Inactive Trojan/Virus in shared folders

Status
Not open for further replies.
L

luzterin

Posts: 36   +0
Hello, I have a problem with a strange virus/trojan. It happens on couple of computers. 4 XP machines and 2 2003 servers.
The virus create executable files in shared folders on the computers. I have a symantec endpoint protection. Sometimes it catch the virus, sometimes didn't. The name of the files are the name of the folders + one of this extensions .exe, .pif, .scr, .bat, .shortcut. The size of this files, when the process start are equal, for example 976kb. When norton catch them it appear as trojan.backdoor.
After a few hours of constantly creating this files and norton delete them, this virus stops. The shared folders are empty. It's clean. It is like that.... maybe a day or week.
The virus create the files also in safe mode without network. When the files start to appear again on the same shared location, the size now is different, norton didn't catch this files now.
Are anybody have a experience with such a problem.

Any suggestion ?
 
The last time this problem appear between 09.july to 13 july. This month it start approximately on the same time.
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4420

Windows 5.2.3790 Service Pack 2
Internet Explorer 8.0.6001.18702

12.8.2010 г. 12:22:02
mbam-log-2010-08-12 (12-22-02).txt

Scan type: Quick scan
Objects scanned: 153708
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\FirstRRRun (Bagle.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)



---------------------------------------------------------------------------------------------------------------------------


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-12 15:02:54
Windows 5.2.3790 Service Pack 2
Running: xbjixdjo.exe; Driver: C:\DOCUME~1\prinect\LOCALS~1\Temp\kgtdipog.sys


---- System - GMER 1.0.15 ----

INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) A9A0916D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) A9A08FC2

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload BA3424A8 5 Bytes JMP 8B5FE420
? System32\Drivers\atu7lx76.SYS The system cannot find the path specified. !
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA6F49400, 0x7960C, 0xE8000020]
.protectяяяяhardlockentry point in ".protectяяяяhardlockentry point in ".protectяяяяhardlockentry point in ".p" section [0xA6FEB420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectяяяяhardlockentry point in ".protectяяяяhardlockentry point in ".p" section [0xA6FEB420]
.protectяяяяhardlockunknown last code section [0xA6FEB200, 0x5049, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA6FEB200, 0x5049, 0xE0000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72B0ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72B0C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72B0B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72B172E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72B1604] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72C3A9A] sptd.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1724067100
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1040081959
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0xCA 0x71 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x95 0x20 0xA6 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x67 0xFA 0x5A 0xAC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0xCA 0x71 0x21 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x95 0x20 0xA6 0x9F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x67 0xFA 0x5A 0xAC ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DesktopHeapLogging 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DisableSR 0

---- EOF - GMER 1.0.15 ----


---------------------------------------------------------------------------------------------------------------------------

DDS does not support my operating system 2003 server
 
Ok. Lets try an online scan then.

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
  • You will need to use Internet Explorer to complete this scan.
  • You will need to temporarily Disable your current Anti-virus program.
  • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
  • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

 
I install kasperski 6.0 trial on one of the infected computers. It detect on the shared folders all the created by the virus files 976KB with a HEUR:Trojan.Win32.Generic. It just delete/quarantine the files, but they appear again.

I also try in safe mode - Malwarebytes' Anti-Malware - perform full system scan. Didn't find anything.

At the moment this infection isn't active. Didn't create files, obviously it create files every 15 to 30 minutes.

I start ESET Online Scanner on the 2003 server, the infected one that I post logs earlier.
 
Can I see a logfile of the Eset scan you did?

=========

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Hi there
this is the eset online scanner log:

C:\Documents and Settings\All Users\Application Data\Heidelberg\Licenses\Licenses$.exe
a variant of Win32/AutoRun.Agent.UD worm
C:\Documents and Settings\All Users\Application Data\Heidelberg\Licenses\ColorToolbox_3.0\ColorToolbox_3.0.scr a variant of Win32/AutoRun.Agent.UD worm
C:\Documents and Settings\All Users\Application Data\Heidelberg\Licenses\HighResRenderer\HighResRenderer.exe a variant of Win32/AutoRun.Agent.UD worm
C:\Documents and Settings\All Users\Application Data\Heidelberg\Licenses\LicSN\LicSN.bat a variant of Win32/AutoRun.Agent.UD worm
C:\Documents and Settings\All Users\Application Data\Heidelberg\Licenses\Logs\Logs.exe a variant of Win32/AutoRun.Agent.UD worm
C:\Documents and Settings\All Users\Application Data\Heidelberg\Licenses\MetaDimension\MetaDimension.bat a variant of Win32/AutoRun.Agent.UD worm
C:\Documents and Settings\All Users\Application Data\Heidelberg\Licenses\PDFToolbox\PDFToolbox.exe a variant of Win32/AutoRun.Agent.UD worm
C:\Documents and Settings\All Users\Application Data\Heidelberg\Licenses\Prinect Workflow\Workflow.bat a variant of Win32/AutoRun.Agent.UD worm
C:\Documents and Settings\All Users\Application Data\Heidelberg\Licenses\ProofRenderer\ProofRenderer.exe a variant of Win32/AutoRun.Agent.UD worm
C:\Documents and Settings\All Users\Application Data\Heidelberg\Licenses\Signa_Station-3-0\Signa_Station-3-0.exe a variant of Win32/AutoRun.Agent.UD worm
G:\HF_838\data.tmp\data.tmp.scr a variant of Win32/AutoRun.Agent.UD worm

========================================

this is from OTL:
extras.txt
OTL Extras logfile created on: 13.8.2010 г. 11:27:25 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\prinect\Desktop
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 83,00% Memory free
10,00 Gb Paging File | 6,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): c:\pagefile.sys 6141 12192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 68,47 Gb Free Space | 70,11% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 200,36 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive E: | 250,92 Gb Total Space | 205,96 Gb Free Space | 82,08% Space Free | Partition Type: NTFS
Drive F: | 214,84 Gb Total Space | 214,77 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Drive G: | 298,09 Gb Total Space | 248,05 Gb Free Space | 83,21% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 146,48 Gb Total Space | 131,77 Gb Free Space | 89,96% Space Free | Partition Type: NTFS
Drive X: | 132,40 Gb Total Space | -3,16 Gb Free Space | -2,39% Space Free | Partition Type: NTFS
Drive Y: | 255,34 Gb Total Space | 9,45 Gb Free Space | 3,70% Space Free | Partition Type: NTFS

Computer Name: XEON4
Current User Name: prinect
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"49300:TCP" = 49300:TCP:*:Enabled:JDF Portal Port 49300
"31273:TCP" = 31273:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31273
"31274:TCP" = 31274:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31274
"31275:TCP" = 31275:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31275
"31276:TCP" = 31276:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31276
"31277:TCP" = 31277:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31277
"31278:TCP" = 31278:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31278
"31279:TCP" = 31279:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31279
"31280:TCP" = 31280:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31280
"31281:TCP" = 31281:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31281
"31282:TCP" = 31282:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31282
"31283:TCP" = 31283:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31283
"31284:TCP" = 31284:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31284
"31285:TCP" = 31285:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31285
"31286:TCP" = 31286:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31286
"31287:TCP" = 31287:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31287
"31288:TCP" = 31288:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31288
"31289:TCP" = 31289:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31289
"31290:TCP" = 31290:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31290
"31291:TCP" = 31291:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31291
"31292:TCP" = 31292:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31292
"31293:TCP" = 31293:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31293
"31294:TCP" = 31294:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31294
"31295:TCP" = 31295:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31295
"31296:TCP" = 31296:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31296
"31297:TCP" = 31297:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31297
"31298:TCP" = 31298:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31298
"31299:TCP" = 31299:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31299
"31300:TCP" = 31300:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31300
"31301:TCP" = 31301:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31301
"31302:TCP" = 31302:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31302
"31303:TCP" = 31303:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31303
"31304:TCP" = 31304:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31304
"31305:TCP" = 31305:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31305
"8080:TCP" = 8080:TCP:*:Enabled:Web Interface Port 8080
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
"6401:TCP" = 6401:TCP:*:Enabled:Heidelberg Prinect JDF Connector (6401)
"8888:TCP" = 8888:TCP:*:Enabled:Heidelberg Prinect JDF Connector Service (8888)
"6325:TCP" = 6325:TCP:*:Enabled:Heidelberg Prinect Master Data Service (6325)
"6329:TCP" = 6329:TCP:*:Enabled:Heidelberg Prinect Master Data Service (6329)
"49310:TCP" = 49310:TCP:*:Enabled:JDF Bridge Port 49310
"49311:TCP" = 49311:TCP:*:Enabled:JDF Bridge Port 49311
"49312:TCP" = 49312:TCP:*:Enabled:JDF Bridge Port 49312
"49313:TCP" = 49313:TCP:*:Enabled:JDF Bridge Port 49313
"49314:TCP" = 49314:TCP:*:Enabled:JDF Bridge Port 49314
"49315:TCP" = 49315:TCP:*:Enabled:JDF Bridge Port 49315
"49320:TCP" = 49320:TCP:*:Enabled:pDF-PE JDF Portal Port 49320
"49321:TCP" = 49321:TCP:*:Enabled:pDF-PE JDF Portal Port 49321
"49322:TCP" = 49322:TCP:*:Enabled:pDF-PE JDF Portal Port 49322
"49323:TCP" = 49323:TCP:*:Enabled:pDF-PE JDF Portal Port 49323
"49324:TCP" = 49324:TCP:*:Enabled:pDF-PE JDF Portal Port 49324
"49325:TCP" = 49325:TCP:*:Enabled:pDF-PE JDF Portal Port 49325
"4560:TCP" = 4560:TCP:*:Enabled:MetaDTVService Port 4560
"6351:TCP" = 6351:TCP:*:Enabled:Heidelberg Prinect JDF Connector Service (6351)
"6351:UDP" = 6351:UDP:*:Enabled:Heidelberg Prinect JDF Connector Service (6351)
"8889:TCP" = 8889:TCP:*:Enabled:Heidelberg Prinect JDF Connector Service (8889)
"8889:UDP" = 8889:UDP:*:Enabled:Heidelberg Prinect JDF Connector Service (8889)
"6315:TCP" = 6315:TCP:*:Enabled:Heidelberg Prinect JDF Storage Service (6315)
"6319:TCP" = 6319:TCP:*:Enabled:Heidelberg Prinect JDF Storage Service (6319)
"6335:TCP" = 6335:TCP:*:Enabled:Heidelberg Prinect JMF Message Service (6335)
"6339:TCP" = 6339:TCP:*:Enabled:Heidelberg Prinect JMF Message Service (6339)
"6362:TCP" = 6362:TCP:*:Enabled:Heidelberg Prinect Central Device Manager Service (6362)
"65002:UDP" = 65002:UDP:*:Enabled:Heidelberg Local Information Service Monitor (65002 UDP IN)
"6321:TCP" = 6321:TCP:*:Enabled:Heidelberg Master Data Service (6321 TCP IN)
"5353:UDP" = 5353:UDP:*:Enabled:Heidelberg Master Data Service (5353 UDP IN)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"31273:TCP" = 31273:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31273
"31274:TCP" = 31274:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31274
"31275:TCP" = 31275:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31275
"31276:TCP" = 31276:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31276
"31277:TCP" = 31277:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31277
"31278:TCP" = 31278:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31278
"31279:TCP" = 31279:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31279
"31280:TCP" = 31280:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31280
"31281:TCP" = 31281:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31281
"31282:TCP" = 31282:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31282
"31283:TCP" = 31283:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31283
"31284:TCP" = 31284:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31284
"31285:TCP" = 31285:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31285
"31286:TCP" = 31286:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31286
"31287:TCP" = 31287:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31287
"31288:TCP" = 31288:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31288
"31289:TCP" = 31289:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31289
"31290:TCP" = 31290:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31290
"31291:TCP" = 31291:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31291
"31292:TCP" = 31292:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31292
"31293:TCP" = 31293:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31293
"31294:TCP" = 31294:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31294
"31295:TCP" = 31295:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31295
"31296:TCP" = 31296:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31296
"31297:TCP" = 31297:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31297
"31298:TCP" = 31298:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31298
"31299:TCP" = 31299:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31299
"31300:TCP" = 31300:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31300
"31301:TCP" = 31301:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31301
"31302:TCP" = 31302:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31302
"31303:TCP" = 31303:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31303
"31304:TCP" = 31304:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31304
"31305:TCP" = 31305:TCP:*:Enabled:Heidelberg Prinect MetaDimension MDS Client API Port 31305
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"6401:TCP" = 6401:TCP:*:Enabled:Heidelberg Prinect JDF Connector (6401)
"8888:TCP" = 8888:TCP:*:Enabled:Heidelberg Prinect JDF Connector Service (8888)
"123:UDP" = 123:UDP:*:Enabled:System Time (NTP) Port
"427:UDP" = 427:UDP:*:Enabled:AppleShare IP TCP Port 427
"548:UDP" = 548:UDP:*:Enabled:AppleShare IP TCP Port 548
"520:UDP" = 520:UDP:*:Enabled:Routing Information Protocol (RIP) Port
"6325:TCP" = 6325:TCP:*:Enabled:Heidelberg Prinect Master Data Service (6325)
"6329:TCP" = 6329:TCP:*:Enabled:Heidelberg Prinect Master Data Service (6329)
"6351:TCP" = 6351:TCP:*:Enabled:Heidelberg Prinect JDF Connector Service (6351)
"6351:UDP" = 6351:UDP:*:Enabled:Heidelberg Prinect JDF Connector Service (6351)
"8889:TCP" = 8889:TCP:*:Enabled:Heidelberg Prinect JDF Connector Service (8889)
"8889:UDP" = 8889:UDP:*:Enabled:Heidelberg Prinect JDF Connector Service (8889)
"6315:TCP" = 6315:TCP:*:Enabled:Heidelberg Prinect JDF Storage Service (6315)
"6319:TCP" = 6319:TCP:*:Enabled:Heidelberg Prinect JDF Storage Service (6319)
"6335:TCP" = 6335:TCP:*:Enabled:Heidelberg Prinect JMF Message Service (6335)
"6339:TCP" = 6339:TCP:*:Enabled:Heidelberg Prinect JMF Message Service (6339)
"6362:TCP" = 6362:TCP:*:Enabled:Heidelberg Prinect Central Device Manager Service (6362)
"65002:UDP" = 65002:UDP:*:Enabled:Heidelberg Local Information Service Monitor (65002 UDP IN)
"6321:TCP" = 6321:TCP:*:Enabled:Heidelberg Master Data Service (6321 TCP IN)
"5353:UDP" = 5353:UDP:*:Enabled:Heidelberg Master Data Service (5353 UDP IN)

========== Authorized Applications List ==========
 
Sorry, but you will need to post the logs here.
You can either break up the log into separate posts, or attach them instead.
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Heidelberg\MetaDimension\jre\bin\java_locator.exe" = C:\Program Files\Heidelberg\MetaDimension\jre\bin\java_locator.exe:*:Enabled:Heidelberg Prinect MetaDimension Java Locator -- File not found
"C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\Sequencer.exe" = C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\Sequencer.exe:*:Enabled:Heidelberg Prinect MetaDimension Sequencer -- File not found
"C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\UIServer.exe" = C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\UIServer.exe:*:Enabled:Heidelberg Prinect MetaDimension UIServer -- File not found
"C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\UserUIServer.exe" = C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\UserUIServer.exe:*:Enabled:Heidelberg Prinect MetaDimension UserUIServer -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\PTSupport\AdminService\AdminService.exe" = C:\Program Files\Heidelberg\Prinect Workflow\PTSupport\AdminService\AdminService.exe:*:Enabled:prinect Workflow Adminservice -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\CockpitServer\Cockpitserver.exe" = C:\Program Files\Heidelberg\Prinect Workflow\CockpitServer\Cockpitserver.exe:*:Enabled:prinect Workflow CockpitServer -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\CEPSConverter\HDMCEPSConverter.exe" = C:\Program Files\Heidelberg\Prinect Workflow\CEPSConverter\HDMCEPSConverter.exe:*:Enabled:prinect Workflow CEPSConverter -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\ColorTableSyncService\ColorTableSyncService.exe" = C:\Program Files\Heidelberg\Prinect Workflow\ColorTableSyncService\ColorTableSyncService.exe:*:Enabled:prinect Workflow ColorTableSyncService -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\ContentHotfolder\HDMContentHotFolder.exe" = C:\Program Files\Heidelberg\Prinect Workflow\ContentHotfolder\HDMContentHotFolder.exe:*:Enabled:prinect Workflow ContentHotfolder -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\CopydotConverter\HDMCopydotConverter.exe" = C:\Program Files\Heidelberg\Prinect Workflow\CopydotConverter\HDMCopydotConverter.exe:*:Enabled:prinect Workflow CopydotConverter -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\DocumentHandler\HDMPDFDocumentHandler.exe" = C:\Program Files\Heidelberg\Prinect Workflow\DocumentHandler\HDMPDFDocumentHandler.exe:*:Enabled:prinect Workflow DocumentHandler -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\ImageHandler\HDMPDFImageHandler.exe" = C:\Program Files\Heidelberg\Prinect Workflow\ImageHandler\HDMPDFImageHandler.exe:*:Enabled:prinect Workflow ImageHandler -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\Imposer\HDMPDFImposer.exe" = C:\Program Files\Heidelberg\Prinect Workflow\Imposer\HDMPDFImposer.exe:*:Enabled:prinect Workflow Imposer -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\JobImExporter\HDMJobImportExport.exe" = C:\Program Files\Heidelberg\Prinect Workflow\JobImExporter\HDMJobImportExport.exe:*:Enabled:prinect Workflow JobImExporter -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\Messenger\HDMMessenger.exe" = C:\Program Files\Heidelberg\Prinect Workflow\Messenger\HDMMessenger.exe:*:Enabled:prinect Workflow Messenger -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\Normalizer\HDMNormalizer.exe" = C:\Program Files\Heidelberg\Prinect Workflow\Normalizer\HDMNormalizer.exe:*:Enabled:prinect Workflow Normalizer -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\PageOutput\HDMPageOutput.exe" = C:\Program Files\Heidelberg\Prinect Workflow\PageOutput\HDMPageOutput.exe:*:Enabled:prinect Workflow PageOutput -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\Preflighter\HDMPreflight.exe" = C:\Program Files\Heidelberg\Prinect Workflow\Preflighter\HDMPreflight.exe:*:Enabled:prinect Workflow Preflighter -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\Recombiner\HDMPDFRecombiner.exe" = C:\Program Files\Heidelberg\Prinect Workflow\Recombiner\HDMPDFRecombiner.exe:*:Enabled:prinect Workflow Recombiner -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\ResponseHandler\HDMResponseHandler.exe" = C:\Program Files\Heidelberg\Prinect Workflow\ResponseHandler\HDMResponseHandler.exe:*:Enabled:prinect Workflow ResponseHandler -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\SheetOutput\HDMSheetOutput.exe" = C:\Program Files\Heidelberg\Prinect Workflow\SheetOutput\HDMSheetOutput.exe:*:Enabled:prinect Workflow SheetOutput -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\Trapper\HDMTrapper.exe" = C:\Program Files\Heidelberg\Prinect Workflow\Trapper\HDMTrapper.exe:*:Enabled:prinect Workflow Trapper -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\Workplace Interface\Workplace Interface.exe" = C:\Program Files\Heidelberg\Prinect Workflow\Workplace Interface\Workplace Interface.exe:*:Enabled:prinect Workflow Workplace Interface -- File not found
"C:\PTConfig\JoinPrintready\JoinPrintready.exe" = C:\PTConfig\JoinPrintready\JoinPrintready.exe:*:Enabled:prinect Workflow JoinPrintready -- File not found
"C:\Program Files\Heidelberg\MetaDimension\HTTPServer\Apache\bin\Apache.exe" = C:\Program Files\Heidelberg\MetaDimension\HTTPServer\Apache\bin\Apache.exe:*:Enabled:Apache -- (Apache Software Foundation)
"C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDEmailJ.exe" = C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDEmailJ.exe:*:Enabled:HDEMailJ -- (Heidelberger Druckmaschinen AG)
"C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDLocatorJ.exe" = C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDLocatorJ.exe:*:Enabled:HDLocatorJ -- (Heidelberger Druckmaschinen AG)
"C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDTomcatJ.exe" = C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDTomcatJ.exe:*:Enabled:HDTomcatJ -- (Heidelberger Druckmaschinen AG)
"C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDServiceControl.exe" = C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDServiceControl.exe:*:Enabled:HDServiceControl -- (Heidelberger Druckmaschinen AG)
"C:\Program Files\Heidelberg\MetaDimension\UI\HDPrintManager.exe" = C:\Program Files\Heidelberg\MetaDimension\UI\HDPrintManager.exe:*:Enabled:HDPrintManager -- (Heidelberger Druckmaschinen AG)
"C:\Program Files\Heidelberg\MetaDimension\UI\HDPrintManagerW.exe" = C:\Program Files\Heidelberg\MetaDimension\UI\HDPrintManagerW.exe:*:Enabled:HDPrintManagerW -- (Heidelberger Druckmaschinen AG)
"C:\Program Files\Heidelberg\MetaDimension\UI\bin\jstarter.exe" = C:\Program Files\Heidelberg\MetaDimension\UI\bin\jstarter.exe:*:Enabled:jstarter -- ()
"C:\Program Files\Heidelberg\MetaDimension\jre\bin\java.exe" = C:\Program Files\Heidelberg\MetaDimension\jre\bin\java.exe:*:Enabled:Java -- (Sun Microsystems, Inc.)
"C:\Program Files\Heidelberg\MetaDimension\jre\bin\javaw.exe" = C:\Program Files\Heidelberg\MetaDimension\jre\bin\javaw.exe:*:Enabled:JavaW -- (Sun Microsystems, Inc.)
"C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDNamingService.exe" = C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDNamingService.exe:*:Enabled:HDNamingService -- File not found
"C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\MCSSRV.exe" = C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\MCSSRV.exe:*:Enabled:MCSSRV -- File not found
"C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDSequencer.exe" = C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDSequencer.exe:*:Enabled:HDSequencer -- (Heidelberger Druckmaschinen AG)
"C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDUIServer.exe" = C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDUIServer.exe:*:Enabled:HDUIServer -- (Heidelberger Druckmaschinen AG)
"C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDUserUIServer.exe" = C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDUserUIServer.exe:*:Enabled:HDUserUIServer -- (Heidelberger Druckmaschinen AG)
"C:\Program Files\Heidelberg\MetaDimension\UI\HDSave.exe" = C:\Program Files\Heidelberg\MetaDimension\UI\HDSave.exe:*:Enabled:Save -- (Heidelberger Druckmaschinen AG)
"C:\Program Files\Heidelberg\MetaDimension\UI\HDSaveW.exe" = C:\Program Files\Heidelberg\MetaDimension\UI\HDSaveW.exe:*:Enabled:SaveW -- (Heidelberger Druckmaschinen AG)
"C:\Program Files\Heidelberg\MetaDimension\UI\HDRestore.exe" = C:\Program Files\Heidelberg\MetaDimension\UI\HDRestore.exe:*:Enabled:HDRestore -- (Heidelberger Druckmaschinen AG)
"C:\Program Files\Heidelberg\MetaDimension\UI\HDRestoreW.exe" = C:\Program Files\Heidelberg\MetaDimension\UI\HDRestoreW.exe:*:Enabled:HDRestoreW -- (Heidelberger Druckmaschinen AG)
"C:\Program Files\Heidelberg\MetaDimension\ProofOpen\exe\HDProofServer.exe" = C:\Program Files\Heidelberg\MetaDimension\ProofOpen\exe\HDProofServer.exe:*:Enabled:ConceptProof HDProofServer -- (Heidelberger Druckmaschinen AG)
"C:\Program Files\Heidelberg\MetaDimension\ProofOpen\exe\ProofEngMgrW.exe" = C:\Program Files\Heidelberg\MetaDimension\ProofOpen\exe\ProofEngMgrW.exe:*:Enabled:ConceptProof ProofEngMgrW -- (Heidelberger Druckmaschinen AG)
"C:\Program Files\Heidelberg\MetaDimension\Color Proof Pro\Client\ColorProofPro.exe" = C:\Program Files\Heidelberg\MetaDimension\Color Proof Pro\Client\ColorProofPro.exe:*:Enabled:Color Proof Pro -- (EFI, Electronics for Imaging)
"C:\Program Files\Heidelberg\MetaDimension\Color Proof Pro\Client\ColorProofPro_Settings.exe" = C:\Program Files\Heidelberg\MetaDimension\Color Proof Pro\Client\ColorProofPro_Settings.exe:*:Enabled:Color Proof Pro Settings -- (EFI, Electronics for Imaging)
"C:\Program Files\Heidelberg\MetaDimension\Color Proof Pro\Server\EPLView.exe" = C:\Program Files\Heidelberg\MetaDimension\Color Proof Pro\Server\EPLView.exe:*:Enabled:EPLView -- (EFI)
"C:\Program Files\Heidelberg\MetaDimension\Tiff-B Export\HDTiffBW.exe" = C:\Program Files\Heidelberg\MetaDimension\Tiff-B Export\HDTiffBW.exe:*:Enabled:HDTiffBW -- (Heidelberger Druckmaschinen AG)
"C:\Program Files\Heidelberg\Prinect Workflow\PTSupport\PrinectService\HDPrinectService.exe" = C:\Program Files\Heidelberg\Prinect Workflow\PTSupport\PrinectService\HDPrinectService.exe:*:Enabled:prinect Workflow Administration Service -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\CockpitServer\HDCockpitserver.exe" = C:\Program Files\Heidelberg\Prinect Workflow\CockpitServer\HDCockpitserver.exe:*:Enabled:prinect Workflow CockpitServer -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\CEPSConverter\HDCEPSConverter.exe" = C:\Program Files\Heidelberg\Prinect Workflow\CEPSConverter\HDCEPSConverter.exe:*:Enabled:prinect Workflow CEPSConverter -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\ColorCarver\HDColorCarver.exe" = C:\Program Files\Heidelberg\Prinect Workflow\ColorCarver\HDColorCarver.exe:*:Enabled:prinect Workflow ColorCarver -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\ContentHotfolder\HDContentHotfolder.exe" = C:\Program Files\Heidelberg\Prinect Workflow\ContentHotfolder\HDContentHotfolder.exe:*:Enabled:prinect Workflow ContentHotfolder -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\CopydotConverter\HDCopydotConverter.exe" = C:\Program Files\Heidelberg\Prinect Workflow\CopydotConverter\HDCopydotConverter.exe:*:Enabled:prinect Workflow CopydotConverter -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\DocumentHandler\HDPDFDocumentHandler.exe" = C:\Program Files\Heidelberg\Prinect Workflow\DocumentHandler\HDPDFDocumentHandler.exe:*:Enabled:prinect Workflow DocumentHandler -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\ImageHandler\HDPDFImageHandler.exe" = C:\Program Files\Heidelberg\Prinect Workflow\ImageHandler\HDPDFImageHandler.exe:*:Enabled:prinect Workflow ImageHandler -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\Imposer\HDPDFImposer.exe" = C:\Program Files\Heidelberg\Prinect Workflow\Imposer\HDPDFImposer.exe:*:Enabled:prinect Workflow Imposer -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\JobImExporter\HDJobImportExport.exe" = C:\Program Files\Heidelberg\Prinect Workflow\JobImExporter\HDJobImportExport.exe:*:Enabled:prinect Workflow JobImExporter -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\Messenger\HDMessenger.exe" = C:\Program Files\Heidelberg\Prinect Workflow\Messenger\HDMessenger.exe:*:Enabled:prinect Workflow Messenger -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\Normalizer\HDNormalizer.exe" = C:\Program Files\Heidelberg\Prinect Workflow\Normalizer\HDNormalizer.exe:*:Enabled:prinect Workflow Normalizer -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\AutoPage\HDAutoPage.exe" = C:\Program Files\Heidelberg\Prinect Workflow\AutoPage\HDAutoPage.exe:*:Enabled:prinect Workflow AutoPage -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\PPF Out\PPF Out.exe" = C:\Program Files\Heidelberg\Prinect Workflow\PPF Out\PPF Out.exe:*:Enabled:prinect Workflow PPF Out -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\Auto Preset\Auto Preset.exe" = C:\Program Files\Heidelberg\Prinect Workflow\Auto Preset\Auto Preset.exe:*:Enabled:prinect Workflow Auto Preset -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\Preflighter\HDPreflighter.exe" = C:\Program Files\Heidelberg\Prinect Workflow\Preflighter\HDPreflighter.exe:*:Enabled:prinect Workflow Preflighter -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\Recombiner\HDRecombiner.exe" = C:\Program Files\Heidelberg\Prinect Workflow\Recombiner\HDRecombiner.exe:*:Enabled:prinect Workflow Recombiner -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\ResponseHandler\HDResponseHandler.exe" = C:\Program Files\Heidelberg\Prinect Workflow\ResponseHandler\HDResponseHandler.exe:*:Enabled:prinect Workflow ResponseHandler -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\AutoSheet\HDAutoSheet.exe" = C:\Program Files\Heidelberg\Prinect Workflow\AutoSheet\HDAutoSheet.exe:*:Enabled:prinect Workflow AutoSheet -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\Timer\HDTimer.exe" = C:\Program Files\Heidelberg\Prinect Workflow\Timer\HDTimer.exe:*:Enabled:prinect Workflow Timer -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\Trapper\HDTrapper.exe" = C:\Program Files\Heidelberg\Prinect Workflow\Trapper\HDTrapper.exe:*:Enabled:prinect Workflow Trapper -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\Workplace Interface\HDWorkplaceInterface.exe" = C:\Program Files\Heidelberg\Prinect Workflow\Workplace Interface\HDWorkplaceInterface.exe:*:Enabled:prinect Workflow Workplace Interface -- File not found
"C:\PTConfig\JoinPrinect\JoinPrintready.exe" = C:\PTConfig\JoinPrinect\JoinPrintready.exe:*:Enabled:prinect Workflow JoinPrinect -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\Cockpit\PTClient.exe" = C:\Program Files\Heidelberg\Prinect Workflow\Cockpit\PTClient.exe:*:Enabled:prinect Workflow Cockpit -- File not found
"C:\Program Files\Heidelberg\Prinect Workflow\PTSupport\JRE\bin\java.exe" = C:\Program Files\Heidelberg\Prinect Workflow\PTSupport\JRE\bin\java.exe:*:Enabled:prinect Workflow Java runtime -- File not found
"C:\Program Files\Heidelberg\Licensing\License Server\HDLicenseServer.exe" = C:\Program Files\Heidelberg\Licensing\License Server\HDLicenseServer.exe:*:Enabled:Heidelberg License Server Service (HDLicenseServer TCP,UDP IN) -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Heidelberg\MetaDimension\jre\bin\java_locator.exe" = C:\Program Files\Heidelberg\MetaDimension\jre\bin\java_locator.exe:*:Enabled:Heidelberg Prinect MetaDimension Java Locator -- File not found
"C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\Sequencer.exe" = C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\Sequencer.exe:*:Enabled:Heidelberg Prinect MetaDimension Sequencer -- File not found
"C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\UIServer.exe" = C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\UIServer.exe:*:Enabled:Heidelberg Prinect MetaDimension UIServer -- File not found
"C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\UserUIServer.exe" = C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\UserUIServer.exe:*:Enabled:Heidelberg Prinect MetaDimension UserUIServer -- File not found
"C:\Documents and Settings\prinect\Desktop\utorrent.exe" = C:\Documents and Settings\prinect\Desktop\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Documents and Settings\prinect\Desktop\Skype.exe" = C:\Documents and Settings\prinect\Desktop\Skype.exe:*:Enabled:Skype -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- File not found
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDNamingService.exe" = C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDNamingService.exe:*:Enabled:HDNamingService -- File not found
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\Heidelberg\Licensing\License Server\HDLicenseServer.exe" = C:\Program Files\Heidelberg\Licensing\License Server\HDLicenseServer.exe:*:Enabled:Heidelberg License Server Service (HDLicenseServer TCP,UDP IN) -- ()
"C:\Documents and Settings\prinect\Desktop\Phone\Skype.exe" = C:\Documents and Settings\prinect\Desktop\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel(R) PRO Network Connections
"{104097C5-ADCF-4857-8475-582C76B64992}" = Heidelberg Prinect Licensing
"{1675942B-FC09-41E0-B777-F9E9EC68356A}" = Color Proof Pro
"{1B1586CC-DEE3-48AD-AD92-58DD8FC7B1E9}" = Heidelberg Prinect MetaDimension 7.5.542
"{1B419CE6-A1AA-4207-8581-A414BE9C7B85}" = Kaspersky Anti-Virus 6.0 for Windows Servers
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{2E97DE76-851A-48AA-A0D6-665860FAD9CA}" = Keyspan USB Serial Adapter
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{43536D30-BDDF-4120-94EA-3A880188C1FB}" = Heidelberg Prinect JDF Connector Service
"{467A0A77-B08B-432C-9973-4A2F05F31C59}" = BOINC
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55D6FC80-5B6D-4CD7-9DDE-B0A59835DAD5}" = Heidelberg Prinect Master Data Service
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{7148F0A8-6813-11D6-A77B-00B0D0142020}" = Java 2 Runtime Environment, SE v1.4.2_02
"{71D4305B-56E6-4971-A799-FB7678A1D1A5}" = ASUS ATI Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75F46C9C-0A4D-4873-AACD-269AFA433979}" = Intel(R) PRO Alerting Agent
"{786C081F-5C0D-40A8-BDA7-AB11E6E608EE}" = Heidelberg Prinect PDF PrintEngine 3.0.542
"{870c5c9f-1214-478f-9cdd-bf6eb66d2ecd}.sdb" = CPPro_DeviceControl_Fix_W2003SP1
"{97407E09-4EA8-49F0-A513-2C1776A6DEC0}" = Sentinel Protection Installer 7.2.1
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1CDE927-3A9E-4D5E-8AAF-DAB52A4AAEB4}" = Color Proof Pro Profiles
"{C8E04A12-E823-4D8C-BB7A-C01118A34CF7}" = NetProfiler2
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4600A75-2AC3-46CD-90BD-98649D7FB990}" = Heidelberg Prinect PDF Toolbox 4.0
"{D9946A68-2CC6-483B-9837-292FB35E7378}" = Heidelberg Color Tool 3.0
"{E49CFA0B-6163-424E-9671-B6B02104C54E}" = Heidelberg Prinect Service Tools
"{EA5F8109-497A-46DF-BA1E-94009CF1F43C}" = DIAG Suprasetter
"{FAEE61D3-2A5E-4F7F-926F-77AAC08CE4DD}" = Sentinel System Driver Installer 7.5.0
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Bulgarian_KBD'S_Atanasov" = Bulgarian Keyboards XP by G. Atanasov
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"FBDBServer_2_0_is1" = Firebird 2.0.3
"GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers
"GretagMacbeth Color Quality 5.0" = GretagMacbeth Color Quality 5.0
"GretagMacbeth DownloadUtility" = GretagMacbeth DownloadUtility
"GretagMacbeth Ink Formulation 5.0" = GretagMacbeth Ink Formulation 5.0
"GretagMacbeth SpectroServer 2.61" = GretagMacbeth SpectroServer 2.61
"GretagMacbeth UserAdministration" = GretagMacbeth UserAdministration
"Heidelberg Color Tool 3.0 _(3.0.22.2)" = Heidelberg Color Tool 3.0 (3.0.22.2)
"Heidelberg MetaDimension 6.5 update_is1" = Heidelberg MetaDimension 6.5
"Heidelberg MetaDimension 6.5.391 update_is1" = Heidelberg MetaDimension 6.5.391
"Heidelberg Prinect PDF PrintEngine 1.0.355 update_is1" = Heidelberg Prinect PDF PrintEngine 1.0.355
"Heidelberg Prinect PDF PrintEngine 1.0.391 update_is1" = Heidelberg Prinect PDF PrintEngine 1.0.391
"HijackThis" = HijackThis 2.0.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{104097C5-ADCF-4857-8475-582C76B64992}" = Heidelberg Prinect Licensing 4.3.19.1
"InstallShield_{43536D30-BDDF-4120-94EA-3A880188C1FB}" = Heidelberg Prinect JDF Connector Service 4.0.394.1
"InstallShield_{55D6FC80-5B6D-4CD7-9DDE-B0A59835DAD5}" = Heidelberg Prinect Master Data Service 4.5.58.5
"InstallShield_{D4600A75-2AC3-46CD-90BD-98649D7FB990}" = Heidelberg Prinect PDF Toolbox 4.0.46.0
"InstallShield_{E49CFA0B-6163-424E-9671-B6B02104C54E}" = Heidelberg Prinect Service Tools 1.1.18.1
"KeyWizard 2.5" = KeyWizard 2.5
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Plate Quality" = Plate Quality
"Radmin Viewer 3.0" = Radmin Viewer 3.0
"Rainbow Sentinel Driver" = Sentinel System Driver
"SpectroEye CXF Loader" = SpectroEye CXF Loader
"Tardis 2000_is1" = Tardis 2000 V1.6
"WIC" = Windows Imaging Component
"Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 2
"winpcap-nmap" = winpcap-nmap 4.02
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"SM 102-8-P-S - Prinect Press Reporting" = SM 102-8-P-S - Prinect Press Reporting

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12.8.2010 г. 04:43:24 | Computer Name = XEON4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12.8.2010 г. 04:43:27 | Computer Name = XEON4 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12.8.2010 г. 04:43:27 | Computer Name = XEON4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12.8.2010 г. 04:53:45 | Computer Name = XEON4 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12.8.2010 г. 04:53:45 | Computer Name = XEON4 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12.8.2010 г. 04:54:01 | Computer Name = XEON4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12.8.2010 г. 05:10:46 | Computer Name = XEON4 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12.8.2010 г. 05:10:46 | Computer Name = XEON4 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12.8.2010 г. 05:30:12 | Computer Name = XEON4 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.3790.3959, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12.8.2010 г. 07:59:13 | Computer Name = XEON4 | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.2.3790.3959, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12.8.2010 г. 05:42:56 | Computer Name = XEON4 | Source = System Error | ID = 1003
Description = Error code 0000004e, parameter1 00000007, parameter2 000096d6, parameter3
00000001, parameter4 00000000.

Error - 12.8.2010 г. 05:49:37 | Computer Name = XEON4 | Source = Service Control Manager | ID = 7034
Description = The Color Proof Pro Server service terminated unexpectedly. It has
done this 1 time(s).

Error - 12.8.2010 г. 05:56:46 | Computer Name = XEON4 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 12.8.2010 г. 06:26:58 | Computer Name = XEON4 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 60 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 12.8.2010 г. 07:27:46 | Computer Name = XEON4 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 120 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 12.8.2010 г. 07:50:36 | Computer Name = XEON4 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 14:47:38 on 12.8.2010 г. was unexpected.

Error - 12.8.2010 г. 07:51:04 | Computer Name = XEON4 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 12.8.2010 г. 08:06:16 | Computer Name = XEON4 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 12.8.2010 г. 08:10:15 | Computer Name = XEON4 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
METADORIG that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{74E33E26-5026-4A10. The master browser is stopping or an election is
being forced.

Error - 12.8.2010 г. 08:27:43 | Computer Name = XEON4 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 15:25:15 on 12.8.2010 г. was unexpected.


< End of report >
 
Hi. It appears you have only posted the attach.txt log.

Please post the OTL.txt log. If you need to run OTL again, please do so.
 
OTL logfile created on: 16.8.2010 г. 11:39:16 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\prinect\Desktop
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 79,00% Memory free
10,00 Gb Paging File | 6,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): c:\pagefile.sys 6141 12192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 67,71 Gb Free Space | 69,33% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 200,36 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive E: | 250,92 Gb Total Space | 205,96 Gb Free Space | 82,08% Space Free | Partition Type: NTFS
Drive F: | 214,84 Gb Total Space | 214,77 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Drive G: | 298,09 Gb Total Space | 243,41 Gb Free Space | 81,66% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 146,48 Gb Total Space | 131,77 Gb Free Space | 89,96% Space Free | Partition Type: NTFS
Drive X: | 132,40 Gb Total Space | 0,01 Gb Free Space | 0,01% Space Free | Partition Type: NTFS
Drive Y: | 255,34 Gb Total Space | 12,89 Gb Free Space | 5,05% Space Free | Partition Type: NTFS

Computer Name: XEON4
Current User Name: prinect
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.08.13 11:26:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\prinect\Desktop\OTL.exe
PRC - [2010.06.08 15:54:14 | 004,263,424 | ---- | M] () -- C:\Program Files\Tasks\Tasks.exe
PRC - [2010.04.27 12:31:20 | 000,106,496 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDService.exe
PRC - [2010.04.27 12:31:02 | 002,031,616 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDVirtualPrinter.exe
PRC - [2010.04.27 12:31:02 | 001,044,480 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDXMRJobServant.exe
PRC - [2010.04.27 12:31:02 | 000,843,776 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDUserManager.exe
PRC - [2010.04.27 12:31:02 | 000,385,024 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDUIServer.exe
PRC - [2010.04.27 12:31:02 | 000,225,280 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDUserUIServer.exe
PRC - [2010.04.27 12:31:02 | 000,135,168 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDTiffBImport.exe
PRC - [2010.04.27 12:31:02 | 000,102,400 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDTomcatJ.exe
PRC - [2010.04.27 12:31:00 | 003,059,712 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDSequencer.exe
PRC - [2010.04.27 12:31:00 | 001,138,688 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDPreflight.exe
PRC - [2010.04.27 12:31:00 | 000,688,128 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDProcessSupervisor.exe
PRC - [2010.04.27 12:31:00 | 000,589,824 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDSubscriptionServer.exe
PRC - [2010.04.27 12:31:00 | 000,147,456 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDPostOffice.exe
PRC - [2010.04.27 12:31:00 | 000,143,360 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDSniffer.exe
PRC - [2010.04.27 12:30:58 | 003,051,520 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDMarksRendererServer.exe
PRC - [2010.04.27 12:30:58 | 001,060,864 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDPJTF2JDFConverter.exe
PRC - [2010.04.27 12:30:58 | 000,544,768 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDLayGen.exe
PRC - [2010.04.27 12:30:58 | 000,102,400 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDLocatorJ.exe
PRC - [2010.04.27 12:30:58 | 000,098,304 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDLinks.exe
PRC - [2010.04.27 12:30:58 | 000,073,728 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDMessageServer.exe
PRC - [2010.04.27 12:30:56 | 004,435,968 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDJDFPortal.exe
PRC - [2010.04.27 12:30:56 | 003,670,016 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDJobServices.exe
PRC - [2010.04.27 12:30:56 | 003,661,824 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDInterpreter.exe
PRC - [2010.04.27 12:30:56 | 000,790,528 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDJTMerger.exe
PRC - [2010.04.27 12:30:56 | 000,692,224 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDJDFBridge.exe
PRC - [2010.04.27 12:30:54 | 004,067,328 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDCalToolServer.exe
PRC - [2010.04.27 12:30:54 | 002,732,032 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDFontInstaller.exe
PRC - [2010.04.27 12:30:54 | 001,896,448 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDDevConProv.exe
PRC - [2010.04.27 12:30:54 | 001,183,744 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDDeviceControl.exe
PRC - [2010.04.27 12:30:54 | 000,258,048 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDDiControl.exe
PRC - [2010.04.27 12:30:54 | 000,221,184 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDFinalizer.exe
PRC - [2010.04.27 12:30:54 | 000,180,224 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDDLImport.exe
PRC - [2010.04.27 12:30:54 | 000,163,840 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDFBDIControl.exe
PRC - [2010.04.27 12:30:54 | 000,122,880 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDDriveMonitor.exe
PRC - [2010.04.27 12:30:54 | 000,102,400 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDEmailJ.exe
PRC - [2010.04.27 12:30:54 | 000,069,632 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDEventService.exe
PRC - [2010.04.27 12:30:52 | 000,360,448 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDCQMClientUpdateServer.exe
PRC - [2010.04.27 12:30:52 | 000,360,448 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDCQMClientServer.exe
PRC - [2010.04.27 12:30:52 | 000,204,800 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDCalToolAccessServer.exe
PRC - [2010.04.27 12:30:44 | 000,667,648 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\ProofOpen\exe\HDProofServer.exe
PRC - [2010.04.27 12:30:28 | 000,077,824 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\UI\HDPrintManagerW.exe
PRC - [2010.04.26 14:27:00 | 000,109,744 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Preview\Bin\HDService.exe
PRC - [2010.04.26 14:26:58 | 001,420,464 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Preview\Bin\HDRenderer.exe
PRC - [2010.04.26 14:26:52 | 000,076,976 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Preview\Bin\HDMessageServer.exe
PRC - [2010.04.26 14:26:50 | 004,058,288 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Preview\Bin\HDJDFPortal.exe
PRC - [2010.04.26 14:26:50 | 000,208,048 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Preview\Bin\HDFinalizer.exe
PRC - [2010.04.26 14:26:46 | 000,707,760 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Preview\Bin\HDProcessSupervisor.exe
PRC - [2010.04.26 14:26:46 | 000,289,968 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Preview\Bin\HDJobSequencer.exe
PRC - [2010.04.26 14:26:46 | 000,150,704 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Preview\Bin\HDPostOffice.exe
PRC - [2010.04.26 14:26:30 | 000,072,880 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Preview\Bin\HDEventService.exe
PRC - [2010.04.26 14:26:26 | 000,109,744 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Proof\Bin\HDService.exe
PRC - [2010.04.26 14:26:22 | 000,289,968 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Proof\Bin\HDJobSequencer.exe
PRC - [2010.04.26 14:26:20 | 004,058,288 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Proof\Bin\HDJDFPortal.exe
PRC - [2010.04.26 14:26:10 | 000,208,048 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Proof\Bin\HDFinalizer.exe
PRC - [2010.04.26 14:26:06 | 000,707,760 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Proof\Bin\HDProcessSupervisor.exe
PRC - [2010.04.26 14:26:04 | 000,150,704 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Proof\Bin\HDPostOffice.exe
PRC - [2010.04.26 14:25:56 | 001,420,464 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Proof\Bin\HDRenderer.exe
PRC - [2010.04.26 14:25:52 | 000,076,976 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Proof\Bin\HDMessageServer.exe
PRC - [2010.04.26 14:25:46 | 000,109,744 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\HighRes\Bin\HDService.exe
PRC - [2010.04.26 14:25:46 | 000,072,880 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Proof\Bin\HDEventService.exe
PRC - [2010.04.26 14:25:44 | 000,150,704 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\HighRes\Bin\HDPostOffice.exe
PRC - [2010.04.26 14:25:42 | 001,420,464 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\HighRes\Bin\HDRenderer.exe
PRC - [2010.04.26 14:25:36 | 004,058,288 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\HighRes\Bin\HDJDFPortal.exe
PRC - [2010.04.26 14:25:26 | 000,208,048 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\HighRes\Bin\HDFinalizer.exe
PRC - [2010.04.26 14:25:26 | 000,076,976 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\HighRes\Bin\HDMessageServer.exe
PRC - [2010.04.26 14:25:20 | 000,707,760 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\HighRes\Bin\HDProcessSupervisor.exe
PRC - [2010.04.26 14:25:20 | 000,289,968 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\HighRes\Bin\HDJobSequencer.exe
PRC - [2010.04.26 14:25:14 | 000,072,880 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\HighRes\Bin\HDEventService.exe
PRC - [2010.03.12 19:29:22 | 000,311,680 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
PRC - [2010.02.01 11:15:10 | 003,215,360 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\Color Proof Pro\Server\ColorProofPro_Server.exe
PRC - [2009.05.06 00:54:04 | 000,111,920 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDCOSNameService.exe
PRC - [2009.02.12 09:51:30 | 001,070,384 | ---- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Heidelberg\Service Tools\bin\HDLISMonitor.exe
PRC - [2008.12.09 12:08:00 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2008.04.28 02:00:34 | 000,020,541 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Heidelberg\MetaDimension\HTTPServer\Apache\bin\Apache.exe
PRC - [2008.04.23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008.02.26 16:36:06 | 000,564,328 | R--- | M] (Heidelberger Druckmaschinen AG) -- C:\Program Files\Common Files\Heidelberg\DTVService\MetaDTVService.exe
PRC - [2007.02.17 17:04:00 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sfmsvc.exe
PRC - [2007.02.17 17:03:39 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.09.12 11:11:46 | 000,053,248 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Heidelberg\JDF Connector Service\Tomcat\bin\HDJDFConnector.exe
PRC - [2006.09.12 10:11:46 | 000,053,248 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Heidelberg\Master Data Service\Tomcat\bin\HDMasterData.exe
PRC - [2006.08.18 19:21:04 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2006.04.04 15:00:00 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2006.03.19 05:35:44 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2005.03.31 17:26:54 | 000,172,032 | ---- | M] () -- C:\Program Files\Heidelberg\MetaDimension\Color Proof Pro\Server\Debuglog.exe
PRC - [2004.09.13 15:23:38 | 000,221,184 | ---- | M] () -- C:\Program Files\Heidelberg\Licensing\License Server\HDLicenseServer.exe
 
========== Modules (SafeList) ==========

MOD - [2010.08.13 11:26:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\prinect\Desktop\OTL.exe
MOD - [2007.02.18 00:26:08 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll
MOD - [2007.02.17 17:00:18 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WinHttpAutoProxySvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe -- (Smcinst)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010.04.27 12:31:20 | 000,106,496 | ---- | M] (Heidelberger Druckmaschinen AG) [Auto | Running] -- C:\Program Files\Heidelberg\MetaDimension\LHPS\Exe\HDService.exe -- (MetaDimension)
SRV - [2010.04.26 14:27:00 | 000,109,744 | ---- | M] (Heidelberger Druckmaschinen AG) [Auto | Running] -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Preview\Bin\HDService.exe -- (Heidelberg_Prinect_PDF_PrintEngine_Preview_3.0.542)
SRV - [2010.04.26 14:26:26 | 000,109,744 | ---- | M] (Heidelberger Druckmaschinen AG) [Auto | Running] -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\Proof\Bin\HDService.exe -- (Heidelberg_Prinect_PDF_PrintEngine_Proof_3.0.542)
SRV - [2010.04.26 14:25:46 | 000,109,744 | ---- | M] (Heidelberger Druckmaschinen AG) [Auto | Running] -- C:\Program Files\Heidelberg\MetaDimension\PDF PrintEngine\Heidelberg Prinect PDF PrintEngine\3.0.542\HighRes\Bin\HDService.exe -- (Heidelberg_Prinect_PDF_PrintEngine_Highres_3.0.542)
SRV - [2010.03.12 19:29:22 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe -- (AVP)
SRV - [2010.02.01 11:15:10 | 003,215,360 | ---- | M] (Heidelberger Druckmaschinen AG) [Auto | Running] -- C:\Program Files\Heidelberg\MetaDimension\Color Proof Pro\Server\ColorProofPro_Server.exe -- (Color Proof Pro Server)
SRV - [2009.02.12 09:51:30 | 001,070,384 | ---- | M] (Heidelberger Druckmaschinen AG) [Auto | Running] -- C:\Program Files\Heidelberg\Service Tools\bin\HDLISMonitor.exe -- (HDLISMonitor)
SRV - [2008.12.10 15:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008.04.28 02:00:34 | 000,020,541 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Heidelberg\MetaDimension\HTTPServer\Apache\bin\Apache.exe -- (Apache2) Heidelberg Webservice (Apache2)
SRV - [2008.02.26 16:36:06 | 000,564,328 | R--- | M] (Heidelberger Druckmaschinen AG) [Auto | Running] -- C:\Program Files\Common Files\Heidelberg\DTVService\MetaDTVService.exe -- (DTVService)
SRV - [2007.02.17 17:04:02 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007.02.17 17:04:00 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sfmsvc.exe -- (MacFile)
SRV - [2007.02.17 17:03:59 | 000,076,288 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\sfmprint.exe -- (MacPrint)
SRV - [2007.02.17 17:03:58 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007.02.17 17:03:53 | 000,792,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007.02.17 17:03:43 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007.02.17 17:03:42 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007.02.17 17:03:35 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2006.09.12 11:11:46 | 000,053,248 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Heidelberg\JDF Connector Service\Tomcat\bin\HDJDFConnector.exe -- (HDJDFConnector)
SRV - [2006.09.12 10:11:46 | 000,053,248 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Heidelberg\Master Data Service\Tomcat\bin\HDMasterData.exe -- (HDMasterData)
SRV - [2006.08.18 19:21:04 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2006.04.04 15:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2006.04.04 15:00:00 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)
SRV - [2006.04.04 15:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2006.03.19 05:35:44 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2005.03.31 17:26:54 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Heidelberg\MetaDimension\Color Proof Pro\Server\Debuglog.exe -- (DebugLog)
SRV - [2005.02.16 10:18:16 | 000,233,472 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\tardisnt.exe -- (Tardis)
SRV - [2004.09.13 15:23:38 | 000,221,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Heidelberg\Licensing\License Server\HDLicenseServer.exe -- (HDLicenseServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.08.12 16:08:43 | 000,226,320 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009.11.12 17:49:02 | 000,126,480 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008.07.11 07:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2008.06.01 10:13:10 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2008.03.12 14:50:05 | 000,016,376 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007.10.30 12:41:46 | 000,704,000 | ---- | M] (Keyspan) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usa19h2k.sys -- (USA19H)
DRV - [2007.07.30 14:07:56 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007.05.29 16:32:58 | 000,024,192 | ---- | M] (Keyspan) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usa19h2kp.sys -- (USA19H2KP)
DRV - [2007.05.28 14:05:10 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2007.02.17 09:29:40 | 000,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007.02.17 09:14:59 | 000,043,520 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\arc.sys -- (arc)
DRV - [2007.02.17 09:14:58 | 000,023,552 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\hpcisss.sys -- (hpcisss)
DRV - [2007.02.17 09:02:56 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk)
DRV - [2007.02.17 08:59:56 | 000,150,528 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sfmatalk.sys -- (AppleTalk)
DRV - [2007.02.17 08:59:54 | 000,165,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmsrv.sys -- (MACSRV)
DRV - [2007.02.17 08:51:18 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver)
DRV - [2007.02.02 23:03:25 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.06.14 08:56:00 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2006.06.05 08:49:08 | 000,230,400 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2006.03.28 04:51:08 | 000,025,088 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ioatdma.sys -- (ioatdma) IOATDMA.SYS Intel(R)
DRV - [2006.02.15 08:58:22 | 000,035,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2005.10.18 16:01:38 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005.07.28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2005.02.16 18:42:06 | 000,015,040 | ---- | M] (X-Rite, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\XrUsb.sys -- (X-Rite)
DRV - [1998.07.10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.bg/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.26 11:25:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.26 11:25:21 | 000,000,000 | ---D | M]

[2009.05.22 15:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\prinect\Application Data\Mozilla\Extensions
[2010.08.12 15:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\prinect\Application Data\Mozilla\Firefox\Profiles\g8ir2rsm.default\extensions
[2010.07.22 14:22:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\prinect\Application Data\Mozilla\Firefox\Profiles\g8ir2rsm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.22 14:22:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\prinect\Application Data\Mozilla\Firefox\Profiles\g8ir2rsm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.13 08:09:44 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\prinect\Application Data\Mozilla\Firefox\Profiles\g8ir2rsm.default\searchplugins\icqplugin-1.xml
[2009.10.28 16:17:21 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\prinect\Application Data\Mozilla\Firefox\Profiles\g8ir2rsm.default\searchplugins\icqplugin-11.xml
[2010.07.26 11:25:37 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\prinect\Application Data\Mozilla\Firefox\Profiles\g8ir2rsm.default\searchplugins\icqplugin-12.xml
[2009.06.09 08:09:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\prinect\Application Data\Mozilla\Firefox\Profiles\g8ir2rsm.default\searchplugins\icqplugin-2.xml
[2008.08.04 08:18:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\prinect\Application Data\Mozilla\Firefox\Profiles\g8ir2rsm.default\searchplugins\icqplugin-3.xml
[2008.09.24 08:17:41 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\prinect\Application Data\Mozilla\Firefox\Profiles\g8ir2rsm.default\searchplugins\icqplugin-4.xml
[2008.12.18 19:48:52 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\prinect\Application Data\Mozilla\Firefox\Profiles\g8ir2rsm.default\searchplugins\icqplugin-5.xml
[2008.12.20 09:18:40 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\prinect\Application Data\Mozilla\Firefox\Profiles\g8ir2rsm.default\searchplugins\icqplugin-6.xml
[2009.05.23 06:41:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\prinect\Application Data\Mozilla\Firefox\Profiles\g8ir2rsm.default\searchplugins\icqplugin-7.xml
[2009.07.22 14:03:13 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\prinect\Application Data\Mozilla\Firefox\Profiles\g8ir2rsm.default\searchplugins\icqplugin-8.xml
[2009.08.04 10:15:51 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\prinect\Application Data\Mozilla\Firefox\Profiles\g8ir2rsm.default\searchplugins\icqplugin-9.xml
[2009.03.01 14:02:44 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\prinect\Application Data\Mozilla\Firefox\Profiles\g8ir2rsm.default\searchplugins\icqplugin.xml
[2010.08.12 15:54:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.03.25 17:37:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.31 08:53:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 14:17:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2006.04.04 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [NetShareMonitor] C:\Documents and Settings\prinect\Desktop\NetShareMonitor 1.1\NetShareMonitor.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://access.ceu.heidelberg.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:AutorunsDisabled () -
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.03.22 02:05:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.03.10 18:00:46 | 000,000,019 | ---- | M] () - X:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008.12.01 10:38:57 | 000,000,000 | ---D | M] - Y:\autonet -- [ NTFS ]
O32 - AutoRun File - [2009.03.10 18:00:29 | 000,000,021 | ---- | M] () - Y:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.08.02 09:48:31 | 000,000,000 | ---D | M] - Y:\automedia -- [ NTFS ]
O33 - MountPoints2\{1bb81c02-ce08-11dd-9fbb-001a923ee6ce}\Shell - "" = AutoRun
O33 - MountPoints2\{1bb81c02-ce08-11dd-9fbb-001a923ee6ce}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1bb81c02-ce08-11dd-9fbb-001a923ee6ce}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{72a7b27f-84cf-11df-887b-001a923ee6ce}\Shell\AutoRun\command - "" = J:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sacsvr - C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
NetSvcs: TrkSvr - C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
SystemRestore not available.

========== Files/Folders - Created Within 30 Days ==========

[2010.08.16 11:39:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.13 11:26:31 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\prinect\Desktop\OTL.exe
[2010.08.12 16:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010.08.12 16:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010.08.12 16:08:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.08.12 16:08:43 | 000,226,320 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010.08.12 12:14:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prinect\Application Data\Malwarebytes
[2010.08.12 12:14:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.12 12:14:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.12 12:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.12 12:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.08.12 12:11:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010.08.12 11:52:06 | 000,000,000 | ---D | C] -- C:\KAV
[2010.08.12 11:36:16 | 000,000,000 | ---D | C] -- C:\av
[2010.08.12 10:04:45 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010.08.12 10:04:45 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010.08.12 10:04:45 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010.08.12 10:04:44 | 005,951,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010.08.12 10:04:44 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010.08.12 10:04:44 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010.08.12 10:04:44 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010.08.11 14:17:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.08.11 14:17:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.08.11 14:17:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.08.11 14:01:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010.07.27 09:25:36 | 008,361,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll

========== Files - Modified Within 30 Days ==========
 
[2010.08.16 11:36:11 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010.08.16 10:44:40 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks.INI
[2010.08.16 09:12:12 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{73B7F248-4FCA-4A24-992A-EA3C6460E998}.job
[2010.08.15 15:29:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.13 11:26:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\prinect\Desktop\OTL.exe
[2010.08.12 16:08:43 | 000,226,320 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010.08.12 15:28:54 | 000,444,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.12 15:28:53 | 000,513,304 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.12 15:28:53 | 000,075,364 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.12 15:27:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2010.08.12 15:27:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.12 15:27:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.12 12:40:55 | 281,153,536 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010.08.12 12:14:20 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.12 12:02:32 | 010,223,616 | -H-- | M] () -- C:\Documents and Settings\prinect\NTUSER.DAT
[2010.08.12 11:49:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\prinect\ntuser.ini
[2010.08.12 11:39:34 | 004,832,176 | -H-- | M] () -- C:\Documents and Settings\prinect\Local Settings\Application Data\IconCache.db
[2010.08.12 11:39:18 | 000,002,801 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010.08.12 10:34:38 | 000,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.12 10:15:22 | 000,003,423 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.07.27 09:25:36 | 008,361,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010.07.19 17:33:14 | 001,677,824 | ---- | M] (Laconic Software) -- C:\Documents and Settings\prinect\My Documents\fireheart.exe

========== Files Created - No Company Name ==========

[2010.08.12 12:14:20 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.12 11:39:17 | 000,002,801 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010.04.27 18:19:45 | 000,000,238 | ---- | C] () -- C:\WINDOWS\Tasks.INI
[2008.06.10 14:51:39 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\newdll.dll
[2008.06.01 10:13:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008.05.29 16:21:13 | 000,000,316 | ---- | C] () -- C:\WINDOWS\Spektar_Store.INI
[2008.03.26 15:39:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008.03.14 12:41:26 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CBNDLL.DLL
[2008.01.24 14:46:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.09.28 11:42:03 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.08.24 12:26:49 | 000,000,009 | ---- | C] () -- C:\WINDOWS\csn.ini
[2007.07.30 14:07:56 | 000,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007.07.13 11:23:17 | 000,214,263 | R--- | C] () -- C:\WINDOWS\System32\drivers\tcprass3.SYS
[2007.07.13 11:23:17 | 000,104,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\VirtualSerial.SYS
[2007.07.13 11:23:17 | 000,057,344 | R--- | C] () -- C:\WINDOWS\System32\VspApi.dll
[2007.07.12 17:42:38 | 000,000,034 | ---- | C] () -- C:\WINDOWS\autorun.ini
[2007.07.12 17:22:53 | 000,000,030 | ---- | C] () -- C:\WINDOWS\SpectroEyeCXFLoader.ini
[2007.07.12 17:16:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\k19hinst.dll
[2007.07.12 16:48:15 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Gretag.ini
[2007.07.12 16:44:36 | 000,000,213 | ---- | C] () -- C:\WINDOWS\i1Share.ini
[2007.05.28 14:05:10 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2007.05.28 14:05:05 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2007.05.22 19:14:58 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007.04.26 12:38:02 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\kbdBF.dll
[2007.03.22 01:54:47 | 000,003,903 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007.03.22 01:54:45 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007.03.22 01:51:56 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2007.03.22 01:51:56 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2007.03.22 01:51:56 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2007.03.22 01:51:56 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2007.03.22 01:51:56 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2007.03.22 01:51:56 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2007.03.22 01:51:56 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2007.03.22 01:51:56 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2007.03.22 01:51:56 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2007.03.22 01:51:56 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2006.04.04 15:00:00 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2006.04.04 15:00:00 | 000,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2006.04.04 15:00:00 | 000,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2006.04.04 15:00:00 | 000,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2006.04.04 15:00:00 | 000,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2006.04.04 15:00:00 | 000,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2006.03.14 03:32:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2006.02.15 08:58:22 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006.04.04 15:00:00 | 014,191,965 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:AGP440.sys
[2007.03.30 16:34:46 | 019,481,285 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2007.03.30 16:34:46 | 019,481,285 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2007.02.17 08:58:53 | 000,044,032 | ---- | M] (Microsoft Corporation) MD5=B9985042687A43685FC64B282B627653 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

< MD5 for: ATAPI.SYS >
[2006.04.04 15:00:00 | 014,191,965 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2007.03.30 16:34:46 | 019,481,285 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2007.03.30 16:34:46 | 019,481,285 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2005.03.24 18:55:32 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=9CAB5B612E3AF65810F276BA051D56CD -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.04.04 15:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=9CAB5B612E3AF65810F276BA051D56CD -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys
[2005.03.24 18:55:32 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=9CAB5B612E3AF65810F276BA051D56CD -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys
[2007.02.17 09:07:35 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=FF953A8F08CA3F822127654375786BBE -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2007.02.17 09:07:35 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=FF953A8F08CA3F822127654375786BBE -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2007.02.17 17:02:49 | 000,068,608 | ---- | M] (Microsoft Corporation) MD5=3AAB2418271343FE97F98AEF93F50E5F -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2007.02.17 17:02:49 | 000,068,608 | ---- | M] (Microsoft Corporation) MD5=3AAB2418271343FE97F98AEF93F50E5F -- C:\WINDOWS\system32\eventlog.dll
[2006.04.04 15:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=782A70845E7A2FBD347161671BDE60A9 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2007.02.17 17:03:02 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2007.02.17 17:03:02 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\system32\netlogon.dll
[2006.04.04 15:00:00 | 000,419,328 | ---- | M] (Microsoft Corporation) MD5=9DA343027F3B72029AB499D3F7FFACAA -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006.04.04 15:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=71FB876580530E7B0429312A8BCE5E04 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2007.02.17 17:03:09 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2007.02.17 17:03:09 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007.02.17 17:03:01 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll

< %systemroot%\System32\config\*.sav >
[2007.03.22 02:53:38 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.03.22 02:53:38 | 000,741,376 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.03.22 02:53:38 | 000,520,192 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\prinect\Desktop\17187_Katalozi.pdf:AFP_AfpInfo
@Alternate Data Stream - 247 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DC505F6
@Alternate Data Stream - 241 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C68A2173
@Alternate Data Stream - 240 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:253C6C2E
< End of report >
 
Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

C:\Program Files\Tasks\Tasks.exe

============

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :file
C:\Program Files\Tasks\Tasks.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ipinip.sys -- (IpInIp)
SRV - File not found [On_Demand | Stopped] -- -- (WinHttpAutoProxySvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe -- (Smcinst)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
:Commands
[emptyflash]
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post log from this run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
 
Jotti's - found nothing on all scaners
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 15:07 on 16/08/2010 by prinect (Administrator - Elevation successful)

No Context: C:\Program Files\Tasks\Tasks.exe

This tasks.exe is our software. Not the problem I think.

OTL Log file after fix, restart the system.
All processes killed
========== OTL ==========
Service SNTNLUSB stopped successfully!
Service SNTNLUSB deleted successfully!
File C:\WINDOWS\System32\DRIVERS\SNTNLUSB.SYS not found.
Service lmimirr stopped successfully!
Service lmimirr deleted successfully!
File C:\WINDOWS\System32\DRIVERS\lmimirr.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File C:\WINDOWS\System32\DRIVERS\ipinip.sys not found.
Service WinHttpAutoProxySvc stopped successfully!
Service WinHttpAutoProxySvc deleted successfully!
Service Smcinst stopped successfully!
Service Smcinst deleted successfully!
File C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe not found.
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File C:\WINDOWS\System32\hidserv.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: luzterin

User: NetworkService

User: Prepress

User: prinect
->Flash cache emptied: 725 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: luzterin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Prepress
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: prinect
->Temp folder emptied: 12220172 bytes
->Temporary Internet Files folder emptied: 1806843 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 30490838 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2257154 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4297903 bytes

Total Files Cleaned = 49,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08162010_142504

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\prinect\Local Settings\Temp\hsperfdata_prinect\2604 not found!
File\Folder C:\Documents and Settings\prinect\Local Settings\Temp\hsperfdata_prinect\2648 not found!
File\Folder C:\Documents and Settings\prinect\Local Settings\Temp\hsperfdata_prinect\2712 not found!

Registry entries deleted on Reboot...

-=End Of File=-
 
Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

  • Spyware, Adware, Dialers, and other potentially dangerous programs
    [*] Archives
    [*] Mail databases
6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
 
I scan on of this infected file with Jotti's... Here's the results.
I have a Kasperski and made a full system scan, but it only find the created files, not the source.
I do the online scan now.

[ArcaVir]
2010-08-16 Found nothing
[G DATA]
2010-08-16 Trojan.Generic.2911046
[Avast! antivirus]
2010-08-16 Win32:Rootkit-gen
[Ikarus]
2010-08-16 Trojan.Win32.KillAV
[Grisoft AVG Anti-Virus]
2010-08-16 BackDoor.Generic12.TSA
[Kaspersky Anti-Virus]
2010-08-16 Found nothing
[Avira AntiVir]
2010-08-16 Found nothing
[ESET NOD32]
2010-08-16 Win32/AutoRun.Agent.UD worm
[Softwin BitDefender]
2010-08-16 Trojan.Generic.2911046
[Panda Antivirus]
2010-08-15 Generic
[ClamAV]
2010-08-16 Trojan.KillAV-241
[Quick Heal]
2010-08-16 Trojan.Scar.bany
[CPsecure]
2010-08-16 Found nothing
[Sophos]
2010-08-16 Troj/Bckdr-RAJ
[Dr.Web]
2010-08-16 Trojan.Packed.654
[VirusBlokAda VBA32]
2010-08-13 Trojan.Win32.AntiAV.emk
[Frisk F-Prot Antivirus]
2010-08-15 W32/Trojan2.LOJC
[VirusBuster]
2010-08-16 Trojan.Scar.HIT
[F-Secure Anti-Virus]
2010-08-16 Trojan.Generic.2911046
 
The online kasperski scanner didn't find anything. I found that 4 hours after runing the scan, the problem files appear again in location that was scanned, I run my standalone kasperski 6.0 ..

Active threats
--------------
Status Object
------ ------


Quarantine
----------
Status Object Time
------ ------ ----
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840001153\GTO_HF.pif 17.8.2010 ?. 14:37:30
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\MD_SpoolDir_175lpi.scr 17.8.2010 ?. 15:26:49
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840000771\JID_840000771.pif 17.8.2010 ?. 15:26:51
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840000857\JID_840000857.bat 17.8.2010 ?. 15:26:50
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840001155\import.tiffit.exe 17.8.2010 ?. 14:37:33
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840000857\BridgeData\BridgeData.exe 17.8.2010 ?. 15:26:53
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840000857\BridgeData\BridgePreviewRenderer_JID_840000857\BridgePreviewRenderer_JID_840000857.bat 17.8.2010 ?. 15:26:53
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840001156\Trash Folder.pif 17.8.2010 ?. 14:37:34
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840000923\JID_840000923.bat 17.8.2010 ?. 15:26:54
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840000926\JID_840000926.exe 17.8.2010 ?. 15:26:54
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840001160\GTP_VP_HF.pif 17.8.2010 ?. 14:37:37
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840000926\BridgeData\BridgeData.exe 17.8.2010 ?. 15:26:55
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840000926\BridgeData\BridgePreviewRenderer_JID_840000926\BridgePreviewRenderer_JID_840000926.exe 17.8.2010 ?. 15:26:55
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013301\JID_840013301.exe 17.8.2010 ?. 15:27:02
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013301\BridgeData\BridgeData.exe 17.8.2010 ?. 15:27:02
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013301\BridgeData\BridgeCombiRenderer_JID_840013301\BridgeCombiRenderer_JID_840013301.exe 17.8.2010 ?. 15:27:02
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013301\BridgeData\BridgePreviewRenderer_JID_840013301\BridgePreviewRenderer_JID_840013301.exe 17.8.2010 ?. 15:27:03
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013301\BridgeData\BridgePreviewRenderer_JID_840013301_1\BridgePreviewRenderer_JID_840013301_1.scr 17.8.2010 ?. 15:27:03
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013303\JID_840013303.exe 17.8.2010 ?. 15:27:04
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013303\BridgeData\BridgeData.exe 17.8.2010 ?. 15:27:04
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013303\BridgeData\BridgeCombiRenderer_JID_840013303\BridgeCombiRenderer_JID_840013303.exe 17.8.2010 ?. 15:27:05
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013303\BridgeData\BridgePreviewRenderer_JID_840013303\BridgePreviewRenderer_JID_840013303.exe 17.8.2010 ?. 15:27:06
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013303\BridgeData\BridgePreviewRenderer_JID_840013303_1\BridgePreviewRenderer_JID_840013303_1.pif 17.8.2010 ?. 15:27:06
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013306\JID_840013306.pif 17.8.2010 ?. 15:27:07
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013306\BridgeData\BridgeData.exe 17.8.2010 ?. 15:27:07
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013306\BridgeData\BridgeCombiRenderer_JID_840013306\BridgeCombiRenderer_JID_840013306.pif 17.8.2010 ?. 15:27:07
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013306\BridgeData\BridgePreviewRenderer_JID_840013306\BridgePreviewRenderer_JID_840013306.pif 17.8.2010 ?. 15:27:07
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013306\BridgeData\BridgePreviewRenderer_JID_840013306_1\BridgePreviewRenderer_JID_840013306_1.exe 17.8.2010 ?. 15:27:08
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013307\JID_840013307.exe 17.8.2010 ?. 15:27:09
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013307\BridgeData\BridgeData.exe 17.8.2010 ?. 15:27:09
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013307\BridgeData\BridgeCombiRenderer_JID_840013307\BridgeCombiRenderer_JID_840013307.exe 17.8.2010 ?. 15:27:11
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013307\BridgeData\BridgePreviewRenderer_JID_840013307\BridgePreviewRenderer_JID_840013307.exe 17.8.2010 ?. 15:27:11
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013307\BridgeData\BridgePreviewRenderer_JID_840013307_1\BridgePreviewRenderer_JID_840013307_1.scr 17.8.2010 ?. 15:27:11
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013308\JID_840013308.exe 17.8.2010 ?. 15:27:12
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013308\BridgeData\BridgeData.exe 17.8.2010 ?. 15:27:12
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013308\BridgeData\BridgeCombiRenderer_JID_840013308\BridgeCombiRenderer_JID_840013308.exe 17.8.2010 ?. 15:27:13
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013308\BridgeData\BridgePreviewRenderer_JID_840013308\BridgePreviewRenderer_JID_840013308.exe 17.8.2010 ?. 15:27:13
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013308\BridgeData\BridgePreviewRenderer_JID_840013308_1\BridgePreviewRenderer_JID_840013308_1.bat 17.8.2010 ?. 15:27:13
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013310\JID_840013310.exe 17.8.2010 ?. 15:27:14
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013310\BridgeData\BridgeData.exe 17.8.2010 ?. 15:27:14
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013310\BridgeData\BridgeCombiRenderer_JID_840013310\BridgeCombiRenderer_JID_840013310.exe 17.8.2010 ?. 15:27:15
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013310\BridgeData\BridgePreviewRenderer_JID_840013310\BridgePreviewRenderer_JID_840013310.exe 17.8.2010 ?. 15:27:15
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013310\BridgeData\BridgePreviewRenderer_JID_840013310_1\BridgePreviewRenderer_JID_840013310_1.exe 17.8.2010 ?. 15:27:15
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013316\JID_840013316.exe 17.8.2010 ?. 15:27:16
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013316\BridgeData\BridgeData.exe 17.8.2010 ?. 15:27:16
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013316\BridgeData\BridgeCombiRenderer_JID_840013316\BridgeCombiRenderer_JID_840013316.exe 17.8.2010 ?. 15:27:16
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013316\BridgeData\BridgePreviewRenderer_JID_840013316\BridgePreviewRenderer_JID_840013316.exe 17.8.2010 ?. 15:27:17
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013316\BridgeData\BridgePreviewRenderer_JID_840013316_1\BridgePreviewRenderer_JID_840013316_1.exe 17.8.2010 ?. 15:27:17
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013324\JID_840013324.pif 17.8.2010 ?. 15:27:17
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013324\BridgeData\BridgeData.exe 17.8.2010 ?. 15:27:18
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013324\BridgeData\BridgeCombiRenderer_JID_840013324\BridgeCombiRenderer_JID_840013324.pif 17.8.2010 ?. 15:27:18
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013324\BridgeData\BridgePreviewRenderer_JID_840013324\BridgePreviewRenderer_JID_840013324.pif 17.8.2010 ?. 15:27:18
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013324\BridgeData\BridgePreviewRenderer_JID_840013324_1\BridgePreviewRenderer_JID_840013324_1.exe 17.8.2010 ?. 15:27:20
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013341\JID_840013341.bat 17.8.2010 ?. 15:27:20
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840001174\GTO_HF.pif 17.8.2010 ?. 15:26:49
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840001175\import.tiffit.exe 17.8.2010 ?. 15:26:52
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840001176\Trash Folder.pif 17.8.2010 ?. 15:26:54
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840001179\GTP_VP_HF.pif 17.8.2010 ?. 15:26:55
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013341\BridgeData\BridgeData.exe 17.8.2010 ?. 15:27:23
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013341\BridgeData\BridgeCombiRenderer_JID_840013341\BridgeCombiRenderer_JID_840013341.bat 17.8.2010 ?. 15:27:23
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013341\BridgeData\BridgePreviewRenderer_JID_840013341\BridgePreviewRenderer_JID_840013341.bat 17.8.2010 ?. 15:27:24
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013341\BridgeData\BridgePreviewRenderer_JID_840013341_1\BridgePreviewRenderer_JID_840013341_1.scr 17.8.2010 ?. 15:27:36
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013342\JID_840013342.pif 17.8.2010 ?. 15:27:56
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013342\BridgeData\BridgeData.exe 17.8.2010 ?. 15:27:56
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013342\BridgeData\BridgeCombiRenderer_JID_840013342\BridgeCombiRenderer_JID_840013342.pif 17.8.2010 ?. 15:27:57
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013342\BridgeData\BridgePreviewRenderer_JID_840013342\BridgePreviewRenderer_JID_840013342.pif 17.8.2010 ?. 15:28:08
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013342\BridgeData\BridgePreviewRenderer_JID_840013342_1\BridgePreviewRenderer_JID_840013342_1.bat 17.8.2010 ?. 15:28:08
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013343\JID_840013343.exe 17.8.2010 ?. 15:28:20
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013343\BridgeData\BridgeData.exe 17.8.2010 ?. 15:28:22
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013343\BridgeData\BridgeCombiRenderer_JID_840013343\BridgeCombiRenderer_JID_840013343.exe 17.8.2010 ?. 15:28:22
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013343\BridgeData\BridgePreviewRenderer_JID_840013343\BridgePreviewRenderer_JID_840013343.exe 17.8.2010 ?. 15:28:23
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013343\BridgeData\BridgePreviewRenderer_JID_840013343_1\BridgePreviewRenderer_JID_840013343_1.pif 17.8.2010 ?. 15:29:10
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013345\JID_840013345.exe 17.8.2010 ?. 15:29:11
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013345\BridgeData\BridgeData.exe 17.8.2010 ?. 15:29:11
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013345\BridgeData\BridgeCombiRenderer_JID_840013345\BridgeCombiRenderer_JID_840013345.exe 17.8.2010 ?. 15:29:12
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013345\BridgeData\BridgePreviewRenderer_JID_840013345\BridgePreviewRenderer_JID_840013345.exe 17.8.2010 ?. 15:29:12
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013345\BridgeData\BridgePreviewRenderer_JID_840013345_1\BridgePreviewRenderer_JID_840013345_1.exe 17.8.2010 ?. 15:29:37
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013346\JID_840013346.scr 17.8.2010 ?. 15:30:11
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013346\BridgeData\BridgeData.exe 17.8.2010 ?. 15:30:17
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013346\BridgeData\BridgeCombiRenderer_JID_840013346\BridgeCombiRenderer_JID_840013346.scr 17.8.2010 ?. 15:30:18
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013346\BridgeData\BridgePreviewRenderer_JID_840013346\BridgePreviewRenderer_JID_840013346.scr 17.8.2010 ?. 15:30:19
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013346\BridgeData\BridgePreviewRenderer_JID_840013346_1\BridgePreviewRenderer_JID_840013346_1.exe 17.8.2010 ?. 15:30:41
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013365\JID_840013365.bat 17.8.2010 ?. 15:30:56
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013365\BridgeData\BridgeData.exe 17.8.2010 ?. 15:30:57
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013365\BridgeData\BridgeCombiRenderer_JID_840013365\BridgeCombiRenderer_JID_840013365.bat 17.8.2010 ?. 15:30:58
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013365\BridgeData\BridgePreviewRenderer_JID_840013365\BridgePreviewRenderer_JID_840013365.bat 17.8.2010 ?. 15:30:58
Quarantined virus HEUR:Trojan.Win32.Generic (modification) E:\MD_SpoolDir_175lpi\JID_840013365\BridgeData\BridgePreviewRenderer_JID_840013365_1\BridgePreviewRenderer_JID_840013365_1.exe 17.8.2010 ?. 15:30:58
Quarantined virus HEUR:Trojan.Win32.Generic (modification) F:\SM102\SM102.pif 17.8.2010 ?. 15:33:37
Quarantined virus HEUR:Trojan.Win32.Generic (modification) G:\HF_74\data.tmp\data.tmp.scr 17.8.2010 ?. 15:33:40
Quarantined virus HEUR:Trojan.Win32.Generic (modification) G:\HF_102\data.tmp\data.tmp.scr 17.8.2010 ?. 15:33:44
Quarantined virus HEUR:Trojan.Win32.Generic (modification) G:\HF_838\data.tmp\data.tmp.scr 17.8.2010 ?. 15:33:50
Quarantined virus HEUR:Trojan.Win32.Generic (modification) G:\HF_GTO\data.tmp\data.tmp.scr 17.8.2010 ?. 15:33:55
Quarantined virus HEUR:Trojan.Win32.Generic (modification) G:\HF_Proof\data.tmp\data.tmp.scr 17.8.2010 ?. 15:33:57


Backup
------
Status Object Time
------ ------ ----

HEUR:Trojan.Win32.Generic (modification) This is the problem.. but didn't find where is the source
 
I could be wrong, but this looks like it may be a false positive.
Did this stat happening after an update to your AV?

Those files belong to Adobe.

Is there any way you can upload them files to symantec for analysis? They would be able to confirm if it is a FP.
 
On my previous post i put this file to scan by a Jotti's site. Every antivirus progrom has a different name.. I check the kaspersky forum for HEUR:Trojan.Win32.Generic (modification) and there are a lot of topics about this ****.... It's the same on a 6 computers, i had a kaspersky tryout, and it stops the files for now.
I try almost everything, i now that it's masked like a maybe a process, but nothing can find it.
 
Ok then.

Make sure to use Internet Explorer for this

Please go to VirSCAN.org FREE on-line scan service

Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
c:\windows\system32\userinit.exe


Click on the Upload button

If a pop-up appears saying the file has been scanned already, please select the ReScan button.

Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.

Paste the contents of the Clipboard in your next reply.

Also scan these,
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe


Virut is a Polymorphic File Infector that infects ..exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.
It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker

Good explanation here:
http://miekiemoes.blogspot.com/2009/...-throwing.html
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
577
Mark Fuller
M
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
518
eriksnyman1
E
Bubbajim
US lawmakers weigh-in on deepfakes after explicit Taylor Swift images are shared online
2
Replies
34
Views
841
Mark Fuller
M

Latest posts

Back