Jump to content

krompir

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you again for all you help. I really appreciate it.
  2. Everything seems to be working well. Websites are responsive. Computer is quick. I have not noticed anything strange, and best of all, no flashing warning from Kaspersky.
  3. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=57d7dbe5d19c574d9d993628de74fea5 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=false # utc_time=2012-01-30 03:31:30 # local_time=2012-01-29 07:31:30 (-0800, Pacific Standard Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1280 16777215 100 0 12532825 12532825 0 0 # compatibility_mode=5892 16776573 100 100 0 164494605 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=172449 # found=0 # cleaned=0 # scan_time=7212
  4. Malwarebytes Anti-Malware (PRO) 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.29.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Dragan and Dianne :: MOZAK [administrator] Protection: Enabled 1/29/2012 2:22:49 PM mbam-log-2012-01-29 (14-22-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 181141 Time elapsed: 5 minute(s), 5 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  5. Hi Maniac, I appreaciate your help thus far. I have a question: during the combofix scan, Kaspersky detected a catchme.3xe file associated with combofix. I allowed it to run as this was the only way to continue with the scan and report. What is this file? why does Kasperky think it is malicious? Thank you. Below is the log file. ComboFix 12-01-29.02 - Dragan and Dianne 01/29/2012 9:21.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3582.2233 [GMT -8:00] Running from: c:\users\Dragan and Dianne\Downloads\ComboFix.exe AV: Kaspersky Internet Security *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF} SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ADS - Windows: deleted 24 bytes in 1 streams. . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\windows\system32\odbcad32.exe . Infected copy of c:\windows\system32\userinit.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe . . ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 ))))))))))))))))))))))))))))))) . . 2012-01-29 17:35 . 2012-01-29 17:40 -------- d-----w- c:\users\Dragan and Dianne\AppData\Local\temp 2012-01-29 17:35 . 2012-01-29 17:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-28 16:11 . 2012-01-28 16:11 -------- dc----w- C:\_OTL 2012-01-23 08:34 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11703328-47C3-42A5-8BA6-F3C3D77BEE9B}\mpengine.dll 2012-01-22 20:12 . 2012-01-22 20:12 -------- d-----w- c:\users\Dragan and Dianne\New Folder 2012-01-22 20:08 . 2012-01-22 20:08 -------- d-----w- c:\users\Dragan and Dianne\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2012-01-18 02:01 . 2012-01-18 02:01 -------- dc----w- c:\program files\SilverCreekCommonFiles 2012-01-18 02:01 . 2012-01-18 02:02 -------- dc----w- c:\program files\Hardwood Euchre 2012-01-13 21:23 . 2009-03-16 22:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2012-01-13 19:01 . 2006-07-28 17:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll 2012-01-13 19:01 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2012-01-11 16:00 . 2012-01-11 16:00 -------- dc----w- c:\program files\TrainingPeaks 2012-01-10 18:17 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-01-10 18:17 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll 2012-01-10 18:17 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll 2012-01-10 18:16 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll 2012-01-10 18:16 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll 2012-01-10 18:16 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll 2012-01-10 18:16 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll 2012-01-10 18:16 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll 2012-01-10 18:15 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-01-10 18:15 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-01-10 18:15 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll 2012-01-10 18:15 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-01-10 18:15 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2012-01-10 18:15 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe 2012-01-09 23:03 . 2012-01-09 23:03 -------- d-----w- c:\users\Dragan and Dianne\AppData\Local\DDMSettings 2012-01-06 22:23 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-01-06 22:23 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2012-01-06 22:21 . 2012-01-06 22:21 -------- dc----w- c:\program files\iPod 2012-01-06 22:20 . 2012-01-06 22:23 -------- dc----w- c:\program files\iTunes 2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 23:24 . 2011-11-01 15:25 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-23 13:37 . 2011-12-15 21:52 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-11-16 20:31 . 2011-05-13 13:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-15 22:29 . 2009-10-04 00:58 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-08 14:42 . 2011-12-15 21:51 2048 ----a-w- c:\windows\system32\tzres.dll 2011-11-03 22:47 . 2011-12-15 21:58 1798144 ----a-w- c:\windows\system32\jscript9.dll 2011-11-03 22:40 . 2011-12-15 21:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-03 22:39 . 2011-12-15 21:58 1127424 ----a-w- c:\windows\system32\wininet.dll 2011-11-03 22:31 . 2011-12-15 21:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-29 336384] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "TkBellExe"="c:\program files\Real\realplayer\update\realsched.exe" [2011-10-30 273528] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-18 805392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-01-27 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-05 14:40] . 2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 23:44] . 2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 23:44] . 2007-10-04 c:\windows\Tasks\HPCeeScheduleForDragan and Dianne.job - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-05-06 18:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop uInternet Settings,ProxyOverride = 192.168.*.*;*.local IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Hobbyist Software iTunes Helper - c:\program files\Hobbyist Software\iTunes Remote Helper\iTunesRemoteHelper.exe HKCU-Run-DS3 Tool - c:\program files\MotioninJoy\ds3\DS3_Tool.exe HKCU-Run-HLBackupScheduler - c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe HKCU-Run-doubleTwist - c:\program files\doubleTwist 2.0\doubleTwist.DeviceHelper.exe HKLM-Run-Cmaudio8788 - cmicnfgp.cpl HKLM-Run-Cmaudio8788Hook - c:\windows\system\ComHookMonitor.exe AddRemove-WavePad - c:\program files\NCH Swift Sound\WavePad\uninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-29 09:41 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3530771688-3326990877-449892454-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:1a,80,2a,3f,b2,18,39,ac,0e,0b,31,cf,74,0f,18,09,71,d3,10,b1,69,fc,5a, 1f,14,90,61,13,d5,e1,43,6e,54,28,30,d9,93,ba,ec,e1,fe,8c,89,e5,a5,7a,8c,4d,\ "??"=hex:c3,f8,4e,db,37,06,25,96,83,ee,47,db,f5,15,9d,bc . [HKEY_USERS\S-1-5-21-3530771688-3326990877-449892454-1000\Software\SecuROM\License information*] "datasecu"=hex:f4,a8,81,af,b1,bb,a1,aa,84,24,02,a0,8a,0d,95,d2,7c,02,3d,eb,19, df,5a,3b,01,7e,3d,56,13,6d,a0,9b,e9,d8,ba,d6,27,66,40,a2,09,e0,96,27,53,5a,\ "rkeysecu"=hex:be,d2,1d,1a,38,8a,c3,fb,59,1e,63,4a,25,d2,40,08 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5736) c:\program files\Logitech\SetPoint\GameHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\atiesrxx.exe c:\windows\system32\atieclxx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Motorola\MotoHelper\MotoHelperService.exe c:\windows\system32\DRIVERS\xaudio.exe c:\windows\system32\WUDFHost.exe c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe c:\windows\System32\rundll32.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\ehome\ehmsas.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2012-01-29 09:55:26 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-29 17:49 . Pre-Run: 72,222,957,568 bytes free Post-Run: 78,248,554,496 bytes free . - - End Of File - - 7BE7C94D10E661A0CA4B71B4141DB89E
  6. Same thing. I ran OTL, it stops working, windows closes program down, icons disappear.
  7. I realized the same after reading the error message. After I ran OTL with commands on a new line, OTL stopped responding, and all the icons desapeared from the desktop. I restarted the computer and this is the message I have now. Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  8. DC++ uninstalled. All processes killed Error: Unable to interpret <:OTLO33 - MountPoints2\{e878b296-35d7-11df-932e-001bfc082295}\Shell\Auto\command - "" = rejoi2301.exe[2007/08/05 13:55:05 | 000,087,608 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\inst.exe[2007/08/05 13:55:05 | 000,007,887 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\pcouffin.cat[2007/08/05 13:55:05 | 000,001,144 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\pcouffin.inf:Commands[emptytemp]> in the current context! OTL by OldTimer - Version 3.2.31.0 log created on 01282012_081107 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  9. OTL Extras logfile created on: 1/27/2012 1:20:26 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dragan and Dianne\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.50 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 64.16% Memory free 7.18 Gb Paging File | 5.80 Gb Available in Paging File | 80.84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 177.55 Gb Total Space | 60.96 Gb Free Space | 34.33% Space Free | Partition Type: NTFS Drive D: | 8.76 Gb Total Space | 1.01 Gb Free Space | 11.52% Space Free | Partition Type: NTFS Computer Name: MOZAK | User Name: Dragan and Dianne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3530771688-3326990877-449892454-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07D46977-D101-4C26-961E-E23000AEAC1A}" = rport=138 | protocol=17 | dir=out | app=system | "{11A9D33E-4913-44E7-B1AA-E2AA05EB1722}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1C2F0E9B-0BD6-46B9-A2C3-9559C616D147}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{30E6936D-E701-45A1-BBA6-1858798A34A7}" = lport=139 | protocol=6 | dir=in | app=system | "{32262C05-78B9-4208-8924-2C306AD7C517}" = rport=445 | protocol=6 | dir=out | app=system | "{4B4C30A0-11DB-46C5-B94A-AB5C51B78DDE}" = lport=138 | protocol=17 | dir=in | app=system | "{66413F1C-46A5-4642-8EF3-8B0463994B13}" = rport=139 | protocol=6 | dir=out | app=system | "{8AE7C899-E76D-4AEC-BE92-1D53426296E7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{977C6217-F6C4-4790-8EB8-16A00D3DC7E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{991AAA24-06A8-4070-95AA-FFB454B5B6A6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9EEE3AE6-9441-4817-8406-11931A63FD35}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B697FD4B-FEF1-4EFE-B7BC-D6E76BCDE3B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) | "{B6BC3236-BB40-4032-B8BF-F20C7337B51D}" = lport=10243 | protocol=6 | dir=in | app=system | "{BB29BB0B-E190-4329-B944-855F47F40688}" = lport=445 | protocol=6 | dir=in | app=system | "{D4891AA4-908E-492C-8F49-5FA5C44A508E}" = rport=10243 | protocol=6 | dir=out | app=system | "{DE354ACE-D9E1-4210-9AC7-04E064B63B64}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | "{E433FD76-435D-4C36-8E25-426910EC2398}" = lport=2869 | protocol=6 | dir=in | app=system | "{EE33B6E2-B4A2-4370-8E92-6FD2E0225C25}" = rport=137 | protocol=17 | dir=out | app=system | "{F15FA914-80A0-4B4F-8D50-FE225A9232AD}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0422F8AE-1742-469E-A7D6-4DCC3D25A26C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{05B34A40-0F05-4277-8081-CEC852609489}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "{098C6F15-262C-4192-A01C-712F9E8334F4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{0A321889-E6AA-49CE-A9A4-70FE8052440F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0B3941AD-E6E4-4393-93D0-ABBDACBE3C9E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{1256D27B-F6FD-4C82-842A-19374C88CE72}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{1760E8F5-1913-41EC-BF39-250C9A664DE7}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{1B78CB37-35AA-459E-8364-532BAE7F64C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1E889A7E-D6A8-4368-B34E-F03308A380F2}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\itunes remote helper\itunesremotehelper.exe | "{1F9F57F9-71B6-4EA4-A453-B9DADE919E40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{227D3424-CD70-4B33-BFDB-F52363C76C40}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{238226DE-788E-46CC-87BF-D515D5C1E2A9}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe | "{27A47C4E-2EA3-4A6D-A9AB-7D7B40C7FA97}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{28ADB941-822E-4708-9981-3607397C6F7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{351F1021-853E-48FD-9E26-746506C1E141}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{39363043-8BAE-4813-B7E3-243229DA16FA}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{40E838FF-D52C-4FBE-B12D-9D0F77027646}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{43FA509C-785B-4AC7-A5A7-254C803B5304}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{445CA786-E1E6-47EE-8C07-666F14DF95CE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{49005AE5-A213-4E2B-96EF-A26EDDA4E969}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{52EFE1F8-C10D-49E8-9432-674E37A492E3}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\itunes remote helper\itunesremotehelper.exe | "{5529EE8D-CD3D-415D-B5AB-B4322267E703}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{59F2D171-82AE-4740-AEAE-52B15526DB7B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{5A6EA51E-DC71-4032-B9EB-9AD3820D0226}" = protocol=6 | dir=out | app=system | "{5CE7C62A-F19B-4648-9446-B2796479ECB8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{61792B2F-77E7-4EF0-AFF4-068AA168C878}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) | "{6A68B9C6-9FAB-4665-A30F-A2BB99517F8F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6ECC7211-F42A-4B92-BA16-42B338055A66}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\itunes remote helper\itunesremotehelper.exe | "{6F086771-0208-4031-8DBF-94FF9C50833C}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{71462991-1A78-4AFF-AF94-AE751C475309}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{770E6D62-A573-412B-886D-532ACFFEA94D}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{8336E42D-957B-4F7A-B12C-19F2F5F0A3C5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{87F5221D-FFE4-4308-9761-0EA1A3B20557}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\itunes remote helper\itunesremotehelper.exe | "{916C4866-8605-4AEA-AD46-7DDB2CA69444}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\itunes remote helper\itunesremotehelper.exe | "{9190574D-4AD0-43C2-86B8-25CDD08115C6}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) | "{91FD376E-8E90-4A85-B74D-5E3D39723067}" = protocol=6 | dir=in | app=c:\users\dragan and dianne\appdata\local\temp\7zs189e.tmp\symnrt.exe | "{94E071CA-B1A8-4B58-868A-EA09AF65106E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{98A3F528-3D8B-49F2-96A9-40CC7E83F4F4}" = protocol=6 | dir=in | app=c:\users\dragan and dianne\appdata\local\google\google talk plugin\googletalkplugin.exe | "{A1CA3957-1FAD-45C8-9C98-C12D58D95BD8}" = dir=in | app=c:\program files\itunes\itunes.exe | "{A2AC21AA-4143-4206-A9D6-688A9CE2CAAA}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) | "{A2F96933-B659-4388-A1B8-C969B3525651}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{A3ED4352-1B1B-4865-8427-66EA53EECD0D}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) | "{A79BEF92-1488-474F-9C33-35BF6D234815}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "{A79C0B29-8A0A-4C6C-8551-F9DBE917FC4B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{A7C37BE0-180B-42D8-BD53-F66F30663B21}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{AD36D940-5D06-44DF-B7DF-3C5F23463FEE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{AE2CFB7F-A769-4FA9-B52C-0F2A1D2B5B4E}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe | "{AF3A965C-EC1A-4C73-8E0C-C589F4F972E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{B495F7F9-F3A6-4212-9170-EFE656C50805}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B63C0B7A-0502-470C-A2B1-FD44CCF8AAC2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{BFEF0A8A-2AED-4EA0-A6ED-2E30BC50082B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C34236D7-6F1E-4B8A-A989-EB0F57C982E8}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\itunes remote helper\itunesremotehelper.exe | "{C7ABB510-7496-404F-A534-B939858DA4F8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{D31CE99A-96E0-4D86-88DD-9218A1D50184}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D9523C8A-79B3-49E8-BE20-EE6E7752537A}" = protocol=17 | dir=in | app=c:\users\dragan and dianne\appdata\local\temp\7zs189e.tmp\symnrt.exe | "{E00A3BA6-DC38-4F80-BE58-839195A8B7BB}" = protocol=17 | dir=in | app=c:\users\dragan and dianne\appdata\local\google\google talk plugin\googletalkplugin.exe | "{E1B9AE83-D8EA-4F95-95A5-011AA91FEB3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E2AA857C-99D1-4B53-A95B-AD235565D89C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{EA0D206F-66C7-4E8A-8766-B895B4337359}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{F608AB89-DD30-4CCA-99A2-4E161D040A7A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F8B4859A-EAD9-45D0-8CBE-5FCD8C7B266F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{FDB3F613-840F-4331-89E5-D40CF9CF9AAF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{4541ABA8-5BB6-4335-B9D9-4EA0E006DBCC}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "TCP Query User{808FF08A-B8BE-430A-8D6D-CDA2F42847E9}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "TCP Query User{992B071D-1122-42FB-BCE9-65D9F390C05C}C:\program files\attc\mccibrowser.exe" = protocol=6 | dir=in | app=c:\program files\attc\mccibrowser.exe | "TCP Query User{EA882DAB-5194-4B6C-9F87-B077D9D6D838}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe | "TCP Query User{EE221E0F-6758-49C7-91A3-AC26D3166E70}C:\users\dragan and dianne\desktop\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\users\dragan and dianne\desktop\pfportchecker\pfportchecker.exe | "UDP Query User{13828367-106E-4F25-A819-5EDA4BB85837}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "UDP Query User{301D8B77-7EA8-4D9A-A0DC-45B0D11E0908}C:\program files\attc\mccibrowser.exe" = protocol=17 | dir=in | app=c:\program files\attc\mccibrowser.exe | "UDP Query User{6755F7BD-973F-4F19-A113-82DC9445F75E}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{B8305600-BBB1-48F3-A90D-7995A7915957}C:\users\dragan and dianne\desktop\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\users\dragan and dianne\desktop\pfportchecker\pfportchecker.exe | "UDP Query User{DCEAB8FC-120A-4A41-8F07-E88D8CBB55E1}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0 "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 29 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0 "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012 "{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4FBA8A80-0BB2-4A53-0EBD-F01763803252}" = AMD VISION Engine Control Center "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 "{6130D52A-5C06-4b2d-85C6-D40E98134BB5}" = TrainingPeaks Device Agent "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400 "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9 "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CE4B7FA-8626-316B-B483-FCEF49E27430}" = AMD Catalyst Install Manager "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements "{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2) "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes "{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9 "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F940D29F-DDAB-390B-1307-B132C693DD39}" = Catalyst Control Center InstallProxy "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.0 Professional "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "C-Media Oxygen HD Audio Driver" = Bgears "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP "DC++" = DC++ 0.782 "DivX Setup" = DivX Setup "DVD Decrypter" = DVD Decrypter (Remove Only) "DVDFab 8 Qt_is1" = DVDFab 8.1.0.0 (16/06/2011) Qt "Google Updater" = Google Updater "Hardwood Euchre" = Hardwood Euchre "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator "RealPlayer 12.0" = RealPlayer "Rhapsody" = Rhapsody "SoundTaxi_is1" = SoundTaxi 2.7.2 "SystemRequirementsLab" = System Requirements Lab "WavePad" = WavePad Sound Editor ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 1/23/2012 12:44:40 AM | Computer Name = Mozak | Source = EventSystem | ID = 4609 Description = Error - 1/23/2012 12:55:53 AM | Computer Name = Mozak | Source = EventSystem | ID = 4609 Description = Error - 1/23/2012 3:53:19 AM | Computer Name = Mozak | Source = EventSystem | ID = 4609 Description = Error - 1/23/2012 4:31:38 AM | Computer Name = Mozak | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 1/23/2012 4:32:17 AM | Computer Name = Mozak | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 1/23/2012 4:36:02 PM | Computer Name = Mozak | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1570 Start Time: 01ccd9e656b3fd2b Termination Time: 31 Error - 1/23/2012 4:38:33 PM | Computer Name = Mozak | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 116c Start Time: 01ccda0eb1d7df54 Termination Time: 59 Error - 1/23/2012 4:51:44 PM | Computer Name = Mozak | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 14b0 Start Time: 01ccda0eb19b22e6 Termination Time: 125 Error - 1/23/2012 4:56:48 PM | Computer Name = Mozak | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: e6c Start Time: 01ccda11173fb7c1 Termination Time: 1480 Error - 1/23/2012 5:09:17 PM | Computer Name = Mozak | Source = EventSystem | ID = 4609 Description = [ Media Center Events ] Error - 8/6/2007 9:48:34 PM | Computer Name = Mozak | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. [ System Events ] Error - 1/23/2012 6:59:17 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7000 Description = Error - 1/23/2012 6:59:17 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7026 Description = Error - 1/23/2012 7:45:02 PM | Computer Name = Mozak | Source = DCOM | ID = 10010 Description = Error - 1/25/2012 11:07:33 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7000 Description = Error - 1/25/2012 11:07:33 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7026 Description = Error - 1/26/2012 1:32:06 AM | Computer Name = Mozak | Source = DCOM | ID = 10010 Description = Error - 1/27/2012 5:09:13 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7000 Description = Error - 1/27/2012 5:09:13 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7026 Description = Error - 1/27/2012 5:09:26 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7009 Description = Error - 1/27/2012 5:09:26 PM | Computer Name = Mozak | Source = Service Control Manager | ID = 7000 Description = < End of report >
  10. OTL logfile created on: 1/27/2012 1:20:26 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dragan and Dianne\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.50 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 64.16% Memory free 7.18 Gb Paging File | 5.80 Gb Available in Paging File | 80.84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 177.55 Gb Total Space | 60.96 Gb Free Space | 34.33% Space Free | Partition Type: NTFS Drive D: | 8.76 Gb Total Space | 1.01 Gb Free Space | 11.52% Space Free | Partition Type: NTFS Computer Name: MOZAK | User Name: Dragan and Dianne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/01/27 13:19:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dragan and Dianne\Downloads\OTL.exe PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/10/29 16:08:00 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe PRC - [2011/08/10 11:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe PRC - [2011/08/08 14:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011/07/28 13:35:52 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011/07/28 13:35:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011/04/24 22:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/05/01 22:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe PRC - [2008/05/01 22:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe ========== Modules (No Company Name) ========== MOD - [2012/01/05 00:08:28 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll MOD - [2012/01/05 00:07:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll MOD - [2011/10/12 12:42:13 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll MOD - [2011/10/12 12:42:00 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll MOD - [2011/10/12 12:40:09 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll MOD - [2011/10/12 12:39:51 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2011/08/08 14:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2011/07/28 15:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2011/07/28 12:52:38 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/04/24 22:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll MOD - [2011/04/24 22:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll MOD - [2011/04/24 22:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll MOD - [2011/04/24 22:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll MOD - [2011/04/24 22:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll MOD - [2011/04/24 22:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll MOD - [2011/04/20 18:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ========== Win32 Services (SafeList) ========== SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/08/10 11:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2011/07/28 13:35:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011/04/24 22:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2008/05/01 22:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008/03/03 20:33:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/07/18 11:07:22 | 000,184,320 | ---- | M] (SoundMovieServer) [On_Demand | Stopped] -- C:\Windows\System32\snmvtsvc.exe -- (SoundMovieServer) ========== Driver Services (SafeList) ========== DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/07/28 14:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011/07/28 12:53:46 | 000,247,296 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011/04/20 13:50:14 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2011/03/10 17:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2011/03/04 12:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2011/03/04 12:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1) DRV - [2011/01/01 09:12:18 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV - [2010/07/10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/11/02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2008/07/09 06:51:43 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2008/07/09 06:51:43 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2) DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP) DRV - [2008/02/28 23:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008/02/28 23:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008/01/22 20:54:42 | 001,780,352 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudaxp.sys -- (cmudaxp) DRV - [2008/01/04 17:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD) DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/09/21 00:10:54 | 000,078,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2007/09/21 00:10:26 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2007/09/21 00:10:20 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2007/07/18 11:17:54 | 000,022,528 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SndTDriverV32.sys -- (SndTDriverV32) DRV - [2007/05/03 22:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007/03/19 05:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007/02/08 09:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2006/07/05 04:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2006/06/14 06:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3530771688-3326990877-449892454-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3530771688-3326990877-449892454-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3530771688-3326990877-449892454-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3530771688-3326990877-449892454-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Dragan and Dianne\AppData\Roaming\nprhapengine.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/29 16:08:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011/11/09 12:49:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011/11/09 12:49:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011/11/09 12:49:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/09 14:54:49 | 000,000,000 | ---D | M] [2012/01/22 14:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/05/04 16:23:21 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2011/05/04 16:22:54 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak File not found (No name found) -- C:\PROGRAM FILES\MOZILLA THUNDERBIRD\EXTENSIONS\TALKBACK@MOZILLA.ORG [2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2011/04/19 15:45:16 | 000,000,761 | RH-- | M]) - C:\Windows\System32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-3530771688-3326990877-449892454-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-3530771688-3326990877-449892454-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Cmaudio8788] "RunDll32" cmicnfgp.cpl,CMICtrlWnd File not found O4 - HKLM..\Run: [Cmaudio8788Hook] C:\Windows\system\ComHookMonitor.exe File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3530771688-3326990877-449892454-1000..\Run: [doubleTwist] "C:\Program Files\doubleTwist 2.0\doubleTwist.DeviceHelper.exe" File not found O4 - HKU\S-1-5-21-3530771688-3326990877-449892454-1000..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini File not found O4 - HKU\S-1-5-21-3530771688-3326990877-449892454-1000..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe File not found O4 - HKU\S-1-5-21-3530771688-3326990877-449892454-1000..\Run: [Hobbyist Software iTunes Helper] C:\Program Files\Hobbyist Software\iTunes Remote Helper\iTunesRemoteHelper.exe /server File not found O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9381DB96-D8E2-49E2-8B34-D8BCF26C222D}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDAB9E39-E97A-4CB1-AFF7-4448531C2148}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Users\Dragan and Dianne\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Dragan and Dianne\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/05/06 13:09:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{dba729a8-ef8c-11e0-9f57-001bfc082295}\Shell - "" = AutoRun O33 - MountPoints2\{dba729a8-ef8c-11e0-9f57-001bfc082295}\Shell\AutoRun\command - "" = M:\setup.exe -a O33 - MountPoints2\{e878b296-35d7-11df-932e-001bfc082295}\Shell\Auto\command - "" = rejoi2301.exe O33 - MountPoints2\{e878b296-35d7-11df-932e-001bfc082295}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL rejoi2301.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/01/22 12:12:35 | 000,000,000 | ---D | C] -- C:\Users\Dragan and Dianne\New Folder [2012/01/22 12:08:08 | 000,000,000 | ---D | C] -- C:\Users\Dragan and Dianne\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/01/17 18:02:00 | 000,000,000 | ---D | C] -- C:\Users\Dragan and Dianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hardwood Euchre [2012/01/17 18:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\SilverCreekCommonFiles [2012/01/17 18:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\Hardwood Euchre [2012/01/11 08:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Device Agent [2012/01/11 08:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\TrainingPeaks [2012/01/09 15:03:20 | 000,000,000 | ---D | C] -- C:\Users\Dragan and Dianne\AppData\Local\DDMSettings [2012/01/06 14:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/01/06 14:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/01/06 14:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2007/08/05 13:55:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Dragan and Dianne\AppData\Roaming\pcouffin.sys [7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/01/27 13:22:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/01/27 13:07:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/01/27 13:07:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/27 13:07:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/27 13:07:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/01/22 23:59:06 | 000,001,356 | ---- | M] () -- C:\Users\Dragan and Dianne\AppData\Local\d3d9caps.dat [2012/01/22 20:22:19 | 000,000,980 | ---- | M] () -- C:\Users\Dragan and Dianne\Desktop\Internet Explorer.lnk [2012/01/22 13:29:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012/01/22 13:22:06 | 000,617,226 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/01/22 13:22:06 | 000,108,360 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/01/21 10:54:12 | 000,002,441 | ---- | M] () -- C:\Users\Dragan and Dianne\Desktop\Adobe Acrobat 8 Professional.lnk [2012/01/17 18:02:00 | 000,000,902 | ---- | M] () -- C:\Users\Dragan and Dianne\Desktop\Play Euchre.lnk [2012/01/14 09:44:51 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012/01/11 08:00:57 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Device Agent.lnk [2012/01/10 13:47:04 | 000,151,360 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [2012/01/06 14:23:20 | 000,001,701 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/01/05 18:00:37 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/01/22 20:22:19 | 000,000,980 | ---- | C] () -- C:\Users\Dragan and Dianne\Desktop\Internet Explorer.lnk [2012/01/17 18:02:00 | 000,000,902 | ---- | C] () -- C:\Users\Dragan and Dianne\Desktop\Play Euchre.lnk [2012/01/14 09:44:51 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012/01/14 09:44:51 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012/01/11 08:00:57 | 000,001,978 | ---- | C] () -- C:\Users\Public\Desktop\Device Agent.lnk [2012/01/06 14:23:20 | 000,001,701 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/01/05 18:00:37 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2011/09/13 15:40:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/09/08 08:51:22 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2011/08/26 06:34:14 | 000,234,855 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011/07/28 16:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011/05/04 16:22:33 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2011/05/04 16:22:33 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2011/03/17 09:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011/03/11 11:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2011/03/04 15:18:51 | 000,002,558 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Local\packet [2011/03/03 10:32:38 | 000,221,554 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\WavePad.dmp [2010/10/11 14:09:55 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll [2010/01/24 18:00:46 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2009/11/27 20:01:46 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini [2009/11/13 12:32:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/11/13 12:32:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/11/10 08:35:14 | 000,000,760 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\setup_ldm.iss [2009/09/28 19:45:30 | 000,163,211 | ---- | C] () -- C:\Windows\hpoins37.dat [2009/09/19 14:20:08 | 000,071,961 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/09/19 14:11:26 | 000,000,054 | ---- | C] () -- C:\Windows\System32\cmasiop.ini [2009/09/19 14:09:40 | 000,002,205 | ---- | C] () -- C:\Windows\cmudaxp.ini [2009/09/19 14:04:04 | 000,071,961 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/07/08 06:40:39 | 000,000,632 | ---- | C] () -- C:\Windows\hpomdl37.dat [2009/01/02 15:11:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008/10/21 20:22:27 | 000,458,752 | ---- | C] () -- C:\Windows\System32\Cmeauoxy.exe [2008/10/21 20:22:10 | 000,000,524 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl [2008/10/21 20:19:30 | 000,004,722 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2008/10/21 20:19:30 | 000,001,704 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi [2008/08/13 18:44:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/07/11 10:23:34 | 002,337,865 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2008/03/03 13:58:27 | 000,151,360 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2008/01/30 04:35:30 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008/01/30 00:01:35 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2007/12/16 00:25:17 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2007/12/16 00:25:15 | 000,022,328 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\PnkBstrK.sys [2007/12/16 00:25:00 | 000,271,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2007/12/16 00:24:47 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2007/12/16 00:24:44 | 000,000,060 | ---- | C] () -- C:\Windows\game.ini [2007/08/23 19:16:53 | 000,120,832 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2007/08/23 08:53:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2007/08/08 10:12:37 | 000,001,356 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Local\d3d9caps.dat [2007/08/06 08:44:13 | 000,106,496 | ---- | C] () -- C:\Windows\VMix.dll [2007/08/05 16:30:58 | 000,015,360 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/08/05 13:55:05 | 000,087,608 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\inst.exe [2007/08/05 13:55:05 | 000,007,887 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\pcouffin.cat [2007/08/05 13:55:05 | 000,001,144 | ---- | C] () -- C:\Users\Dragan and Dianne\AppData\Roaming\pcouffin.inf [2007/05/06 12:53:31 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat [2007/05/06 12:32:44 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe [2007/05/06 12:29:51 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll [2007/05/06 12:29:51 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll [2007/03/06 00:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2007/01/12 06:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2007/01/12 06:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 04:47:37 | 000,342,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 02:33:01 | 000,617,226 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 02:33:01 | 000,108,360 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2012/01/22 12:08:08 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/01/22 14:14:47 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\DC++ [2011/03/03 07:56:09 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\NCH Swift Sound [2007/08/05 12:42:03 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\Snapfish [2009/01/02 15:14:20 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\Thunderbird [2011/06/29 08:06:45 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\Vso [2007/08/06 13:08:30 | 000,000,000 | ---D | M] -- C:\Users\Dragan and Dianne\AppData\Roaming\WinBatch [2012/01/25 21:32:13 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:D87527570B48DB4F @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E7393FC < End of report >
  11. Following scan with TDSSKiller, there was no option for cure, I selected skip as instructed. I was not able to post everything at once...post too long error. 13:44:16.0573 5872 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27 13:44:17.0202 5872 ============================================================ 13:44:17.0202 5872 Current date / time: 2012/01/27 13:44:17.0202 13:44:17.0202 5872 SystemInfo: 13:44:17.0202 5872 13:44:17.0202 5872 OS Version: 6.0.6002 ServicePack: 2.0 13:44:17.0202 5872 Product type: Workstation 13:44:17.0202 5872 ComputerName: MOZAK 13:44:17.0203 5872 UserName: Dragan and Dianne 13:44:17.0203 5872 Windows directory: C:\Windows 13:44:17.0203 5872 System windows directory: C:\Windows 13:44:17.0203 5872 Processor architecture: Intel x86 13:44:17.0203 5872 Number of processors: 2 13:44:17.0203 5872 Page size: 0x1000 13:44:17.0203 5872 Boot type: Normal boot 13:44:17.0203 5872 ============================================================ 13:44:19.0364 5872 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x64F1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050 13:44:19.0438 5872 Initialize success 13:44:35.0872 4884 ============================================================ 13:44:35.0872 4884 Scan started 13:44:35.0872 4884 Mode: Manual; SigCheck; TDLFS; 13:44:35.0872 4884 ============================================================ 13:44:38.0071 4884 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 13:44:38.0275 4884 ACPI - ok 13:44:38.0417 4884 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 13:44:38.0491 4884 adp94xx - ok 13:44:38.0565 4884 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 13:44:38.0584 4884 adpahci - ok 13:44:38.0667 4884 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 13:44:38.0682 4884 adpu160m - ok 13:44:38.0807 4884 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 13:44:38.0823 4884 adpu320 - ok 13:44:39.0023 4884 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 13:44:39.0075 4884 AFD - ok 13:44:39.0201 4884 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 13:44:39.0216 4884 agp440 - ok 13:44:39.0304 4884 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 13:44:39.0319 4884 aic78xx - ok 13:44:39.0570 4884 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 13:44:39.0610 4884 aliide - ok 13:44:39.0781 4884 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 13:44:39.0808 4884 amdagp - ok 13:44:39.0882 4884 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 13:44:39.0908 4884 amdide - ok 13:44:39.0974 4884 amdiox86 - ok 13:44:40.0055 4884 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 13:44:40.0164 4884 AmdK7 - ok 13:44:40.0243 4884 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys 13:44:40.0280 4884 AmdK8 - ok 13:44:40.0638 4884 amdkmdag (68d791d78454684340433e52059eb45e) C:\Windows\system32\DRIVERS\atikmdag.sys 13:44:42.0586 4884 amdkmdag - ok 13:44:42.0735 4884 amdkmdap (96cd7053a516c30e61a05df9757da7de) C:\Windows\system32\DRIVERS\atikmpag.sys 13:44:42.0757 4884 amdkmdap - ok 13:44:42.0986 4884 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 13:44:43.0001 4884 arc - ok 13:44:43.0091 4884 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 13:44:43.0107 4884 arcsas - ok 13:44:43.0209 4884 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 13:44:43.0244 4884 AsyncMac - ok 13:44:43.0297 4884 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 13:44:43.0312 4884 atapi - ok 13:44:43.0437 4884 AtiHDAudioService - ok 13:44:43.0607 4884 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys 13:44:43.0786 4884 BCM43XV - ok 13:44:43.0911 4884 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 13:44:43.0947 4884 Beep - ok 13:44:44.0018 4884 blbdrive - ok 13:44:44.0126 4884 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 13:44:44.0145 4884 bowser - ok 13:44:44.0225 4884 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 13:44:44.0256 4884 BrFiltLo - ok 13:44:44.0370 4884 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 13:44:44.0398 4884 BrFiltUp - ok 13:44:44.0484 4884 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 13:44:44.0544 4884 Brserid - ok 13:44:44.0872 4884 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 13:44:44.0938 4884 BrSerWdm - ok 13:44:45.0099 4884 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 13:44:45.0156 4884 BrUsbMdm - ok 13:44:45.0221 4884 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 13:44:45.0279 4884 BrUsbSer - ok 13:44:45.0370 4884 BTCFilterService - ok 13:44:45.0501 4884 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 13:44:45.0599 4884 BTHMODEM - ok 13:44:45.0762 4884 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 13:44:45.0796 4884 cdfs - ok 13:44:45.0852 4884 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 13:44:45.0878 4884 cdrom - ok 13:44:45.0988 4884 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 13:44:46.0047 4884 circlass - ok 13:44:46.0108 4884 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 13:44:46.0129 4884 CLFS - ok 13:44:46.0344 4884 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 13:44:46.0370 4884 cmdide - ok 13:44:46.0544 4884 cmudaxp (395c5ff5358b1bbe8cabcfce01954922) C:\Windows\system32\drivers\cmudaxp.sys 13:44:47.0002 4884 cmudaxp ( UnsignedFile.Multi.Generic ) - warning 13:44:47.0003 4884 cmudaxp - detected UnsignedFile.Multi.Generic (1) 13:44:47.0127 4884 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 13:44:47.0152 4884 Compbatt - ok 13:44:47.0215 4884 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 13:44:47.0241 4884 crcdisk - ok 13:44:47.0282 4884 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 13:44:47.0341 4884 Crusoe - ok 13:44:47.0673 4884 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 13:44:47.0714 4884 DfsC - ok 13:44:47.0972 4884 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 13:44:48.0002 4884 disk - ok 13:44:48.0113 4884 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 13:44:48.0184 4884 Dot4 - ok 13:44:48.0247 4884 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 13:44:48.0283 4884 Dot4Print - ok 13:44:48.0368 4884 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 13:44:48.0399 4884 dot4usb - ok 13:44:48.0547 4884 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 13:44:48.0571 4884 drmkaud - ok 13:44:48.0709 4884 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 13:44:48.0843 4884 DXGKrnl - ok 13:44:49.0093 4884 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 13:44:49.0201 4884 E1G60 - ok 13:44:49.0334 4884 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 13:44:49.0355 4884 Ecache - ok 13:44:49.0434 4884 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 13:44:49.0458 4884 elxstor - ok 13:44:49.0614 4884 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 13:44:49.0637 4884 exfat - ok 13:44:49.0700 4884 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 13:44:49.0730 4884 fastfat - ok 13:44:49.0835 4884 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 13:44:49.0888 4884 fdc - ok 13:44:50.0361 4884 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 13:44:50.0391 4884 FileInfo - ok 13:44:50.0494 4884 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 13:44:50.0560 4884 Filetrace - ok 13:44:50.0773 4884 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 13:44:50.0835 4884 flpydisk - ok 13:44:50.0967 4884 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 13:44:50.0990 4884 FltMgr - ok 13:44:51.0102 4884 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 13:44:51.0164 4884 Fs_Rec - ok 13:44:51.0219 4884 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 13:44:51.0237 4884 gagp30kx - ok 13:44:51.0336 4884 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys 13:44:51.0353 4884 GEARAspiWDM - ok 13:44:51.0519 4884 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 13:44:51.0571 4884 HdAudAddService - ok 13:44:51.0699 4884 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 13:44:51.0830 4884 HDAudBus - ok 13:44:51.0929 4884 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 13:44:51.0983 4884 HidBth - ok 13:44:52.0217 4884 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 13:44:52.0277 4884 HidIr - ok 13:44:52.0386 4884 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 13:44:52.0411 4884 HidUsb - ok 13:44:52.0453 4884 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 13:44:52.0466 4884 HpCISSs - ok 13:44:52.0617 4884 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys 13:44:52.0773 4884 HSF_DP - ok 13:44:53.0004 4884 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys 13:44:53.0042 4884 HSXHWBS2 - ok 13:44:53.0116 4884 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 13:44:53.0205 4884 HTTP - ok 13:44:53.0341 4884 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 13:44:53.0356 4884 i2omp - ok 13:44:53.0470 4884 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 13:44:53.0498 4884 i8042prt - ok 13:44:53.0571 4884 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 13:44:53.0591 4884 iaStorV - ok 13:44:53.0727 4884 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 13:44:53.0741 4884 iirsp - ok 13:44:54.0202 4884 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys 13:44:54.0754 4884 IntcAzAudAddService - ok 13:44:54.0883 4884 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 13:44:54.0898 4884 intelide - ok 13:44:55.0027 4884 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 13:44:55.0087 4884 intelppm - ok 13:44:55.0330 4884 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:44:55.0397 4884 IpFilterDriver - ok 13:44:55.0809 4884 IpInIp - ok 13:44:56.0132 4884 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 13:44:56.0255 4884 IPMIDRV - ok 13:44:56.0371 4884 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 13:44:56.0406 4884 IPNAT - ok 13:44:56.0553 4884 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 13:44:56.0587 4884 IRENUM - ok 13:44:56.0626 4884 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 13:44:56.0641 4884 isapnp - ok 13:44:56.0712 4884 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 13:44:56.0731 4884 iScsiPrt - ok 13:44:56.0811 4884 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 13:44:56.0825 4884 iteatapi - ok 13:44:56.0942 4884 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 13:44:56.0968 4884 iteraid - ok 13:44:57.0028 4884 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 13:44:57.0057 4884 kbdclass - ok 13:44:57.0227 4884 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 13:44:57.0282 4884 kbdhid - ok 13:44:57.0467 4884 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys 13:44:57.0531 4884 KL1 - ok 13:44:57.0578 4884 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys 13:44:57.0594 4884 kl2 - ok 13:44:57.0654 4884 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys 13:44:57.0737 4884 KLIF - ok 13:44:57.0912 4884 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys 13:44:57.0941 4884 KLIM6 - ok 13:44:58.0018 4884 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys 13:44:58.0031 4884 klmouflt - ok 13:44:58.0178 4884 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 13:44:58.0291 4884 KSecDD - ok 13:44:58.0434 4884 L8042Kbd (ac728768de636093b4d5ae6361cfadae) C:\Windows\system32\DRIVERS\L8042Kbd.sys 13:44:58.0459 4884 L8042Kbd - ok 13:44:58.0559 4884 L8042mou (02d869562e114db8867271992408bb2d) C:\Windows\system32\DRIVERS\L8042mou.Sys 13:44:58.0587 4884 L8042mou - ok 13:44:58.0704 4884 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys 13:44:58.0728 4884 LHidFilt - ok 13:44:58.0937 4884 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 13:44:58.0971 4884 lltdio - ok 13:44:59.0156 4884 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys 13:44:59.0171 4884 LMouFilt - ok 13:44:59.0229 4884 LMouKE (b286865ac2747ee3b5ea78b5231f8c57) C:\Windows\system32\DRIVERS\LMouKE.Sys 13:44:59.0256 4884 LMouKE - ok 13:44:59.0383 4884 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 13:44:59.0398 4884 LSI_FC - ok 13:44:59.0458 4884 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 13:44:59.0475 4884 LSI_SAS - ok 13:44:59.0623 4884 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 13:44:59.0653 4884 LSI_SCSI - ok 13:44:59.0721 4884 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 13:44:59.0758 4884 luafv - ok 13:44:59.0943 4884 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys 13:44:59.0957 4884 MBAMProtector - ok 13:45:00.0150 4884 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 13:45:00.0183 4884 mdmxsdk - ok 13:45:00.0457 4884 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 13:45:00.0472 4884 megasas - ok 13:45:00.0563 4884 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 13:45:00.0596 4884 Modem - ok 13:45:00.0686 4884 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 13:45:00.0718 4884 monitor - ok 13:45:00.0796 4884 motccgp - ok 13:45:00.0892 4884 motccgpfl - ok 13:45:00.0985 4884 MotioninJoyXFilter (61448ba3cca3063541437694a5527af2) C:\Windows\system32\DRIVERS\MijXfilt.sys 13:45:01.0000 4884 MotioninJoyXFilter - ok 13:45:01.0146 4884 motmodem - ok 13:45:01.0213 4884 MotoSwitchService - ok 13:45:01.0254 4884 Motousbnet - ok 13:45:01.0313 4884 motusbdevice - ok 13:45:01.0353 4884 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 13:45:01.0369 4884 mouclass - ok 13:45:01.0417 4884 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 13:45:01.0454 4884 mouhid - ok 13:45:01.0511 4884 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 13:45:01.0527 4884 MountMgr - ok 13:45:01.0581 4884 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 13:45:01.0597 4884 mpio - ok 13:45:01.0676 4884 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 13:45:01.0722 4884 mpsdrv - ok 13:45:01.0793 4884 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 13:45:01.0807 4884 Mraid35x - ok 13:45:01.0935 4884 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 13:45:01.0942 4884 MREMP50 ( UnsignedFile.Multi.Generic ) - warning 13:45:01.0942 4884 MREMP50 - detected UnsignedFile.Multi.Generic (1) 13:45:01.0952 4884 MREMP50a64 - ok 13:45:01.0962 4884 MREMPR5 - ok 13:45:01.0971 4884 MRENDIS5 - ok 13:45:02.0049 4884 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 13:45:02.0055 4884 MRESP50 ( UnsignedFile.Multi.Generic ) - warning 13:45:02.0056 4884 MRESP50 - detected UnsignedFile.Multi.Generic (1) 13:45:02.0063 4884 MRESP50a64 - ok 13:45:02.0241 4884 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 13:45:02.0289 4884 MRxDAV - ok 13:45:02.0358 4884 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 13:45:02.0401 4884 mrxsmb - ok 13:45:02.0501 4884 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:45:02.0547 4884 mrxsmb10 - ok 13:45:02.0654 4884 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:45:02.0692 4884 mrxsmb20 - ok 13:45:02.0734 4884 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 13:45:02.0762 4884 msahci - ok 13:45:02.0895 4884 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 13:45:02.0912 4884 msdsm - ok 13:45:02.0961 4884 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 13:45:02.0997 4884 Msfs - ok 13:45:03.0147 4884 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 13:45:03.0175 4884 msisadrv - ok 13:45:03.0317 4884 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 13:45:03.0352 4884 MSKSSRV - ok 13:45:03.0419 4884 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 13:45:03.0455 4884 MSPCLOCK - ok 13:45:03.0498 4884 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 13:45:03.0533 4884 MSPQM - ok 13:45:03.0718 4884 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 13:45:03.0754 4884 MsRPC - ok 13:45:03.0838 4884 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 13:45:03.0853 4884 mssmbios - ok 13:45:03.0943 4884 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 13:45:03.0978 4884 MSTEE - ok 13:45:04.0030 4884 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 13:45:04.0048 4884 Mup - ok 13:45:04.0301 4884 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 13:45:04.0343 4884 NativeWifiP - ok 13:45:04.0461 4884 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 13:45:04.0540 4884 NDIS - ok 13:45:04.0642 4884 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 13:45:04.0667 4884 NdisTapi - ok 13:45:04.0792 4884 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 13:45:04.0830 4884 Ndisuio - ok 13:45:04.0891 4884 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 13:45:04.0917 4884 NdisWan - ok 13:45:04.0982 4884 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 13:45:05.0007 4884 NDProxy - ok 13:45:05.0127 4884 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 13:45:05.0159 4884 NetBIOS - ok 13:45:05.0261 4884 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 13:45:05.0291 4884 netbt - ok 13:45:05.0399 4884 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 13:45:05.0477 4884 nfrd960 - ok 13:45:05.0592 4884 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 13:45:05.0643 4884 Npfs - ok 13:45:05.0724 4884 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 13:45:05.0756 4884 nsiproxy - ok 13:45:06.0010 4884 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 13:45:06.0283 4884 Ntfs - ok 13:45:06.0496 4884 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 13:45:06.0597 4884 ntrigdigi - ok 13:45:06.0699 4884 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 13:45:06.0730 4884 Null - ok 13:45:06.0811 4884 NVENETFD (74c825c573aa6e115590d94e7bf86901) C:\Windows\system32\DRIVERS\nvmfdx32.sys 13:45:07.0003 4884 NVENETFD - ok 13:45:07.0615 4884 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys 13:45:10.0454 4884 nvlddmkm - ok 13:45:10.0573 4884 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 13:45:10.0587 4884 nvraid - ok 13:45:10.0648 4884 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 13:45:10.0663 4884 nvstor - ok 13:45:10.0733 4884 nvstor32 (019054d997f65358dca63ecae5103f97) C:\Windows\system32\drivers\nvstor32.sys 13:45:10.0748 4884 nvstor32 - ok 13:45:10.0814 4884 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 13:45:10.0831 4884 nv_agp - ok 13:45:10.0867 4884 NwlnkFlt - ok 13:45:10.0930 4884 NwlnkFwd - ok 13:45:11.0012 4884 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 13:45:11.0107 4884 ohci1394 - ok 13:45:11.0162 4884 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 13:45:11.0220 4884 Parport - ok 13:45:11.0277 4884 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 13:45:11.0293 4884 partmgr - ok 13:45:11.0329 4884 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 13:45:11.0388 4884 Parvdm - ok 13:45:11.0811 4884 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 13:45:11.0829 4884 pci - ok 13:45:12.0276 4884 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 13:45:12.0306 4884 pciide - ok 13:45:12.0370 4884 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 13:45:12.0404 4884 pcmcia - ok 13:45:12.0686 4884 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys 13:45:12.0721 4884 pcouffin - ok 13:45:12.0847 4884 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 13:45:13.0044 4884 PEAUTH - ok 13:45:13.0317 4884 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 13:45:13.0356 4884 PptpMiniport - ok 13:45:13.0416 4884 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 13:45:13.0481 4884 Processor - ok 13:45:13.0564 4884 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 13:45:13.0603 4884 PSched - ok 13:45:13.0736 4884 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys 13:45:13.0768 4884 PxHelp20 - ok 13:45:13.0926 4884 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 13:45:14.0213 4884 ql2300 - ok 13:45:14.0316 4884 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 13:45:14.0330 4884 ql40xx - ok 13:45:14.0402 4884 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 13:45:14.0421 4884 QWAVEdrv - ok 13:45:14.0468 4884 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 13:45:14.0500 4884 RasAcd - ok 13:45:14.0580 4884 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 13:45:14.0614 4884 Rasl2tp - ok 13:45:14.0754 4884 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 13:45:14.0782 4884 RasPppoe - ok 13:45:14.0849 4884 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 13:45:14.0869 4884 RasSstp - ok 13:45:14.0957 4884 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 13:45:14.0988 4884 rdbss - ok 13:45:15.0082 4884 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 13:45:15.0149 4884 RDPCDD - ok 13:45:15.0234 4884 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 13:45:15.0326 4884 rdpdr - ok 13:45:15.0382 4884 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 13:45:15.0417 4884 RDPENCDD - ok 13:45:15.0564 4884 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 13:45:15.0594 4884 RDPWD - ok 13:45:15.0757 4884 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 13:45:15.0793 4884 rspndr - ok 13:45:15.0882 4884 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 13:45:15.0900 4884 sbp2port - ok 13:45:15.0948 4884 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 13:45:16.0006 4884 secdrv - ok 13:45:16.0058 4884 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 13:45:16.0117 4884 Serenum - ok 13:45:16.0187 4884 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 13:45:16.0240 4884 Serial - ok 13:45:16.0336 4884 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 13:45:16.0367 4884 sermouse - ok 13:45:16.0575 4884 sfdrv01 (aad95fe3e005489c7156fa111f744eaf) C:\Windows\system32\drivers\sfdrv01.sys 13:45:16.0590 4884 sfdrv01 - ok 13:45:16.0667 4884 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 13:45:16.0726 4884 sffdisk - ok 13:45:16.0786 4884 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 13:45:16.0844 4884 sffp_mmc - ok 13:45:16.0920 4884 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 13:45:16.0980 4884 sffp_sd - ok 13:45:17.0086 4884 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys 13:45:17.0111 4884 sfhlp02 - ok 13:45:17.0235 4884 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 13:45:17.0344 4884 sfloppy - ok 13:45:17.0449 4884 sfvfs02 (197cef62eb4bc043e1578529fa2b9a48) C:\Windows\system32\drivers\sfvfs02.sys 13:45:17.0479 4884 sfvfs02 - ok 13:45:17.0591 4884 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 13:45:17.0620 4884 sisagp - ok 13:45:17.0681 4884 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 13:45:17.0700 4884 SiSRaid2 - ok 13:45:17.0760 4884 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 13:45:17.0774 4884 SiSRaid4 - ok 13:45:17.0971 4884 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 13:45:17.0998 4884 Smb - ok 13:45:18.0069 4884 SndTDriverV32 (63522ddc83bf6fca7f7efa44a140192b) C:\Windows\system32\drivers\SndTDriverV32.sys 13:45:18.0078 4884 SndTDriverV32 ( UnsignedFile.Multi.Generic ) - warning 13:45:18.0078 4884 SndTDriverV32 - detected UnsignedFile.Multi.Generic (1) 13:45:18.0152 4884 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 13:45:18.0168 4884 spldr - ok 13:45:18.0242 4884 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 13:45:18.0266 4884 srv - ok 13:45:18.0395 4884 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 13:45:18.0437 4884 srv2 - ok 13:45:18.0528 4884 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 13:45:18.0550 4884 srvnet - ok 13:45:18.0603 4884 SSKBFD (8564bc9598be1705477b7fa61d657c2b) C:\Windows\system32\Drivers\sskbfd.sys 13:45:18.0616 4884 SSKBFD - ok 13:45:18.0717 4884 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 13:45:18.0732 4884 swenum - ok 13:45:18.0892 4884 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 13:45:18.0919 4884 Symc8xx - ok 13:45:18.0968 4884 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 13:45:18.0992 4884 Sym_hi - ok 13:45:19.0032 4884 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 13:45:19.0051 4884 Sym_u3 - ok 13:45:19.0172 4884 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 13:45:19.0367 4884 Tcpip - ok 13:45:19.0735 4884 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 13:45:19.0954 4884 Tcpip6 - ok 13:45:20.0060 4884 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 13:45:20.0084 4884 tcpipreg - ok 13:45:20.0154 4884 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 13:45:20.0193 4884 TDPIPE - ok 13:45:20.0290 4884 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 13:45:20.0363 4884 TDTCP - ok 13:45:20.0469 4884 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 13:45:20.0502 4884 tdx - ok 13:45:20.0746 4884 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 13:45:20.0780 4884 TermDD - ok 13:45:20.0880 4884 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 13:45:20.0921 4884 tssecsrv - ok 13:45:21.0043 4884 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 13:45:21.0064 4884 tunmp - ok 13:45:21.0155 4884 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 13:45:21.0175 4884 tunnel - ok 13:45:21.0271 4884 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 13:45:21.0289 4884 uagp35 - ok 13:45:21.0393 4884 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 13:45:21.0458 4884 udfs - ok 13:45:21.0596 4884 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 13:45:21.0611 4884 uliagpkx - ok 13:45:21.0707 4884 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 13:45:21.0726 4884 uliahci - ok 13:45:21.0822 4884 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 13:45:21.0840 4884 UlSata - ok 13:45:21.0955 4884 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 13:45:21.0975 4884 ulsata2 - ok 13:45:22.0056 4884 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 13:45:22.0096 4884 umbus - ok 13:45:22.0438 4884 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 13:45:22.0476 4884 USBAAPL - ok 13:45:22.0617 4884 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 13:45:22.0644 4884 usbaudio - ok 13:45:22.0725 4884 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 13:45:22.0751 4884 usbccgp - ok 13:45:22.0799 4884 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 13:45:22.0855 4884 usbcir - ok 13:45:22.0913 4884 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 13:45:22.0942 4884 usbehci - ok 13:45:22.0997 4884 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 13:45:23.0026 4884 usbhub - ok 13:45:23.0149 4884 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 13:45:23.0177 4884 usbohci - ok 13:45:23.0273 4884 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 13:45:23.0312 4884 usbprint - ok 13:45:23.0468 4884 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 13:45:23.0498 4884 usbscan - ok 13:45:23.0597 4884 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys 13:45:23.0625 4884 usbser - ok 13:45:23.0670 4884 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:45:23.0701 4884 USBSTOR - ok 13:45:23.0765 4884 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 13:45:23.0837 4884 usbuhci - ok 13:45:23.0980 4884 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 13:45:24.0015 4884 usbvideo - ok 13:45:24.0148 4884 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 13:45:24.0182 4884 vga - ok 13:45:24.0242 4884 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 13:45:24.0277 4884 VgaSave - ok 13:45:24.0388 4884 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 13:45:24.0405 4884 viaagp - ok 13:45:24.0470 4884 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 13:45:24.0530 4884 ViaC7 - ok 13:45:24.0585 4884 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 13:45:24.0601 4884 viaide - ok 13:45:24.0713 4884 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 13:45:24.0744 4884 volmgr - ok 13:45:24.0808 4884 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 13:45:24.0830 4884 volmgrx - ok 13:45:24.0903 4884 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 13:45:24.0923 4884 volsnap - ok 13:45:25.0006 4884 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 13:45:25.0023 4884 vsmraid - ok 13:45:25.0285 4884 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 13:45:25.0612 4884 VST_DPV - ok 13:45:25.0860 4884 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 13:45:25.0974 4884 WacomPen - ok 13:45:26.0135 4884 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 13:45:26.0162 4884 Wanarp - ok 13:45:26.0188 4884 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 13:45:26.0213 4884 Wanarpv6 - ok 13:45:26.0312 4884 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 13:45:26.0328 4884 Wd - ok 13:45:26.0484 4884 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 13:45:26.0567 4884 Wdf01000 - ok 13:45:26.0732 4884 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 13:45:26.0897 4884 winachsf - ok 13:45:27.0060 4884 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 13:45:27.0114 4884 WmiAcpi - ok 13:45:27.0272 4884 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 13:45:27.0290 4884 WpdUsb - ok 13:45:27.0395 4884 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 13:45:27.0430 4884 ws2ifsl - ok 13:45:28.0068 4884 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 13:45:28.0135 4884 WUDFRd - ok 13:45:28.0417 4884 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys 13:45:28.0450 4884 XAudio - ok 13:45:28.0540 4884 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys 13:45:28.0558 4884 xusb21 - ok 13:45:28.0602 4884 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0 13:45:28.0830 4884 \Device\Harddisk0\DR0 - ok 13:45:28.0839 4884 Boot (0x1200) (1aff519d45350696e65237b2211bab63) \Device\Harddisk0\DR0\Partition0 13:45:28.0841 4884 \Device\Harddisk0\DR0\Partition0 - ok 13:45:28.0862 4884 Boot (0x1200) (f5e0e481b11a59be3a697141e73291b7) \Device\Harddisk0\DR0\Partition1 13:45:28.0864 4884 \Device\Harddisk0\DR0\Partition1 - ok 13:45:28.0866 4884 ============================================================ 13:45:28.0866 4884 Scan finished 13:45:28.0866 4884 ============================================================ 13:45:28.0895 3472 Detected object count: 4 13:45:28.0895 3472 Actual detected object count: 4 13:45:33.0901 3472 cmudaxp ( UnsignedFile.Multi.Generic ) - skipped by user 13:45:33.0901 3472 cmudaxp ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:45:33.0905 3472 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user 13:45:33.0905 3472 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:45:33.0908 3472 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user 13:45:33.0908 3472 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:45:33.0910 3472 SndTDriverV32 ( UnsignedFile.Multi.Generic ) - skipped by user 13:45:33.0911 3472 SndTDriverV32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:45:37.0838 4444 Deinitialize success
  12. Thank you for your prompt response. Included is the report from Malwarebytes from today. I also included the reports when Malwarebytes first detected the problem prior to me posting this topic. Although this latest scan is clear, Kaspersky immediately detects the trojan, which is the same that Malwarebytes detected when I first believed that my computer was infected. I should mention that the moment I opended the internet, I was directed to a strange site (this is no longer happening). I have not attempted to remove the trojan through Kaspersky and will not do anything unless you tell me to do so. Malwarebytes Anti-Malware (PRO) 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.22.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Dragan and Dianne :: MOZAK [administrator] Protection: Enabled 1/25/2012 7:08:11 PM mbam-log-2012-01-25 (19-08-11).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 337419 Time elapsed: 1 hour(s), 50 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Malwarebytes Anti-Malware (PRO) 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.22.03 Windows Vista Service Pack 2 x86 NTFS (Safe Mode) Internet Explorer 9.0.8112.16421 Dragan and Dianne :: MOZAK [administrator] Protection: Disabled 1/22/2012 8:50:33 PM mbam-log-2012-01-22 (20-50-33).txt Scan type: Flash scan Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Registry | File System Objects scanned: 125440 Time elapsed: 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Users\Dragan and Dianne\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Users\Dragan and Dianne\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Dragan and Dianne\AppData\Local\dplaysvr.exe (Trojan.QHost.BG) -> Quarantined and deleted successfully. (end) Malwarebytes Anti-Malware (PRO) 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.20.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Dragan and Dianne :: MOZAK [administrator] Protection: Enabled 1/22/2012 1:56:01 PM mbam-log-2012-01-22 (13-56-01).txt Scan type: Custom scan Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Memory | Startup | Registry | Heuristics/Extra Objects scanned: 1 Time elapsed: 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Dragan and Dianne\Desktop\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. (end) Thank you.
  13. I have both Kaspersky Internet Security and MBAM Pro. I scanned the computer with MBAM and it found two items which I removed. However, the computer continued to behave strangely, so I decided to request help. While posting this topic, a warning box from Kaspersky appeared stating that my computer has a virus. I am including the two .txt files from the DDS scan. Thank you in advance for your help. Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.