IDP & Crypt AQLW Trojan DDS Log pasted.

[jeffce]

Hi,

Please do the following:

Run TDSSKiller again and post the new log.
----------

Open OTL
In Custom Scans/Fixes put

netsvcs
/md5start
consrv.dll
/md5stop
createrestorepoint

Press the Run Scan button and post the newly made log

[osjknights]

Hi

I notice I have this entry in the HijackThis list;

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=*.local

I have not seen it in the past - should it be removed?

----------------------------------------
Scan results:
----------------------------------------
TDSSKiller:

19:40:39.0140 2548 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
19:40:39.0156 2548 ============================================================
19:40:39.0156 2548 Current date / time: 2012/04/28 19:40:39.0156
19:40:39.0156 2548 SystemInfo:
19:40:39.0156 2548
19:40:39.0156 2548 OS Version: 5.1.2600 ServicePack: 3.0
19:40:39.0156 2548 Product type: Workstation
19:40:39.0156 2548 ComputerName: KNIGHTS-2EE6007
19:40:39.0156 2548 UserName: Dr Michael Foster
19:40:39.0156 2548 Windows directory: C:\WINDOWS
19:40:39.0156 2548 System windows directory: C:\WINDOWS
19:40:39.0156 2548 Processor architecture: Intel x86
19:40:39.0156 2548 Number of processors: 4
19:40:39.0156 2548 Page size: 0x1000
19:40:39.0156 2548 Boot type: Normal boot
19:40:39.0156 2548 ============================================================
19:40:40.0796 2548 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:40:41.0218 2548 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
19:40:41.0265 2548 Drive \Device\Harddisk2\DR5 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'W'
19:40:41.0312 2548 ============================================================
19:40:41.0312 2548 \Device\Harddisk0\DR0:
19:40:41.0312 2548 MBR partitions:
19:40:41.0312 2548 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
19:40:41.0312 2548 \Device\Harddisk1\DR1:
19:40:41.0312 2548 MBR partitions:
19:40:41.0312 2548 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:40:41.0312 2548 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
19:40:41.0312 2548 \Device\Harddisk2\DR5:
19:40:41.0312 2548 MBR partitions:
19:40:41.0312 2548 \Device\Harddisk2\DR5\Partition0: MBR, Type 0x7, StartLBA 0xABE800, BlocksNum 0x2EE000
19:40:41.0312 2548 \Device\Harddisk2\DR5\Partition1: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0x1C418800
19:40:41.0312 2548 ============================================================
19:40:41.0343 2548 C: <-> \Device\Harddisk0\DR0\Partition0
19:40:41.0343 2548 E: <-> \Device\Harddisk1\DR1\Partition0
19:40:41.0359 2548 F: <-> \Device\Harddisk1\DR1\Partition1
19:40:41.0390 2548 L: <-> \Device\Harddisk2\DR5\Partition0
19:40:41.0406 2548 M: <-> \Device\Harddisk2\DR5\Partition1
19:40:41.0406 2548 ============================================================
19:40:41.0406 2548 Initialize success
19:40:41.0406 2548 ============================================================
19:40:51.0578 2804 ============================================================
19:40:51.0578 2804 Scan started
19:40:51.0578 2804 Mode: Manual; SigCheck; TDLFS;
19:40:51.0578 2804 ============================================================
19:40:52.0343 2804 !SASCORE - ok
19:40:52.0437 2804 Abiosdsk - ok
19:40:52.0437 2804 abp480n5 - ok
19:40:52.0515 2804 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:40:52.0984 2804 ACPI - ok
19:40:53.0015 2804 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:40:53.0109 2804 ACPIEC - ok
19:40:53.0109 2804 adaptecstoragemanageragent - ok
19:40:53.0218 2804 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:40:53.0218 2804 AdobeFlashPlayerUpdateSvc - ok
19:40:53.0234 2804 adpu160m - ok
19:40:53.0234 2804 adsexpb - ok
19:40:53.0281 2804 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:40:53.0359 2804 aec - ok
19:40:53.0406 2804 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:40:53.0437 2804 AFD - ok
19:40:53.0437 2804 Aha154x - ok
19:40:53.0437 2804 aic78u2 - ok
19:40:53.0437 2804 aic78xx - ok
19:40:53.0437 2804 alcxsens - ok
19:40:53.0484 2804 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:40:53.0593 2804 Alerter - ok
19:40:53.0593 2804 alertservice - ok
19:40:53.0625 2804 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:40:53.0656 2804 ALG - ok
19:40:53.0656 2804 AliIde - ok
19:40:53.0765 2804 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
19:40:53.0812 2804 Ambfilt - ok
19:40:53.0843 2804 amdk7 - ok
19:40:53.0843 2804 amsint - ok
19:40:53.0984 2804 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:40:54.0000 2804 Apple Mobile Device - ok
19:40:54.0046 2804 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:40:54.0109 2804 AppMgmt - ok
19:40:54.0109 2804 ar5211 - ok
19:40:54.0109 2804 arkbcfltr - ok
19:40:54.0140 2804 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:40:54.0218 2804 Arp1394 - ok
19:40:54.0218 2804 asc - ok
19:40:54.0234 2804 asc3350p - ok
19:40:54.0234 2804 asc3550 - ok
19:40:54.0328 2804 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:40:54.0343 2804 aspnet_state - ok
19:40:54.0375 2804 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:40:54.0453 2804 AsyncMac - ok
19:40:54.0500 2804 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:40:54.0609 2804 atapi - ok
19:40:54.0609 2804 Atdisk - ok
19:40:54.0609 2804 ATKGFNEXSrv - ok
19:40:54.0609 2804 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:40:54.0687 2804 Atmarpc - ok
19:40:54.0718 2804 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:40:54.0796 2804 AudioSrv - ok
19:40:54.0859 2804 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:40:54.0953 2804 audstub - ok
19:40:55.0218 2804 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
19:40:55.0359 2804 AVGIDSAgent - ok
19:40:55.0453 2804 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
19:40:55.0468 2804 AVGIDSDriver - ok
19:40:55.0484 2804 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
19:40:55.0500 2804 AVGIDSEH - ok
19:40:55.0515 2804 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
19:40:55.0531 2804 AVGIDSFilter - ok
19:40:55.0593 2804 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
19:40:55.0609 2804 AVGIDSShim - ok
19:40:55.0671 2804 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:40:55.0687 2804 Avgldx86 - ok
19:40:55.0750 2804 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:40:55.0750 2804 Avgmfx86 - ok
19:40:55.0765 2804 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:40:55.0781 2804 Avgrkx86 - ok
19:40:55.0796 2804 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:40:55.0812 2804 Avgtdix - ok
19:40:55.0890 2804 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:40:55.0906 2804 avgwd - ok
19:40:55.0906 2804 BANTExt - ok
19:40:55.0968 2804 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:40:56.0062 2804 Beep - ok
19:40:56.0062 2804 belmonitorservice - ok
19:40:56.0125 2804 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:40:56.0234 2804 BITS - ok
19:40:56.0250 2804 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:40:56.0343 2804 Browser - ok
19:40:56.0343 2804 BrUsbSer - ok
19:40:56.0375 2804 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
19:40:56.0484 2804 BthEnum - ok
19:40:56.0515 2804 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
19:40:56.0593 2804 BTHMODEM - ok
19:40:56.0625 2804 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
19:40:56.0718 2804 BthPan - ok
19:40:56.0765 2804 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
19:40:56.0796 2804 BTHPORT - ok
19:40:56.0843 2804 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
19:40:56.0937 2804 BthServ - ok
19:40:56.0953 2804 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
19:40:57.0031 2804 BTHUSB - ok
19:40:57.0031 2804 C-Dilla - ok
19:40:57.0031 2804 catchme - ok
19:40:57.0078 2804 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:40:57.0187 2804 cbidf2k - ok
19:40:57.0187 2804 ccevtmgr - ok
19:40:57.0187 2804 cd20xrnt - ok
19:40:57.0187 2804 CdaD10BA - ok
19:40:57.0203 2804 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:40:57.0281 2804 Cdaudio - ok
19:40:57.0328 2804 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:40:57.0421 2804 Cdfs - ok
19:40:57.0453 2804 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:40:57.0546 2804 Cdrom - ok
19:40:57.0593 2804 Changer (daf1a8193b6caf0fb858cadcc5c4af4a) C:\WINDOWS\system32\drivers\Changer.sys
19:40:57.0703 2804 Changer - ok
19:40:57.0750 2804 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:40:57.0828 2804 CiSvc - ok
19:40:57.0875 2804 CLBStor (0252b4007a8f3a6cc61220cbe122544d) C:\WINDOWS\system32\drivers\CLBStor.sys
19:40:57.0890 2804 CLBStor - ok
19:40:57.0953 2804 CLBUDF (dc705765a170f7bd8af3632c93b03f0b) C:\WINDOWS\system32\drivers\CLBUDF.sys
19:40:57.0968 2804 CLBUDF - ok
19:40:57.0984 2804 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:40:58.0078 2804 ClipSrv - ok
19:40:58.0187 2804 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:40:58.0203 2804 clr_optimization_v2.0.50727_32 - ok
19:40:58.0203 2804 CmdIde - ok
19:40:58.0203 2804 CoachUsb - ok
19:40:58.0203 2804 commserver - ok
19:40:58.0203 2804 COMSysApp - ok
19:40:58.0218 2804 Cpqarray - ok
19:40:58.0296 2804 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
19:40:58.0312 2804 cpudrv - ok
19:40:58.0343 2804 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:40:58.0421 2804 CryptSvc - ok
19:40:58.0421 2804 cygserver - ok
19:40:58.0421 2804 dac2w2k - ok
19:40:58.0421 2804 dac960nt - ok
19:40:58.0421 2804 DC21x4 - ok
19:40:58.0468 2804 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:40:58.0484 2804 DcomLaunch - ok
19:40:58.0546 2804 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:40:58.0625 2804 Dhcp - ok
19:40:58.0656 2804 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:40:58.0765 2804 Disk - ok
19:40:58.0765 2804 dladresn - ok
19:40:58.0765 2804 dlaopiom - ok
19:40:58.0765 2804 dmadmin - ok
19:40:58.0828 2804 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:40:58.0937 2804 dmboot - ok
19:40:58.0968 2804 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:40:59.0078 2804 dmio - ok
19:40:59.0093 2804 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:40:59.0171 2804 dmload - ok
19:40:59.0203 2804 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:40:59.0296 2804 dmserver - ok
19:40:59.0312 2804 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:40:59.0390 2804 DMusic - ok
19:40:59.0437 2804 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:40:59.0453 2804 Dnscache - ok
19:40:59.0484 2804 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:40:59.0578 2804 Dot3svc - ok
19:40:59.0593 2804 dpti2o - ok
19:40:59.0609 2804 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:40:59.0703 2804 drmkaud - ok
19:40:59.0703 2804 EACSvrMngr - ok
19:40:59.0734 2804 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:40:59.0843 2804 EapHost - ok
19:40:59.0843 2804 EL90X - ok
19:40:59.0843 2804 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:40:59.0937 2804 ERSvc - ok
19:41:00.0015 2804 esgiguard (2407b8164e966755bc6a4242fc9de31e) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
19:41:00.0015 2804 esgiguard - ok
19:41:00.0031 2804 EU3_USB - ok
19:41:00.0109 2804 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:41:00.0125 2804 Eventlog - ok
19:41:00.0187 2804 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:41:00.0203 2804 EventSystem - ok
19:41:00.0203 2804 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:41:00.0296 2804 Fastfat - ok
19:41:00.0343 2804 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:41:00.0359 2804 FastUserSwitchingCompatibility - ok
19:41:00.0421 2804 FaxTalk FaxCenter Pro 8 (18ef9f53f127b8758b257117983df520) C:\Program Files\FaxTalk\FTmsgsvc.exe
19:41:00.0437 2804 FaxTalk FaxCenter Pro 8 - ok
19:41:00.0453 2804 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:41:00.0531 2804 Fdc - ok
19:41:00.0546 2804 FINEPIX_PCC - ok
19:41:00.0578 2804 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:41:00.0671 2804 Fips - ok
19:41:00.0687 2804 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:41:00.0765 2804 Flpydisk - ok
19:41:00.0796 2804 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:41:00.0875 2804 FltMgr - ok
19:41:01.0046 2804 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:41:01.0062 2804 FontCache3.0.0.0 - ok
19:41:01.0062 2804 fsaa - ok
19:41:01.0109 2804 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:41:01.0187 2804 Fs_Rec - ok
19:41:01.0265 2804 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:41:01.0359 2804 Ftdisk - ok
19:41:01.0390 2804 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:41:01.0406 2804 GEARAspiWDM - ok
19:41:01.0406 2804 getPlusHelper - ok
19:41:01.0406 2804 giveio - ok
19:41:01.0453 2804 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:41:01.0562 2804 Gpc - ok
19:41:01.0609 2804 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:41:01.0625 2804 gupdate - ok
19:41:01.0625 2804 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:41:01.0625 2804 gupdatem - ok
19:41:01.0640 2804 ham50 - ok
19:41:01.0640 2804 hap16v2k - ok
19:41:01.0687 2804 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:41:01.0781 2804 HDAudBus - ok
19:41:01.0828 2804 helpsvc - ok
19:41:01.0828 2804 HidServ - ok
19:41:01.0875 2804 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:41:01.0968 2804 hkmsvc - ok
19:41:01.0968 2804 hpn - ok
19:41:02.0015 2804 HSFHWBS2 (6312dc46356df3974e88aa51b69360dc) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
19:41:02.0031 2804 HSFHWBS2 - ok
19:41:02.0093 2804 HSF_DPV (daab917eec9849840a13353198d48cc5) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
19:41:02.0140 2804 HSF_DPV - ok
19:41:02.0187 2804 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:41:02.0234 2804 HTTP - ok
19:41:02.0281 2804 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:41:02.0375 2804 HTTPFilter - ok
19:41:02.0406 2804 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:41:02.0484 2804 i2omgmt - ok
19:41:02.0484 2804 i2omp - ok
19:41:02.0546 2804 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:41:02.0640 2804 i8042prt - ok
19:41:02.0640 2804 icdsptsv - ok
19:41:02.0828 2804 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:41:02.0859 2804 idsvc - ok
19:41:02.0875 2804 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:41:02.0953 2804 Imapi - ok
19:41:02.0984 2804 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:41:03.0062 2804 ImapiService - ok
19:41:03.0062 2804 incdfs - ok
19:41:03.0078 2804 ini910u - ok
19:41:03.0078 2804 int15 - ok
19:41:03.0375 2804 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:41:03.0562 2804 IntcAzAudAddService - ok
19:41:03.0640 2804 IntelIde - ok
19:41:03.0703 2804 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:41:03.0781 2804 intelppm - ok
19:41:03.0781 2804 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:41:03.0875 2804 Ip6Fw - ok
19:41:03.0921 2804 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:41:04.0015 2804 IpFilterDriver - ok
19:41:04.0046 2804 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:41:04.0140 2804 IpInIp - ok
19:41:04.0171 2804 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:41:04.0265 2804 IpNat - ok
19:41:04.0390 2804 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe
19:41:04.0421 2804 iPod Service - ok
19:41:04.0437 2804 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:41:04.0531 2804 IPSec - ok
19:41:04.0562 2804 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:41:04.0609 2804 IRENUM - ok
19:41:04.0640 2804 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:41:04.0718 2804 isapnp - ok
19:41:04.0812 2804 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
19:41:04.0828 2804 JavaQuickStarterService - ok
19:41:04.0828 2804 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:41:04.0906 2804 Kbdclass - ok
19:41:04.0921 2804 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:41:05.0000 2804 kmixer - ok
19:41:05.0031 2804 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:41:05.0062 2804 KSecDD - ok
19:41:05.0109 2804 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:41:05.0140 2804 lanmanserver - ok
19:41:05.0156 2804 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:41:05.0171 2804 lanmanworkstation - ok
19:41:05.0187 2804 lbrtfdc (cc50a66548c2f285bc8a7b0b8aa578e3) C:\WINDOWS\system32\drivers\lbrtfdc.sys
19:41:05.0250 2804 lbrtfdc - ok
19:41:05.0281 2804 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:41:05.0375 2804 LmHosts - ok
19:41:05.0375 2804 LUsbFilt - ok
19:41:05.0375 2804 lxrsge10s - ok
19:41:05.0375 2804 mafwboot - ok
19:41:05.0484 2804 MatSvc (0cf633a54c681c65297c63106c4bc376) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
19:41:05.0500 2804 MatSvc - ok
19:41:05.0531 2804 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
19:41:05.0531 2804 MBAMProtector - ok
19:41:05.0609 2804 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:41:05.0640 2804 MBAMService - ok
19:41:05.0750 2804 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
19:41:05.0765 2804 McComponentHostService - ok
19:41:05.0765 2804 mcdetect.exe - ok
19:41:05.0843 2804 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:41:05.0859 2804 mdmxsdk - ok
19:41:05.0890 2804 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:41:05.0984 2804 Messenger - ok
19:41:05.0984 2804 mf - ok
19:41:05.0984 2804 mindrepair - ok
19:41:06.0031 2804 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:41:06.0109 2804 mnmdd - ok
19:41:06.0140 2804 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:41:06.0234 2804 mnmsrvc - ok
19:41:06.0296 2804 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:41:06.0375 2804 Modem - ok
19:41:06.0421 2804 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:41:06.0515 2804 MODEMCSA - ok
19:41:06.0625 2804 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
19:41:06.0656 2804 Monfilt - ok
19:41:06.0718 2804 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:41:06.0812 2804 Mouclass - ok
19:41:06.0843 2804 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:41:06.0937 2804 MountMgr - ok
19:41:06.0937 2804 MR97310_USB_DUAL_CAMERA - ok
19:41:06.0953 2804 mraid35x - ok
19:41:06.0953 2804 MRV6X32P - ok
19:41:06.0968 2804 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:41:07.0078 2804 MRxDAV - ok
19:41:07.0140 2804 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:41:07.0171 2804 MRxSmb - ok
19:41:07.0171 2804 MSCamSvc - ok
19:41:07.0203 2804 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:41:07.0296 2804 MSDTC - ok
19:41:07.0312 2804 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:41:07.0406 2804 Msfs - ok
19:41:07.0406 2804 MSICPL - ok
19:41:07.0421 2804 MSIServer - ok
19:41:07.0421 2804 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:41:07.0515 2804 MSKSSRV - ok
19:41:07.0515 2804 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:41:07.0593 2804 MSPCLOCK - ok
19:41:07.0593 2804 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:41:07.0671 2804 MSPQM - ok
19:41:07.0718 2804 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:41:07.0796 2804 mssmbios - ok
19:41:07.0812 2804 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:41:07.0843 2804 Mup - ok
19:41:07.0843 2804 Mvc25U870_VID_1262&PID_25FD - ok
19:41:07.0859 2804 n558 - ok
19:41:07.0906 2804 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:41:07.0968 2804 napagent - ok
19:41:07.0984 2804 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:41:08.0078 2804 NDIS - ok
19:41:08.0125 2804 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:41:08.0156 2804 NdisTapi - ok
19:41:08.0156 2804 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:41:08.0234 2804 Ndisuio - ok
19:41:08.0250 2804 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:41:08.0312 2804 NdisWan - ok
19:41:08.0343 2804 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:41:08.0359 2804 NDProxy - ok
19:41:08.0359 2804 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:41:08.0453 2804 NetBIOS - ok
19:41:08.0484 2804 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:41:08.0562 2804 NetBT - ok
19:41:08.0578 2804 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:41:08.0656 2804 NetDDE - ok
19:41:08.0656 2804 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:41:08.0734 2804 NetDDEdsdm - ok
19:41:08.0781 2804 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:41:08.0859 2804 Netlogon - ok
19:41:08.0875 2804 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:41:08.0968 2804 Netman - ok
19:41:09.0140 2804 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:41:09.0140 2804 NetTcpPortSharing - ok
19:41:09.0187 2804 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:41:09.0281 2804 NIC1394 - ok
19:41:09.0328 2804 nicconfigsvc (9c454cd857b4c0ccf7a614b047616503) C:\WINDOWS\system32\SimpTcp.dll
19:41:09.0406 2804 nicconfigsvc - ok
19:41:09.0468 2804 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:41:09.0515 2804 Nla - ok
19:41:09.0546 2804 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\WINDOWS\system32\drivers\ccdcmb.sys
19:41:09.0593 2804 nmwcd - ok
19:41:09.0625 2804 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
19:41:09.0687 2804 nmwcdc - ok
19:41:09.0718 2804 nmwcdnsu (99b224f8026cb534724aa3c408561e45) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
19:41:09.0781 2804 nmwcdnsu - ok
19:41:09.0812 2804 nmwcdnsuc (d23257682d349a5e2e4507ed33decc16) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
19:41:09.0890 2804 nmwcdnsuc - ok
19:41:09.0906 2804 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:41:10.0000 2804 Npfs - ok
19:41:10.0046 2804 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:41:10.0156 2804 Ntfs - ok
19:41:10.0156 2804 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:41:10.0234 2804 NtLmSsp - ok
19:41:10.0265 2804 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:41:10.0375 2804 NtmsSvc - ok
19:41:10.0406 2804 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:41:10.0500 2804 Null - ok
19:41:10.0828 2804 nv (ceab17ba3e0f7de96a4649f896b35131) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:41:11.0000 2804 nv ( UnsignedFile.Multi.Generic ) - warning
19:41:11.0000 2804 nv - detected UnsignedFile.Multi.Generic (1)
19:41:11.0125 2804 NVSvc (df6fd57d6807ae459b3463fbfda02d49) C:\WINDOWS\system32\nvsvc32.exe
19:41:11.0140 2804 NVSvc ( UnsignedFile.Multi.Generic ) - warning
19:41:11.0140 2804 NVSvc - detected UnsignedFile.Multi.Generic (1)
19:41:11.0156 2804 NWHOST - ok
19:41:11.0187 2804 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:41:11.0281 2804 NwlnkFlt - ok
19:41:11.0281 2804 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:41:11.0359 2804 NwlnkFwd - ok
19:41:11.0390 2804 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:41:11.0484 2804 ohci1394 - ok
19:41:11.0484 2804 omci - ok
19:41:11.0609 2804 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:41:11.0609 2804 ose - ok
19:41:11.0671 2804 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
19:41:11.0765 2804 Parport - ok
19:41:11.0765 2804 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:41:11.0843 2804 PartMgr - ok
19:41:11.0890 2804 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:41:11.0984 2804 ParVdm - ok
19:41:12.0031 2804 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
19:41:12.0046 2804 pccsmcfd - ok
19:41:12.0078 2804 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:41:12.0187 2804 PCI - ok
19:41:12.0187 2804 PCIDump - ok
19:41:12.0218 2804 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:41:12.0312 2804 PCIIde - ok
19:41:12.0328 2804 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:41:12.0406 2804 Pcmcia - ok
19:41:12.0406 2804 pdlndldl - ok
19:41:12.0421 2804 perc2 - ok
19:41:12.0421 2804 perc2hib - ok
19:41:12.0421 2804 pgpsdkservice - ok
19:41:12.0421 2804 pktfilter - ok
19:41:12.0468 2804 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:41:12.0484 2804 PlugPlay - ok
19:41:12.0500 2804 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:41:12.0578 2804 PolicyAgent - ok
19:41:12.0609 2804 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:41:12.0687 2804 PptpMiniport - ok
19:41:12.0687 2804 procexp100 - ok
19:41:12.0687 2804 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:41:12.0765 2804 ProtectedStorage - ok
19:41:12.0765 2804 protectionservice - ok
19:41:12.0781 2804 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:41:12.0843 2804 PSched - ok
19:41:12.0890 2804 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:41:12.0984 2804 Ptilink - ok
19:41:12.0984 2804 ql1080 - ok
19:41:12.0984 2804 Ql10wnt - ok
19:41:12.0984 2804 ql12160 - ok
19:41:12.0984 2804 ql1240 - ok
19:41:13.0000 2804 ql1280 - ok
19:41:13.0000 2804 ql2100 - ok
19:41:13.0187 2804 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
19:41:13.0203 2804 RapportCerberus_34302 - ok
19:41:13.0250 2804 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
19:41:13.0265 2804 RapportEI - ok
19:41:13.0359 2804 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
19:41:13.0375 2804 RapportIaso - ok
19:41:13.0390 2804 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\WINDOWS\system32\Drivers\RapportKELL.sys
19:41:13.0406 2804 RapportKELL - ok
19:41:13.0468 2804 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
19:41:13.0484 2804 RapportMgmtService - ok
19:41:13.0515 2804 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
19:41:13.0531 2804 RapportPG - ok
19:41:13.0578 2804 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:41:13.0656 2804 RasAcd - ok
19:41:13.0687 2804 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:41:13.0765 2804 RasAuto - ok
19:41:13.0796 2804 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:41:13.0875 2804 Rasl2tp - ok
19:41:13.0921 2804 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:41:14.0000 2804 RasMan - ok
19:41:14.0046 2804 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:41:14.0140 2804 RasPppoe - ok
19:41:14.0140 2804 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:41:14.0218 2804 Raspti - ok
19:41:14.0250 2804 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:41:14.0328 2804 Rdbss - ok
19:41:14.0328 2804 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:41:14.0421 2804 RDPCDD - ok
19:41:14.0484 2804 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:41:14.0578 2804 rdpdr - ok
19:41:14.0640 2804 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:41:14.0671 2804 RDPWD - ok
19:41:14.0718 2804 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:41:14.0812 2804 RDSessMgr - ok
19:41:14.0843 2804 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:41:14.0953 2804 redbook - ok
19:41:14.0984 2804 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:41:15.0093 2804 RemoteAccess - ok
19:41:15.0125 2804 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:41:15.0203 2804 RemoteRegistry - ok
19:41:15.0250 2804 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
19:41:15.0328 2804 RFCOMM - ok
19:41:15.0546 2804 RichVideo (4d05898896ec49cf663dda61041ab096) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
19:41:15.0562 2804 RichVideo - ok
19:41:15.0562 2804 roxmediadb - ok
19:41:15.0593 2804 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:41:15.0671 2804 RpcLocator - ok
19:41:15.0734 2804 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
19:41:15.0750 2804 RpcSs - ok
19:41:15.0781 2804 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:41:15.0859 2804 RSVP - ok
19:41:15.0906 2804 RTL8023xp (69ee1e8dc0c750a5d03739e6e9429959) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
19:41:15.0937 2804 RTL8023xp ( UnsignedFile.Multi.Generic ) - warning
19:41:15.0937 2804 RTL8023xp - detected UnsignedFile.Multi.Generic (1)
19:41:15.0968 2804 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:41:16.0046 2804 rtl8139 - ok
19:41:16.0046 2804 SaiMini - ok
19:41:16.0078 2804 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:41:16.0156 2804 SamSs - ok
19:41:16.0265 2804 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:41:16.0265 2804 SASDIFSV - ok
19:41:16.0281 2804 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:41:16.0281 2804 SASKUTIL - ok
19:41:16.0343 2804 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:41:16.0437 2804 SCardSvr - ok
19:41:16.0453 2804 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:41:16.0531 2804 Schedule - ok
19:41:16.0640 2804 SdReadSpool (b9443470baae569d9a3fabbfeb35c4e7) C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
19:41:16.0640 2804 SdReadSpool - ok
19:41:16.0671 2804 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:41:16.0734 2804 Secdrv - ok
19:41:16.0796 2804 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:41:16.0875 2804 seclogon - ok
19:41:16.0890 2804 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:41:16.0968 2804 SENS - ok
19:41:17.0031 2804 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
19:41:17.0109 2804 Serial - ok
19:41:17.0203 2804 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:41:17.0234 2804 ServiceLayer - ok
19:41:17.0234 2804 SfCtlCom - ok
19:41:17.0296 2804 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:41:17.0390 2804 Sfloppy - ok
19:41:17.0390 2804 sfsync04 - ok
19:41:17.0453 2804 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:41:17.0546 2804 SharedAccess - ok
19:41:17.0578 2804 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:41:17.0593 2804 ShellHWDetection - ok
19:41:17.0593 2804 Simbad - ok
19:41:17.0593 2804 SiRemFil - ok
19:41:17.0593 2804 smartwiservice - ok
19:41:17.0593 2804 smservaz - ok
19:41:17.0609 2804 softfax - ok
19:41:17.0609 2804 Sparrow - ok
19:41:17.0656 2804 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:41:17.0734 2804 splitter - ok
19:41:17.0750 2804 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:41:17.0765 2804 Spooler - ok
19:41:17.0843 2804 SpyHunter 4 Service (63f2b52947577dbb075fe646bc758a2f) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
19:41:17.0875 2804 SpyHunter 4 Service - ok
19:41:17.0890 2804 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:41:17.0953 2804 sr - ok
19:41:18.0000 2804 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:41:18.0031 2804 srservice - ok
19:41:18.0093 2804 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:41:18.0140 2804 Srv - ok
19:41:18.0156 2804 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:41:18.0218 2804 SSDPSRV - ok
19:41:18.0265 2804 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:41:18.0343 2804 stisvc - ok
19:41:18.0390 2804 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:41:18.0468 2804 swenum - ok
19:41:18.0515 2804 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:41:18.0609 2804 swmidi - ok
19:41:18.0609 2804 SwPrv - ok
19:41:18.0609 2804 symc810 - ok
19:41:18.0609 2804 symc8xx - ok
19:41:18.0625 2804 symdns - ok
19:41:18.0625 2804 sym_hi - ok
19:41:18.0625 2804 sym_u3 - ok
19:41:18.0656 2804 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:41:18.0734 2804 sysaudio - ok
19:41:18.0765 2804 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:41:18.0859 2804 SysmonLog - ok
19:41:18.0921 2804 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:41:19.0031 2804 TapiSrv - ok
19:41:19.0093 2804 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:41:19.0109 2804 Tcpip - ok
19:41:19.0140 2804 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:41:19.0250 2804 TDPIPE - ok
19:41:19.0250 2804 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:41:19.0343 2804 TDTCP - ok
19:41:19.0375 2804 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:41:19.0453 2804 TermDD - ok
19:41:19.0531 2804 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:41:19.0609 2804 TermService - ok
19:41:19.0640 2804 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:41:19.0656 2804 Themes - ok
19:41:19.0703 2804 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:41:19.0734 2804 TlntSvr - ok
19:41:19.0750 2804 TosIde - ok
19:41:19.0750 2804 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:41:19.0843 2804 TrkWks - ok
19:41:19.0859 2804 trlokom_rmhsvc - ok
19:41:19.0859 2804 U2SP - ok
19:41:19.0859 2804 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:41:19.0937 2804 Udfs - ok
19:41:19.0937 2804 ultra - ok
19:41:20.0000 2804 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:41:20.0093 2804 Update - ok
19:41:20.0125 2804 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:41:20.0171 2804 upnphost - ok
19:41:20.0218 2804 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
19:41:20.0281 2804 upperdev - ok
19:41:20.0328 2804 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:41:20.0421 2804 UPS - ok
19:41:20.0421 2804 upsentry_smart - ok
19:41:20.0437 2804 USB11LDR - ok
19:41:20.0437 2804 USBAAPL - ok
19:41:20.0484 2804 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:41:20.0578 2804 usbehci - ok
19:41:20.0609 2804 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:41:20.0703 2804 usbhub - ok
19:41:20.0750 2804 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:41:20.0828 2804 usbprint - ok
19:41:20.0828 2804 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:41:20.0921 2804 usbscan - ok
19:41:20.0937 2804 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
19:41:21.0015 2804 usbser - ok
19:41:21.0046 2804 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
19:41:21.0093 2804 UsbserFilt - ok
19:41:21.0125 2804 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:41:21.0218 2804 USBSTOR - ok
19:41:21.0265 2804 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:41:21.0359 2804 usbuhci - ok
19:41:21.0375 2804 USBVCD - ok
19:41:21.0421 2804 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:41:21.0500 2804 VgaSave - ok
19:41:21.0500 2804 ViaIde - ok
19:41:21.0531 2804 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:41:21.0625 2804 VolSnap - ok
19:41:21.0625 2804 vrservice - ok
19:41:21.0671 2804 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:41:21.0703 2804 VSS - ok
19:41:21.0718 2804 w29n51 - ok
19:41:21.0750 2804 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:41:21.0843 2804 W32Time - ok
19:41:21.0906 2804 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:41:22.0000 2804 Wanarp - ok
19:41:22.0000 2804 wap3gx - ok
19:41:22.0062 2804 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
19:41:22.0078 2804 Wdf01000 - ok
19:41:22.0078 2804 WDICA - ok
19:41:22.0109 2804 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:41:22.0218 2804 wdmaud - ok
19:41:22.0250 2804 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:41:22.0343 2804 WebClient - ok
19:41:22.0375 2804 wfxsvc (be2157595c087207676ec716a6be4cce) C:\WINDOWS\system32\WFXSVC.EXE
19:41:22.0390 2804 wfxsvc ( UnsignedFile.Multi.Generic ) - warning
19:41:22.0390 2804 wfxsvc - detected UnsignedFile.Multi.Generic (1)
19:41:22.0453 2804 winachsf (be3a842c2f2e87e7c840d36bcf13e8e0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:41:22.0484 2804 winachsf - ok
19:41:22.0593 2804 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:41:22.0671 2804 winmgmt - ok
19:41:22.0671 2804 winpowermanager - ok
19:41:22.0781 2804 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
19:41:22.0812 2804 WinRM - ok
19:41:22.0843 2804 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:41:22.0859 2804 WmdmPmSN - ok
19:41:22.0921 2804 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:41:22.0984 2804 Wmi - ok
19:41:23.0015 2804 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:41:23.0109 2804 WmiApSrv - ok
19:41:23.0296 2804 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:41:23.0343 2804 WMPNetworkSvc - ok
19:41:23.0375 2804 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:41:23.0375 2804 WpdUsb - ok
19:41:23.0437 2804 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:41:23.0531 2804 WS2IFSL - ok
19:41:23.0578 2804 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:41:23.0656 2804 wscsvc - ok
19:41:23.0703 2804 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:41:23.0781 2804 wuauserv - ok
19:41:23.0828 2804 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:41:23.0828 2804 WudfPf - ok
19:41:23.0859 2804 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:41:23.0875 2804 WudfRd - ok
19:41:23.0921 2804 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
19:41:23.0937 2804 WudfSvc - ok
19:41:24.0000 2804 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:41:24.0109 2804 WZCSVC - ok
19:41:24.0140 2804 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:41:24.0218 2804 xmlprov - ok
19:41:24.0343 2804 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
19:41:24.0359 2804 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
19:41:24.0375 2804 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:41:24.0609 2804 \Device\Harddisk0\DR0 - ok
19:41:24.0609 2804 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:41:24.0625 2804 \Device\Harddisk1\DR1 - ok
19:41:24.0640 2804 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR5
19:41:24.0796 2804 \Device\Harddisk2\DR5 - ok
19:41:24.0812 2804 Boot (0x1200) (de17a28ffae56733026be20e47e5fe8c) \Device\Harddisk0\DR0\Partition0
19:41:24.0812 2804 \Device\Harddisk0\DR0\Partition0 - ok
19:41:24.0812 2804 Boot (0x1200) (ab81bc14f7e65a74e1d70e016623b088) \Device\Harddisk1\DR1\Partition0
19:41:24.0812 2804 \Device\Harddisk1\DR1\Partition0 - ok
19:41:24.0812 2804 Boot (0x1200) (f0463477c940dfacd8991233674ec997) \Device\Harddisk1\DR1\Partition1
19:41:24.0812 2804 \Device\Harddisk1\DR1\Partition1 - ok
19:41:24.0812 2804 Boot (0x1200) (eeec5da32dfa12e1263fca298252a021) \Device\Harddisk2\DR5\Partition0
19:41:24.0812 2804 \Device\Harddisk2\DR5\Partition0 - ok
19:41:24.0812 2804 Boot (0x1200) (8cbb6491629c9a350163059652938fd4) \Device\Harddisk2\DR5\Partition1
19:41:24.0812 2804 \Device\Harddisk2\DR5\Partition1 - ok
19:41:24.0812 2804 ============================================================
19:41:24.0812 2804 Scan finished
19:41:24.0812 2804 ============================================================
19:41:24.0937 3196 Detected object count: 4
19:41:24.0937 3196 Actual detected object count: 4
19:41:27.0640 3196 nv ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:27.0640 3196 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:27.0640 3196 NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:27.0640 3196 NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:27.0640 3196 RTL8023xp ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:27.0640 3196 RTL8023xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:27.0656 3196 wfxsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:27.0656 3196 wfxsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:30.0796 2260 Deinitialize success

[osjknights]

-----------------------------------------------------
OTL Scan:

OTL logfile created on: 28/04/2012 19:43:25 - Run 2
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Dr Michael Foster\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 80.46% Memory free
4.84 Gb Paging File | 4.32 Gb Available in Paging File | 89.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 99.64 Gb Free Space | 42.79% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 65.25 Mb Free Space | 65.25% Space Free | Partition Type: NTFS
Drive F: | 931.41 Gb Total Space | 777.05 Gb Free Space | 83.43% Space Free | Partition Type: NTFS
Drive L: | 1.46 Gb Total Space | 1.42 Gb Free Space | 97.19% Space Free | Partition Type: NTFS
Drive M: | 226.05 Gb Total Space | 225.63 Gb Free Space | 99.81% Space Free | Partition Type: NTFS

Computer Name: KNIGHTS-2EE6007 | User Name: Dr Michael Foster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dr Michael Foster\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\AVG\AVG2012\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\FaxTalk\FTmsgsvc.exe (Thought Communications, Inc.)
PRC - C:\Program Files\FaxTalk\FTclctrl.exe (Thought Communications, Inc.)
PRC - C:\Program Files\FaxTalk\fapiexe.exe (Thought Communications, Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Magic Formation\MagicFormation.exe ()
PRC - C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe (Solid Documents, LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\Program Files\winfax\WFXMOD32.EXE (Symantec Corporation)
PRC - C:\WINDOWS\system32\WFXSNT40.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\WFXSVC.EXE (Symantec Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\PC Connectivity Solution\PCCSUpdater.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll ()
MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()
MOD - C:\Program Files\Magic Formation\MagicFormation.exe ()
MOD - C:\Program Files\Magic Formation\MFHook.dll ()
MOD - C:\WINDOWS\system32\solidlocalmon.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\winfax\DCCDA32I.DLL ()
MOD - C:\Program Files\winfax\WFXVW32I.DLL ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\WFXPNT40.DLL ()
MOD - C:\Program Files\winfax\SENGINE.DLL ()
MOD - C:\Program Files\winfax\DCCTBP32.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (winpowermanager) -- %systemroot%\system32\oracleorahome92pagingserver.dll File not found
SRV - (wap3gx) -- %systemroot%\system32\ati2mpaa.dll File not found
SRV - (w29n51) -- %systemroot%\system32\cpqfcalm.dll File not found
SRV - (vrservice) -- %systemroot%\system32\NETw4v32.dll File not found
SRV - (USBVCD) -- %systemroot%\system32\msgsrvservice.dll File not found
SRV - (USBAAPL) -- %systemroot%\system32\stisvc.dlle File not found
SRV - (USB11LDR) -- %systemroot%\system32\olregcap.dll File not found
SRV - (upsentry_smart) -- %systemroot%\system32\RR2Vbi.dll File not found
SRV - (U2SP) -- %systemroot%\system32\rpsupdaterr.dll File not found
SRV - (trlokom_rmhsvc) -- %systemroot%\system32\iksyssec.dll File not found
SRV - (symdns) -- %systemroot%\system32\SunkFilt39.dll File not found
SRV - (softfax) -- %systemroot%\system32\beatjamupnpmusicserver.dll File not found
SRV - (smservaz) -- %systemroot%\system32\s217mgmt.dll File not found
SRV - (smartwiservice) -- %systemroot%\system32\emupia.dll File not found
SRV - (SiRemFil) -- %systemroot%\system32\backupexecnamingservice.dll File not found
SRV - (sfsync04) -- %systemroot%\system32\dcsloader.dll File not found
SRV - (SfCtlCom) -- %systemroot%\system32\djsnetcn.dll File not found
SRV - (SaiMini) -- %systemroot%\system32\webrootenterpriseupdateservice.dll File not found
SRV - (roxmediadb) -- %systemroot%\system32\motmodem.dll File not found
SRV - (ql2100) -- %systemroot%\system32\DLH5X.dll File not found
SRV - (protectionservice) -- %systemroot%\system32\PCDRSRVC.dll File not found
SRV - (procexp100) -- %systemroot%\system32\PTDCBus.dll File not found
SRV - (pktfilter) -- %systemroot%\system32\PDExchange.dll File not found
SRV - (pgpsdkservice) -- %systemroot%\system32\besclient.dll File not found
SRV - (pdlndldl) -- %systemroot%\system32\vds.dll File not found
SRV - (omci) -- %systemroot%\system32\EIO_XP.dll File not found
SRV - (NWHOST) -- %systemroot%\system32\outpostfirewall.dll File not found
SRV - (n558) -- %systemroot%\system32\iolo_srv.dll File not found
SRV - (Mvc25U870_VID_1262&PID_25FD) -- %systemroot%\system32\StickyMesger.dll File not found
SRV - (MSICPL) -- %systemroot%\system32\SaiH040B.dll File not found
SRV - (MSCamSvc) -- %systemroot%\system32\NsTrcNT.dll File not found
SRV - (MRV6X32P) -- %systemroot%\system32\n3900.dll File not found
SRV - (MR97310_USB_DUAL_CAMERA) -- %systemroot%\system32\viamraid.dllilt File not found
SRV - (mindrepair) -- %systemroot%\system32\epson_pm_rpcv2_02.dll File not found
SRV - (mf) -- %systemroot%\system32\ql2100.dll File not found
SRV - (mcdetect.exe) -- %systemroot%\system32\InterBaseGuardian.dll File not found
SRV - (mafwboot) -- %systemroot%\system32\vds.dll File not found
SRV - (lxrsge10s) -- %systemroot%\system32\snapman.dll File not found
SRV - (LUsbFilt) -- %systemroot%\system32\NwSapAgent.dll File not found
SRV - (int15) -- %systemroot%\system32\isapnp.dll File not found
SRV - (incdfs) -- %systemroot%\system32\flutilssvc.dll File not found
SRV - (icdsptsv) -- %systemroot%\system32\DS1410D.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (helpsvc) -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SRV - (hap16v2k) -- %systemroot%\system32\qbfcservice.dll File not found
SRV - (giveio) -- %systemroot%\system32\winachsx.dll File not found
SRV - (getPlusHelper) -- %systemroot%\system32\smserial.dll File not found
SRV - (fsaa) -- %systemroot%\system32\mxssvr.dll File not found
SRV - (FINEPIX_PCC) -- %systemroot%\system32\mail2ec.dll File not found
SRV - (EU3_USB) -- %systemroot%\system32\symwsc.dll File not found
SRV - (EL90X) -- %systemroot%\system32\sentinel.dll File not found
SRV - (EACSvrMngr) -- %systemroot%\system32\int15.sys.dll File not found
SRV - (dlaopiom) -- %systemroot%\system32\CXTUNE.dll File not found
SRV - (dladresn) -- %systemroot%\system32\crystaloutputfileserver.dll File not found
SRV - (DC21x4) -- %systemroot%\system32\RapiMgr.dll File not found
SRV - (cygserver) -- %systemroot%\system32\snapman380.dll File not found
SRV - (commserver) -- %systemroot%\system32\ndis.dll File not found
SRV - (CoachUsb) -- %systemroot%\system32\mqdmmdm.dll File not found
SRV - (C-Dilla) -- %systemroot%\system32\ONSIO.dll File not found
SRV - (CdaD10BA) -- %systemroot%\system32\ctac32k.dll File not found
SRV - (ccevtmgr) -- %systemroot%\system32\btkrnl.dll File not found
SRV - (BrUsbSer) -- %systemroot%\system32\olapserver.dll File not found
SRV - (belmonitorservice) -- %systemroot%\system32\z800mdm.dll File not found
SRV - (ATKGFNEXSrv) -- %systemroot%\system32\AIRPLUS.dll File not found
SRV - (arkbcfltr) -- %systemroot%\system32\mirrorv3.dll File not found
SRV - (ar5211) -- %systemroot%\system32\arhidfltr.dll File not found
SRV - (amdk7) -- %systemroot%\system32\niorbk.dll File not found
SRV - (alertservice) -- %systemroot%\system32\sp_clamsrv.dll File not found
SRV - (alcxsens) -- %systemroot%\system32\dbmang.dll File not found
SRV - (adsexpb) -- %systemroot%\system32\idsvc.dll File not found
SRV - (adaptecstoragemanageragent) -- %systemroot%\system32\ccproxy.dll File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (FaxTalk FaxCenter Pro 8) -- C:\Program Files\FaxTalk\FTmsgsvc.exe (Thought Communications, Inc.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (SdReadSpool) -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe (Solid Documents, LLC)
SRV - (nicconfigsvc) -- C:\WINDOWS\system32\simptcp.dll (Microsoft Corporation)
SRV - (wfxsvc) -- C:\WINDOWS\system32\WFXSVC.EXE (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PCIDump) -- File not found
DRV - (ham50) -- system32\DRIVERS\IntelH51.sys File not found
DRV - (catchme) -- C:\vagetatool\catchme.sys File not found
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (RapportCerberus_34302) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ()
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (RapportIaso) -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys (Trusteer Ltd.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (CLBStor) -- C:\WINDOWS\System32\drivers\CLBStor.sys (Cyberlink Co.,Ltd.)
DRV - (CLBUDF) -- C:\WINDOWS\System32\drivers\CLBUDF.sys (CyberLink Corporation.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) -- C:\Program Files\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.)
DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-746137067-1177238915-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-746137067-1177238915-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-746137067-1177238915-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.prestel.co.uk/church/oosj/osj.htm
IE - HKU\S-1-5-21-746137067-1177238915-839522115-1003\..\SearchScopes,DefaultScope = {7E8B17A6-0BA8-4A61-9FB7-E2F5D8151A6E}
IE - HKU\S-1-5-21-746137067-1177238915-839522115-1003\..\SearchScopes\{7E8B17A6-0BA8-4A61-9FB7-E2F5D8151A6E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-746137067-1177238915-839522115-1003\..\SearchScopes\{9F1DD16A-D24B-4BE4-9B4D-14C8B2F5CD65}: "URL" = http://search.avg.com/?d=4dc3cee9&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKU\S-1-5-21-746137067-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2012/02/01 11:12:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 11:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/03/05 20:43:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/03/05 20:43:35 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/28 17:00:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-746137067-1177238915-839522115-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [FaxTalk FaxCenter Pro 8] C:\Program Files\FaxTalk\FTClCtrl.exe (Thought Communications, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [WinFaxAppPortStarter] C:\WINDOWS\System32\WFXSNT40.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-746137067-1177238915-839522115-1003..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MagicFormation.lnk = C:\Program Files\Magic Formation\MagicFormation.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Outlook 2003.lnk = C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-1177238915-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-21-746137067-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-746137067-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-746137067-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-746137067-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward &Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cac&hed Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Si&milar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1272219582312 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1272219964125 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/sof...iveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Windows\Win7.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Windows\Win7.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\winfax\WFXSEH32.DLL (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/24 18:11:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:F *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/28 17:12:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dr Michael Foster\Recent
[2012/04/28 17:06:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/28 07:54:01 | 004,477,723 | R--- | C] (Swearware) -- C:\Documents and Settings\Dr Michael Foster\Desktop\vagetatool.exe
[2012/04/27 20:21:51 | 004,477,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Dr Michael Foster\Desktop\ComboFix.exe
[2012/04/26 17:38:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ping.exe
[2012/04/26 17:38:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ping.exe
[2012/04/26 17:35:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/26 17:35:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/26 17:35:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/26 17:35:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/26 08:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/25 19:19:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/25 17:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/04/25 17:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/24 13:06:07 | 000,092,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.svs
[2012/04/24 10:17:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/24 09:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Michael Foster\Start Menu\Programs\CyberLink BD Solution
[2012/04/24 09:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/24 08:58:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/22 20:27:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/22 13:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Michael Foster\Start Menu\Programs\Google Chrome
[2012/04/22 08:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Michael Foster\Desktop\Malware Tools
[2012/04/21 14:10:42 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dr Michael Foster\Desktop\OTL.exe
[2012/04/21 09:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Michael Foster\Application Data\Malwarebytes
[2012/04/21 09:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/21 09:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/21 09:26:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/21 09:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/21 09:25:42 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2012/04/20 15:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Michael Foster\Start Menu\Programs\SpyHunter
[2012/04/20 15:55:39 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/04/20 15:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/04/20 15:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/04/20 15:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Michael Foster\Application Data\TestApp
[2012/04/20 15:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/20 15:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/04/20 15:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\B7E8587A4FE3ECF660BFD1C8D151FC4E
[2012/04/04 16:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\Copy of WinFax
[2012/04/04 15:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\winfax
[2012/04/03 08:25:03 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/28 19:38:10 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003UA.job
[2012/04/28 19:09:10 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/28 18:58:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/28 17:14:04 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Outlook 2003.lnk
[2012/04/28 17:13:50 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/28 17:13:50 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/04/28 17:13:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/28 17:00:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/28 13:38:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003Core.job
[2012/04/28 12:15:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/28 08:41:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/04/28 07:31:54 | 096,425,415 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/27 14:26:25 | 004,477,723 | R--- | M] (Swearware) -- C:\Documents and Settings\Dr Michael Foster\Desktop\vagetatool.exe
[2012/04/27 12:32:20 | 000,000,444 | RHS- | M] () -- C:\boot.ini
[2012/04/26 18:01:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/26 17:38:49 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ping.exe
[2012/04/26 17:38:49 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ping.exe
[2012/04/26 17:33:27 | 004,477,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Dr Michael Foster\Desktop\ComboFix.exe
[2012/04/25 11:49:26 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MS Office Outlook.lnk
[2012/04/24 09:51:39 | 000,000,328 | ---- | M] () -- C:\Boot.bak
[2012/04/23 16:59:51 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\MBR.dat
[2012/04/22 18:01:13 | 000,280,844 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/22 13:34:09 | 000,002,350 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/21 16:47:55 | 000,006,764 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\attach.zip
[2012/04/21 14:10:42 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dr Michael Foster\Desktop\OTL.exe
[2012/04/20 18:49:56 | 000,001,034 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\Desktop\NokiaUtils.lnk
[2012/04/20 15:55:43 | 000,001,997 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\Desktop\SpyHunter.lnk
[2012/04/18 20:22:30 | 000,218,311 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\cemmguidance.pdf
[2012/04/17 19:29:25 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Streetmap.co.uk.url
[2012/04/17 10:07:29 | 007,438,896 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\08 - Evacuee2.mp3
[2012/04/17 10:07:16 | 000,008,663 | -HS- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\Folder.jpg
[2012/04/17 10:07:16 | 000,002,348 | -HS- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\AlbumArtSmall.jpg
[2012/04/16 17:46:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2012/04/13 18:58:09 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/13 18:58:09 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/13 08:02:28 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/04/10 17:56:26 | 001,254,622 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\LittleYellowBook.pdf
[2012/04/09 01:31:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/04 15:18:09 | 000,000,041 | ---- | M] () -- C:\WINDOWS\WFXDEL.BAT
[2012/04/04 13:51:10 | 000,003,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SAYNOTO0870.url
[2012/04/04 10:59:40 | 000,167,156 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\Fold-shapes.pdf
[2012/04/02 11:38:49 | 000,000,688 | ---- | M] () -- C:\WINDOWS\CDPHOTO.INI
[2012/04/01 14:13:34 | 000,038,674 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\phosphine.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/28 12:15:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/26 17:35:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/26 17:35:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/26 17:35:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/26 17:35:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/26 17:35:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/24 10:17:39 | 000,000,328 | ---- | C] () -- C:\Boot.bak
[2012/04/24 10:17:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/22 13:34:09 | 000,002,350 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/22 13:33:08 | 000,001,026 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003UA.job
[2012/04/22 13:33:07 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003Core.job
[2012/04/22 09:58:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\MBR.dat
[2012/04/21 16:47:55 | 000,006,764 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\attach.zip
[2012/04/20 15:55:43 | 000,001,997 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\Desktop\SpyHunter.lnk
[2012/04/18 20:22:30 | 000,218,311 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\cemmguidance.pdf
[2012/04/17 10:07:21 | 007,438,896 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\08 - Evacuee2.mp3
[2012/04/17 10:07:16 | 000,008,663 | -HS- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\Folder.jpg
[2012/04/17 10:07:16 | 000,002,348 | -HS- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\AlbumArtSmall.jpg
[2012/04/10 17:56:26 | 001,254,622 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\LittleYellowBook.pdf
[2012/04/04 10:59:40 | 000,167,156 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\Fold-shapes.pdf
[2012/04/03 08:25:04 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/02 11:32:33 | 000,197,561 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\S-ILoveToHearTheStory-PipeLC-48-CAM(1).mp3
[2012/04/02 11:31:50 | 000,038,674 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\phosphine.pdf
[2012/02/15 11:32:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/12/15 08:29:18 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/12/15 08:29:16 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2010/10/27 10:46:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2010/09/07 07:12:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010/08/01 16:54:09 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/08/01 16:48:21 | 001,216,512 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/01 16:48:21 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2010/08/01 16:48:21 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/01 16:48:21 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2010/08/01 16:48:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2010/08/01 16:48:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2010/06/14 19:40:05 | 001,107,192 | ---- | C] () -- C:\WINDOWS\Xwmba500.dll
[2010/06/14 19:40:05 | 000,260,440 | ---- | C] () -- C:\WINDOWS\Xwmhb500.dll
[2010/06/14 19:40:05 | 000,174,352 | ---- | C] () -- C:\WINDOWS\Xwmte500.dll
[2010/06/14 19:40:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\PHAssist.ini
[2010/06/01 15:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2010/06/01 15:10:00 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2010/06/01 15:10:00 | 000,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2010/06/01 15:09:59 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2010/05/31 21:48:38 | 000,021,248 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2010/05/31 21:48:38 | 000,013,568 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2010/05/26 12:30:18 | 000,002,220 | ---- | C] () -- C:\WINDOWS\GWSFILTR.INI
[2010/05/26 12:27:06 | 000,000,041 | ---- | C] () -- C:\WINDOWS\gwspcam.ini
[2010/05/26 12:27:04 | 000,212,992 | ---- | C] () -- C:\WINDOWS\ALCHUNIN.EXE
[2010/05/26 12:26:46 | 000,007,806 | R--- | C] () -- C:\WINDOWS\gwspro.ini
[2010/05/06 10:47:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/05/05 22:28:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/30 08:30:38 | 000,000,688 | ---- | C] () -- C:\WINDOWS\CDPHOTO.INI
[2010/04/30 08:30:38 | 000,000,193 | ---- | C] () -- C:\WINDOWS\EFICOLOR.INI

========== Custom Scans ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\Dr Michael Foster\My Files\FromHeavenYouCame-Kendrick.mid:SummaryInformation
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\Dr Michael Foster\My Files\FromHeavenYouCame-Kendrick.mid:DocumentSummaryInformation

< End of report >

[osjknights]

I have noticed that MS Word 2003 behaves strangely. I sometimes paste text up on to a document. Although the text may look OK, when it prints, html comments hidden in the document print out. I am sure that this is since the infection.

[osjknights]

Under Options - Print - I found the "Hidden text" box ticked. I unticked the box - and walla! Fixed.
As more than myself use the machine - it could be someone ticked the box. The family members tend to go into my study and use which ever machine is on - usually mine and not my wife's - which is only one when she needs to type up items for the Church magazine. Although they all have laptops, its laziness that prevents them from going upstairs to fetch their laptops down and boot them up - mine is up and running.

[osjknights]

In searching the web I have found this page;

http://www.symantec.com/security_res...121607-4952-99

I ran the symantec tool which listed about a dozen files in its report (but there was no way to export the report) - so I did not click the "repair" button - plus I had forgotten to switch out AVG. I then disabled AVG (15 minutes) and re-ran the scan which stated there was no infection.

Being curious I reran Vagetatool which came up with the now familar message;

"You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection. If for any reason that you’re unable to connect to the internet after running ComboFix, reboot once and see if that fixes it. If it's not fixed, run ComboFix one more time".

When the Scan is complete (still running) would yu like the report?

Also I came accross this page;
http://kb.eset.com/esetkb/index?page...nt&id=SOLN2895

Will the download tool be any good?

[jeffce]

Hi,

Yes please post the new ComboFix log that you ran and let's see what is there.

[osjknights]

A new version of ComoFix presented itself to me when I went to run it. Below is the scan result.

In looking for stand alone tools I came accross this review on a panda tool; http://thisisudax.blogspot.co.uk/201...eroaccess.html This lead to the following page; http://www.pandasecurity.com/usa/hom...672&idIdioma=2 I have not tired these nor the etes tool.

Scan results:
ComboFix 12-04-29.02 - Dr Michael Foster 30/04/2012 9:27.9.4 - x86
Running from: c:\documents and settings\Dr Michael Foster\Desktop\vagetatool.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-29 16:26 . 2007-05-11 06:03 6738432 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-04-29 16:05 . 2012-04-29 16:05 -------- d-----w- c:\documents and settings\Dr Michael Foster\Application Data\FixZeroAccess
2012-04-27 16:23 . 2012-04-27 16:23 4948 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-04-26 16:38 . 2012-04-26 16:38 17920 -c--a-w- c:\windows\system32\dllcache\ping.exe
2012-04-26 16:38 . 2012-04-26 16:38 17920 ----a-w- c:\windows\system32\ping.exe
2012-04-26 07:59 . 2012-04-26 07:59 -------- d-----w- c:\program files\ESET
2012-04-25 18:19 . 2012-04-25 18:19 -------- d-----w- C:\_OTL
2012-04-25 16:31 . 2012-04-25 16:31 -------- d-----w- c:\program files\ERUNT
2012-04-25 09:11 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-04-24 09:21 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-22 19:27 . 2012-04-22 19:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-21 08:26 . 2012-04-21 08:26 -------- d-----w- c:\documents and settings\Dr Michael Foster\Application Data\Malwarebytes
2012-04-21 08:26 . 2012-04-21 08:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-21 08:26 . 2012-04-21 08:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-21 08:26 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-21 08:25 . 2012-04-21 08:25 -------- d-----w- C:\Malwarebytes
2012-04-20 14:55 . 2012-04-20 14:55 110080 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
2012-04-20 14:55 . 2012-04-20 14:55 110080 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
2012-04-20 14:55 . 2012-04-20 14:55 110080 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
2012-04-20 14:55 . 2012-04-20 14:55 -------- d-----w- C:\sh4ldr
2012-04-20 14:55 . 2012-04-20 14:55 -------- d-----w- c:\program files\Enigma Software Group
2012-04-20 14:51 . 2012-04-20 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-04-20 14:51 . 2012-04-20 14:51 -------- d-----w- c:\documents and settings\Dr Michael Foster\Application Data\TestApp
2012-04-20 14:00 . 2012-04-20 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\B7E8587A4FE3ECF660BFD1C8D151FC4E
2012-04-04 15:18 . 2012-04-04 15:18 -------- d-----w- c:\program files\Copy of WinFax
2012-04-04 14:18 . 2012-04-08 06:29 -------- d-----w- c:\program files\winfax
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-04-03 07:25 . 2012-04-13 17:58 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 17:58 . 2011-05-17 06:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 14:18 . 2010-05-05 05:48 41 ----a-w- c:\windows\WFXDEL.BAT
2012-03-11 12:48 . 2012-03-11 12:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-03-05 19:27 . 2012-03-05 19:27 73728 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-03-05 19:27 . 2012-03-05 19:27 73728 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-03-05 19:27 . 2012-03-05 19:27 53248 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\ARPPRODUCTICON.exe
2012-03-05 19:27 . 2012-03-05 19:27 49152 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2012-03-05 19:27 . 2012-03-05 19:27 49152 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2012-03-01 11:01 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-02-28 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-28_07.16.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-30 08:35 . 2012-04-30 08:35 16384 c:\windows\temp\Perflib_Perfdata_de0.dat
+ 2012-04-30 08:26 . 2012-04-30 08:26 16384 c:\windows\temp\Perflib_Perfdata_2e4.dat
- 2011-03-02 08:19 . 2007-05-11 06:03 81920 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvwddi.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 81920 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvwddi.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 81920 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmctray.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 81920 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmctray.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 37888 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvcod.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 37888 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvcod.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 163908 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvsvc32.exe
+ 2012-04-29 17:41 . 2007-05-11 06:03 163908 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvsvc32.exe
+ 2012-04-29 17:41 . 2007-05-11 06:03 286720 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvnt4cpl.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 286720 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvnt4cpl.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 458752 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmccssr.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 458752 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmccssr.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 188416 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmccss.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 188416 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmccss.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 229376 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmccs.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 229376 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmccs.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 352256 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvapi.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 352256 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvapi.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 2387968 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvwssr.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 2387968 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvwssr.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 2273280 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvwss.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 2273280 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvwss.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 3645440 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvvitvsr.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 3645440 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvvitvsr.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 3538944 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvvitvs.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 3538944 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvvitvs.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 1018748 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvucode.bin
- 2011-03-02 08:19 . 2007-05-11 06:03 1018748 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvucode.bin
+ 2012-04-29 17:41 . 2007-05-11 06:03 6668288 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvoglnt.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 6668288 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvoglnt.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 2854912 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmoblsr.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 2854912 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmoblsr.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 1101824 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmobls.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 1101824 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmobls.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 3231744 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvgamesr.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 3231744 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvgamesr.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 3284992 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvgames.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 3284992 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvgames.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 5439488 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvdispsr.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 5439488 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvdispsr.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 6221824 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvdisps.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 6221824 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvdisps.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 8429568 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvcpl.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 8429568 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvcpl.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 6738432 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nv4_mini.sys
- 2011-03-02 08:19 . 2007-05-11 06:03 6738432 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nv4_mini.sys
+ 2012-04-29 17:41 . 2007-05-11 06:03 5421312 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nv4_disp.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 5421312 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nv4_disp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-12-16 1508408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2002-12-12 45568]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"FaxTalk FaxCenter Pro 8"="c:\program files\FaxTalk\FTClCtrl.exe" [2011-09-23 120672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"nwiz"="nwiz.exe" [BU]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-11 81920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MagicFormation.lnk - c:\program files\Magic Formation\MagicFormation.exe [2010-4-28 454656]
Microsoft Office Outlook 2003.lnk - c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe [2010-4-25 794624]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-11-13 113024]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\winfax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:F *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Aolpress\\Ws_ftp\\WS_FTP95.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\ArcSoft\\PhotoStudio 5.5\\PhotoStudio.exe"=
"c:\\Program Files\\NewSoft\\Presto! PageManager 7.15\\Pmsb.exe"=
"c:\\Program Files\\ScanSoft\\OmniPageSE4.0\\TwainClient.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\FaxTalk\\FTmsgsvc.exe"=
"c:\\Program Files\\FaxTalk\\fapiexe.exe"=
"c:\\Program Files\\FaxTalk\\FTclctrl.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Documents and Settings\\Dr Michael Foster\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 04:48 32592]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [11/03/2012 13:48 56208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 04:48 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09/11/2010 23:20 295248]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [07/05/2010 11:55 16048]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 18:00 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [11/03/2012 13:48 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/03/2012 13:48 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2010 11:25 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [06/05/2010 17:10 67664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 07:25 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [31/07/2010 20:34 162096]
R2 FaxTalk FaxCenter Pro 8;FaxTalk FaxCenter Pro 8;c:\program files\FaxTalk\FTmsgsvc.exe [23/09/2011 11:07 33120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/04/2012 09:26 654408]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/03/2012 13:48 931640]
R2 SdReadSpool;SolidPDFCreatorReadSpool;c:\program files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [18/03/2009 18:08 189696]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [18/01/2012 06:21 737184]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/04/2012 09:26 22344]
S2 !SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCORE.EXE" --> c:\program files\SUPERAntiSpyware\SASCORE.EXE [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/07/2010 12:31 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [03/04/2012 08:25 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28/04/2010 20:33 1691480]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [06/05/2011 15:57 13904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14/07/2010 12:31 136176]
S3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\DRIVERS\IntelH51.sys --> c:\windows\system32\DRIVERS\IntelH51.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [10/04/2010 17:05 266544]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15/01/2012 08:31 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [15/01/2012 08:31 8576]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [19/07/2011 09:52 21520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 13:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 17:58]
.
2012-04-30 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 16:05]
.
2012-04-30 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 16:05]
.
2011-11-11 c:\windows\Tasks\debutDowngrade.job
- c:\program files\NCH Software\Debut\debut.exe [2010-08-07 17:31]
.
2011-11-11 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2010-08-07 17:31]
.
2012-04-16 c:\windows\Tasks\doxillionShakeIcon.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2011-03-23 07:38]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-14 11:31]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-14 11:31]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003Core.job
- c:\documents and settings\Dr Michael Foster\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-22 15:04]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003UA.job
- c:\documents and settings\Dr Michael Foster\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-22 15:04]
.
2012-04-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2012-01-20 c:\windows\Tasks\pixillionShakeIcon.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2011-04-02 13:28]
.
2011-11-11 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2010-08-07 14:27]
.
2011-11-11 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-08-07 14:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www2.prestel.co.uk/church/oosj/osj.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-30 09:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1060)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-04-30 09:41:29
ComboFix-quarantined-files.txt 2012-04-30 08:41
ComboFix2.txt 2012-04-29 16:50
ComboFix3.txt 2012-04-28 16:06
ComboFix4.txt 2012-04-28 07:22
ComboFix5.txt 2012-04-30 08:20
.
Pre-Run: 107,648,704,512 bytes free
Post-Run: 107,649,994,752 bytes free
.
- - End Of File - - 0D2FFD8F99DA221BCB9F6297811AC533

[osjknights]

Hi Jeff

I have a beta scanner for Rootkits from Trend Micro - too may false positives to be worthwhile (legit mp3 files and legit urls to innocent web sites) but it did find these;

[HIDDEN_REGISTRY][Hidden Reg Key]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data
SubKey : Data
FullLength: 0x5c
[HIDDEN_REGISTRY][Hidden Reg Key]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
SubKey : Data 2
FullLength: 0x5e
2 hidden registry entries found.

Do I delete these keys?

Michael.

[jeffce]

No don't delete those.

Run a new scan with TDSSKiller and aswMBR.exe and then post the new logs to your next reply. We may be dealing with a new variant here. :(