IDP & Crypt AQLW Trojan DDS Log pasted.

Status
Not open for further replies.
Question

I stored some vital files onto a usb memory stick, whilst the computer was infected. Can I use this usb stick to transfer the files to another machine to allow me to continue work?
 
Hi,

Ok let's do this. Boot into Safe Mode and then try to run ComboFix from there. With the number of infections and their severity it may take several attempts to even get our tools to run correctly and then to remove all of them.

If ComboFix runs through post the log created to your next reply. :)
 
On our way

Hi Jeff,

Safe mode did the trick - it rebooted ok and is now scanning.

Am I safe to use my USB Stick which has MS Word files loaded off the infected machine to load these on my wife's machine?

Again thanks for your assistance.
 
ComboFix halted

Hi

ComboFix has scanned to stge 50 and then deleted a whole pile of files, and three folders and has grounded to a halt and been like that for 10 imns.
 
ComboFix Halted

Hi

Although ComboFix has halted I have Windows Task Manager available and it is listed in the Apps, so I can end it via the Task Manager if needed.
 
Hi,

Hold off on transferring files yet, but if you are worried about losing them, put the files on a CD which is a more stable source to store on rather than a USB drive.
----------

Give ComboFix a little bit longer...your system was severely infected and it may take some time to finish. If it still has not finished in about 30 minutes or so, go ahead and stop it and reboot your system. If there is a log created post that. If you don't see a log created, check inside of C:\ComboFix.txt and see if that file was created. If it is there post that. :)
 
standstill again

I ran ComboFix in ordinary mode as AVG had not flashed up any virus warnings (before every five minutes!). However after reaching stage 50 - it has stalled - and has been like this 1/2 hour - shall I reboot into safe mode & run it again?
 
Go ahead and reboot...do the following:

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please attach the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
Scan results

OTL logfile created on: 24/04/2012 22:06:45 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Dr Michael Foster\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 80.02% Memory free
4.84 Gb Paging File | 4.38 Gb Available in Paging File | 90.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 77.16 Gb Free Space | 33.13% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 65.25 Mb Free Space | 65.25% Space Free | Partition Type: NTFS
Drive F: | 931.41 Gb Total Space | 776.89 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive L: | 1.46 Gb Total Space | 1.42 Gb Free Space | 97.18% Space Free | Partition Type: NTFS
Drive M: | 226.05 Gb Total Space | 225.63 Gb Free Space | 99.81% Space Free | Partition Type: NTFS

Computer Name: KNIGHTS-2EE6007 | User Name: Dr Michael Foster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dr Michael Foster\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\AVG\AVG2012\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\FaxTalk\FTmsgsvc.exe (Thought Communications, Inc.)
PRC - C:\Program Files\FaxTalk\FTclctrl.exe (Thought Communications, Inc.)
PRC - C:\Program Files\FaxTalk\fapiexe.exe (Thought Communications, Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Magic Formation\MagicFormation.exe ()
PRC - C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe (Solid Documents, LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\Program Files\winfax\WFXMOD32.EXE (Symantec Corporation)
PRC - C:\WINDOWS\system32\WFXSNT40.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\WFXSVC.EXE (Symantec Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll ()
MOD - C:\Program Files\Magic Formation\MagicFormation.exe ()
MOD - C:\Program Files\Magic Formation\MFHook.dll ()
MOD - C:\WINDOWS\system32\solidlocalmon.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\winfax\DCCDA32I.DLL ()
MOD - C:\Program Files\winfax\WFXVW32I.DLL ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\WFXPNT40.DLL ()
MOD - C:\Program Files\winfax\SENGINE.DLL ()
MOD - C:\Program Files\winfax\DCCTBP32.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (winpowermanager) -- %systemroot%\system32\oracleorahome92pagingserver.dll File not found
SRV - (wap3gx) -- %systemroot%\system32\ati2mpaa.dll File not found
SRV - (w29n51) -- %systemroot%\system32\cpqfcalm.dll File not found
SRV - (vrservice) -- %systemroot%\system32\NETw4v32.dll File not found
SRV - (USBVCD) -- %systemroot%\system32\msgsrvservice.dll File not found
SRV - (USBAAPL) -- %systemroot%\system32\stisvc.dlle File not found
SRV - (USB11LDR) -- %systemroot%\system32\olregcap.dll File not found
SRV - (upsentry_smart) -- %systemroot%\system32\RR2Vbi.dll File not found
SRV - (U2SP) -- %systemroot%\system32\rpsupdaterr.dll File not found
SRV - (trlokom_rmhsvc) -- %systemroot%\system32\iksyssec.dll File not found
SRV - (symdns) -- %systemroot%\system32\SunkFilt39.dll File not found
SRV - (softfax) -- %systemroot%\system32\beatjamupnpmusicserver.dll File not found
SRV - (smservaz) -- %systemroot%\system32\s217mgmt.dll File not found
SRV - (smartwiservice) -- %systemroot%\system32\emupia.dll File not found
SRV - (SiRemFil) -- %systemroot%\system32\backupexecnamingservice.dll File not found
SRV - (sfsync04) -- %systemroot%\system32\dcsloader.dll File not found
SRV - (SfCtlCom) -- %systemroot%\system32\djsnetcn.dll File not found
SRV - (SaiMini) -- %systemroot%\system32\webrootenterpriseupdateservice.dll File not found
SRV - (roxmediadb) -- %systemroot%\system32\motmodem.dll File not found
SRV - (ql2100) -- %systemroot%\system32\DLH5X.dll File not found
SRV - (protectionservice) -- %systemroot%\system32\PCDRSRVC.dll File not found
SRV - (procexp100) -- %systemroot%\system32\PTDCBus.dll File not found
SRV - (pktfilter) -- %systemroot%\system32\PDExchange.dll File not found
SRV - (pgpsdkservice) -- %systemroot%\system32\besclient.dll File not found
SRV - (pdlndldl) -- %systemroot%\system32\vds.dll File not found
SRV - (omci) -- %systemroot%\system32\EIO_XP.dll File not found
SRV - (NWHOST) -- %systemroot%\system32\outpostfirewall.dll File not found
SRV - (n558) -- %systemroot%\system32\iolo_srv.dll File not found
SRV - (Mvc25U870_VID_1262&PID_25FD) -- %systemroot%\system32\StickyMesger.dll File not found
SRV - (MSICPL) -- %systemroot%\system32\SaiH040B.dll File not found
SRV - (MSCamSvc) -- %systemroot%\system32\NsTrcNT.dll File not found
SRV - (MRV6X32P) -- %systemroot%\system32\n3900.dll File not found
SRV - (MR97310_USB_DUAL_CAMERA) -- %systemroot%\system32\viamraid.dllrvc File not found
SRV - (mindrepair) -- %systemroot%\system32\epson_pm_rpcv2_02.dll File not found
SRV - (mf) -- %systemroot%\system32\ql2100.dll File not found
SRV - (mcdetect.exe) -- %systemroot%\system32\InterBaseGuardian.dll File not found
SRV - (mafwboot) -- %systemroot%\system32\vds.dll File not found
SRV - (lxrsge10s) -- %systemroot%\system32\snapman.dll File not found
SRV - (LUsbFilt) -- %systemroot%\system32\NwSapAgent.dll File not found
SRV - (int15) -- %systemroot%\system32\isapnp.dll File not found
SRV - (incdfs) -- %systemroot%\system32\flutilssvc.dll File not found
SRV - (icdsptsv) -- %systemroot%\system32\DS1410D.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (helpsvc) -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SRV - (hap16v2k) -- %systemroot%\system32\qbfcservice.dll File not found
SRV - (giveio) -- %systemroot%\system32\winachsx.dll File not found
SRV - (getPlusHelper) -- %systemroot%\system32\smserial.dll File not found
SRV - (fsaa) -- %systemroot%\system32\mxssvr.dll File not found
SRV - (FINEPIX_PCC) -- %systemroot%\system32\mail2ec.dll File not found
SRV - (EU3_USB) -- %systemroot%\system32\symwsc.dll File not found
SRV - (EL90X) -- %systemroot%\system32\sentinel.dll File not found
SRV - (EACSvrMngr) -- %systemroot%\system32\int15.sys.dll File not found
SRV - (dlaopiom) -- %systemroot%\system32\CXTUNE.dll File not found
SRV - (dladresn) -- %systemroot%\system32\crystaloutputfileserver.dll File not found
SRV - (DC21x4) -- %systemroot%\system32\RapiMgr.dll File not found
SRV - (cygserver) -- %systemroot%\system32\snapman380.dll File not found
SRV - (commserver) -- %systemroot%\system32\ndis.dll File not found
SRV - (CoachUsb) -- %systemroot%\system32\mqdmmdm.dll File not found
SRV - (C-Dilla) -- %systemroot%\system32\ONSIO.dll File not found
SRV - (CdaD10BA) -- %systemroot%\system32\ctac32k.dll File not found
SRV - (ccevtmgr) -- %systemroot%\system32\btkrnl.dll File not found
SRV - (BrUsbSer) -- %systemroot%\system32\olapserver.dll File not found
SRV - (belmonitorservice) -- %systemroot%\system32\z800mdm.dll File not found
SRV - (ATKGFNEXSrv) -- %systemroot%\system32\AIRPLUS.dll File not found
SRV - (arkbcfltr) -- %systemroot%\system32\mirrorv3.dll File not found
SRV - (ar5211) -- %systemroot%\system32\arhidfltr.dll File not found
SRV - (amdk7) -- %systemroot%\system32\niorbk.dll File not found
SRV - (alertservice) -- %systemroot%\system32\sp_clamsrv.dll File not found
SRV - (alcxsens) -- %systemroot%\system32\dbmang.dll File not found
SRV - (adsexpb) -- %systemroot%\system32\idsvc.dll File not found
SRV - (adaptecstoragemanageragent) -- %systemroot%\system32\ccproxy.dll File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (FaxTalk FaxCenter Pro 8) -- C:\Program Files\FaxTalk\FTmsgsvc.exe (Thought Communications, Inc.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (SdReadSpool) -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe (Solid Documents, LLC)
SRV - (nicconfigsvc) -- C:\WINDOWS\system32\simptcp.dll (Microsoft Corporation)
SRV - (wfxsvc) -- C:\WINDOWS\system32\WFXSVC.EXE (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (redbook) -- system32\DRIVERS\redbook.sys File not found
DRV - (PCIDump) -- File not found
DRV - (ham50) -- system32\DRIVERS\IntelH51.sys File not found
DRV - (catchme) -- C:\DOCUME~1\DRMICH~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (RapportCerberus_34302) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ()
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (RapportIaso) -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys (Trusteer Ltd.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (CLBStor) -- C:\WINDOWS\System32\drivers\CLBStor.sys (Cyberlink Co.,Ltd.)
DRV - (CLBUDF) -- C:\WINDOWS\System32\drivers\CLBUDF.sys (CyberLink Corporation.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) -- C:\Program Files\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.)
DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.prestel.co.uk/church/oosj/osj.htm
IE - HKCU\..\SearchScopes,DefaultScope = {7E8B17A6-0BA8-4A61-9FB7-E2F5D8151A6E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{7E8B17A6-0BA8-4A61-9FB7-E2F5D8151A6E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{9F1DD16A-D24B-4BE4-9B4D-14C8B2F5CD65}: "URL" = http://search.avg.com/?d=4dc3cee9&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2012/02/01 11:12:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 11:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/03/05 20:43:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/03/05 20:43:35 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [FaxTalk FaxCenter Pro 8] C:\Program Files\FaxTalk\FTClCtrl.exe (Thought Communications, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [WFXSwtch] C:\PROGRA~1\winfax\WFXSWTCH.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinFaxAppPortStarter] C:\WINDOWS\System32\WFXSNT40.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MagicFormation.lnk = C:\Program Files\Magic Formation\MagicFormation.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Outlook 2003.lnk = C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward &Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cac&hed Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Si&milar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272219582312 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1272219964125 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Windows\Win7.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Windows\Win7.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\winfax\WFXSEH32.DLL (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/24 18:11:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:F *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/24 22:05:07 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dr Michael Foster\Desktop\OTL.exe
[2012/04/24 16:32:34 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/24 13:06:07 | 000,092,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.svs
[2012/04/24 10:17:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/24 10:13:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/24 10:13:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/24 10:13:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/24 09:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Michael Foster\Start Menu\Programs\CyberLink BD Solution
[2012/04/24 09:51:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dr Michael Foster\Recent
[2012/04/24 09:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/24 08:58:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/24 08:50:07 | 004,470,025 | R--- | C] (Swearware) -- C:\Documents and Settings\Dr Michael Foster\Desktop\ComboFix.exe
[2012/04/22 20:35:54 | 002,072,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dr Michael Foster\My Files\tdsskiller.exe
[2012/04/22 20:27:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/22 13:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Michael Foster\Start Menu\Programs\Google Chrome
[2012/04/22 08:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Michael Foster\Desktop\Tools
[2012/04/21 09:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Michael Foster\Application Data\Malwarebytes
[2012/04/21 09:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/21 09:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/21 09:26:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/21 09:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/21 09:25:42 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2012/04/20 15:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Michael Foster\Start Menu\Programs\SpyHunter
[2012/04/20 15:55:39 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/04/20 15:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/04/20 15:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/04/20 15:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Michael Foster\Application Data\TestApp
[2012/04/20 15:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/20 15:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/04/20 15:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\B7E8587A4FE3ECF660BFD1C8D151FC4E
[2012/04/04 16:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\Copy of WinFax
[2012/04/04 15:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\winfax
[2012/04/03 08:25:03 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/24 22:09:10 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/24 21:58:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/24 21:38:10 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003UA.job
[2012/04/24 20:41:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/04/24 18:39:27 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Outlook 2003.lnk
[2012/04/24 18:39:22 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/24 18:39:22 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/04/24 18:39:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/24 12:07:41 | 000,518,144 | R--- | M] () -- C:\WINDOWS\SWREG.exe
[2012/04/24 10:17:39 | 000,000,444 | RHS- | M] () -- C:\boot.ini
[2012/04/24 09:51:39 | 000,000,328 | ---- | M] () -- C:\Boot.bak
[2012/04/24 09:38:58 | 096,117,289 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/24 09:34:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/23 16:59:51 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\MBR.dat
[2012/04/23 13:38:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003Core.job
[2012/04/22 20:35:54 | 002,072,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dr Michael Foster\My Files\tdsskiller.exe
[2012/04/22 18:01:13 | 000,280,844 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/22 13:34:09 | 000,002,372 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\Desktop\Google Chrome.lnk
[2012/04/22 13:34:09 | 000,002,350 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/21 16:47:55 | 000,006,764 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\attach.zip
[2012/04/21 14:12:10 | 004,470,025 | R--- | M] (Swearware) -- C:\Documents and Settings\Dr Michael Foster\Desktop\ComboFix.exe
[2012/04/21 14:10:42 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dr Michael Foster\Desktop\OTL.exe
[2012/04/21 09:26:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/20 18:49:56 | 000,001,034 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\Desktop\NokiaUtils.lnk
[2012/04/20 15:57:46 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MS Office Outlook.lnk
[2012/04/20 15:55:43 | 000,001,997 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\Desktop\SpyHunter.lnk
[2012/04/20 15:51:46 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\Desktop\sdsetup_aff.exe.lnk
[2012/04/18 20:22:30 | 000,218,311 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\cemmguidance.pdf
[2012/04/17 19:29:25 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Streetmap.co.uk.url
[2012/04/17 10:07:29 | 007,438,896 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\08 - Evacuee2.mp3
[2012/04/17 10:07:16 | 000,008,663 | -HS- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\Folder.jpg
[2012/04/17 10:07:16 | 000,002,348 | -HS- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\AlbumArtSmall.jpg
[2012/04/16 17:46:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2012/04/13 18:58:09 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/13 18:58:09 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/13 08:02:28 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/04/10 17:56:26 | 001,254,622 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\LittleYellowBook.pdf
[2012/04/09 01:31:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/07 16:04:44 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\Desktop\BT Home Hub Manager - Home.url
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/04 15:18:09 | 000,000,041 | ---- | M] () -- C:\WINDOWS\WFXDEL.BAT
[2012/04/04 13:51:10 | 000,003,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SAYNOTO0870.url
[2012/04/04 10:59:40 | 000,167,156 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\Fold-shapes.pdf
[2012/04/02 11:38:49 | 000,000,688 | ---- | M] () -- C:\WINDOWS\CDPHOTO.INI
[2012/04/01 14:13:34 | 000,038,674 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\phosphine.pdf
[2012/03/27 17:52:47 | 000,044,466 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\DIY Eucharist.pdf
[2012/03/26 15:32:32 | 001,539,897 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\13Letters of Paul.pdf
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/24 10:17:39 | 000,000,328 | ---- | C] () -- C:\Boot.bak
[2012/04/24 10:17:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/24 10:13:41 | 000,518,144 | R--- | C] () -- C:\WINDOWS\SWREG.exe
[2012/04/24 10:13:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/24 10:13:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/24 10:13:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/24 10:13:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/24 10:13:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/22 13:34:09 | 000,002,372 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\Desktop\Google Chrome.lnk
[2012/04/22 13:34:09 | 000,002,350 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/22 13:33:08 | 000,001,026 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003UA.job
[2012/04/22 13:33:07 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003Core.job
[2012/04/22 09:58:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\MBR.dat
[2012/04/21 16:47:55 | 000,006,764 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\attach.zip
[2012/04/21 09:26:23 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/20 15:55:43 | 000,001,997 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\Desktop\SpyHunter.lnk
[2012/04/20 15:51:46 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\Desktop\sdsetup_aff.exe.lnk
[2012/04/18 20:22:30 | 000,218,311 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\cemmguidance.pdf
[2012/04/17 10:07:21 | 007,438,896 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\08 - Evacuee2.mp3
[2012/04/17 10:07:16 | 000,008,663 | -HS- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\Folder.jpg
[2012/04/17 10:07:16 | 000,002,348 | -HS- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\AlbumArtSmall.jpg
[2012/04/10 17:56:26 | 001,254,622 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\LittleYellowBook.pdf
[2012/04/04 10:59:40 | 000,167,156 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\Fold-shapes.pdf
[2012/04/03 08:25:04 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/02 11:32:33 | 000,197,561 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\S-ILoveToHearTheStory-PipeLC-48-CAM(1).mp3
[2012/04/02 11:31:50 | 000,038,674 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\phosphine.pdf
[2012/03/29 17:46:16 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2012/03/27 17:52:43 | 000,044,466 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\DIY Eucharist.pdf
[2012/03/26 15:32:31 | 001,539,897 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\13Letters of Paul.pdf
[2012/02/15 11:32:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/12/15 08:29:18 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/12/15 08:29:16 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2010/10/27 10:46:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2010/09/07 07:12:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010/08/01 16:54:09 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/08/01 16:48:21 | 001,216,512 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/01 16:48:21 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2010/08/01 16:48:21 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/01 16:48:21 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2010/08/01 16:48:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2010/08/01 16:48:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2010/06/14 19:40:05 | 001,107,192 | ---- | C] () -- C:\WINDOWS\Xwmba500.dll
[2010/06/14 19:40:05 | 000,260,440 | ---- | C] () -- C:\WINDOWS\Xwmhb500.dll
[2010/06/14 19:40:05 | 000,174,352 | ---- | C] () -- C:\WINDOWS\Xwmte500.dll
[2010/06/14 19:40:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\PHAssist.ini
[2010/06/01 15:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2010/06/01 15:10:00 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2010/06/01 15:10:00 | 000,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2010/06/01 15:09:59 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2010/05/31 21:48:38 | 000,021,248 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2010/05/31 21:48:38 | 000,013,568 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2010/05/26 12:30:18 | 000,002,220 | ---- | C] () -- C:\WINDOWS\GWSFILTR.INI
[2010/05/26 12:27:06 | 000,000,041 | ---- | C] () -- C:\WINDOWS\gwspcam.ini
[2010/05/26 12:27:04 | 000,212,992 | ---- | C] () -- C:\WINDOWS\ALCHUNIN.EXE
[2010/05/26 12:26:46 | 000,007,806 | R--- | C] () -- C:\WINDOWS\gwspro.ini
[2010/05/06 10:47:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/05/05 22:28:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/05 22:28:27 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/30 08:30:38 | 000,000,688 | ---- | C] () -- C:\WINDOWS\CDPHOTO.INI
[2010/04/30 08:30:38 | 000,000,193 | ---- | C] () -- C:\WINDOWS\EFICOLOR.INI
[2010/04/29 07:49:10 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\ippsra611.dll
[2010/04/29 07:49:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\ippcv11.dll
[2010/04/29 07:49:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ippsr11.dll
[2010/04/29 07:49:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2010/04/29 07:48:23 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2010/04/29 07:43:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010/04/28 16:14:51 | 000,000,059 | ---- | C] () -- C:\WINDOWS\FSaver.ini
[2010/04/28 16:14:50 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Aubade.ini
[2010/04/27 15:49:30 | 000,000,043 | ---- | C] () -- C:\WINDOWS\IMASTER.INI
[2010/04/27 14:29:14 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\JGFR400.DLL
[2010/04/26 22:48:01 | 000,000,812 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2010/04/26 22:47:52 | 000,000,812 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010/04/26 22:42:10 | 000,000,829 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat

========== LOP Check ==========

[2011/10/20 07:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2012/04/24 07:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/20 08:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/04/20 15:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\B7E8587A4FE3ECF660BFD1C8D151FC4E
[2011/05/11 11:40:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/05 20:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/05/08 07:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2012/04/24 09:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/14 15:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/05/01 15:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/03/05 20:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2012/03/14 09:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011/10/17 08:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/04/29 07:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/05/31 21:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments
[2011/12/07 17:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thought Communications
[2010/07/20 16:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/08/14 19:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/11 23:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\Amazon
[2011/07/14 08:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\AVG
[2011/10/20 07:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\AVG2012
[2011/06/20 12:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\BitTorrent
[2010/06/29 06:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\Canon
[2011/04/16 23:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\FontCreator
[2011/06/15 14:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\Helios
[2012/04/18 19:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\Mp3tag
[2010/05/01 15:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\NCH Swift Sound
[2010/05/11 11:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\NewSoft
[2012/03/14 09:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\Nokia
[2012/03/14 09:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\Nokia Suite
[2010/06/07 09:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\OfficeRecovery
[2010/07/06 14:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\OpenOffice.org
[2011/12/02 08:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\PC Suite
[2010/07/06 22:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\Recolored
[2010/04/29 07:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\ScanSoft
[2012/04/14 14:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\SolidDocuments
[2011/06/20 22:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\Spotify
[2012/04/20 15:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\TestApp
[2010/07/20 16:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\Trusteer
[2010/06/17 06:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\Uniblue
[2011/06/16 17:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr Michael Foster\Application Data\uTorrent
[2012/04/24 18:39:22 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2012/04/24 20:41:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job
[2011/11/11 09:10:13 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\debutDowngrade.job
[2011/11/11 09:10:14 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\debutShakeIcon.job
[2012/04/16 17:46:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\doxillionShakeIcon.job
[2012/04/09 01:31:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/01/20 15:41:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
[2011/11/11 09:10:16 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
[2011/11/11 09:10:16 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\Dr Michael Foster\My Files\FromHeavenYouCame-Kendrick.mid:SummaryInformation
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\Dr Michael Foster\My Files\FromHeavenYouCame-Kendrick.mid:DocumentSummaryInformation

< End of report >
 
Extra Txt

OTL Extras logfile created on: 24/04/2012 22:06:45 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Dr Michael Foster\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 80.02% Memory free
4.84 Gb Paging File | 4.38 Gb Available in Paging File | 90.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 77.16 Gb Free Space | 33.13% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 65.25 Mb Free Space | 65.25% Space Free | Partition Type: NTFS
Drive F: | 931.41 Gb Total Space | 776.89 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive L: | 1.46 Gb Total Space | 1.42 Gb Free Space | 97.18% Space Free | Partition Type: NTFS
Drive M: | 226.05 Gb Total Space | 225.63 Gb Free Space | 99.81% Space Free | Partition Type: NTFS

Computer Name: KNIGHTS-2EE6007 | User Name: Dr Michael Foster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Aolpress\Ws_ftp\WS_FTP95.exe" = C:\Program Files\Aolpress\Ws_ftp\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:PowerDVD -- (CyberLink Corp.)
"C:\Program Files\ArcSoft\PhotoStudio 5.5\PhotoStudio.exe" = C:\Program Files\ArcSoft\PhotoStudio 5.5\PhotoStudio.exe:*:Enabled:PhotoStudio -- (ArcSoft, Inc.)
"C:\Program Files\NewSoft\Presto! PageManager 7.15\Pmsb.exe" = C:\Program Files\NewSoft\Presto! PageManager 7.15\Pmsb.exe:*:Enabled:Presto! Scan Buttons -- (NewSoft Technology Corporation)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\ScanSoft\OmniPageSE4.0\TwainClient.exe" = C:\Program Files\ScanSoft\OmniPageSE4.0\TwainClient.exe:*:Enabled:ScanSoft Scanner System - TwainClient.exe -- (Nuance Communications, Inc.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\FaxTalk\FTmsgsvc.exe" = C:\Program Files\FaxTalk\FTmsgsvc.exe:*:Enabled:FaxTalk Service -- (Thought Communications, Inc.)
"C:\Program Files\FaxTalk\fapiexe.exe" = C:\Program Files\FaxTalk\fapiexe.exe:*:Enabled:FaxTalk -- (Thought Communications, Inc.)
"C:\Program Files\FaxTalk\FTclctrl.exe" = C:\Program Files\FaxTalk\FTclctrl.exe:*:Enabled:FaxTalk CallControl -- (Thought Communications, Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{059DB9E1-936B-4511-9A77-7CDF68AAC9E1}" = Eudora
"{069C1AD7-AC72-40E0-A156-7442EA6A48D7}" = AVG 2012
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = BD Solution
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2304F821-BA4F-4f0c-B971-C5A1ADC919AB}" = Windows XP Valentine Screen Saver
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{27263813-8BDE-4CD2-84D3-02536743428A}_is1" = Attribute Changer 7.0
"{27D0C7AB-59F1-4D4D-A0BB-05A31AC919EA}" = Windows XP Winter Fun Pack Screensavers
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{41313863-5170-4D7E-AD60-3CDF4DEBA81F}" = Nokia PC Suite
"{46BD06C2-8D71-4A41-A71F-2EEA0FB2AEAB}_is1" = Wondershare PDF Converter (Build 2.0.2)
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{485E6526-EA98-4F04-925A-67424D12E1E2}" = Windows XP Creativity Fun Packs - Windows XP Power Toys
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}" = SpyHunter
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{616E8966-0574-4E9E-A9CD-9CB819EBC162}" = KONICA MINOLTA TWAIN Ver.3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7523F68F-3DA4-452A-A17F-4AF55A8A25BB}" = ChristmasTheme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889D48DA-457F-4C8B-9095-6458F2793B12}" = Nokia Software Updater
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E436940-A944-4D67-A45B-1876E23BB9C0}" = e-Sword
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98FD8BB5-59A9-4163-883C-2997F7BB59D9}" = Microsoft Video Screensaver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B19C841C-D60A-462F-AB86-4FDD51A77FA3}" = NILE THEME
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8971880-0060-11D8-87CB-C2A1A3E71907}_is1" = Index.dat Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1008475-75B2-4475-B98C-51FAE8B62960}" = Concord WinFax Plugin v3.0
"{C16DD2B9-04B1-42D4-87C1-0121E54BB263}" = FaxTalk FaxCenter Pro 8
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D85E93D8-BF44-4BE5-962D-EB8EFDACC073}" = KONICA MINOLTA HDD TWAIN Ver.3
"{DFE70CCC-0ACB-45B7-94F4-9DC6F01B7928}" = SolidPDFCreator
"{E3387EAB-DFD3-4894-9F4C-B27669D35ED8}" = Images of Ireland Theme for Windows XP
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{ED36C999-9843-4A4E-B60A-5152074D5EDD}_is1" = 1.0.3
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE60BB9B-E721-454C-9B61-34EE8B36B8A7}" = Nokia PC Internet Access
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FFC5C6DA-6BC0-47C1-9EC0-8E1A1294E4F7}" = Windows XP Winter Fun Pack for Windows Movie Maker 2
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
"A to B Britain" = A to B Britain
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazing Windows XP Screen Saver_is1" = Amazing Windows XP Screen Saver 1.2
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"AnarkClient" = Anark Client 1.0
"Arisctoc Screensaver" = Arisctoc Screensaver
"Aristoc2" = Aristoc2
"AVG" = AVG 2012
"Bathroom Exposure" = Bathroom Exposure Screen Saver
"Bedroom Scandals" = Bedroom Scandals Screen Saver
"Belarc Advisor" = Belarc Advisor 8.1
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = PCI SoftV92 Modem
"Debut" = Debut Video Capture Software
"Doxillion" = Doxillion Document Converter
"Drive Rescue_is1" = Drive Rescue 1.9
"Driver Genius Professional Edition 2007_is1" = Driver Genius Professional Edition 2007
"dvdSanta 4.50 - Make your own DVD movies!_is1" = dvdSanta 4.50
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem (02/25/2011 4.7)
"EndItAll_is1" = EndItAll 2.0
"Flash Movie Player" = Flash Movie Player 1.5
"FLV Player" = FLV Player 2.0 (build 25)
"FontCreator6_is1" = High-Logic FontCreator 6.0
"FREE Hi-Q Recorder_is1" = FREE Hi-Q Recorder 1.92
"Free Internet Window Washer" = Free Internet Window Washer
"FreeCommander_is1" = FreeCommander 2009.02b
"Graphic Workshop Professional" = Graphic Workshop Professional
"Holiday Snowflakes Screen Saver_is1" = Holiday Snowflakes Screen Saver 1.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Kitchen Secrets" = Kitchen Secrets Screen Saver
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mp3tag" = Mp3tag v2.49
"MRU-Blaster_is1" = MRU-Blaster v1.5 (Database 3/28/2004)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"nLite_is1" = nLite 1.4.9.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Internet Access" = Nokia PC Internet Access
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"Outdoor Revelations" = Outdoor Revelations Screen Saver
"Physician's Home Assistant 1.8" = Physician's Home Assistant 1.8
"Pixillion" = Pixillion Image Converter
"Pretty Polly Intimates Collection" = Pretty Polly Intimates Collection Screen Saver
"Prism" = Prism Video File Converter
"Rapport_msi" = Rapport
"Recuva" = Recuva
"RegCmd_is1" = Registry Commander v1.04
"Spotify" = Spotify
"The Scriptures_is1" = The Scriptures
"Tweak UI 2.10" = Tweak UI
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"VideoPad" = VideoPad Video Editor
"WallpaperToy" = Wallpaper Changer for Windows XP
"WavePad" = WavePad Sound Editor
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Windows XP Video Screensaver Powertoy_is1" = Windows XP Video Screensaver Powertoy
"WinFax" = Symantec WinFax PRO
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48f759f27f96d78f" = DJweb
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/04/2012 15:11:44 | Computer Name = KNIGHTS-2EE6007 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00011780.

Error - 23/04/2012 15:12:21 | Computer Name = KNIGHTS-2EE6007 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00011780.

Error - 23/04/2012 15:12:51 | Computer Name = KNIGHTS-2EE6007 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00011780.

Error - 24/04/2012 04:25:44 | Computer Name = KNIGHTS-2EE6007 | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EE7

Error - 24/04/2012 04:25:50 | Computer Name = KNIGHTS-2EE6007 | Source = MatSvc | ID = 262152
Description = The MATS service encountered a failure when loading SAP. hr=0x80070002

SAP folder: C:\Program Files\Microsoft Fix it Center\SAPFolder\Scheduled\DDA435FA-6E05-4DBF-80FE-C4EBE882E798.28


Error - 24/04/2012 04:25:51 | Computer Name = KNIGHTS-2EE6007 | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x80070002 .

Error - 24/04/2012 05:16:32 | Computer Name = KNIGHTS-2EE6007 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 24/04/2012 07:04:20 | Computer Name = KNIGHTS-2EE6007 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 24/04/2012 07:04:20 | Computer Name = KNIGHTS-2EE6007 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 24/04/2012 11:14:28 | Computer Name = KNIGHTS-2EE6007 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00011780.

[ System Events ]
Error - 24/04/2012 08:09:24 | Computer Name = KNIGHTS-2EE6007 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 24/04/2012 10:19:11 | Computer Name = KNIGHTS-2EE6007 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 24/04/2012 10:20:11 | Computer Name = KNIGHTS-2EE6007 | Source = Service Control Manager | ID = 7000
Description = The SAS Core Service service failed to start due to the following
error: %%2

Error - 24/04/2012 10:20:12 | Computer Name = KNIGHTS-2EE6007 | Source = Service Control Manager | ID = 7023
Description = The Usrbridg service terminated with the following error: %%126

Error - 24/04/2012 11:41:55 | Computer Name = KNIGHTS-2EE6007 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 24/04/2012 11:43:55 | Computer Name = KNIGHTS-2EE6007 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 24/04/2012 12:09:04 | Computer Name = KNIGHTS-2EE6007 | Source = Service Control Manager | ID = 7034
Description = The WinFax PRO service terminated unexpectedly. It has done this
1 time(s).

Error - 24/04/2012 13:39:31 | Computer Name = KNIGHTS-2EE6007 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 24/04/2012 13:40:38 | Computer Name = KNIGHTS-2EE6007 | Source = Service Control Manager | ID = 7000
Description = The SAS Core Service service failed to start due to the following
error: %%2

Error - 24/04/2012 13:40:38 | Computer Name = KNIGHTS-2EE6007 | Source = Service Control Manager | ID = 7023
Description = The Usrbridg service terminated with the following error: %%126


< End of report >
 
Loosing Disk Drives and drive "F" affected

I had lost the two DVD drives I had. The Drivers were corruped. I reinstalled the drivers, to no avail then unistalled the Drives under Hardware in the System properties, and on reinstallation (found new hardware notice) they came back OK.
AVG reports Trojan infection in files in the F Drive (my Windows 7 Drive, which is bottable) and so I have disabled it in the Hardware list.

My questionis this - will this drive (F Drive) have the infection now, if I seek to boot on it - as the XP system keeps crashing, but is just about workable.

I was trying to burn files to a DVD to save them, this is how I realised I had no DVD Drives working!
 
Sorry for the delay in response...

I have been working to collect everything that I can to remove as much as possible in one sweep. There is just a lot to go through so that is why the time has been extended, but just so you know we really haven't removed anything yet so AVG is probably just picking up the same infections that were there to begin with. I hope to be finishing up shortly. I appreciate your patience. :bigthumb:
 
Hi,

Please download ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :Services

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2010/05/05 22:28:27 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:Files
c:\documents and settings\all users\favorites\computerfixes\permanent method to crack wga and patch windows xp (inc mce) or 2003 as genuine » my digital life.url
c:\documents and settings\all users\favorites\computerfixes\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows validat.url
c:\documents and settings\all users\favorites\computerfixes\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows2.url
c:\documents and settings\all users\favorites\computerfixes\cracks\beginners guide to hacking windows - part 2 governmentsecurity.org.url
c:\documents and settings\all users\favorites\computerfixes\cracks\brian carr's home pagewindows.url
c:\documents and settings\all users\favorites\computerfixes\cracks\bugmenot.com - login with these free web passwords to bypass compulsory registration.url
c:\documents and settings\all users\favorites\computerfixes\cracks\bypass windows genuine advantage validation check in windows update » my digital life.url
c:\documents and settings\all users\favorites\computerfixes\cracks\crackskeygen.url
c:\documents and settings\all users\favorites\computerfixes\cracks\cracksserial numbers&passwords..url
c:\documents and settings\all users\favorites\computerfixes\cracks\daring devil 'i'.url
c:\documents and settings\all users\favorites\computerfixes\cracks\filehippo.com - download free software.url
c:\documents and settings\all users\favorites\computerfixes\cracks\free email account with sky sky.com.url
c:\documents and settings\all users\favorites\computerfixes\cracks\keygen.cc - download keygen crack serial patch.url
c:\documents and settings\all users\favorites\computerfixes\cracks\official ways to disable or manually uninstall the microsoft windows genuine advantage notifications from microsoft » my digita.url
c:\documents and settings\all users\favorites\computerfixes\cracks\permanent method to crack wga and patch windows xp (inc mce) or 2003 as genuine » my digital life.url
c:\documents and settings\all users\favorites\computerfixes\cracks\remove, bypass, patch and disable microsoft windows genuine advantage wga validation version 1.5.708.0 with legitcheckcontrol.d.url
c:\documents and settings\all users\favorites\computerfixes\cracks\sagem router has been cracked - take 2.url
c:\documents and settings\all users\favorites\computerfixes\cracks\samsung sgh-e900 - support forum - expansys uk.url
c:\documents and settings\all users\favorites\computerfixes\cracks\software serial numbers and passwords..url
c:\documents and settings\all users\favorites\computerfixes\cracks\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows validat.url
c:\documents and settings\all users\favorites\computerfixes\cracks\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows2.url
c:\documents and settings\all users\favorites\computerfixes\cracks\wga remover.url
c:\documents and settings\all users\favorites\gizmos\crack.ms - download eudora email v7.0.0.16 crack or serial for free.url
c:\documents and settings\all users\favorites\gizmos\seriall.com - serials, keys, keygen, cracks.url
c:\documents and settings\dr michael foster\favorites\computerfixes\permanent method to crack wga and patch windows xp (inc mce) or 2003 as genuine » my digital life.url
c:\documents and settings\dr michael foster\favorites\computerfixes\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows validat.url
c:\documents and settings\dr michael foster\favorites\computerfixes\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows2.url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\beginners guide to hacking windows - part 2 governmentsecurity.org.url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\brian carr's home pagewindows.url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\bugmenot.com - login with these free web passwords to bypass compulsory registration.url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\bypass windows genuine advantage validation check in windows update » my digital life.url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\crackskeygen.url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\cracksserial numbers&passwords..url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\daring devil 'i'.url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\filehippo.com - download free software.url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\free email account with sky sky.com.url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\keyfinder magical jelly bean.url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\keygen.cc - download keygen crack serial patch.url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\official ways to disable or manually uninstall the microsoft windows genuine advantage notifications from microsoft » my digita.url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\permanent method to crack wga and patch windows xp (inc mce) or 2003 as genuine » my digital life.url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\remove, bypass, patch and disable microsoft windows genuine advantage wga validation version 1.5.708.0 with legitcheckcontrol.d.url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\sagem router has been cracked - take 2.url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\samsung sgh-e900 - support forum - expansys uk.url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\software serial numbers and passwords..url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows validat.url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows2.url
c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\wga remover.url
c:\documents and settings\dr michael foster\favorites\gizmos\crack.ms - download eudora email v7.0.0.16 crack or serial for free.url
c:\documents and settings\dr michael foster\favorites\gizmos\seriall.com - serials, keys, keygen, cracks.url
c:\documents and settings\dr michael foster\my files\crack.htm
ipconfig /flushdns /c

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"=-
"2869:TCP"=-
"139:TCP"=-
"445:TCP"=-
"137:UDP"=-
"138:UDP"=-
"5985:TCP"=-

:Commands
[purity]
[resethosts]
[createrestorepoints]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
 
Log Report & Thanks

Thanks for stayng on the case.

I am doing this in between my work (as I guess is true for you).

PS I had removed the URLs for the Crack sites (as soon as you pointed them out to me) - which lay long forgotten as is true of all of my youngsters' items on this machine.

Here is the log;

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
C:\WINDOWS\System32\PerfStringBackup.TMP deleted successfully.
C:\WINDOWS\System32\x(cmd)dds_trash_log.cmd.tmp deleted successfully.
C:\WINDOWS\System32\x(dat)d3d9caps.dat.tmp deleted successfully.
C:\WINDOWS\System32\x(dat)perfc009.dat.tmp deleted successfully.
C:\WINDOWS\System32\x(dat)perfh009.dat.tmp deleted successfully.
C:\WINDOWS\System32\x(INI)PerfStringBackup.INI.tmp deleted successfully.
C:\WINDOWS\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla21.exe deleted successfully.
C:\WINDOWS\4E0C6314A8B84026AC15084E8B63AFB5.TMP folder deleted successfully.
C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== FILES ==========
File\Folder c:\documents and settings\all users\favorites\computerfixes\permanent method to crack wga and patch windows xp (inc mce) or 2003 as genuine » my digital life.url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows validat.url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows2.url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\cracks\beginners guide to hacking windows - part 2 governmentsecurity.org.url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\cracks\brian carr's home pagewindows.url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\cracks\bugmenot.com - login with these free web passwords to bypass compulsory registration.url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\cracks\bypass windows genuine advantage validation check in windows update » my digital life.url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\cracks\crackskeygen.url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\cracks\cracksserial numbers&passwords..url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\cracks\daring devil 'i'.url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\cracks\filehippo.com - download free software.url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\cracks\free email account with sky sky.com.url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\cracks\keygen.cc - download keygen crack serial patch.url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\cracks\official ways to disable or manually uninstall the microsoft windows genuine advantage notifications from microsoft » my digita.url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\cracks\permanent method to crack wga and patch windows xp (inc mce) or 2003 as genuine » my digital life.url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\cracks\remove, bypass, patch and disable microsoft windows genuine advantage wga validation version 1.5.708.0 with legitcheckcontrol.d.url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\cracks\sagem router has been cracked - take 2.url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\cracks\samsung sgh-e900 - support forum - expansys uk.url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\cracks\software serial numbers and passwords..url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\cracks\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows validat.url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\cracks\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows2.url not found.
File\Folder c:\documents and settings\all users\favorites\computerfixes\cracks\wga remover.url not found.
c:\documents and settings\all users\favorites\gizmos\CRACK.MS - Download Eudora Email v7.0.0.16 CRACK or SERIAL for FREE.url moved successfully.
c:\documents and settings\all users\favorites\gizmos\SeriAll.Com - Serials, Keys, Keygen, Cracks.url moved successfully.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\permanent method to crack wga and patch windows xp (inc mce) or 2003 as genuine » my digital life.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows validat.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows2.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\beginners guide to hacking windows - part 2 governmentsecurity.org.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\brian carr's home pagewindows.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\bugmenot.com - login with these free web passwords to bypass compulsory registration.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\bypass windows genuine advantage validation check in windows update » my digital life.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\crackskeygen.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\cracksserial numbers&passwords..url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\daring devil 'i'.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\filehippo.com - download free software.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\free email account with sky sky.com.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\keyfinder magical jelly bean.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\keygen.cc - download keygen crack serial patch.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\official ways to disable or manually uninstall the microsoft windows genuine advantage notifications from microsoft » my digita.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\permanent method to crack wga and patch windows xp (inc mce) or 2003 as genuine » my digital life.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\remove, bypass, patch and disable microsoft windows genuine advantage wga validation version 1.5.708.0 with legitcheckcontrol.d.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\sagem router has been cracked - take 2.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\samsung sgh-e900 - support forum - expansys uk.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\software serial numbers and passwords..url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows validat.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows2.url not found.
File\Folder c:\documents and settings\dr michael foster\favorites\computerfixes\cracks\wga remover.url not found.
c:\documents and settings\dr michael foster\favorites\gizmos\CRACK.MS - Download Eudora Email v7.0.0.16 CRACK or SERIAL for FREE.url moved successfully.
c:\documents and settings\dr michael foster\favorites\gizmos\SeriAll.Com - Serials, Keys, Keygen, Cracks.url moved successfully.
c:\documents and settings\dr michael foster\my files\crack.htm moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Dr Michael Foster\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Dr Michael Foster\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5985:TCP deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Error: Unable to interpret <[createrestorepoints]> in the current context!

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Dr Michael Foster
->Temp folder emptied: 1683814 bytes
->Temporary Internet Files folder emptied: 3793356 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 15783852 bytes
->Flash cache emptied: 787 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2130054 bytes
->Flash cache emptied: 5514 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 494 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 402 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 22.00 mb

Error: Unable to interpret <[Reboot]Then click the Run Fix button at the top > in the current context!

OTL by OldTimer - Version 3.2.40.0 log created on 04252012_191942

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Dr Michael Foster\Local Settings\Temp\~DFCAD4.tmp not found!
File\Folder C:\Documents and Settings\Dr Michael Foster\Local Settings\Temporary Internet Files\Content.Word\~WRS4043.tmp not found!
C:\Documents and Settings\Dr Michael Foster\Local Settings\Temporary Internet Files\Content.IE5\ATQL68NI\showthread[1].htm moved successfully.

Registry entries deleted on Reboot...
 
Hi,

Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the Start button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
    esetListThreats.png
  12. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the Back button.
  14. Push Finish
http://www.eset.com/onlinescan/
----------

In your next reply please post the logs made by Malwarebytes and ESET. :)
 
Status
Not open for further replies.
Back
Top