IDP & Crypt AQLW Trojan DDS Log pasted.

jeffce · Apr 28, 2012

Hi,

Please do the following:

Run TDSSKiller again and post the new log.
----------

Open OTL
In Custom Scans/Fixes put

netsvcs
/md5start
consrv.dll
/md5stop
createrestorepoint

Press the Run Scan button and post the newly made log

osjknights · Apr 28, 2012

Scans completed

Hi

I notice I have this entry in the HijackThis list;

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=*.local

I have not seen it in the past - should it be removed?

----------------------------------------
Scan results:
----------------------------------------
TDSSKiller:

19:40:39.0140 2548 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
19:40:39.0156 2548 ============================================================
19:40:39.0156 2548 Current date / time: 2012/04/28 19:40:39.0156
19:40:39.0156 2548 SystemInfo:
19:40:39.0156 2548
19:40:39.0156 2548 OS Version: 5.1.2600 ServicePack: 3.0
19:40:39.0156 2548 Product type: Workstation
19:40:39.0156 2548 ComputerName: KNIGHTS-2EE6007
19:40:39.0156 2548 UserName: Dr Michael Foster
19:40:39.0156 2548 Windows directory: C:\WINDOWS
19:40:39.0156 2548 System windows directory: C:\WINDOWS
19:40:39.0156 2548 Processor architecture: Intel x86
19:40:39.0156 2548 Number of processors: 4
19:40:39.0156 2548 Page size: 0x1000
19:40:39.0156 2548 Boot type: Normal boot
19:40:39.0156 2548 ============================================================
19:40:40.0796 2548 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:40:41.0218 2548 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
19:40:41.0265 2548 Drive \Device\Harddisk2\DR5 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'W'
19:40:41.0312 2548 ============================================================
19:40:41.0312 2548 \Device\Harddisk0\DR0:
19:40:41.0312 2548 MBR partitions:
19:40:41.0312 2548 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
19:40:41.0312 2548 \Device\Harddisk1\DR1:
19:40:41.0312 2548 MBR partitions:
19:40:41.0312 2548 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:40:41.0312 2548 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
19:40:41.0312 2548 \Device\Harddisk2\DR5:
19:40:41.0312 2548 MBR partitions:
19:40:41.0312 2548 \Device\Harddisk2\DR5\Partition0: MBR, Type 0x7, StartLBA 0xABE800, BlocksNum 0x2EE000
19:40:41.0312 2548 \Device\Harddisk2\DR5\Partition1: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0x1C418800
19:40:41.0312 2548 ============================================================
19:40:41.0343 2548 C: <-> \Device\Harddisk0\DR0\Partition0
19:40:41.0343 2548 E: <-> \Device\Harddisk1\DR1\Partition0
19:40:41.0359 2548 F: <-> \Device\Harddisk1\DR1\Partition1
19:40:41.0390 2548 L: <-> \Device\Harddisk2\DR5\Partition0
19:40:41.0406 2548 M: <-> \Device\Harddisk2\DR5\Partition1
19:40:41.0406 2548 ============================================================
19:40:41.0406 2548 Initialize success
19:40:41.0406 2548 ============================================================
19:40:51.0578 2804 ============================================================
19:40:51.0578 2804 Scan started
19:40:51.0578 2804 Mode: Manual; SigCheck; TDLFS;
19:40:51.0578 2804 ============================================================
19:40:52.0343 2804 !SASCORE - ok
19:40:52.0437 2804 Abiosdsk - ok
19:40:52.0437 2804 abp480n5 - ok
19:40:52.0515 2804 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:40:52.0984 2804 ACPI - ok
19:40:53.0015 2804 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:40:53.0109 2804 ACPIEC - ok
19:40:53.0109 2804 adaptecstoragemanageragent - ok
19:40:53.0218 2804 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:40:53.0218 2804 AdobeFlashPlayerUpdateSvc - ok
19:40:53.0234 2804 adpu160m - ok
19:40:53.0234 2804 adsexpb - ok
19:40:53.0281 2804 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:40:53.0359 2804 aec - ok
19:40:53.0406 2804 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:40:53.0437 2804 AFD - ok
19:40:53.0437 2804 Aha154x - ok
19:40:53.0437 2804 aic78u2 - ok
19:40:53.0437 2804 aic78xx - ok
19:40:53.0437 2804 alcxsens - ok
19:40:53.0484 2804 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:40:53.0593 2804 Alerter - ok
19:40:53.0593 2804 alertservice - ok
19:40:53.0625 2804 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:40:53.0656 2804 ALG - ok
19:40:53.0656 2804 AliIde - ok
19:40:53.0765 2804 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
19:40:53.0812 2804 Ambfilt - ok
19:40:53.0843 2804 amdk7 - ok
19:40:53.0843 2804 amsint - ok
19:40:53.0984 2804 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:40:54.0000 2804 Apple Mobile Device - ok
19:40:54.0046 2804 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:40:54.0109 2804 AppMgmt - ok
19:40:54.0109 2804 ar5211 - ok
19:40:54.0109 2804 arkbcfltr - ok
19:40:54.0140 2804 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:40:54.0218 2804 Arp1394 - ok
19:40:54.0218 2804 asc - ok
19:40:54.0234 2804 asc3350p - ok
19:40:54.0234 2804 asc3550 - ok
19:40:54.0328 2804 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:40:54.0343 2804 aspnet_state - ok
19:40:54.0375 2804 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:40:54.0453 2804 AsyncMac - ok
19:40:54.0500 2804 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:40:54.0609 2804 atapi - ok
19:40:54.0609 2804 Atdisk - ok
19:40:54.0609 2804 ATKGFNEXSrv - ok
19:40:54.0609 2804 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:40:54.0687 2804 Atmarpc - ok
19:40:54.0718 2804 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:40:54.0796 2804 AudioSrv - ok
19:40:54.0859 2804 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:40:54.0953 2804 audstub - ok
19:40:55.0218 2804 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
19:40:55.0359 2804 AVGIDSAgent - ok
19:40:55.0453 2804 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
19:40:55.0468 2804 AVGIDSDriver - ok
19:40:55.0484 2804 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
19:40:55.0500 2804 AVGIDSEH - ok
19:40:55.0515 2804 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
19:40:55.0531 2804 AVGIDSFilter - ok
19:40:55.0593 2804 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
19:40:55.0609 2804 AVGIDSShim - ok
19:40:55.0671 2804 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:40:55.0687 2804 Avgldx86 - ok
19:40:55.0750 2804 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:40:55.0750 2804 Avgmfx86 - ok
19:40:55.0765 2804 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:40:55.0781 2804 Avgrkx86 - ok
19:40:55.0796 2804 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:40:55.0812 2804 Avgtdix - ok
19:40:55.0890 2804 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:40:55.0906 2804 avgwd - ok
19:40:55.0906 2804 BANTExt - ok
19:40:55.0968 2804 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:40:56.0062 2804 Beep - ok
19:40:56.0062 2804 belmonitorservice - ok
19:40:56.0125 2804 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:40:56.0234 2804 BITS - ok
19:40:56.0250 2804 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:40:56.0343 2804 Browser - ok
19:40:56.0343 2804 BrUsbSer - ok
19:40:56.0375 2804 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
19:40:56.0484 2804 BthEnum - ok
19:40:56.0515 2804 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
19:40:56.0593 2804 BTHMODEM - ok
19:40:56.0625 2804 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
19:40:56.0718 2804 BthPan - ok
19:40:56.0765 2804 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
19:40:56.0796 2804 BTHPORT - ok
19:40:56.0843 2804 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
19:40:56.0937 2804 BthServ - ok
19:40:56.0953 2804 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
19:40:57.0031 2804 BTHUSB - ok
19:40:57.0031 2804 C-Dilla - ok
19:40:57.0031 2804 catchme - ok
19:40:57.0078 2804 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:40:57.0187 2804 cbidf2k - ok
19:40:57.0187 2804 ccevtmgr - ok
19:40:57.0187 2804 cd20xrnt - ok
19:40:57.0187 2804 CdaD10BA - ok
19:40:57.0203 2804 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:40:57.0281 2804 Cdaudio - ok
19:40:57.0328 2804 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:40:57.0421 2804 Cdfs - ok
19:40:57.0453 2804 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:40:57.0546 2804 Cdrom - ok
19:40:57.0593 2804 Changer (daf1a8193b6caf0fb858cadcc5c4af4a) C:\WINDOWS\system32\drivers\Changer.sys
19:40:57.0703 2804 Changer - ok
19:40:57.0750 2804 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:40:57.0828 2804 CiSvc - ok
19:40:57.0875 2804 CLBStor (0252b4007a8f3a6cc61220cbe122544d) C:\WINDOWS\system32\drivers\CLBStor.sys
19:40:57.0890 2804 CLBStor - ok
19:40:57.0953 2804 CLBUDF (dc705765a170f7bd8af3632c93b03f0b) C:\WINDOWS\system32\drivers\CLBUDF.sys
19:40:57.0968 2804 CLBUDF - ok
19:40:57.0984 2804 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:40:58.0078 2804 ClipSrv - ok
19:40:58.0187 2804 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:40:58.0203 2804 clr_optimization_v2.0.50727_32 - ok
19:40:58.0203 2804 CmdIde - ok
19:40:58.0203 2804 CoachUsb - ok
19:40:58.0203 2804 commserver - ok
19:40:58.0203 2804 COMSysApp - ok
19:40:58.0218 2804 Cpqarray - ok
19:40:58.0296 2804 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
19:40:58.0312 2804 cpudrv - ok
19:40:58.0343 2804 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:40:58.0421 2804 CryptSvc - ok
19:40:58.0421 2804 cygserver - ok
19:40:58.0421 2804 dac2w2k - ok
19:40:58.0421 2804 dac960nt - ok
19:40:58.0421 2804 DC21x4 - ok
19:40:58.0468 2804 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:40:58.0484 2804 DcomLaunch - ok
19:40:58.0546 2804 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:40:58.0625 2804 Dhcp - ok
19:40:58.0656 2804 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:40:58.0765 2804 Disk - ok
19:40:58.0765 2804 dladresn - ok
19:40:58.0765 2804 dlaopiom - ok
19:40:58.0765 2804 dmadmin - ok
19:40:58.0828 2804 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:40:58.0937 2804 dmboot - ok
19:40:58.0968 2804 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:40:59.0078 2804 dmio - ok
19:40:59.0093 2804 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:40:59.0171 2804 dmload - ok
19:40:59.0203 2804 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:40:59.0296 2804 dmserver - ok
19:40:59.0312 2804 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:40:59.0390 2804 DMusic - ok
19:40:59.0437 2804 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:40:59.0453 2804 Dnscache - ok
19:40:59.0484 2804 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:40:59.0578 2804 Dot3svc - ok
19:40:59.0593 2804 dpti2o - ok
19:40:59.0609 2804 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:40:59.0703 2804 drmkaud - ok
19:40:59.0703 2804 EACSvrMngr - ok
19:40:59.0734 2804 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:40:59.0843 2804 EapHost - ok
19:40:59.0843 2804 EL90X - ok
19:40:59.0843 2804 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:40:59.0937 2804 ERSvc - ok
19:41:00.0015 2804 esgiguard (2407b8164e966755bc6a4242fc9de31e) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
19:41:00.0015 2804 esgiguard - ok
19:41:00.0031 2804 EU3_USB - ok
19:41:00.0109 2804 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:41:00.0125 2804 Eventlog - ok
19:41:00.0187 2804 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:41:00.0203 2804 EventSystem - ok
19:41:00.0203 2804 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:41:00.0296 2804 Fastfat - ok
19:41:00.0343 2804 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:41:00.0359 2804 FastUserSwitchingCompatibility - ok
19:41:00.0421 2804 FaxTalk FaxCenter Pro 8 (18ef9f53f127b8758b257117983df520) C:\Program Files\FaxTalk\FTmsgsvc.exe
19:41:00.0437 2804 FaxTalk FaxCenter Pro 8 - ok
19:41:00.0453 2804 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:41:00.0531 2804 Fdc - ok
19:41:00.0546 2804 FINEPIX_PCC - ok
19:41:00.0578 2804 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:41:00.0671 2804 Fips - ok
19:41:00.0687 2804 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:41:00.0765 2804 Flpydisk - ok
19:41:00.0796 2804 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:41:00.0875 2804 FltMgr - ok
19:41:01.0046 2804 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:41:01.0062 2804 FontCache3.0.0.0 - ok
19:41:01.0062 2804 fsaa - ok
19:41:01.0109 2804 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:41:01.0187 2804 Fs_Rec - ok
19:41:01.0265 2804 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:41:01.0359 2804 Ftdisk - ok
19:41:01.0390 2804 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:41:01.0406 2804 GEARAspiWDM - ok
19:41:01.0406 2804 getPlusHelper - ok
19:41:01.0406 2804 giveio - ok
19:41:01.0453 2804 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:41:01.0562 2804 Gpc - ok
19:41:01.0609 2804 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:41:01.0625 2804 gupdate - ok
19:41:01.0625 2804 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:41:01.0625 2804 gupdatem - ok
19:41:01.0640 2804 ham50 - ok
19:41:01.0640 2804 hap16v2k - ok
19:41:01.0687 2804 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:41:01.0781 2804 HDAudBus - ok
19:41:01.0828 2804 helpsvc - ok
19:41:01.0828 2804 HidServ - ok
19:41:01.0875 2804 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:41:01.0968 2804 hkmsvc - ok
19:41:01.0968 2804 hpn - ok
19:41:02.0015 2804 HSFHWBS2 (6312dc46356df3974e88aa51b69360dc) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
19:41:02.0031 2804 HSFHWBS2 - ok
19:41:02.0093 2804 HSF_DPV (daab917eec9849840a13353198d48cc5) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
19:41:02.0140 2804 HSF_DPV - ok
19:41:02.0187 2804 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:41:02.0234 2804 HTTP - ok
19:41:02.0281 2804 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:41:02.0375 2804 HTTPFilter - ok
19:41:02.0406 2804 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:41:02.0484 2804 i2omgmt - ok
19:41:02.0484 2804 i2omp - ok
19:41:02.0546 2804 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:41:02.0640 2804 i8042prt - ok
19:41:02.0640 2804 icdsptsv - ok
19:41:02.0828 2804 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:41:02.0859 2804 idsvc - ok
19:41:02.0875 2804 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:41:02.0953 2804 Imapi - ok
19:41:02.0984 2804 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:41:03.0062 2804 ImapiService - ok
19:41:03.0062 2804 incdfs - ok
19:41:03.0078 2804 ini910u - ok
19:41:03.0078 2804 int15 - ok
19:41:03.0375 2804 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:41:03.0562 2804 IntcAzAudAddService - ok
19:41:03.0640 2804 IntelIde - ok
19:41:03.0703 2804 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:41:03.0781 2804 intelppm - ok
19:41:03.0781 2804 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:41:03.0875 2804 Ip6Fw - ok
19:41:03.0921 2804 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:41:04.0015 2804 IpFilterDriver - ok
19:41:04.0046 2804 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:41:04.0140 2804 IpInIp - ok
19:41:04.0171 2804 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:41:04.0265 2804 IpNat - ok
19:41:04.0390 2804 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe
19:41:04.0421 2804 iPod Service - ok
19:41:04.0437 2804 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:41:04.0531 2804 IPSec - ok
19:41:04.0562 2804 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:41:04.0609 2804 IRENUM - ok
19:41:04.0640 2804 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:41:04.0718 2804 isapnp - ok
19:41:04.0812 2804 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
19:41:04.0828 2804 JavaQuickStarterService - ok
19:41:04.0828 2804 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:41:04.0906 2804 Kbdclass - ok
19:41:04.0921 2804 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:41:05.0000 2804 kmixer - ok
19:41:05.0031 2804 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:41:05.0062 2804 KSecDD - ok
19:41:05.0109 2804 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:41:05.0140 2804 lanmanserver - ok
19:41:05.0156 2804 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:41:05.0171 2804 lanmanworkstation - ok
19:41:05.0187 2804 lbrtfdc (cc50a66548c2f285bc8a7b0b8aa578e3) C:\WINDOWS\system32\drivers\lbrtfdc.sys
19:41:05.0250 2804 lbrtfdc - ok
19:41:05.0281 2804 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:41:05.0375 2804 LmHosts - ok
19:41:05.0375 2804 LUsbFilt - ok
19:41:05.0375 2804 lxrsge10s - ok
19:41:05.0375 2804 mafwboot - ok
19:41:05.0484 2804 MatSvc (0cf633a54c681c65297c63106c4bc376) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
19:41:05.0500 2804 MatSvc - ok
19:41:05.0531 2804 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
19:41:05.0531 2804 MBAMProtector - ok
19:41:05.0609 2804 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:41:05.0640 2804 MBAMService - ok
19:41:05.0750 2804 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
19:41:05.0765 2804 McComponentHostService - ok
19:41:05.0765 2804 mcdetect.exe - ok
19:41:05.0843 2804 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:41:05.0859 2804 mdmxsdk - ok
19:41:05.0890 2804 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:41:05.0984 2804 Messenger - ok
19:41:05.0984 2804 mf - ok
19:41:05.0984 2804 mindrepair - ok
19:41:06.0031 2804 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:41:06.0109 2804 mnmdd - ok
19:41:06.0140 2804 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:41:06.0234 2804 mnmsrvc - ok
19:41:06.0296 2804 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:41:06.0375 2804 Modem - ok
19:41:06.0421 2804 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:41:06.0515 2804 MODEMCSA - ok
19:41:06.0625 2804 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
19:41:06.0656 2804 Monfilt - ok
19:41:06.0718 2804 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:41:06.0812 2804 Mouclass - ok
19:41:06.0843 2804 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:41:06.0937 2804 MountMgr - ok
19:41:06.0937 2804 MR97310_USB_DUAL_CAMERA - ok
19:41:06.0953 2804 mraid35x - ok
19:41:06.0953 2804 MRV6X32P - ok
19:41:06.0968 2804 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:41:07.0078 2804 MRxDAV - ok
19:41:07.0140 2804 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:41:07.0171 2804 MRxSmb - ok
19:41:07.0171 2804 MSCamSvc - ok
19:41:07.0203 2804 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:41:07.0296 2804 MSDTC - ok
19:41:07.0312 2804 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:41:07.0406 2804 Msfs - ok
19:41:07.0406 2804 MSICPL - ok
19:41:07.0421 2804 MSIServer - ok
19:41:07.0421 2804 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:41:07.0515 2804 MSKSSRV - ok
19:41:07.0515 2804 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:41:07.0593 2804 MSPCLOCK - ok
19:41:07.0593 2804 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:41:07.0671 2804 MSPQM - ok
19:41:07.0718 2804 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:41:07.0796 2804 mssmbios - ok
19:41:07.0812 2804 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:41:07.0843 2804 Mup - ok
19:41:07.0843 2804 Mvc25U870_VID_1262&PID_25FD - ok
19:41:07.0859 2804 n558 - ok
19:41:07.0906 2804 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:41:07.0968 2804 napagent - ok
19:41:07.0984 2804 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:41:08.0078 2804 NDIS - ok
19:41:08.0125 2804 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:41:08.0156 2804 NdisTapi - ok
19:41:08.0156 2804 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:41:08.0234 2804 Ndisuio - ok
19:41:08.0250 2804 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:41:08.0312 2804 NdisWan - ok
19:41:08.0343 2804 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:41:08.0359 2804 NDProxy - ok
19:41:08.0359 2804 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:41:08.0453 2804 NetBIOS - ok
19:41:08.0484 2804 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:41:08.0562 2804 NetBT - ok
19:41:08.0578 2804 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:41:08.0656 2804 NetDDE - ok
19:41:08.0656 2804 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:41:08.0734 2804 NetDDEdsdm - ok
19:41:08.0781 2804 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:41:08.0859 2804 Netlogon - ok
19:41:08.0875 2804 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:41:08.0968 2804 Netman - ok
19:41:09.0140 2804 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:41:09.0140 2804 NetTcpPortSharing - ok
19:41:09.0187 2804 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:41:09.0281 2804 NIC1394 - ok
19:41:09.0328 2804 nicconfigsvc (9c454cd857b4c0ccf7a614b047616503) C:\WINDOWS\system32\SimpTcp.dll
19:41:09.0406 2804 nicconfigsvc - ok
19:41:09.0468 2804 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:41:09.0515 2804 Nla - ok
19:41:09.0546 2804 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\WINDOWS\system32\drivers\ccdcmb.sys
19:41:09.0593 2804 nmwcd - ok
19:41:09.0625 2804 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
19:41:09.0687 2804 nmwcdc - ok
19:41:09.0718 2804 nmwcdnsu (99b224f8026cb534724aa3c408561e45) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
19:41:09.0781 2804 nmwcdnsu - ok
19:41:09.0812 2804 nmwcdnsuc (d23257682d349a5e2e4507ed33decc16) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
19:41:09.0890 2804 nmwcdnsuc - ok
19:41:09.0906 2804 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:41:10.0000 2804 Npfs - ok
19:41:10.0046 2804 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:41:10.0156 2804 Ntfs - ok
19:41:10.0156 2804 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:41:10.0234 2804 NtLmSsp - ok
19:41:10.0265 2804 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:41:10.0375 2804 NtmsSvc - ok
19:41:10.0406 2804 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:41:10.0500 2804 Null - ok
19:41:10.0828 2804 nv (ceab17ba3e0f7de96a4649f896b35131) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:41:11.0000 2804 nv ( UnsignedFile.Multi.Generic ) - warning
19:41:11.0000 2804 nv - detected UnsignedFile.Multi.Generic (1)
19:41:11.0125 2804 NVSvc (df6fd57d6807ae459b3463fbfda02d49) C:\WINDOWS\system32\nvsvc32.exe
19:41:11.0140 2804 NVSvc ( UnsignedFile.Multi.Generic ) - warning
19:41:11.0140 2804 NVSvc - detected UnsignedFile.Multi.Generic (1)
19:41:11.0156 2804 NWHOST - ok
19:41:11.0187 2804 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:41:11.0281 2804 NwlnkFlt - ok
19:41:11.0281 2804 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:41:11.0359 2804 NwlnkFwd - ok
19:41:11.0390 2804 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:41:11.0484 2804 ohci1394 - ok
19:41:11.0484 2804 omci - ok
19:41:11.0609 2804 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:41:11.0609 2804 ose - ok
19:41:11.0671 2804 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
19:41:11.0765 2804 Parport - ok
19:41:11.0765 2804 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:41:11.0843 2804 PartMgr - ok
19:41:11.0890 2804 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:41:11.0984 2804 ParVdm - ok
19:41:12.0031 2804 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
19:41:12.0046 2804 pccsmcfd - ok
19:41:12.0078 2804 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:41:12.0187 2804 PCI - ok
19:41:12.0187 2804 PCIDump - ok
19:41:12.0218 2804 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:41:12.0312 2804 PCIIde - ok
19:41:12.0328 2804 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:41:12.0406 2804 Pcmcia - ok
19:41:12.0406 2804 pdlndldl - ok
19:41:12.0421 2804 perc2 - ok
19:41:12.0421 2804 perc2hib - ok
19:41:12.0421 2804 pgpsdkservice - ok
19:41:12.0421 2804 pktfilter - ok
19:41:12.0468 2804 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:41:12.0484 2804 PlugPlay - ok
19:41:12.0500 2804 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:41:12.0578 2804 PolicyAgent - ok
19:41:12.0609 2804 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:41:12.0687 2804 PptpMiniport - ok
19:41:12.0687 2804 procexp100 - ok
19:41:12.0687 2804 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:41:12.0765 2804 ProtectedStorage - ok
19:41:12.0765 2804 protectionservice - ok
19:41:12.0781 2804 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:41:12.0843 2804 PSched - ok
19:41:12.0890 2804 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:41:12.0984 2804 Ptilink - ok
19:41:12.0984 2804 ql1080 - ok
19:41:12.0984 2804 Ql10wnt - ok
19:41:12.0984 2804 ql12160 - ok
19:41:12.0984 2804 ql1240 - ok
19:41:13.0000 2804 ql1280 - ok
19:41:13.0000 2804 ql2100 - ok
19:41:13.0187 2804 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
19:41:13.0203 2804 RapportCerberus_34302 - ok
19:41:13.0250 2804 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
19:41:13.0265 2804 RapportEI - ok
19:41:13.0359 2804 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
19:41:13.0375 2804 RapportIaso - ok
19:41:13.0390 2804 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\WINDOWS\system32\Drivers\RapportKELL.sys
19:41:13.0406 2804 RapportKELL - ok
19:41:13.0468 2804 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
19:41:13.0484 2804 RapportMgmtService - ok
19:41:13.0515 2804 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
19:41:13.0531 2804 RapportPG - ok
19:41:13.0578 2804 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:41:13.0656 2804 RasAcd - ok
19:41:13.0687 2804 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:41:13.0765 2804 RasAuto - ok
19:41:13.0796 2804 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:41:13.0875 2804 Rasl2tp - ok
19:41:13.0921 2804 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:41:14.0000 2804 RasMan - ok
19:41:14.0046 2804 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:41:14.0140 2804 RasPppoe - ok
19:41:14.0140 2804 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:41:14.0218 2804 Raspti - ok
19:41:14.0250 2804 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:41:14.0328 2804 Rdbss - ok
19:41:14.0328 2804 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:41:14.0421 2804 RDPCDD - ok
19:41:14.0484 2804 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:41:14.0578 2804 rdpdr - ok
19:41:14.0640 2804 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:41:14.0671 2804 RDPWD - ok
19:41:14.0718 2804 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:41:14.0812 2804 RDSessMgr - ok
19:41:14.0843 2804 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:41:14.0953 2804 redbook - ok
19:41:14.0984 2804 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:41:15.0093 2804 RemoteAccess - ok
19:41:15.0125 2804 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:41:15.0203 2804 RemoteRegistry - ok
19:41:15.0250 2804 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
19:41:15.0328 2804 RFCOMM - ok
19:41:15.0546 2804 RichVideo (4d05898896ec49cf663dda61041ab096) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
19:41:15.0562 2804 RichVideo - ok
19:41:15.0562 2804 roxmediadb - ok
19:41:15.0593 2804 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:41:15.0671 2804 RpcLocator - ok
19:41:15.0734 2804 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
19:41:15.0750 2804 RpcSs - ok
19:41:15.0781 2804 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:41:15.0859 2804 RSVP - ok
19:41:15.0906 2804 RTL8023xp (69ee1e8dc0c750a5d03739e6e9429959) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
19:41:15.0937 2804 RTL8023xp ( UnsignedFile.Multi.Generic ) - warning
19:41:15.0937 2804 RTL8023xp - detected UnsignedFile.Multi.Generic (1)
19:41:15.0968 2804 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:41:16.0046 2804 rtl8139 - ok
19:41:16.0046 2804 SaiMini - ok
19:41:16.0078 2804 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:41:16.0156 2804 SamSs - ok
19:41:16.0265 2804 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:41:16.0265 2804 SASDIFSV - ok
19:41:16.0281 2804 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:41:16.0281 2804 SASKUTIL - ok
19:41:16.0343 2804 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:41:16.0437 2804 SCardSvr - ok
19:41:16.0453 2804 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:41:16.0531 2804 Schedule - ok
19:41:16.0640 2804 SdReadSpool (b9443470baae569d9a3fabbfeb35c4e7) C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
19:41:16.0640 2804 SdReadSpool - ok
19:41:16.0671 2804 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:41:16.0734 2804 Secdrv - ok
19:41:16.0796 2804 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:41:16.0875 2804 seclogon - ok
19:41:16.0890 2804 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:41:16.0968 2804 SENS - ok
19:41:17.0031 2804 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
19:41:17.0109 2804 Serial - ok
19:41:17.0203 2804 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:41:17.0234 2804 ServiceLayer - ok
19:41:17.0234 2804 SfCtlCom - ok
19:41:17.0296 2804 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:41:17.0390 2804 Sfloppy - ok
19:41:17.0390 2804 sfsync04 - ok
19:41:17.0453 2804 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:41:17.0546 2804 SharedAccess - ok
19:41:17.0578 2804 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:41:17.0593 2804 ShellHWDetection - ok
19:41:17.0593 2804 Simbad - ok
19:41:17.0593 2804 SiRemFil - ok
19:41:17.0593 2804 smartwiservice - ok
19:41:17.0593 2804 smservaz - ok
19:41:17.0609 2804 softfax - ok
19:41:17.0609 2804 Sparrow - ok
19:41:17.0656 2804 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:41:17.0734 2804 splitter - ok
19:41:17.0750 2804 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:41:17.0765 2804 Spooler - ok
19:41:17.0843 2804 SpyHunter 4 Service (63f2b52947577dbb075fe646bc758a2f) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
19:41:17.0875 2804 SpyHunter 4 Service - ok
19:41:17.0890 2804 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:41:17.0953 2804 sr - ok
19:41:18.0000 2804 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:41:18.0031 2804 srservice - ok
19:41:18.0093 2804 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:41:18.0140 2804 Srv - ok
19:41:18.0156 2804 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:41:18.0218 2804 SSDPSRV - ok
19:41:18.0265 2804 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:41:18.0343 2804 stisvc - ok
19:41:18.0390 2804 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:41:18.0468 2804 swenum - ok
19:41:18.0515 2804 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:41:18.0609 2804 swmidi - ok
19:41:18.0609 2804 SwPrv - ok
19:41:18.0609 2804 symc810 - ok
19:41:18.0609 2804 symc8xx - ok
19:41:18.0625 2804 symdns - ok
19:41:18.0625 2804 sym_hi - ok
19:41:18.0625 2804 sym_u3 - ok
19:41:18.0656 2804 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:41:18.0734 2804 sysaudio - ok
19:41:18.0765 2804 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:41:18.0859 2804 SysmonLog - ok
19:41:18.0921 2804 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:41:19.0031 2804 TapiSrv - ok
19:41:19.0093 2804 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:41:19.0109 2804 Tcpip - ok
19:41:19.0140 2804 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:41:19.0250 2804 TDPIPE - ok
19:41:19.0250 2804 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:41:19.0343 2804 TDTCP - ok
19:41:19.0375 2804 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:41:19.0453 2804 TermDD - ok
19:41:19.0531 2804 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:41:19.0609 2804 TermService - ok
19:41:19.0640 2804 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:41:19.0656 2804 Themes - ok
19:41:19.0703 2804 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:41:19.0734 2804 TlntSvr - ok
19:41:19.0750 2804 TosIde - ok
19:41:19.0750 2804 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:41:19.0843 2804 TrkWks - ok
19:41:19.0859 2804 trlokom_rmhsvc - ok
19:41:19.0859 2804 U2SP - ok
19:41:19.0859 2804 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:41:19.0937 2804 Udfs - ok
19:41:19.0937 2804 ultra - ok
19:41:20.0000 2804 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:41:20.0093 2804 Update - ok
19:41:20.0125 2804 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:41:20.0171 2804 upnphost - ok
19:41:20.0218 2804 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
19:41:20.0281 2804 upperdev - ok
19:41:20.0328 2804 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:41:20.0421 2804 UPS - ok
19:41:20.0421 2804 upsentry_smart - ok
19:41:20.0437 2804 USB11LDR - ok
19:41:20.0437 2804 USBAAPL - ok
19:41:20.0484 2804 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:41:20.0578 2804 usbehci - ok
19:41:20.0609 2804 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:41:20.0703 2804 usbhub - ok
19:41:20.0750 2804 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:41:20.0828 2804 usbprint - ok
19:41:20.0828 2804 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:41:20.0921 2804 usbscan - ok
19:41:20.0937 2804 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
19:41:21.0015 2804 usbser - ok
19:41:21.0046 2804 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
19:41:21.0093 2804 UsbserFilt - ok
19:41:21.0125 2804 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:41:21.0218 2804 USBSTOR - ok
19:41:21.0265 2804 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:41:21.0359 2804 usbuhci - ok
19:41:21.0375 2804 USBVCD - ok
19:41:21.0421 2804 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:41:21.0500 2804 VgaSave - ok
19:41:21.0500 2804 ViaIde - ok
19:41:21.0531 2804 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:41:21.0625 2804 VolSnap - ok
19:41:21.0625 2804 vrservice - ok
19:41:21.0671 2804 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:41:21.0703 2804 VSS - ok
19:41:21.0718 2804 w29n51 - ok
19:41:21.0750 2804 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:41:21.0843 2804 W32Time - ok
19:41:21.0906 2804 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:41:22.0000 2804 Wanarp - ok
19:41:22.0000 2804 wap3gx - ok
19:41:22.0062 2804 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
19:41:22.0078 2804 Wdf01000 - ok
19:41:22.0078 2804 WDICA - ok
19:41:22.0109 2804 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:41:22.0218 2804 wdmaud - ok
19:41:22.0250 2804 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:41:22.0343 2804 WebClient - ok
19:41:22.0375 2804 wfxsvc (be2157595c087207676ec716a6be4cce) C:\WINDOWS\system32\WFXSVC.EXE
19:41:22.0390 2804 wfxsvc ( UnsignedFile.Multi.Generic ) - warning
19:41:22.0390 2804 wfxsvc - detected UnsignedFile.Multi.Generic (1)
19:41:22.0453 2804 winachsf (be3a842c2f2e87e7c840d36bcf13e8e0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:41:22.0484 2804 winachsf - ok
19:41:22.0593 2804 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:41:22.0671 2804 winmgmt - ok
19:41:22.0671 2804 winpowermanager - ok
19:41:22.0781 2804 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
19:41:22.0812 2804 WinRM - ok
19:41:22.0843 2804 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:41:22.0859 2804 WmdmPmSN - ok
19:41:22.0921 2804 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:41:22.0984 2804 Wmi - ok
19:41:23.0015 2804 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:41:23.0109 2804 WmiApSrv - ok
19:41:23.0296 2804 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:41:23.0343 2804 WMPNetworkSvc - ok
19:41:23.0375 2804 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:41:23.0375 2804 WpdUsb - ok
19:41:23.0437 2804 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:41:23.0531 2804 WS2IFSL - ok
19:41:23.0578 2804 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:41:23.0656 2804 wscsvc - ok
19:41:23.0703 2804 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:41:23.0781 2804 wuauserv - ok
19:41:23.0828 2804 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:41:23.0828 2804 WudfPf - ok
19:41:23.0859 2804 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:41:23.0875 2804 WudfRd - ok
19:41:23.0921 2804 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
19:41:23.0937 2804 WudfSvc - ok
19:41:24.0000 2804 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:41:24.0109 2804 WZCSVC - ok
19:41:24.0140 2804 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:41:24.0218 2804 xmlprov - ok
19:41:24.0343 2804 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
19:41:24.0359 2804 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
19:41:24.0375 2804 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:41:24.0609 2804 \Device\Harddisk0\DR0 - ok
19:41:24.0609 2804 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:41:24.0625 2804 \Device\Harddisk1\DR1 - ok
19:41:24.0640 2804 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR5
19:41:24.0796 2804 \Device\Harddisk2\DR5 - ok
19:41:24.0812 2804 Boot (0x1200) (de17a28ffae56733026be20e47e5fe8c) \Device\Harddisk0\DR0\Partition0
19:41:24.0812 2804 \Device\Harddisk0\DR0\Partition0 - ok
19:41:24.0812 2804 Boot (0x1200) (ab81bc14f7e65a74e1d70e016623b088) \Device\Harddisk1\DR1\Partition0
19:41:24.0812 2804 \Device\Harddisk1\DR1\Partition0 - ok
19:41:24.0812 2804 Boot (0x1200) (f0463477c940dfacd8991233674ec997) \Device\Harddisk1\DR1\Partition1
19:41:24.0812 2804 \Device\Harddisk1\DR1\Partition1 - ok
19:41:24.0812 2804 Boot (0x1200) (eeec5da32dfa12e1263fca298252a021) \Device\Harddisk2\DR5\Partition0
19:41:24.0812 2804 \Device\Harddisk2\DR5\Partition0 - ok
19:41:24.0812 2804 Boot (0x1200) (8cbb6491629c9a350163059652938fd4) \Device\Harddisk2\DR5\Partition1
19:41:24.0812 2804 \Device\Harddisk2\DR5\Partition1 - ok
19:41:24.0812 2804 ============================================================
19:41:24.0812 2804 Scan finished
19:41:24.0812 2804 ============================================================
19:41:24.0937 3196 Detected object count: 4
19:41:24.0937 3196 Actual detected object count: 4
19:41:27.0640 3196 nv ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:27.0640 3196 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:27.0640 3196 NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:27.0640 3196 NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:27.0640 3196 RTL8023xp ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:27.0640 3196 RTL8023xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:27.0656 3196 wfxsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:27.0656 3196 wfxsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:30.0796 2260 Deinitialize success

osjknights · Apr 28, 2012

Scans continued

-----------------------------------------------------
OTL Scan:

OTL logfile created on: 28/04/2012 19:43:25 - Run 2
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Dr Michael Foster\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 80.46% Memory free
4.84 Gb Paging File | 4.32 Gb Available in Paging File | 89.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 99.64 Gb Free Space | 42.79% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 65.25 Mb Free Space | 65.25% Space Free | Partition Type: NTFS
Drive F: | 931.41 Gb Total Space | 777.05 Gb Free Space | 83.43% Space Free | Partition Type: NTFS
Drive L: | 1.46 Gb Total Space | 1.42 Gb Free Space | 97.19% Space Free | Partition Type: NTFS
Drive M: | 226.05 Gb Total Space | 225.63 Gb Free Space | 99.81% Space Free | Partition Type: NTFS

Computer Name: KNIGHTS-2EE6007 | User Name: Dr Michael Foster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dr Michael Foster\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\AVG\AVG2012\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\FaxTalk\FTmsgsvc.exe (Thought Communications, Inc.)
PRC - C:\Program Files\FaxTalk\FTclctrl.exe (Thought Communications, Inc.)
PRC - C:\Program Files\FaxTalk\fapiexe.exe (Thought Communications, Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Magic Formation\MagicFormation.exe ()
PRC - C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe (Solid Documents, LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\Program Files\winfax\WFXMOD32.EXE (Symantec Corporation)
PRC - C:\WINDOWS\system32\WFXSNT40.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\WFXSVC.EXE (Symantec Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\PC Connectivity Solution\PCCSUpdater.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll ()
MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()
MOD - C:\Program Files\Magic Formation\MagicFormation.exe ()
MOD - C:\Program Files\Magic Formation\MFHook.dll ()
MOD - C:\WINDOWS\system32\solidlocalmon.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\winfax\DCCDA32I.DLL ()
MOD - C:\Program Files\winfax\WFXVW32I.DLL ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\WFXPNT40.DLL ()
MOD - C:\Program Files\winfax\SENGINE.DLL ()
MOD - C:\Program Files\winfax\DCCTBP32.DLL ()

========== Win32 Services (SafeList) ==========

SRV - (winpowermanager) -- %systemroot%\system32\oracleorahome92pagingserver.dll File not found
SRV - (wap3gx) -- %systemroot%\system32\ati2mpaa.dll File not found
SRV - (w29n51) -- %systemroot%\system32\cpqfcalm.dll File not found
SRV - (vrservice) -- %systemroot%\system32\NETw4v32.dll File not found
SRV - (USBVCD) -- %systemroot%\system32\msgsrvservice.dll File not found
SRV - (USBAAPL) -- %systemroot%\system32\stisvc.dlle File not found
SRV - (USB11LDR) -- %systemroot%\system32\olregcap.dll File not found
SRV - (upsentry_smart) -- %systemroot%\system32\RR2Vbi.dll File not found
SRV - (U2SP) -- %systemroot%\system32\rpsupdaterr.dll File not found
SRV - (trlokom_rmhsvc) -- %systemroot%\system32\iksyssec.dll File not found
SRV - (symdns) -- %systemroot%\system32\SunkFilt39.dll File not found
SRV - (softfax) -- %systemroot%\system32\beatjamupnpmusicserver.dll File not found
SRV - (smservaz) -- %systemroot%\system32\s217mgmt.dll File not found
SRV - (smartwiservice) -- %systemroot%\system32\emupia.dll File not found
SRV - (SiRemFil) -- %systemroot%\system32\backupexecnamingservice.dll File not found
SRV - (sfsync04) -- %systemroot%\system32\dcsloader.dll File not found
SRV - (SfCtlCom) -- %systemroot%\system32\djsnetcn.dll File not found
SRV - (SaiMini) -- %systemroot%\system32\webrootenterpriseupdateservice.dll File not found
SRV - (roxmediadb) -- %systemroot%\system32\motmodem.dll File not found
SRV - (ql2100) -- %systemroot%\system32\DLH5X.dll File not found
SRV - (protectionservice) -- %systemroot%\system32\PCDRSRVC.dll File not found
SRV - (procexp100) -- %systemroot%\system32\PTDCBus.dll File not found
SRV - (pktfilter) -- %systemroot%\system32\PDExchange.dll File not found
SRV - (pgpsdkservice) -- %systemroot%\system32\besclient.dll File not found
SRV - (pdlndldl) -- %systemroot%\system32\vds.dll File not found
SRV - (omci) -- %systemroot%\system32\EIO_XP.dll File not found
SRV - (NWHOST) -- %systemroot%\system32\outpostfirewall.dll File not found
SRV - (n558) -- %systemroot%\system32\iolo_srv.dll File not found
SRV - (Mvc25U870_VID_1262&PID_25FD) -- %systemroot%\system32\StickyMesger.dll File not found
SRV - (MSICPL) -- %systemroot%\system32\SaiH040B.dll File not found
SRV - (MSCamSvc) -- %systemroot%\system32\NsTrcNT.dll File not found
SRV - (MRV6X32P) -- %systemroot%\system32\n3900.dll File not found
SRV - (MR97310_USB_DUAL_CAMERA) -- %systemroot%\system32\viamraid.dllilt File not found
SRV - (mindrepair) -- %systemroot%\system32\epson_pm_rpcv2_02.dll File not found
SRV - (mf) -- %systemroot%\system32\ql2100.dll File not found
SRV - (mcdetect.exe) -- %systemroot%\system32\InterBaseGuardian.dll File not found
SRV - (mafwboot) -- %systemroot%\system32\vds.dll File not found
SRV - (lxrsge10s) -- %systemroot%\system32\snapman.dll File not found
SRV - (LUsbFilt) -- %systemroot%\system32\NwSapAgent.dll File not found
SRV - (int15) -- %systemroot%\system32\isapnp.dll File not found
SRV - (incdfs) -- %systemroot%\system32\flutilssvc.dll File not found
SRV - (icdsptsv) -- %systemroot%\system32\DS1410D.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (helpsvc) -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SRV - (hap16v2k) -- %systemroot%\system32\qbfcservice.dll File not found
SRV - (giveio) -- %systemroot%\system32\winachsx.dll File not found
SRV - (getPlusHelper) -- %systemroot%\system32\smserial.dll File not found
SRV - (fsaa) -- %systemroot%\system32\mxssvr.dll File not found
SRV - (FINEPIX_PCC) -- %systemroot%\system32\mail2ec.dll File not found
SRV - (EU3_USB) -- %systemroot%\system32\symwsc.dll File not found
SRV - (EL90X) -- %systemroot%\system32\sentinel.dll File not found
SRV - (EACSvrMngr) -- %systemroot%\system32\int15.sys.dll File not found
SRV - (dlaopiom) -- %systemroot%\system32\CXTUNE.dll File not found
SRV - (dladresn) -- %systemroot%\system32\crystaloutputfileserver.dll File not found
SRV - (DC21x4) -- %systemroot%\system32\RapiMgr.dll File not found
SRV - (cygserver) -- %systemroot%\system32\snapman380.dll File not found
SRV - (commserver) -- %systemroot%\system32\ndis.dll File not found
SRV - (CoachUsb) -- %systemroot%\system32\mqdmmdm.dll File not found
SRV - (C-Dilla) -- %systemroot%\system32\ONSIO.dll File not found
SRV - (CdaD10BA) -- %systemroot%\system32\ctac32k.dll File not found
SRV - (ccevtmgr) -- %systemroot%\system32\btkrnl.dll File not found
SRV - (BrUsbSer) -- %systemroot%\system32\olapserver.dll File not found
SRV - (belmonitorservice) -- %systemroot%\system32\z800mdm.dll File not found
SRV - (ATKGFNEXSrv) -- %systemroot%\system32\AIRPLUS.dll File not found
SRV - (arkbcfltr) -- %systemroot%\system32\mirrorv3.dll File not found
SRV - (ar5211) -- %systemroot%\system32\arhidfltr.dll File not found
SRV - (amdk7) -- %systemroot%\system32\niorbk.dll File not found
SRV - (alertservice) -- %systemroot%\system32\sp_clamsrv.dll File not found
SRV - (alcxsens) -- %systemroot%\system32\dbmang.dll File not found
SRV - (adsexpb) -- %systemroot%\system32\idsvc.dll File not found
SRV - (adaptecstoragemanageragent) -- %systemroot%\system32\ccproxy.dll File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (FaxTalk FaxCenter Pro 8) -- C:\Program Files\FaxTalk\FTmsgsvc.exe (Thought Communications, Inc.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (SdReadSpool) -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe (Solid Documents, LLC)
SRV - (nicconfigsvc) -- C:\WINDOWS\system32\simptcp.dll (Microsoft Corporation)
SRV - (wfxsvc) -- C:\WINDOWS\system32\WFXSVC.EXE (Symantec Corporation)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PCIDump) -- File not found
DRV - (ham50) -- system32\DRIVERS\IntelH51.sys File not found
DRV - (catchme) -- C:\vagetatool\catchme.sys File not found
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (RapportCerberus_34302) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ()
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (RapportIaso) -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys (Trusteer Ltd.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (CLBStor) -- C:\WINDOWS\System32\drivers\CLBStor.sys (Cyberlink Co.,Ltd.)
DRV - (CLBUDF) -- C:\WINDOWS\System32\drivers\CLBUDF.sys (CyberLink Corporation.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) -- C:\Program Files\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.)
DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-746137067-1177238915-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-746137067-1177238915-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-746137067-1177238915-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.prestel.co.uk/church/oosj/osj.htm
IE - HKU\S-1-5-21-746137067-1177238915-839522115-1003\..\SearchScopes,DefaultScope = {7E8B17A6-0BA8-4A61-9FB7-E2F5D8151A6E}
IE - HKU\S-1-5-21-746137067-1177238915-839522115-1003\..\SearchScopes\{7E8B17A6-0BA8-4A61-9FB7-E2F5D8151A6E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-746137067-1177238915-839522115-1003\..\SearchScopes\{9F1DD16A-D24B-4BE4-9B4D-14C8B2F5CD65}: "URL" = http://search.avg.com/?d=4dc3cee9&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKU\S-1-5-21-746137067-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2012/02/01 11:12:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 11:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/03/05 20:43:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/03/05 20:43:35 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Documents and Settings\Dr Michael Foster\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/28 17:00:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-746137067-1177238915-839522115-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [FaxTalk FaxCenter Pro 8] C:\Program Files\FaxTalk\FTClCtrl.exe (Thought Communications, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [WinFaxAppPortStarter] C:\WINDOWS\System32\WFXSNT40.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-746137067-1177238915-839522115-1003..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MagicFormation.lnk = C:\Program Files\Magic Formation\MagicFormation.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Outlook 2003.lnk = C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-1177238915-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-21-746137067-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-746137067-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-746137067-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-746137067-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward &Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cac&hed Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Si&milar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272219582312 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1272219964125 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Windows\Win7.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Windows\Win7.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\winfax\WFXSEH32.DLL (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/24 18:11:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:F *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/28 17:12:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dr Michael Foster\Recent
[2012/04/28 17:06:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/28 07:54:01 | 004,477,723 | R--- | C] (Swearware) -- C:\Documents and Settings\Dr Michael Foster\Desktop\vagetatool.exe
[2012/04/27 20:21:51 | 004,477,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Dr Michael Foster\Desktop\ComboFix.exe
[2012/04/26 17:38:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ping.exe
[2012/04/26 17:38:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ping.exe
[2012/04/26 17:35:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/26 17:35:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/26 17:35:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/26 17:35:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/26 08:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/25 19:19:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/25 17:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/04/25 17:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/24 13:06:07 | 000,092,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.svs
[2012/04/24 10:17:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/24 09:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Michael Foster\Start Menu\Programs\CyberLink BD Solution
[2012/04/24 09:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/24 08:58:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/22 20:27:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/22 13:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Michael Foster\Start Menu\Programs\Google Chrome
[2012/04/22 08:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Michael Foster\Desktop\Malware Tools
[2012/04/21 14:10:42 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dr Michael Foster\Desktop\OTL.exe
[2012/04/21 09:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Michael Foster\Application Data\Malwarebytes
[2012/04/21 09:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/21 09:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/21 09:26:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/21 09:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/21 09:25:42 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2012/04/20 15:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Michael Foster\Start Menu\Programs\SpyHunter
[2012/04/20 15:55:39 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/04/20 15:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/04/20 15:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/04/20 15:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr Michael Foster\Application Data\TestApp
[2012/04/20 15:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/20 15:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/04/20 15:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\B7E8587A4FE3ECF660BFD1C8D151FC4E
[2012/04/04 16:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\Copy of WinFax
[2012/04/04 15:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\winfax
[2012/04/03 08:25:03 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/28 19:38:10 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003UA.job
[2012/04/28 19:09:10 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/28 18:58:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/28 17:14:04 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Outlook 2003.lnk
[2012/04/28 17:13:50 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/28 17:13:50 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/04/28 17:13:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/28 17:00:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/28 13:38:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003Core.job
[2012/04/28 12:15:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/28 08:41:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/04/28 07:31:54 | 096,425,415 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/27 14:26:25 | 004,477,723 | R--- | M] (Swearware) -- C:\Documents and Settings\Dr Michael Foster\Desktop\vagetatool.exe
[2012/04/27 12:32:20 | 000,000,444 | RHS- | M] () -- C:\boot.ini
[2012/04/26 18:01:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/26 17:38:49 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ping.exe
[2012/04/26 17:38:49 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ping.exe
[2012/04/26 17:33:27 | 004,477,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Dr Michael Foster\Desktop\ComboFix.exe
[2012/04/25 11:49:26 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MS Office Outlook.lnk
[2012/04/24 09:51:39 | 000,000,328 | ---- | M] () -- C:\Boot.bak
[2012/04/23 16:59:51 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\MBR.dat
[2012/04/22 18:01:13 | 000,280,844 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/22 13:34:09 | 000,002,350 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/21 16:47:55 | 000,006,764 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\attach.zip
[2012/04/21 14:10:42 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dr Michael Foster\Desktop\OTL.exe
[2012/04/20 18:49:56 | 000,001,034 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\Desktop\NokiaUtils.lnk
[2012/04/20 15:55:43 | 000,001,997 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\Desktop\SpyHunter.lnk
[2012/04/18 20:22:30 | 000,218,311 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\cemmguidance.pdf
[2012/04/17 19:29:25 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Streetmap.co.uk.url
[2012/04/17 10:07:29 | 007,438,896 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\08 - Evacuee2.mp3
[2012/04/17 10:07:16 | 000,008,663 | -HS- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\Folder.jpg
[2012/04/17 10:07:16 | 000,002,348 | -HS- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\AlbumArtSmall.jpg
[2012/04/16 17:46:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2012/04/13 18:58:09 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/13 18:58:09 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/13 08:02:28 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/04/10 17:56:26 | 001,254,622 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\LittleYellowBook.pdf
[2012/04/09 01:31:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/04 15:18:09 | 000,000,041 | ---- | M] () -- C:\WINDOWS\WFXDEL.BAT
[2012/04/04 13:51:10 | 000,003,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SAYNOTO0870.url
[2012/04/04 10:59:40 | 000,167,156 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\Fold-shapes.pdf
[2012/04/02 11:38:49 | 000,000,688 | ---- | M] () -- C:\WINDOWS\CDPHOTO.INI
[2012/04/01 14:13:34 | 000,038,674 | ---- | M] () -- C:\Documents and Settings\Dr Michael Foster\My Files\phosphine.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/28 12:15:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/26 17:35:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/26 17:35:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/26 17:35:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/26 17:35:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/26 17:35:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/24 10:17:39 | 000,000,328 | ---- | C] () -- C:\Boot.bak
[2012/04/24 10:17:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/22 13:34:09 | 000,002,350 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/22 13:33:08 | 000,001,026 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003UA.job
[2012/04/22 13:33:07 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003Core.job
[2012/04/22 09:58:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\MBR.dat
[2012/04/21 16:47:55 | 000,006,764 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\attach.zip
[2012/04/20 15:55:43 | 000,001,997 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\Desktop\SpyHunter.lnk
[2012/04/18 20:22:30 | 000,218,311 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\cemmguidance.pdf
[2012/04/17 10:07:21 | 007,438,896 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\08 - Evacuee2.mp3
[2012/04/17 10:07:16 | 000,008,663 | -HS- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\Folder.jpg
[2012/04/17 10:07:16 | 000,002,348 | -HS- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\AlbumArtSmall.jpg
[2012/04/10 17:56:26 | 001,254,622 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\LittleYellowBook.pdf
[2012/04/04 10:59:40 | 000,167,156 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\Fold-shapes.pdf
[2012/04/03 08:25:04 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/02 11:32:33 | 000,197,561 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\S-ILoveToHearTheStory-PipeLC-48-CAM(1).mp3
[2012/04/02 11:31:50 | 000,038,674 | ---- | C] () -- C:\Documents and Settings\Dr Michael Foster\My Files\phosphine.pdf
[2012/02/15 11:32:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/12/15 08:29:18 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/12/15 08:29:16 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2010/10/27 10:46:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2010/09/07 07:12:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010/08/01 16:54:09 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/08/01 16:48:21 | 001,216,512 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/01 16:48:21 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2010/08/01 16:48:21 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/01 16:48:21 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2010/08/01 16:48:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2010/08/01 16:48:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2010/06/14 19:40:05 | 001,107,192 | ---- | C] () -- C:\WINDOWS\Xwmba500.dll
[2010/06/14 19:40:05 | 000,260,440 | ---- | C] () -- C:\WINDOWS\Xwmhb500.dll
[2010/06/14 19:40:05 | 000,174,352 | ---- | C] () -- C:\WINDOWS\Xwmte500.dll
[2010/06/14 19:40:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\PHAssist.ini
[2010/06/01 15:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2010/06/01 15:10:00 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2010/06/01 15:10:00 | 000,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2010/06/01 15:09:59 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2010/05/31 21:48:38 | 000,021,248 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2010/05/31 21:48:38 | 000,013,568 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2010/05/26 12:30:18 | 000,002,220 | ---- | C] () -- C:\WINDOWS\GWSFILTR.INI
[2010/05/26 12:27:06 | 000,000,041 | ---- | C] () -- C:\WINDOWS\gwspcam.ini
[2010/05/26 12:27:04 | 000,212,992 | ---- | C] () -- C:\WINDOWS\ALCHUNIN.EXE
[2010/05/26 12:26:46 | 000,007,806 | R--- | C] () -- C:\WINDOWS\gwspro.ini
[2010/05/06 10:47:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/05/05 22:28:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/30 08:30:38 | 000,000,688 | ---- | C] () -- C:\WINDOWS\CDPHOTO.INI
[2010/04/30 08:30:38 | 000,000,193 | ---- | C] () -- C:\WINDOWS\EFICOLOR.INI

========== Custom Scans ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\Dr Michael Foster\My Files\FromHeavenYouCame-Kendrick.mid:SummaryInformation
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\Dr Michael Foster\My Files\FromHeavenYouCame-Kendrick.mid:DocumentSummaryInformation

< End of report >

osjknights · Apr 28, 2012

MS WORD 2003 affected

I have noticed that MS Word 2003 behaves strangely. I sometimes paste text up on to a document. Although the text may look OK, when it prints, html comments hidden in the document print out. I am sure that this is since the infection.

osjknights · Apr 29, 2012

MS Word issues solved

Under Options - Print - I found the "Hidden text" box ticked. I unticked the box - and walla! Fixed.
As more than myself use the machine - it could be someone ticked the box. The family members tend to go into my study and use which ever machine is on - usually mine and not my wife's - which is only one when she needs to type up items for the Church magazine. Although they all have laptops, its laziness that prevents them from going upstairs to fetch their laptops down and boot them up - mine is up and running.

osjknights · Apr 29, 2012

Removal Tools

In searching the web I have found this page;

http://www.symantec.com/security_response/writeup.jsp?docid=2011-121607-4952-99

I ran the symantec tool which listed about a dozen files in its report (but there was no way to export the report) - so I did not click the "repair" button - plus I had forgotten to switch out AVG. I then disabled AVG (15 minutes) and re-ran the scan which stated there was no infection.

Being curious I reran Vagetatool which came up with the now familar message;

"You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection. If for any reason that you’re unable to connect to the internet after running ComboFix, reboot once and see if that fixes it. If it's not fixed, run ComboFix one more time".

When the Scan is complete (still running) would yu like the report?

Also I came accross this page;
http://kb.eset.com/esetkb/index?page=content&id=SOLN2895

Will the download tool be any good?

jeffce · Apr 30, 2012

Hi,

Yes please post the new ComboFix log that you ran and let's see what is there.

osjknights · Apr 30, 2012

Scan Results

A new version of ComoFix presented itself to me when I went to run it. Below is the scan result.

In looking for stand alone tools I came accross this review on a panda tool; http://thisisudax.blogspot.co.uk/2012/03/panda-security-creates-zeroaccess.html This lead to the following page; http://www.pandasecurity.com/usa/homeusers/support/card?id=1672&idIdioma=2 I have not tired these nor the etes tool.

Scan results:
ComboFix 12-04-29.02 - Dr Michael Foster 30/04/2012 9:27.9.4 - x86
Running from: c:\documents and settings\Dr Michael Foster\Desktop\vagetatool.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-29 16:26 . 2007-05-11 06:03 6738432 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-04-29 16:05 . 2012-04-29 16:05 -------- d-----w- c:\documents and settings\Dr Michael Foster\Application Data\FixZeroAccess
2012-04-27 16:23 . 2012-04-27 16:23 4948 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-04-26 16:38 . 2012-04-26 16:38 17920 -c--a-w- c:\windows\system32\dllcache\ping.exe
2012-04-26 16:38 . 2012-04-26 16:38 17920 ----a-w- c:\windows\system32\ping.exe
2012-04-26 07:59 . 2012-04-26 07:59 -------- d-----w- c:\program files\ESET
2012-04-25 18:19 . 2012-04-25 18:19 -------- d-----w- C:\_OTL
2012-04-25 16:31 . 2012-04-25 16:31 -------- d-----w- c:\program files\ERUNT
2012-04-25 09:11 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-04-24 09:21 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-22 19:27 . 2012-04-22 19:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-21 08:26 . 2012-04-21 08:26 -------- d-----w- c:\documents and settings\Dr Michael Foster\Application Data\Malwarebytes
2012-04-21 08:26 . 2012-04-21 08:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-21 08:26 . 2012-04-21 08:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-21 08:26 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-21 08:25 . 2012-04-21 08:25 -------- d-----w- C:\Malwarebytes
2012-04-20 14:55 . 2012-04-20 14:55 110080 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
2012-04-20 14:55 . 2012-04-20 14:55 110080 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
2012-04-20 14:55 . 2012-04-20 14:55 110080 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
2012-04-20 14:55 . 2012-04-20 14:55 -------- d-----w- C:\sh4ldr
2012-04-20 14:55 . 2012-04-20 14:55 -------- d-----w- c:\program files\Enigma Software Group
2012-04-20 14:51 . 2012-04-20 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-04-20 14:51 . 2012-04-20 14:51 -------- d-----w- c:\documents and settings\Dr Michael Foster\Application Data\TestApp
2012-04-20 14:00 . 2012-04-20 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\B7E8587A4FE3ECF660BFD1C8D151FC4E
2012-04-04 15:18 . 2012-04-04 15:18 -------- d-----w- c:\program files\Copy of WinFax
2012-04-04 14:18 . 2012-04-08 06:29 -------- d-----w- c:\program files\winfax
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-04-03 07:25 . 2012-04-13 17:58 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 17:58 . 2011-05-17 06:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 14:18 . 2010-05-05 05:48 41 ----a-w- c:\windows\WFXDEL.BAT
2012-03-11 12:48 . 2012-03-11 12:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-03-05 19:27 . 2012-03-05 19:27 73728 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-03-05 19:27 . 2012-03-05 19:27 73728 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-03-05 19:27 . 2012-03-05 19:27 53248 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\ARPPRODUCTICON.exe
2012-03-05 19:27 . 2012-03-05 19:27 49152 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2012-03-05 19:27 . 2012-03-05 19:27 49152 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2012-03-01 11:01 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-02-28 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-28_07.16.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-30 08:35 . 2012-04-30 08:35 16384 c:\windows\temp\Perflib_Perfdata_de0.dat
+ 2012-04-30 08:26 . 2012-04-30 08:26 16384 c:\windows\temp\Perflib_Perfdata_2e4.dat
- 2011-03-02 08:19 . 2007-05-11 06:03 81920 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvwddi.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 81920 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvwddi.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 81920 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmctray.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 81920 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmctray.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 37888 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvcod.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 37888 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvcod.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 163908 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvsvc32.exe
+ 2012-04-29 17:41 . 2007-05-11 06:03 163908 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvsvc32.exe
+ 2012-04-29 17:41 . 2007-05-11 06:03 286720 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvnt4cpl.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 286720 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvnt4cpl.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 458752 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmccssr.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 458752 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmccssr.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 188416 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmccss.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 188416 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmccss.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 229376 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmccs.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 229376 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmccs.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 352256 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvapi.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 352256 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvapi.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 2387968 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvwssr.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 2387968 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvwssr.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 2273280 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvwss.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 2273280 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvwss.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 3645440 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvvitvsr.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 3645440 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvvitvsr.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 3538944 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvvitvs.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 3538944 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvvitvs.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 1018748 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvucode.bin
- 2011-03-02 08:19 . 2007-05-11 06:03 1018748 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvucode.bin
+ 2012-04-29 17:41 . 2007-05-11 06:03 6668288 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvoglnt.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 6668288 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvoglnt.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 2854912 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmoblsr.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 2854912 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmoblsr.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 1101824 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmobls.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 1101824 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvmobls.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 3231744 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvgamesr.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 3231744 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvgamesr.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 3284992 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvgames.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 3284992 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvgames.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 5439488 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvdispsr.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 5439488 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvdispsr.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 6221824 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvdisps.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 6221824 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvdisps.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 8429568 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvcpl.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 8429568 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvcpl.dll
+ 2012-04-29 17:41 . 2007-05-11 06:03 6738432 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nv4_mini.sys
- 2011-03-02 08:19 . 2007-05-11 06:03 6738432 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nv4_mini.sys
+ 2012-04-29 17:41 . 2007-05-11 06:03 5421312 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nv4_disp.dll
- 2011-03-02 08:19 . 2007-05-11 06:03 5421312 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nv4_disp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-12-16 1508408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2002-12-12 45568]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"FaxTalk FaxCenter Pro 8"="c:\program files\FaxTalk\FTClCtrl.exe" [2011-09-23 120672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"nwiz"="nwiz.exe" [BU]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-11 81920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MagicFormation.lnk - c:\program files\Magic Formation\MagicFormation.exe [2010-4-28 454656]
Microsoft Office Outlook 2003.lnk - c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe [2010-4-25 794624]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-11-13 113024]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\winfax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:F *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Aolpress\\Ws_ftp\\WS_FTP95.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\ArcSoft\\PhotoStudio 5.5\\PhotoStudio.exe"=
"c:\\Program Files\\NewSoft\\Presto! PageManager 7.15\\Pmsb.exe"=
"c:\\Program Files\\ScanSoft\\OmniPageSE4.0\\TwainClient.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\FaxTalk\\FTmsgsvc.exe"=
"c:\\Program Files\\FaxTalk\\fapiexe.exe"=
"c:\\Program Files\\FaxTalk\\FTclctrl.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Documents and Settings\\Dr Michael Foster\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 04:48 32592]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [11/03/2012 13:48 56208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 04:48 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09/11/2010 23:20 295248]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [07/05/2010 11:55 16048]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 18:00 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [11/03/2012 13:48 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/03/2012 13:48 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2010 11:25 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [06/05/2010 17:10 67664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 07:25 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [31/07/2010 20:34 162096]
R2 FaxTalk FaxCenter Pro 8;FaxTalk FaxCenter Pro 8;c:\program files\FaxTalk\FTmsgsvc.exe [23/09/2011 11:07 33120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/04/2012 09:26 654408]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/03/2012 13:48 931640]
R2 SdReadSpool;SolidPDFCreatorReadSpool;c:\program files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [18/03/2009 18:08 189696]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [18/01/2012 06:21 737184]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/04/2012 09:26 22344]
S2 !SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCORE.EXE" --> c:\program files\SUPERAntiSpyware\SASCORE.EXE [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/07/2010 12:31 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [03/04/2012 08:25 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28/04/2010 20:33 1691480]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [06/05/2011 15:57 13904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14/07/2010 12:31 136176]
S3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\DRIVERS\IntelH51.sys --> c:\windows\system32\DRIVERS\IntelH51.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [10/04/2010 17:05 266544]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15/01/2012 08:31 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [15/01/2012 08:31 8576]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [19/07/2011 09:52 21520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 13:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 17:58]
.
2012-04-30 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 16:05]
.
2012-04-30 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 16:05]
.
2011-11-11 c:\windows\Tasks\debutDowngrade.job
- c:\program files\NCH Software\Debut\debut.exe [2010-08-07 17:31]
.
2011-11-11 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2010-08-07 17:31]
.
2012-04-16 c:\windows\Tasks\doxillionShakeIcon.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2011-03-23 07:38]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-14 11:31]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-14 11:31]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003Core.job
- c:\documents and settings\Dr Michael Foster\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-22 15:04]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003UA.job
- c:\documents and settings\Dr Michael Foster\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-22 15:04]
.
2012-04-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2012-01-20 c:\windows\Tasks\pixillionShakeIcon.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2011-04-02 13:28]
.
2011-11-11 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2010-08-07 14:27]
.
2011-11-11 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-08-07 14:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www2.prestel.co.uk/church/oosj/osj.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-30 09:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1060)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-04-30 09:41:29
ComboFix-quarantined-files.txt 2012-04-30 08:41
ComboFix2.txt 2012-04-29 16:50
ComboFix3.txt 2012-04-28 16:06
ComboFix4.txt 2012-04-28 07:22
ComboFix5.txt 2012-04-30 08:20
.
Pre-Run: 107,648,704,512 bytes free
Post-Run: 107,649,994,752 bytes free
.
- - End Of File - - 0D2FFD8F99DA221BCB9F6297811AC533

osjknights · Apr 30, 2012

Hidden Keys found

Hi Jeff

I have a beta scanner for Rootkits from Trend Micro - too may false positives to be worthwhile (legit mp3 files and legit urls to innocent web sites) but it did find these;

[HIDDEN_REGISTRY][Hidden Reg Key]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data
SubKey : Data
FullLength: 0x5c
[HIDDEN_REGISTRY][Hidden Reg Key]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
SubKey : Data 2
FullLength: 0x5e
2 hidden registry entries found.

Do I delete these keys?

Michael.

jeffce · Apr 30, 2012

No don't delete those.

Run a new scan with TDSSKiller and aswMBR.exe and then post the new logs to your next reply. We may be dealing with a new variant here.

osjknights · Apr 30, 2012

ComboFix still reports ZeroAccess Infection

As I had a few moments inbetween work, I reran ComboFix, but only as far as the message "You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection. If for any reason that you’re unable to connect to the internet after running ComboFix, reboot once and see if that fixes it. If it's not fixed, run ComboFix one more time".

Whichleads me to suspect that the Trojan has remnants behind! What I don't understand, is why can ComboFix detect the Trojan but cannot clean it?

jeffce · Apr 30, 2012

Hi,

ComboFix can normally clean it very well but there are instances where the infection just is not able to be cleaned. ZeroAccess is a severe infection that is normally very difficult to remove with only one infection but your system was infected by multiple ZeroAccess infections....more than I have seen on one system so far.

Like I stated when we began...

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

....right now I am not seeing the infection showing in the logs which is making it very difficult....

osjknights · Apr 30, 2012

Scans

I think our postings crossed so I will do the scans for which you asked. On the questioned posed it was really that obviously ComboFix has detected something on on the one part (hence the warning) but not prviding that in a report!

I will do the scans as soon as I can (maybe in 30 mins time).

Again thanks!

osjknights · Apr 30, 2012

Scans completed

My 30 mins delay was while I was completing my work for tomorrow, and at the same time waiting for a scan from a Rootkit Unhooker app which I paste up last of all. First the TDDS Killer Report:

-------------------------------------------
19:32:29.0187 0576 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
19:32:29.0218 0576 ============================================================
19:32:29.0218 0576 Current date / time: 2012/04/30 19:32:29.0218
19:32:29.0218 0576 SystemInfo:
19:32:29.0218 0576
19:32:29.0218 0576 OS Version: 5.1.2600 ServicePack: 3.0
19:32:29.0218 0576 Product type: Workstation
19:32:29.0218 0576 ComputerName: KNIGHTS-2EE6007
19:32:29.0218 0576 UserName: Dr Michael Foster
19:32:29.0218 0576 Windows directory: C:\WINDOWS
19:32:29.0218 0576 System windows directory: C:\WINDOWS
19:32:29.0218 0576 Processor architecture: Intel x86
19:32:29.0218 0576 Number of processors: 4
19:32:29.0218 0576 Page size: 0x1000
19:32:29.0218 0576 Boot type: Normal boot
19:32:29.0218 0576 ============================================================
19:32:30.0765 0576 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:32:30.0765 0576 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
19:32:30.0765 0576 Drive \Device\Harddisk2\DR5 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'W'
19:32:30.0812 0576 ============================================================
19:32:30.0812 0576 \Device\Harddisk0\DR0:
19:32:30.0812 0576 MBR partitions:
19:32:30.0812 0576 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
19:32:30.0812 0576 \Device\Harddisk1\DR1:
19:32:30.0812 0576 MBR partitions:
19:32:30.0812 0576 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:32:30.0812 0576 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
19:32:30.0812 0576 \Device\Harddisk2\DR5:
19:32:30.0812 0576 MBR partitions:
19:32:30.0812 0576 \Device\Harddisk2\DR5\Partition0: MBR, Type 0x7, StartLBA 0xABE800, BlocksNum 0x2EE000
19:32:30.0812 0576 \Device\Harddisk2\DR5\Partition1: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0x1C418800
19:32:30.0812 0576 ============================================================
19:32:30.0859 0576 C: <-> \Device\Harddisk0\DR0\Partition0
19:32:31.0265 0576 E: <-> \Device\Harddisk1\DR1\Partition0
19:32:31.0312 0576 F: <-> \Device\Harddisk1\DR1\Partition1
19:32:31.0328 0576 L: <-> \Device\Harddisk2\DR5\Partition0
19:32:31.0343 0576 M: <-> \Device\Harddisk2\DR5\Partition1
19:32:31.0343 0576 ============================================================
19:32:31.0343 0576 Initialize success
19:32:31.0343 0576 ============================================================
19:55:10.0187 2636 ============================================================
19:55:10.0187 2636 Scan started
19:55:10.0187 2636 Mode: Manual; SigCheck; TDLFS;
19:55:10.0187 2636 ============================================================
19:55:11.0078 2636 !SASCORE - ok
19:55:11.0171 2636 Abiosdsk - ok
19:55:11.0171 2636 abp480n5 - ok
19:55:11.0250 2636 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:55:11.0937 2636 ACPI - ok
19:55:11.0984 2636 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:55:12.0078 2636 ACPIEC - ok
19:55:12.0078 2636 adaptecstoragemanageragent - ok
19:55:12.0171 2636 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:55:12.0187 2636 AdobeFlashPlayerUpdateSvc - ok
19:55:12.0187 2636 adpu160m - ok
19:55:12.0203 2636 adsexpb - ok
19:55:12.0250 2636 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:55:12.0359 2636 aec - ok
19:55:12.0390 2636 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:55:12.0453 2636 AFD - ok
19:55:12.0453 2636 Aha154x - ok
19:55:12.0453 2636 aic78u2 - ok
19:55:12.0453 2636 aic78xx - ok
19:55:12.0453 2636 alcxsens - ok
19:55:12.0515 2636 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:55:12.0609 2636 Alerter - ok
19:55:12.0609 2636 alertservice - ok
19:55:12.0625 2636 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:55:12.0671 2636 ALG - ok
19:55:12.0671 2636 AliIde - ok
19:55:12.0812 2636 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
19:55:12.0890 2636 Ambfilt - ok
19:55:12.0937 2636 amdk7 - ok
19:55:12.0937 2636 amsint - ok
19:55:13.0078 2636 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:55:13.0078 2636 Apple Mobile Device - ok
19:55:13.0109 2636 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:55:13.0171 2636 AppMgmt - ok
19:55:13.0187 2636 ar5211 - ok
19:55:13.0187 2636 arkbcfltr - ok
19:55:13.0234 2636 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:55:13.0312 2636 Arp1394 - ok
19:55:13.0312 2636 asc - ok
19:55:13.0312 2636 asc3350p - ok
19:55:13.0312 2636 asc3550 - ok
19:55:13.0406 2636 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:55:13.0421 2636 aspnet_state - ok
19:55:13.0453 2636 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:55:13.0531 2636 AsyncMac - ok
19:55:13.0593 2636 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:55:13.0687 2636 atapi - ok
19:55:13.0703 2636 Atdisk - ok
19:55:13.0703 2636 ATKGFNEXSrv - ok
19:55:13.0703 2636 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:55:13.0781 2636 Atmarpc - ok
19:55:13.0843 2636 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:55:13.0921 2636 AudioSrv - ok
19:55:13.0984 2636 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:55:14.0078 2636 audstub - ok
19:55:14.0390 2636 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
19:55:14.0625 2636 AVGIDSAgent - ok
19:55:14.0734 2636 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
19:55:14.0750 2636 AVGIDSDriver - ok
19:55:14.0750 2636 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
19:55:14.0765 2636 AVGIDSEH - ok
19:55:14.0765 2636 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
19:55:14.0781 2636 AVGIDSFilter - ok
19:55:14.0812 2636 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
19:55:14.0828 2636 AVGIDSShim - ok
19:55:14.0906 2636 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:55:14.0921 2636 Avgldx86 - ok
19:55:14.0921 2636 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:55:14.0921 2636 Avgmfx86 - ok
19:55:14.0937 2636 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:55:14.0953 2636 Avgrkx86 - ok
19:55:14.0968 2636 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:55:14.0984 2636 Avgtdix - ok
19:55:15.0062 2636 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:55:15.0062 2636 avgwd - ok
19:55:15.0078 2636 BANTExt - ok
19:55:15.0125 2636 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:55:15.0218 2636 Beep - ok
19:55:15.0218 2636 belmonitorservice - ok
19:55:15.0281 2636 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:55:15.0421 2636 BITS - ok
19:55:15.0421 2636 BlackBox - ok
19:55:15.0468 2636 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:55:15.0578 2636 Browser - ok
19:55:15.0609 2636 BrUsbSer - ok
19:55:15.0625 2636 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
19:55:15.0734 2636 BthEnum - ok
19:55:15.0750 2636 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
19:55:15.0828 2636 BTHMODEM - ok
19:55:15.0843 2636 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
19:55:15.0937 2636 BthPan - ok
19:55:15.0984 2636 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
19:55:16.0031 2636 BTHPORT - ok
19:55:16.0078 2636 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
19:55:16.0171 2636 BthServ - ok
19:55:16.0171 2636 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
19:55:16.0250 2636 BTHUSB - ok
19:55:16.0265 2636 C-Dilla - ok
19:55:16.0500 2636 catchme - ok
19:55:16.0531 2636 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:55:16.0640 2636 cbidf2k - ok
19:55:16.0640 2636 ccevtmgr - ok
19:55:16.0640 2636 cd20xrnt - ok
19:55:16.0640 2636 CdaD10BA - ok
19:55:16.0671 2636 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:55:16.0750 2636 Cdaudio - ok
19:55:16.0781 2636 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:55:16.0890 2636 Cdfs - ok
19:55:16.0906 2636 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:55:17.0015 2636 Cdrom - ok
19:55:17.0062 2636 Changer (daf1a8193b6caf0fb858cadcc5c4af4a) C:\WINDOWS\system32\drivers\Changer.sys
19:55:17.0156 2636 Changer - ok
19:55:17.0203 2636 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:55:17.0281 2636 CiSvc - ok
19:55:17.0343 2636 CLBStor (0252b4007a8f3a6cc61220cbe122544d) C:\WINDOWS\system32\drivers\CLBStor.sys
19:55:17.0359 2636 CLBStor - ok
19:55:17.0421 2636 CLBUDF (dc705765a170f7bd8af3632c93b03f0b) C:\WINDOWS\system32\drivers\CLBUDF.sys
19:55:17.0437 2636 CLBUDF - ok
19:55:17.0468 2636 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:55:17.0578 2636 ClipSrv - ok
19:55:17.0671 2636 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:55:17.0687 2636 clr_optimization_v2.0.50727_32 - ok
19:55:17.0687 2636 CmdIde - ok
19:55:17.0687 2636 CoachUsb - ok
19:55:17.0687 2636 commserver - ok
19:55:17.0687 2636 COMSysApp - ok
19:55:17.0703 2636 Cpqarray - ok
19:55:17.0796 2636 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
19:55:17.0796 2636 cpudrv - ok
19:55:17.0828 2636 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:55:17.0906 2636 CryptSvc - ok
19:55:17.0921 2636 cygserver - ok
19:55:17.0921 2636 dac2w2k - ok
19:55:17.0921 2636 dac960nt - ok
19:55:17.0953 2636 DC21x4 - ok
19:55:18.0015 2636 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:55:18.0109 2636 DcomLaunch - ok
19:55:18.0171 2636 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:55:18.0265 2636 Dhcp - ok
19:55:18.0312 2636 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:55:18.0406 2636 Disk - ok
19:55:18.0406 2636 dladresn - ok
19:55:18.0406 2636 dlaopiom - ok
19:55:18.0421 2636 dmadmin - ok
19:55:18.0484 2636 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:55:18.0640 2636 dmboot - ok
19:55:18.0671 2636 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:55:18.0765 2636 dmio - ok
19:55:18.0796 2636 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:55:18.0875 2636 dmload - ok
19:55:18.0890 2636 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:55:18.0984 2636 dmserver - ok
19:55:19.0000 2636 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:55:19.0078 2636 DMusic - ok
19:55:19.0125 2636 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:55:19.0171 2636 Dnscache - ok
19:55:19.0218 2636 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:55:19.0328 2636 Dot3svc - ok
19:55:19.0328 2636 dpti2o - ok
19:55:19.0359 2636 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:55:19.0437 2636 drmkaud - ok
19:55:19.0453 2636 EACSvrMngr - ok
19:55:19.0484 2636 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:55:19.0578 2636 EapHost - ok
19:55:19.0593 2636 EL90X - ok
19:55:19.0609 2636 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:55:19.0718 2636 ERSvc - ok
19:55:19.0796 2636 esgiguard (2407b8164e966755bc6a4242fc9de31e) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
19:55:19.0812 2636 esgiguard - ok
19:55:19.0812 2636 EU3_USB - ok
19:55:19.0859 2636 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:55:19.0890 2636 Eventlog - ok
19:55:19.0937 2636 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:55:19.0984 2636 EventSystem - ok
19:55:20.0000 2636 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:55:20.0109 2636 Fastfat - ok
19:55:20.0156 2636 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:55:20.0203 2636 FastUserSwitchingCompatibility - ok
19:55:20.0250 2636 FaxTalk FaxCenter Pro 8 (18ef9f53f127b8758b257117983df520) C:\Program Files\FaxTalk\FTmsgsvc.exe
19:55:20.0265 2636 FaxTalk FaxCenter Pro 8 - ok
19:55:20.0281 2636 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:55:20.0375 2636 Fdc - ok
19:55:20.0375 2636 FINEPIX_PCC - ok
19:55:20.0406 2636 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:55:20.0500 2636 Fips - ok
19:55:20.0515 2636 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:55:20.0593 2636 Flpydisk - ok
19:55:20.0625 2636 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:55:20.0703 2636 FltMgr - ok
19:55:20.0875 2636 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:55:20.0890 2636 FontCache3.0.0.0 - ok
19:55:20.0890 2636 fsaa - ok
19:55:20.0937 2636 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:55:21.0046 2636 Fs_Rec - ok
19:55:21.0093 2636 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:55:21.0203 2636 Ftdisk - ok
19:55:21.0234 2636 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:55:21.0234 2636 GEARAspiWDM - ok
19:55:21.0234 2636 getPlusHelper - ok
19:55:21.0250 2636 giveio - ok
19:55:21.0250 2636 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:55:21.0359 2636 Gpc - ok
19:55:21.0406 2636 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:55:21.0421 2636 gupdate - ok
19:55:21.0421 2636 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:55:21.0437 2636 gupdatem - ok
19:55:21.0437 2636 ham50 - ok
19:55:21.0453 2636 hap16v2k - ok
19:55:21.0531 2636 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:55:21.0625 2636 HDAudBus - ok
19:55:21.0671 2636 helpsvc - ok
19:55:21.0671 2636 HidServ - ok
19:55:21.0718 2636 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:55:21.0812 2636 hkmsvc - ok
19:55:21.0812 2636 hpn - ok
19:55:21.0859 2636 HSFHWBS2 (6312dc46356df3974e88aa51b69360dc) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
19:55:21.0906 2636 HSFHWBS2 - ok
19:55:21.0968 2636 HSF_DPV (daab917eec9849840a13353198d48cc5) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
19:55:22.0078 2636 HSF_DPV - ok
19:55:22.0125 2636 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:55:22.0171 2636 HTTP - ok
19:55:22.0203 2636 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:55:22.0296 2636 HTTPFilter - ok
19:55:22.0359 2636 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:55:22.0437 2636 i2omgmt - ok
19:55:22.0437 2636 i2omp - ok
19:55:22.0484 2636 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:55:22.0578 2636 i8042prt - ok
19:55:22.0578 2636 icdsptsv - ok
19:55:22.0781 2636 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:55:22.0875 2636 idsvc - ok
19:55:22.0937 2636 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:55:23.0031 2636 Imapi - ok
19:55:23.0078 2636 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:55:23.0171 2636 ImapiService - ok
19:55:23.0187 2636 incdfs - ok
19:55:23.0187 2636 ini910u - ok
19:55:23.0187 2636 int15 - ok
19:55:23.0468 2636 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:55:23.0671 2636 IntcAzAudAddService - ok
19:55:23.0734 2636 IntelIde - ok
19:55:23.0796 2636 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:55:23.0875 2636 intelppm - ok
19:55:23.0890 2636 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:55:24.0000 2636 Ip6Fw - ok
19:55:24.0015 2636 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:55:24.0109 2636 IpFilterDriver - ok
19:55:24.0140 2636 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:55:24.0234 2636 IpInIp - ok
19:55:24.0265 2636 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:55:24.0375 2636 IpNat - ok
19:55:24.0484 2636 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe
19:55:24.0562 2636 iPod Service - ok
19:55:24.0625 2636 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:55:24.0718 2636 IPSec - ok
19:55:24.0750 2636 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:55:24.0796 2636 IRENUM - ok
19:55:24.0828 2636 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:55:24.0937 2636 isapnp - ok
19:55:25.0031 2636 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
19:55:25.0031 2636 JavaQuickStarterService - ok
19:55:25.0093 2636 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:55:25.0171 2636 Kbdclass - ok
19:55:25.0203 2636 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:55:25.0281 2636 kmixer - ok
19:55:25.0296 2636 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:55:25.0359 2636 KSecDD - ok
19:55:25.0406 2636 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:55:25.0437 2636 lanmanserver - ok
19:55:25.0468 2636 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:55:25.0500 2636 lanmanworkstation - ok
19:55:25.0562 2636 lbrtfdc (cc50a66548c2f285bc8a7b0b8aa578e3) C:\WINDOWS\system32\drivers\lbrtfdc.sys
19:55:25.0625 2636 lbrtfdc - ok
19:55:25.0640 2636 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:55:25.0718 2636 LmHosts - ok
19:55:25.0734 2636 LUsbFilt - ok
19:55:25.0734 2636 lxrsge10s - ok
19:55:25.0734 2636 mafwboot - ok
19:55:25.0781 2636 MatSvc (0cf633a54c681c65297c63106c4bc376) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
19:55:25.0843 2636 MatSvc - ok
19:55:25.0875 2636 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
19:55:25.0890 2636 MBAMProtector - ok
19:55:25.0937 2636 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:55:25.0953 2636 MBAMService - ok
19:55:26.0109 2636 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
19:55:26.0171 2636 McComponentHostService - ok
19:55:26.0171 2636 mcdetect.exe - ok
19:55:26.0203 2636 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:55:26.0218 2636 mdmxsdk - ok
19:55:26.0250 2636 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:55:26.0343 2636 Messenger - ok
19:55:26.0343 2636 mf - ok
19:55:26.0359 2636 mindrepair - ok
19:55:26.0390 2636 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:55:26.0484 2636 mnmdd - ok
19:55:26.0500 2636 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:55:26.0609 2636 mnmsrvc - ok
19:55:26.0656 2636 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:55:26.0750 2636 Modem - ok
19:55:26.0765 2636 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:55:26.0875 2636 MODEMCSA - ok
19:55:26.0984 2636 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
19:55:27.0093 2636 Monfilt - ok
19:55:27.0156 2636 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:55:27.0250 2636 Mouclass - ok
19:55:27.0281 2636 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:55:27.0375 2636 MountMgr - ok
19:55:27.0375 2636 MR97310_USB_DUAL_CAMERA - ok
19:55:27.0375 2636 mraid35x - ok
19:55:27.0375 2636 MRV6X32P - ok
19:55:27.0421 2636 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:55:27.0515 2636 MRxDAV - ok
19:55:27.0578 2636 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:55:27.0640 2636 MRxSmb - ok
19:55:27.0640 2636 MSCamSvc - ok
19:55:27.0671 2636 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:55:27.0781 2636 MSDTC - ok
19:55:27.0796 2636 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:55:27.0890 2636 Msfs - ok
19:55:27.0890 2636 MSICPL - ok
19:55:27.0890 2636 MSIServer - ok
19:55:27.0890 2636 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:55:27.0968 2636 MSKSSRV - ok
19:55:27.0984 2636 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:55:28.0046 2636 MSPCLOCK - ok
19:55:28.0062 2636 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:55:28.0140 2636 MSPQM - ok
19:55:28.0187 2636 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:55:28.0281 2636 mssmbios - ok
19:55:28.0328 2636 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:55:28.0375 2636 Mup - ok
19:55:28.0375 2636 Mvc25U870_VID_1262&PID_25FD - ok
19:55:28.0375 2636 n558 - ok
19:55:28.0421 2636 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:55:28.0531 2636 napagent - ok
19:55:28.0531 2636 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:55:28.0625 2636 NDIS - ok
19:55:28.0687 2636 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:55:28.0718 2636 NdisTapi - ok
19:55:28.0718 2636 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:55:28.0812 2636 Ndisuio - ok
19:55:28.0812 2636 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:55:28.0890 2636 NdisWan - ok
19:55:28.0953 2636 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:55:28.0968 2636 NDProxy - ok
19:55:28.0984 2636 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:55:29.0078 2636 NetBIOS - ok
19:55:29.0109 2636 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:55:29.0187 2636 NetBT - ok
19:55:29.0250 2636 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:55:29.0328 2636 NetDDE - ok
19:55:29.0328 2636 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:55:29.0406 2636 NetDDEdsdm - ok
19:55:29.0437 2636 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:55:29.0515 2636 Netlogon - ok
19:55:29.0578 2636 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:55:29.0656 2636 Netman - ok
19:55:29.0828 2636 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:55:29.0843 2636 NetTcpPortSharing - ok
19:55:29.0890 2636 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:55:29.0984 2636 NIC1394 - ok
19:55:30.0031 2636 nicconfigsvc (9c454cd857b4c0ccf7a614b047616503) C:\WINDOWS\system32\SimpTcp.dll
19:55:30.0109 2636 nicconfigsvc - ok
19:55:30.0171 2636 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:55:30.0203 2636 Nla - ok
19:55:30.0234 2636 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\WINDOWS\system32\drivers\ccdcmb.sys
19:55:30.0375 2636 nmwcd - ok
19:55:30.0437 2636 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
19:55:30.0500 2636 nmwcdc - ok
19:55:30.0562 2636 nmwcdnsu (99b224f8026cb534724aa3c408561e45) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
19:55:30.0625 2636 nmwcdnsu - ok
19:55:30.0687 2636 nmwcdnsuc (d23257682d349a5e2e4507ed33decc16) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
19:55:30.0750 2636 nmwcdnsuc - ok
19:55:30.0781 2636 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:55:30.0875 2636 Npfs - ok
19:55:30.0953 2636 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:55:31.0046 2636 Ntfs - ok
19:55:31.0046 2636 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:55:31.0140 2636 NtLmSsp - ok
19:55:31.0171 2636 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:55:31.0281 2636 NtmsSvc - ok
19:55:31.0328 2636 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:55:31.0421 2636 Null - ok
19:55:31.0750 2636 nv (ceab17ba3e0f7de96a4649f896b35131) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:55:32.0125 2636 nv ( UnsignedFile.Multi.Generic ) - warning
19:55:32.0125 2636 nv - detected UnsignedFile.Multi.Generic (1)
19:55:32.0234 2636 NVSvc (df6fd57d6807ae459b3463fbfda02d49) C:\WINDOWS\system32\nvsvc32.exe
19:55:32.0265 2636 NVSvc ( UnsignedFile.Multi.Generic ) - warning
19:55:32.0265 2636 NVSvc - detected UnsignedFile.Multi.Generic (1)
19:55:32.0265 2636 NWHOST - ok
19:55:32.0296 2636 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:55:32.0390 2636 NwlnkFlt - ok
19:55:32.0390 2636 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:55:32.0500 2636 NwlnkFwd - ok
19:55:32.0531 2636 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:55:32.0625 2636 ohci1394 - ok
19:55:32.0625 2636 omci - ok
19:55:32.0750 2636 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:55:32.0765 2636 ose - ok
19:55:32.0812 2636 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
19:55:32.0906 2636 Parport - ok
19:55:32.0906 2636 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:55:32.0984 2636 PartMgr - ok
19:55:33.0015 2636 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:55:33.0125 2636 ParVdm - ok
19:55:33.0171 2636 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
19:55:33.0218 2636 pccsmcfd - ok
19:55:33.0265 2636 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:55:33.0359 2636 PCI - ok
19:55:33.0359 2636 PCIDump - ok
19:55:33.0375 2636 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:55:33.0468 2636 PCIIde - ok
19:55:33.0515 2636 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:55:33.0593 2636 Pcmcia - ok
19:55:33.0593 2636 pdlndldl - ok
19:55:33.0593 2636 perc2 - ok
19:55:33.0593 2636 perc2hib - ok
19:55:33.0625 2636 pgpsdkservice - ok
19:55:33.0625 2636 pktfilter - ok
19:55:33.0687 2636 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:55:33.0703 2636 PlugPlay - ok
19:55:33.0718 2636 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:55:33.0796 2636 PolicyAgent - ok
19:55:33.0828 2636 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:55:33.0937 2636 PptpMiniport - ok
19:55:33.0937 2636 procexp100 - ok
19:55:33.0937 2636 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:55:34.0015 2636 ProtectedStorage - ok
19:55:34.0015 2636 protectionservice - ok
19:55:34.0015 2636 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:55:34.0093 2636 PSched - ok
19:55:34.0125 2636 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:55:34.0218 2636 Ptilink - ok
19:55:34.0234 2636 ql1080 - ok
19:55:34.0234 2636 Ql10wnt - ok
19:55:34.0234 2636 ql12160 - ok
19:55:34.0234 2636 ql1240 - ok
19:55:34.0234 2636 ql1280 - ok
19:55:34.0250 2636 ql2100 - ok
19:55:34.0437 2636 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
19:55:34.0453 2636 RapportCerberus_34302 - ok
19:55:34.0500 2636 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
19:55:34.0515 2636 RapportEI - ok
19:55:34.0640 2636 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
19:55:34.0640 2636 RapportIaso - ok
19:55:34.0656 2636 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\WINDOWS\system32\Drivers\RapportKELL.sys
19:55:34.0656 2636 RapportKELL - ok
19:55:34.0734 2636 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
19:55:34.0765 2636 RapportMgmtService - ok
19:55:34.0796 2636 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
19:55:34.0812 2636 RapportPG - ok
19:55:34.0812 2636 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:55:34.0890 2636 RasAcd - ok
19:55:34.0937 2636 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:55:35.0015 2636 RasAuto - ok
19:55:35.0031 2636 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:55:35.0109 2636 Rasl2tp - ok
19:55:35.0171 2636 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:55:35.0250 2636 RasMan - ok
19:55:35.0296 2636 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:55:35.0390 2636 RasPppoe - ok
19:55:35.0406 2636 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:55:35.0500 2636 Raspti - ok
19:55:35.0531 2636 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:55:35.0609 2636 Rdbss - ok
19:55:35.0609 2636 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:55:35.0718 2636 RDPCDD - ok
19:55:35.0750 2636 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:55:35.0843 2636 rdpdr - ok
19:55:35.0890 2636 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:55:35.0953 2636 RDPWD - ok
19:55:35.0984 2636 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:55:36.0093 2636 RDSessMgr - ok
19:55:36.0125 2636 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:55:36.0234 2636 redbook - ok
19:55:36.0281 2636 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:55:36.0375 2636 RemoteAccess - ok
19:55:36.0421 2636 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:55:36.0515 2636 RemoteRegistry - ok
19:55:36.0531 2636 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
19:55:36.0625 2636 RFCOMM - ok
19:55:36.0859 2636 RichVideo (4d05898896ec49cf663dda61041ab096) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
19:55:36.0875 2636 RichVideo - ok
19:55:36.0875 2636 roxmediadb - ok
19:55:36.0890 2636 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:55:36.0968 2636 RpcLocator - ok
19:55:37.0015 2636 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
19:55:37.0046 2636 RpcSs - ok
19:55:37.0093 2636 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:55:37.0187 2636 RSVP - ok
19:55:37.0234 2636 RTL8023xp (69ee1e8dc0c750a5d03739e6e9429959) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
19:55:37.0265 2636 RTL8023xp ( UnsignedFile.Multi.Generic ) - warning
19:55:37.0265 2636 RTL8023xp - detected UnsignedFile.Multi.Generic (1)
19:55:37.0296 2636 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:55:37.0375 2636 rtl8139 - ok
19:55:37.0390 2636 SaiMini - ok
19:55:37.0421 2636 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:55:37.0484 2636 SamSs - ok
19:55:37.0593 2636 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:55:37.0593 2636 SASDIFSV - ok
19:55:37.0609 2636 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:55:37.0625 2636 SASKUTIL - ok
19:55:37.0640 2636 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:55:37.0750 2636 SCardSvr - ok
19:55:37.0796 2636 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:55:37.0890 2636 Schedule - ok
19:55:38.0000 2636 SdReadSpool (b9443470baae569d9a3fabbfeb35c4e7) C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
19:55:38.0015 2636 SdReadSpool - ok
19:55:38.0046 2636 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:55:38.0109 2636 Secdrv - ok
19:55:38.0171 2636 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:55:38.0250 2636 seclogon - ok
19:55:38.0265 2636 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:55:38.0328 2636 SENS - ok
19:55:38.0390 2636 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
19:55:38.0468 2636 Serial - ok
19:55:38.0562 2636 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:55:38.0578 2636 ServiceLayer - ok
19:55:38.0593 2636 SfCtlCom - ok
19:55:38.0656 2636 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:55:38.0765 2636 Sfloppy - ok
19:55:38.0765 2636 sfsync04 - ok
19:55:38.0828 2636 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:55:38.0921 2636 SharedAccess - ok
19:55:38.0968 2636 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:55:38.0968 2636 ShellHWDetection - ok
19:55:38.0984 2636 Simbad - ok
19:55:39.0000 2636 SiRemFil - ok
19:55:39.0000 2636 smartwiservice - ok
19:55:39.0015 2636 smservaz - ok
19:55:39.0015 2636 softfax - ok
19:55:39.0015 2636 Sparrow - ok
19:55:39.0062 2636 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:55:39.0140 2636 splitter - ok
19:55:39.0171 2636 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:55:39.0203 2636 Spooler - ok
19:55:39.0296 2636 SpyHunter 4 Service (63f2b52947577dbb075fe646bc758a2f) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
19:55:39.0359 2636 SpyHunter 4 Service - ok
19:55:39.0375 2636 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:55:39.0437 2636 sr - ok
19:55:39.0500 2636 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:55:39.0546 2636 srservice - ok
19:55:39.0593 2636 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:55:39.0640 2636 Srv - ok
19:55:39.0687 2636 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:55:39.0750 2636 SSDPSRV - ok
19:55:39.0796 2636 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:55:39.0906 2636 stisvc - ok
19:55:39.0937 2636 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:55:40.0031 2636 swenum - ok
19:55:40.0078 2636 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:55:40.0171 2636 swmidi - ok
19:55:40.0171 2636 SwPrv - ok
19:55:40.0171 2636 symc810 - ok
19:55:40.0171 2636 symc8xx - ok
19:55:40.0203 2636 symdns - ok
19:55:40.0203 2636 sym_hi - ok
19:55:40.0203 2636 sym_u3 - ok
19:55:40.0234 2636 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:55:40.0312 2636 sysaudio - ok
19:55:40.0343 2636 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:55:40.0437 2636 SysmonLog - ok
19:55:40.0484 2636 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:55:40.0593 2636 TapiSrv - ok
19:55:40.0656 2636 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:55:40.0687 2636 Tcpip - ok
19:55:40.0734 2636 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:55:40.0828 2636 TDPIPE - ok
19:55:40.0828 2636 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:55:40.0937 2636 TDTCP - ok
19:55:40.0953 2636 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:55:41.0062 2636 TermDD - ok
19:55:41.0093 2636 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:55:41.0171 2636 TermService - ok
19:55:41.0234 2636 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:55:41.0234 2636 Themes - ok
19:55:41.0281 2636 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:55:41.0328 2636 TlntSvr - ok
19:55:41.0343 2636 TosIde - ok
19:55:41.0406 2636 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:55:41.0484 2636 TrkWks - ok
19:55:41.0484 2636 trlokom_rmhsvc - ok
19:55:41.0500 2636 U2SP - ok
19:55:41.0531 2636 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:55:41.0625 2636 Udfs - ok
19:55:41.0625 2636 ultra - ok
19:55:41.0687 2636 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:55:41.0781 2636 Update - ok
19:55:41.0828 2636 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:55:41.0890 2636 upnphost - ok
19:55:41.0937 2636 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
19:55:42.0015 2636 upperdev - ok
19:55:42.0062 2636 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:55:42.0156 2636 UPS - ok
19:55:42.0156 2636 upsentry_smart - ok
19:55:42.0156 2636 USB11LDR - ok
19:55:42.0156 2636 USBAAPL - ok
19:55:42.0218 2636 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:55:42.0312 2636 usbehci - ok
19:55:42.0359 2636 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:55:42.0453 2636 usbhub - ok
19:55:42.0484 2636 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:55:42.0546 2636 usbprint - ok
19:55:42.0562 2636 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:55:42.0656 2636 usbscan - ok
19:55:42.0671 2636 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
19:55:42.0750 2636 usbser - ok
19:55:42.0765 2636 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
19:55:42.0812 2636 UsbserFilt - ok
19:55:42.0828 2636 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:55:42.0906 2636 USBSTOR - ok
19:55:42.0968 2636 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:55:43.0062 2636 usbuhci - ok
19:55:43.0062 2636 USBVCD - ok
19:55:43.0109 2636 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:55:43.0203 2636 VgaSave - ok
19:55:43.0203 2636 ViaIde - ok
19:55:43.0218 2636 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:55:43.0296 2636 VolSnap - ok
19:55:43.0296 2636 vrservice - ok
19:55:43.0328 2636 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:55:43.0390 2636 VSS - ok
19:55:43.0390 2636 w29n51 - ok
19:55:43.0421 2636 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:55:43.0515 2636 W32Time - ok
19:55:43.0546 2636 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:55:43.0640 2636 Wanarp - ok
19:55:43.0640 2636 wap3gx - ok
19:55:43.0703 2636 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
19:55:43.0718 2636 Wdf01000 - ok
19:55:43.0734 2636 WDICA - ok
19:55:43.0750 2636 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:55:43.0859 2636 wdmaud - ok
19:55:43.0906 2636 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:55:44.0031 2636 WebClient - ok
19:55:44.0078 2636 wfxsvc (be2157595c087207676ec716a6be4cce) C:\WINDOWS\system32\WFXSVC.EXE
19:55:44.0078 2636 wfxsvc ( UnsignedFile.Multi.Generic ) - warning
19:55:44.0078 2636 wfxsvc - detected UnsignedFile.Multi.Generic (1)
19:55:44.0203 2636 winachsf (be3a842c2f2e87e7c840d36bcf13e8e0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:55:44.0281 2636 winachsf - ok
19:55:44.0390 2636 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:55:44.0468 2636 winmgmt - ok
19:55:44.0468 2636 winpowermanager - ok
19:55:44.0578 2636 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
19:55:44.0656 2636 WinRM - ok
19:55:44.0687 2636 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:55:44.0734 2636 WmdmPmSN - ok
19:55:44.0828 2636 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:55:44.0906 2636 Wmi - ok
19:55:44.0937 2636 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:55:45.0062 2636 WmiApSrv - ok
19:55:45.0234 2636 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:55:45.0343 2636 WMPNetworkSvc - ok
19:55:45.0406 2636 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:55:45.0437 2636 WpdUsb - ok
19:55:45.0484 2636 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:55:45.0578 2636 WS2IFSL - ok
19:55:45.0687 2636 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:55:45.0765 2636 wscsvc - ok
19:55:45.0812 2636 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:55:45.0890 2636 wuauserv - ok
19:55:45.0937 2636 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:55:45.0984 2636 WudfPf - ok
19:55:46.0015 2636 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:55:46.0046 2636 WudfRd - ok
19:55:46.0093 2636 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
19:55:46.0109 2636 WudfSvc - ok
19:55:46.0187 2636 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:55:46.0312 2636 WZCSVC - ok
19:55:46.0343 2636 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:55:46.0468 2636 xmlprov - ok
19:55:46.0578 2636 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
19:55:46.0593 2636 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
19:55:46.0625 2636 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:55:46.0812 2636 \Device\Harddisk0\DR0 - ok
19:55:46.0812 2636 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:55:47.0296 2636 \Device\Harddisk1\DR1 - ok
19:55:47.0296 2636 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR5
19:55:47.0437 2636 \Device\Harddisk2\DR5 - ok
19:55:47.0453 2636 Boot (0x1200) (de17a28ffae56733026be20e47e5fe8c) \Device\Harddisk0\DR0\Partition0
19:55:47.0453 2636 \Device\Harddisk0\DR0\Partition0 - ok
19:55:47.0453 2636 Boot (0x1200) (ab81bc14f7e65a74e1d70e016623b088) \Device\Harddisk1\DR1\Partition0
19:55:47.0453 2636 \Device\Harddisk1\DR1\Partition0 - ok
19:55:47.0453 2636 Boot (0x1200) (f0463477c940dfacd8991233674ec997) \Device\Harddisk1\DR1\Partition1
19:55:47.0453 2636 \Device\Harddisk1\DR1\Partition1 - ok
19:55:47.0453 2636 Boot (0x1200) (eeec5da32dfa12e1263fca298252a021) \Device\Harddisk2\DR5\Partition0
19:55:47.0453 2636 \Device\Harddisk2\DR5\Partition0 - ok
19:55:47.0468 2636 Boot (0x1200) (8cbb6491629c9a350163059652938fd4) \Device\Harddisk2\DR5\Partition1
19:55:47.0484 2636 \Device\Harddisk2\DR5\Partition1 - ok
19:55:47.0484 2636 ============================================================
19:55:47.0484 2636 Scan finished
19:55:47.0484 2636 ============================================================
19:55:47.0578 2552 Detected object count: 4
19:55:47.0578 2552 Actual detected object count: 4
19:56:03.0953 2552 nv ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:03.0953 2552 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:56:03.0953 2552 NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:03.0953 2552 NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:56:03.0953 2552 RTL8023xp ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:03.0953 2552 RTL8023xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:56:03.0953 2552 wfxsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:03.0953 2552 wfxsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

osjknights · Apr 30, 2012

aswMBR Scan

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-30 19:58:44
-----------------------------
19:58:44.687 OS Version: Windows 5.1.2600 Service Pack 3
19:58:44.687 Number of processors: 4 586 0xF0B
19:58:44.687 ComputerName: KNIGHTS-2EE6007 UserName:
19:58:45.515 Initialize success
20:00:41.296 AVAST engine defs: 12043001
20:01:26.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:01:26.453 Disk 0 Vendor: WDC_WD2500JS-55NCB1 10.02E01 Size: 238475MB BusType: 3
20:01:26.453 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
20:01:26.453 Disk 1 Vendor: WDC_WD10EARS-00MVWB0 51.0AB51 Size: 953869MB BusType: 3
20:01:26.468 Disk 0 MBR read successfully
20:01:26.468 Disk 0 MBR scan
20:01:26.500 Disk 0 Windows XP default MBR code
20:01:26.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
20:01:26.500 Disk 0 scanning sectors +488376000
20:01:26.609 Disk 0 scanning C:\WINDOWS\system32\drivers
20:01:37.171 Service scanning
20:01:59.812 Modules scanning
20:02:06.546 Disk 0 trace - called modules:
20:02:06.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS BlackBox.SYS
20:02:06.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aeadab8]
20:02:06.578 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000077[0x8aeb8030]
20:02:06.578 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8aee6d98]
20:02:08.531 AVAST engine scan C:\WINDOWS
20:02:16.421 AVAST engine scan C:\WINDOWS\system32
20:04:53.484 AVAST engine scan C:\WINDOWS\system32\drivers
20:05:10.500 AVAST engine scan C:\Documents and Settings\Dr Michael Foster
20:06:31.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dr Michael Foster\Desktop\MBR.dat"
20:06:31.843 The log file has been saved successfully to "C:\Documents and Settings\Dr Michael Foster\Desktop\aswMBR.txt"

osjknights · Apr 30, 2012

Rootkit Unlocker Scan Report

THIS ONE ENDS WITH A WARNING OF A POSSIBLE ROOTKIT

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #4
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtAssignProcessToJobObject, Type: Address change 0x805D6642-->B594D086 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
ntkrnlpa.exe-->NtCreateFile, Type: Address change 0x805790A8-->B594DBE4 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
ntkrnlpa.exe-->NtCreateThread, Type: Address change 0x805D1018-->B5B915E0 [C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys]
ntkrnlpa.exe-->NtDeleteFile, Type: Address change 0x80576C50-->B594DDDC [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
ntkrnlpa.exe-->NtDeleteKey, Type: Address change 0x8062458C-->B59515B2 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
ntkrnlpa.exe-->NtDeleteValueKey, Type: Address change 0x8062475C-->B59515E4 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
ntkrnlpa.exe-->NtLoadKey, Type: Address change 0x80626314-->B5951746 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
ntkrnlpa.exe-->NtOpenFile, Type: Address change 0x8057A1A6-->B594DCFC [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805CB440-->B5017F3C [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
ntkrnlpa.exe-->NtOpenThread, Type: Address change 0x805CB6CC-->B594D3F0 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
ntkrnlpa.exe-->NtProtectVirtualMemory, Type: Address change 0x805B841E-->B594D522 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
ntkrnlpa.exe-->NtQueryValueKey, Type: Address change 0x80622314-->B59516BC [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
ntkrnlpa.exe-->NtRenameKey, Type: Address change 0x80623B12-->B5951626 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
ntkrnlpa.exe-->NtReplaceKey, Type: Address change 0x806261C4-->B5951658 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
ntkrnlpa.exe-->NtRestoreKey, Type: Address change 0x80625AD0-->B595168A [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
ntkrnlpa.exe-->NtSetContextThread, Type: Address change 0x805D173A-->B594D02C [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
ntkrnlpa.exe-->NtSetInformationFile, Type: Address change 0x8057B034-->B594DE82 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x80622662-->B595154A [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
ntkrnlpa.exe-->NtSuspendThread, Type: Address change 0x805D48F4-->B594CFC6 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805D29E2-->B5017FE4 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x805D2BDC-->B5018080 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x805B43CC-->B501811C [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
==============================================
>Shadow
==============================================
win32k.sys-->NtGdiAlphaBlend, Type: Address change 0xBF831475-->B5953E54 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
win32k.sys-->NtGdiBitBlt, Type: Address change 0xBF8098F2-->B5953CB4 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
win32k.sys-->NtGdiGetPixel, Type: Address change 0xBF8649A1-->B5953D02 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
win32k.sys-->NtGdiMaskBlt, Type: Address change 0xBF828A2A-->B5953D8E [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
win32k.sys-->NtGdiPlgBlt, Type: Address change 0xBF946632-->B5953DDC [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
win32k.sys-->NtGdiStretchBlt, Type: Address change 0xBF89454D-->B5953D34 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
win32k.sys-->NtGdiTransparentBlt, Type: Address change 0xBF895025-->B5953E18 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
win32k.sys-->NtUserFindWindowEx, Type: Address change 0xBF85BDAF-->B594E2DE [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0xBF89C3CB-->B501843A [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
win32k.sys-->NtUserGetKeyboardState, Type: Address change 0xBF85BC6A-->B50183A6 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
win32k.sys-->NtUserGetKeyState, Type: Address change 0xBF81C550-->B50183E6 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
win32k.sys-->NtUserPrintWindow, Type: Address change 0xBF891A5E-->B5953E90 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
win32k.sys-->NtUserQueryWindow, Type: Address change 0xBF80A0E2-->B594E252 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF85F5D2-->B5018338 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
==============================================
>Processes
==============================================
0x8AF36830 [4] System
0x8A56A5B0 [128] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8A583DA0 [288] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A588BC0 [320] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8A5905B8 [492] C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o., AVG Watchdog Service)
0x8A31E7C0 [536] C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia, ServiceLayer Module)
0x8A55EBC0 [544] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A54EDA0 [672] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x8A87D9E0 [692] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x8A52E800 [1012] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation, Malwarebytes Anti-Malware)
0x8A7B6DA0 [1020] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8A7B6B20 [1056] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x8A707DA0 [1112] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x8A110DA0 [1116] C:\Program Files\AVG\AVG2012\avgui.exe (AVG Technologies CZ, s.r.o., AVG User Interface)
0x8A74F5A8 [1124] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x8A15EB98 [1364] C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia, Microsoft Bluetooth Media Server)
0x8A6EDB18 [1396] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A663020 [1468] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A64C9E0 [1512] C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd., RapportMgmtService)
0x8A4FF9E0 [1556] C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 158.27)
0x8A97C470 [1580] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A998020 [1624] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A500B28 [1700] C:\Program Files\CyberLink\Shared Files\RichVideo.exe (-, RichVideo Module)
0x8A4D6458 [1824] C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe (Solid Documents, LLC, Solid Spool Service)
0x8A5D8818 [1872] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A5B5DA0 [1904] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A575BC0 [1996] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A4B13D8 [2064] C:\WINDOWS\system32\WFXSVC.EXE (Symantec Corporation, Symantec WinFax PRO NT Service)
0x8A4AFAF0 [2104] C:\Program Files\winfax\WFXMOD32.EXE (Symantec Corporation, WinFax Pro Serial Modem Driver)
0x8A4E5BC0 [2132] C:\WINDOWS\system32\WFXSNT40.EXE (Microsoft Corporation, Delrina Fax Port Launcher)
0x8A492740 [2256] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp., Realtek HD Audio Control Panel)
0x8A6F5948 [2500] C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation, Run a DLL as an App)
0x8A4869E0 [2568] C:\Program Files\FaxTalk\FTmsgsvc.exe (Thought Communications, Inc., FaxTalk Service Module)
0x8A435DA0 [2648] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java(TM) Update Scheduler)
0x8A14E020 [2680] C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation, Microsoft Office Word)
0x8A472A10 [2752] C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc., OCR Aware)
0x8A58FBD8 [2768] C:\Program Files\FaxTalk\FTclctrl.exe (Thought Communications, Inc., FaxTalk CallControl)
0x8A404B30 [2872] C:\Program Files\FaxTalk\fapiexe.exe (Thought Communications, Inc., FaxTalk FAPI Module)
0x8A420BD8 [2880] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp., PowerDVD RC Service)
0x8A418BD0 [2984] C:\Documents and Settings\Dr Michael Foster\Desktop\Malware Tools\RKUnhookerLE.EXE (UG North, RKULE, SR2 Overlord)
0x8A3DA9E8 [3196] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o., AVG Tray Monitor)
0x8A3E6320 [3248] C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation, Run a DLL as an App)
0x8A36E5C0 [3312] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia, Nokia Launch Application)
0x8AC63C18 [3476] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x8A465410 [3700] C:\WINDOWS\system32\WudfHost.exe (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Host Process)
0x8A3549F0 [3868] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x8A39C5B8 [3916] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x8A2369A0 [3932] C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation, Microsoft Office Outlook)
==============================================
>Drivers
==============================================
0xB96F9000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6742016 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 158.27 )
0xB5BEF000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6168576 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 5423104 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 158.27 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB952A000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB9477000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9E1E000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB58DC000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB93C1000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB5A76000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB4D17000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF53E000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB5A09000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xB5B0A000 C:\WINDOWS\System32\Drivers\bthport.sys 274432 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0xB963F000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 270336 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xB46C6000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB58A5000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 225280 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB5B6D000 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys 221184 bytes
0xB941F000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB4F12000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9DF1000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB4015000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB5972000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB9699000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB59E1000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB5355000 C:\WINDOWS\System32\Drivers\CLBUDF.SYS 159744 bytes (CyberLink Corporation., UDF File System Driver )
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB5A50000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB594C000 C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 155648 bytes (Trusteer Ltd., RapportPG)
0xB5331000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB5BCB000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB96C1000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB961C000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB59BF000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB599D000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xB40E0000 C:\WINDOWS\system32\DRIVERS\wudfrd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB4AEF000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xB9EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9DD7000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB588C000 C:\WINDOWS\system32\DRIVERS\bthpan.sys 102400 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB56BC000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9681000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 98304 bytes (Realtek Semiconductor Corporation, Realtek 10/100/1000 NDIS 5.1 Driver)
0xB9EC2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9460000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB9EAB000 WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xB4ED5000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB96E5000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB5ACF000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB944F000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB5320000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xBA2D8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA178000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA278000 C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 65536 bytes (Trusteer Ltd., RapportEI)
0xBA228000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA188000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\rfcomm.sys 61440 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0xB586C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA208000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA248000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 53248 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA158000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA198000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA118000 RapportKELL.sys 49152 bytes (Trusteer Ltd., RapportKE)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA288000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA168000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\bthmodem.sys 40960 bytes (Microsoft Corporation, Bluetooth Communications Driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA1E8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB40B0000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA148000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA268000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA258000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA488000 C:\DOCUME~1\DRMICH~1\LOCALS~1\Temp\catchme.sys 32768 bytes
0xBA3A8000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA4A0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA390000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA338000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA380000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA398000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA388000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA478000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\BthEnum.sys 20480 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0xBA480000 C:\WINDOWS\System32\Drivers\BTHUSB.sys 20480 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0xBA490000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA408000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA418000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA410000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB452B000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xBA4BC000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xB54AC000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes Anti-Malware)
0xB4D9F000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xB9DAF000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xBA59C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB518C000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB5017000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 12288 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA56C000 C:\WINDOWS\System32\Drivers\CLBStor.SYS 12288 bytes (Cyberlink Co.,Ltd., Cyberlink Storage Helper Driver (WindowsNT5.x))
0xB5750000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA578000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB93A9000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB61D5000 C:\WINDOWS\system32\DRIVERS\sfloppy.sys 12288 bytes (Microsoft Corporation, SCSI Floppy Driver)
0xB61F5000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA5EC000 C:\Program Files\CyberLink\PowerDVD\000.fcl 8192 bytes (Cyberlink Corp., FCL Driver)
0xBA5CE000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5E8000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5CA000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5C2000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 8192 bytes (Microsoft Corporation, I2O Utility Filter)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5D2000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA622000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
0xBA5D6000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5B6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5BE000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7AF000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA70C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6BE000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP9\A0004951.data
!-->[Hidden] C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP9\A0004952.data
!-->[Hidden] C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP9\A0004953.ini
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006ECEE, Type: Inline - RelativeJump 0x80545CEE-->80545CF5 [ntkrnlpa.exe]
[1512]RapportMgmtService.exe-->kernel32.dll+0x00001BB9, Type: Code Mismatch 0x7C801BB9 + 7097 [43 E4 25 F5]
[1512]RapportMgmtService.exe-->ntdll.dll-->KiUserApcDispatcher, Type: Inline - RelativeJump 0x7C90E450-->00414DA0 [RapportMgmtService.exe]
[1512]RapportMgmtService.exe-->ws2_32.dll-->getaddrinfo, Type: Inline - RelativeJump 0x71AB2A6F-->71A00022 [unknown_code_page]
[1512]RapportMgmtService.exe-->ws2_32.dll-->gethostbyname, Type: Inline - RelativeJump 0x71AB5355-->71A90022 [unknown_code_page]
[320]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->5CB77774 [shimeng.dll]
[320]explorer.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->5CB77774 [shimeng.dll]
[320]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->5CB77774 [shimeng.dll]
[320]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->5CB77774 [shimeng.dll]
[320]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->5CB77774 [shimeng.dll]
[320]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->5CB77774 [shimeng.dll]
[320]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->5CB77774 [shimeng.dll]
[320]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->5CB77774 [shimeng.dll]

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

osjknights · Apr 30, 2012

The last report

On the last report (Rootkit Unhooker) I set it going - was able to begin my work for tomorrow, have dinner, come back and read your reply, as I sent my note (which crossed yours) and still wait another 30 mins, but I hope it yealded some useful info - as a novice I cannot make head nor tail of it!

Again thanks for your patience and time - much appreciated. Although I am beginning to think it may be time to copy all my data to the second hard drive (I also have a third hard drive hooked up and completely empty). AND wipe the drive and reinstall XP! However if the Trojan can be detected it my be helpful in terms of learning how to solve this particular variant.

I was using Google Images as a fast way of identifying items to purchase. I clicked on one, and a fraud spyware scanner popped up - I went to kill it using the Task Manager to discover it was disabled. I even download a program "Spy Hunter" which claimed to be able to deal with this and paid for it ($47) to discover it failed - and insult to injury found the blighters had set up a reaccuring payment for $47 every sixth months on my paypal account - so I cancelled the reaccuring payments.

The system is more stable and I AVG does not keep popping up Trojan warnings anymore, but for safety I disconnect the network cable - which means my network printer cannot be used by the infected machine.

Ah such are the challenges of life.

jeffce · Apr 30, 2012

Hi,

I still don't see anything that is bad though that is showing up.

In my opinion...if this were my computer...I would format and reinstall. With the backdoor capabilities and the number of advanced infections that are on the system, I would not hesitate to just save my files and start from scratch because I could never know for sure that the infection is still not in there hiding and waiting and possibly stealing information of mine.

I can't guarantee that it is a new variant so much as the fact that there were multiple ZeroAccess infections and if we aren't able to hit everything at once than we won't be able to kill it.

osjknights · May 1, 2012

Rapport

I have noticed from the Rootkit Unhooker report that the Rapport entires have been messed with. Rapport (I am sure you know) is a untility to prevent your passwords being passed on to fraudulant sites and came with my Internet Banking from HSBC.

I am in the slow business of transferring my data files to Drive F. - is there any chance I can unwittingly transfer the Trojan over - I have AVG running?

osjknights · May 1, 2012

Rapport

Hi

When the data is safely on F, I will remove rapport from the system (via add-remove progs) but did not want to disturb it as yet - or should I?

IDP & Crypt AQLW Trojan DDS Log pasted.

Emeritus

New member

New member

New member

New member

New member

Emeritus

New member

New member

Emeritus

New member

Emeritus

New member

New member

New member

New member

New member

Emeritus

New member

New member