c:\users\Dragan and Dianne\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-01-18 02:01 . 2012-01-18 02:01 -------- dc----w- c:\program files\SilverCreekCommonFiles
2012-01-18 02:01 . 2012-01-18 02:02 -------- dc----w- c:\program files\Hardwood Euchre
2012-01-13 21:23 . 2009-03-16 22:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2012-01-13 19:01 . 2006-07-28 17:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2012-01-13 19:01 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-01-11 16:00 . 2012-01-11 16:00 -------- dc----w- c:\program files\TrainingPeaks
2012-01-10 18:17 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-10 18:17 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-10 18:17 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-10 18:16 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-10 18:16 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-10 18:16 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-10 18:16 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-10 18:16 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-10 18:15 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-10 18:15 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-10 18:15 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-10 18:15 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-10 18:15 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-10 18:15 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-09 23:03 . 2012-01-09 23:03 -------- d-----w- c:\users\Dragan and Dianne\AppData\Local\DDMSettings
2012-01-06 22:23 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-06 22:23 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-01-06 22:21 . 2012-01-06 22:21 -------- dc----w- c:\program files\iPod
2012-01-06 22:20 . 2012-01-06 22:23 -------- dc----w- c:\program files\iTunes
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 23:24 . 2011-11-01 15:25 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:37 . 2011-12-15 21:52 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 20:31 . 2011-05-13 13:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 22:29 . 2009-10-04 00:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-08 14:42 . 2011-12-15 21:51 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-15 21:58 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-15 21:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 21:58 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-15 21:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-29 336384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"TkBellExe"="c:\program files\Real\realplayer\update\realsched.exe" [2011-10-30 273528]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-18 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-05 14:40]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 23:44]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 23:44]
.
2007-10-04 c:\windows\Tasks\HPCeeScheduleForDragan and Dianne.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-05-06 18:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Hobbyist Software iTunes Helper - c:\program files\Hobbyist Software\iTunes Remote Helper\iTunesRemoteHelper.exe
HKCU-Run-DS3 Tool - c:\program files\MotioninJoy\ds3\DS3_Tool.exe
HKCU-Run-HLBackupScheduler - c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
HKCU-Run-doubleTwist - c:\program files\doubleTwist 2.0\doubleTwist.DeviceHelper.exe
HKLM-Run-Cmaudio8788 - cmicnfgp.cpl
HKLM-Run-Cmaudio8788Hook - c:\windows\system\ComHookMonitor.exe
AddRemove-WavePad - c:\program files\NCH Swift Sound\WavePad\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-29 09:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3530771688-3326990877-449892454-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1a,80,2a,3f,b2,18,39,ac,0e,0b,31,cf,74,0f,18,09,71,d3,10,b1,69,fc,5a,
1f,14,90,61,13,d5,e1,43,6e,54,28,30,d9,93,ba,ec,e1,fe,8c,89,e5,a5,7a,8c,4d,\
"??"=hex:c3,f8,4e,db,37,06,25,96,83,ee,47,db,f5,15,9d,bc
.
[HKEY_USERS\S-1-5-21-3530771688-3326990877-449892454-1000\Software\SecuROM\License information*]
"datasecu"=hex:f4,a8,81,af,b1,bb,a1,aa,84,24,02,a0,8a,0d,95,d2,7c,02,3d,eb,19,
df,5a,3b,01,7e,3d,56,13,6d,a0,9b,e9,d8,ba,d6,27,66,40,a2,09,e0,96,27,53,5a,\
"rkeysecu"=hex:be,d2,1d,1a,38,8a,c3,fb,59,1e,63,4a,25,d2,40,08
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5736)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Motorola\MotoHelper\MotoHelperService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\System32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-01-29 09:55:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-29 17:49
.
Pre-Run: 72,222,957,568 bytes free
Post-Run: 78,248,554,496 bytes free
.
- - End Of File - - 7BE7C94D10E661A0CA4B71B4141DB89E

#16 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 29 January 2012 - 02:03 PM

I have a question: during the combofix scan, Kaspersky detected a catchme.3xe file associated with combofix. I allowed it to run as this was the only way to continue with the scan and report. What is this file? why does Kasperky think it is malicious?


Antivirus companies generally have a problem with tools like ComboFix, because they do not like their approach and consider it dangerous. I can assure you that everything is fine with the tool. Now please:

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version. If you already have difficulty, for your convenience we have video on YouTube, which shows visually how to do that.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Next,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post both of them in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#17 krompir

krompir

    New Member

  • Members
  • Pip
  • 14 posts

Posted 29 January 2012 - 08:20 PM

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.29.02
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Dragan and Dianne :: MOZAK [administrator]
Protection: Enabled
1/29/2012 2:22:49 PM
mbam-log-2012-01-29 (14-22-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 181141
Time elapsed: 5 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

#18 krompir

krompir

    New Member

  • Members
  • Pip
  • 14 posts

Posted 29 January 2012 - 10:45 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=57d7dbe5d19c574d9d993628de74fea5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2012-01-30 03:31:30
# local_time=2012-01-29 07:31:30 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 12532825 12532825 0 0
# compatibility_mode=5892 16776573 100 100 0 164494605 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=172449
# found=0
# cleaned=0
# scan_time=7212

#19 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 30 January 2012 - 03:10 AM

Please perform a full system scan with Kaspersky and let me know how are things now.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#20 krompir

krompir

    New Member

  • Members
  • Pip
  • 14 posts

Posted 30 January 2012 - 04:18 PM

I ran Kaspersky full scan. No threats.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users