TechSpot

Help computer infected! log files requested in sticky are pasted

Solved
By jestein
Sep 26, 2012
  1. jestein

    jestein TS Rookie Topic Starter Posts: 48

    I can't find aswmbr log? what program is this for?
     
  2. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  3. jestein

    jestein TS Rookie Topic Starter Posts: 48

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-15 20:57:53
    -----------------------------
    20:57:53.838 OS Version: Windows x64 6.1.7600
    20:57:53.838 Number of processors: 4 586 0x502
    20:57:53.838 ComputerName: LINDSAY-PC UserName: Admin
    20:57:54.805 Initialize success
    20:57:55.679 AVAST engine defs: 12101501
    20:58:10.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
    20:58:10.421 Disk 0 Vendor: SAMSUNG_HD103SI 1AG01118 Size: 953869MB BusType: 3
    20:58:10.436 Disk 0 MBR read successfully
    20:58:10.436 Disk 0 MBR scan
    20:58:10.452 Disk 0 Windows 7 default MBR code
    20:58:10.452 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    20:58:10.468 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 400000 MB offset 206848
    20:58:10.483 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 553767 MB offset 819406848
    20:58:10.514 Disk 0 scanning C:\Windows\system32\drivers
    20:58:17.628 Service scanning
    20:58:30.834 Modules scanning
    20:58:30.834 Disk 0 trace - called modules:
    20:58:30.850 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    20:58:31.349 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004738060]
    20:58:31.349 3 CLASSPNP.SYS[fffff8800182343f] -> nt!IofCallDriver -> [0xfffffa8004114520]
    20:58:31.349 5 ACPI.sys[fffff88000edc781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8004116060]
    20:58:32.118 AVAST engine scan C:\Windows
    20:58:34.159 AVAST engine scan C:\Windows\system32
    21:00:19.139 AVAST engine scan C:\Windows\system32\drivers
    21:00:25.450 AVAST engine scan C:\Users\Admin
    21:01:11.934 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
    21:01:11.934 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"
    21:01:28.995 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
    21:01:28.995 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt1.txt"
    21:01:34.995 AVAST engine scan C:\ProgramData
    21:02:19.312 Scan finished successfully
    21:02:56.175 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
    21:02:56.175 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt1.txt"
     
  4. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Looks good.

    Re-run TDSSKiller and post new log.
     
  5. jestein

    jestein TS Rookie Topic Starter Posts: 48

    No audio ads. No notice that I have a threat when browsing, but I do still have that stupid mywebsearch as a homepage. Not a huge deal. Computer is way faster.

    21:16:36.0261 1584 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    21:16:37.0977 1584 ============================================================
    21:16:37.0977 1584 Current date / time: 2012/10/15 21:16:37.0977
    21:16:37.0977 1584 SystemInfo:
    21:16:37.0977 1584
    21:16:37.0977 1584 OS Version: 6.1.7600 ServicePack: 0.0
    21:16:37.0977 1584 Product type: Workstation
    21:16:37.0977 1584 ComputerName: LINDSAY-PC
    21:16:37.0977 1584 UserName: Admin
    21:16:37.0977 1584 Windows directory: C:\Windows
    21:16:37.0977 1584 System windows directory: C:\Windows
    21:16:37.0977 1584 Running under WOW64
    21:16:37.0977 1584 Processor architecture: Intel x64
    21:16:37.0977 1584 Number of processors: 4
    21:16:37.0977 1584 Page size: 0x1000
    21:16:37.0977 1584 Boot type: Normal boot
    21:16:37.0977 1584 ============================================================
    21:16:39.0069 1584 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:16:39.0100 1584 ============================================================
    21:16:39.0100 1584 \Device\Harddisk0\DR0:
    21:16:39.0100 1584 MBR partitions:
    21:16:39.0100 1584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    21:16:39.0100 1584 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D40000
    21:16:39.0100 1584 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D72800, BlocksNum 0x43993800
    21:16:39.0100 1584 ============================================================
    21:16:39.0147 1584 C: <-> \Device\Harddisk0\DR0\Partition3
    21:16:39.0178 1584 D: <-> \Device\Harddisk0\DR0\Partition2
    21:16:39.0194 1584 ============================================================
    21:16:39.0194 1584 Initialize success
    21:16:39.0194 1584 ============================================================
    21:16:40.0614 1460 ============================================================
    21:16:40.0614 1460 Scan started
    21:16:40.0614 1460 Mode: Manual;
    21:16:40.0614 1460 ============================================================
    21:16:41.0862 1460 ================ Scan system memory ========================
    21:16:41.0862 1460 System memory - ok
    21:16:41.0862 1460 ================ Scan services =============================
    21:16:41.0908 1460 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    21:16:41.0908 1460 !SASCORE - ok
    21:16:42.0033 1460 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    21:16:42.0033 1460 1394ohci - ok
    21:16:42.0049 1460 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
    21:16:42.0049 1460 ACPI - ok
    21:16:42.0080 1460 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
    21:16:42.0080 1460 AcpiPmi - ok
    21:16:42.0158 1460 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    21:16:42.0158 1460 AdobeFlashPlayerUpdateSvc - ok
    21:16:42.0189 1460 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    21:16:42.0189 1460 adp94xx - ok
    21:16:42.0205 1460 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    21:16:42.0220 1460 adpahci - ok
    21:16:42.0236 1460 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    21:16:42.0236 1460 adpu320 - ok
    21:16:42.0267 1460 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    21:16:42.0267 1460 AeLookupSvc - ok
    21:16:42.0314 1460 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
    21:16:42.0314 1460 AFD - ok
    21:16:42.0330 1460 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
    21:16:42.0330 1460 agp440 - ok
    21:16:42.0376 1460 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    21:16:42.0376 1460 ALG - ok
    21:16:42.0376 1460 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
    21:16:42.0376 1460 aliide - ok
    21:16:42.0392 1460 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
    21:16:42.0392 1460 amdide - ok
    21:16:42.0408 1460 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    21:16:42.0408 1460 AmdK8 - ok
    21:16:42.0439 1460 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    21:16:42.0439 1460 AmdPPM - ok
    21:16:42.0454 1460 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
    21:16:42.0454 1460 amdsata - ok
    21:16:42.0470 1460 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    21:16:42.0470 1460 amdsbs - ok
    21:16:42.0486 1460 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
    21:16:42.0486 1460 amdxata - ok
    21:16:42.0501 1460 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
    21:16:42.0501 1460 AppID - ok
    21:16:42.0517 1460 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    21:16:42.0517 1460 AppIDSvc - ok
    21:16:42.0548 1460 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
    21:16:42.0548 1460 Appinfo - ok
    21:16:42.0626 1460 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:16:42.0626 1460 Apple Mobile Device - ok
    21:16:42.0673 1460 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    21:16:42.0673 1460 AppMgmt - ok
    21:16:42.0688 1460 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    21:16:42.0688 1460 arc - ok
    21:16:42.0704 1460 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    21:16:42.0704 1460 arcsas - ok
    21:16:42.0735 1460 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
    21:16:42.0735 1460 aswFsBlk - ok
    21:16:42.0782 1460 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    21:16:42.0782 1460 aswMonFlt - ok
    21:16:42.0813 1460 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
    21:16:42.0813 1460 aswRdr - ok
    21:16:42.0844 1460 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    21:16:42.0844 1460 aswSnx - ok
    21:16:42.0860 1460 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    21:16:42.0876 1460 aswSP - ok
    21:16:42.0891 1460 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
    21:16:42.0891 1460 aswTdi - ok
    21:16:42.0907 1460 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    21:16:42.0907 1460 AsyncMac - ok
    21:16:42.0922 1460 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
    21:16:42.0922 1460 atapi - ok
    21:16:43.0016 1460 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    21:16:43.0063 1460 atikmdag - ok
    21:16:43.0094 1460 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    21:16:43.0094 1460 AudioEndpointBuilder - ok
    21:16:43.0110 1460 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
    21:16:43.0110 1460 AudioSrv - ok
    21:16:43.0188 1460 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    21:16:43.0188 1460 avast! Antivirus - ok
    21:16:43.0203 1460 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    21:16:43.0219 1460 AxInstSV - ok
    21:16:43.0250 1460 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    21:16:43.0250 1460 b06bdrv - ok
    21:16:43.0281 1460 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    21:16:43.0281 1460 b57nd60a - ok
    21:16:43.0297 1460 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    21:16:43.0297 1460 BDESVC - ok
    21:16:43.0312 1460 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    21:16:43.0312 1460 Beep - ok
    21:16:43.0344 1460 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
    21:16:43.0359 1460 BFE - ok
    21:16:43.0406 1460 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
    21:16:43.0406 1460 BITS - ok
    21:16:43.0437 1460 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    21:16:43.0437 1460 blbdrive - ok
    21:16:43.0484 1460 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    21:16:43.0484 1460 Bonjour Service - ok
    21:16:43.0515 1460 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    21:16:43.0515 1460 bowser - ok
    21:16:43.0515 1460 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    21:16:43.0515 1460 BrFiltLo - ok
    21:16:43.0531 1460 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    21:16:43.0531 1460 BrFiltUp - ok
    21:16:43.0546 1460 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    21:16:43.0546 1460 BridgeMP - ok
    21:16:43.0562 1460 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
    21:16:43.0562 1460 Browser - ok
    21:16:43.0578 1460 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    21:16:43.0578 1460 Brserid - ok
    21:16:43.0593 1460 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    21:16:43.0593 1460 BrSerWdm - ok
    21:16:43.0609 1460 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:16:43.0609 1460 BrUsbMdm - ok
    21:16:43.0609 1460 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    21:16:43.0609 1460 BrUsbSer - ok
    21:16:43.0640 1460 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    21:16:43.0640 1460 BTHMODEM - ok
    21:16:43.0656 1460 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    21:16:43.0656 1460 bthserv - ok
    21:16:43.0687 1460 catchme - ok
    21:16:43.0718 1460 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    21:16:43.0718 1460 cdfs - ok
    21:16:43.0734 1460 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    21:16:43.0734 1460 cdrom - ok
    21:16:43.0765 1460 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
    21:16:43.0780 1460 CertPropSvc - ok
    21:16:43.0796 1460 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    21:16:43.0796 1460 circlass - ok
    21:16:43.0812 1460 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    21:16:43.0812 1460 CLFS - ok
    21:16:43.0874 1460 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:16:43.0874 1460 clr_optimization_v2.0.50727_32 - ok
    21:16:43.0921 1460 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    21:16:43.0921 1460 clr_optimization_v2.0.50727_64 - ok
    21:16:43.0936 1460 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    21:16:43.0936 1460 CmBatt - ok
    21:16:43.0936 1460 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
    21:16:43.0936 1460 cmdide - ok
    21:16:43.0983 1460 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
    21:16:43.0983 1460 CNG - ok
    21:16:43.0999 1460 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    21:16:43.0999 1460 Compbatt - ok
    21:16:44.0014 1460 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    21:16:44.0014 1460 CompositeBus - ok
    21:16:44.0014 1460 COMSysApp - ok
    21:16:44.0030 1460 [ 17719A7F571D4CD08223F0B30F71B8B8 ] cpuz134 C:\Windows\system32\drivers\cpuz134_x64.sys
    21:16:44.0030 1460 cpuz134 - ok
    21:16:44.0046 1460 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    21:16:44.0046 1460 crcdisk - ok
    21:16:44.0092 1460 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    21:16:44.0092 1460 CryptSvc - ok
    21:16:44.0108 1460 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
    21:16:44.0124 1460 CSC - ok
    21:16:44.0139 1460 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
    21:16:44.0155 1460 CscService - ok
    21:16:44.0186 1460 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
    21:16:44.0202 1460 DcomLaunch - ok
    21:16:44.0233 1460 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    21:16:44.0233 1460 defragsvc - ok
    21:16:44.0248 1460 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    21:16:44.0248 1460 DfsC - ok
    21:16:44.0280 1460 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
    21:16:44.0280 1460 Dhcp - ok
    21:16:44.0295 1460 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    21:16:44.0295 1460 discache - ok
    21:16:44.0311 1460 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    21:16:44.0311 1460 Disk - ok
    21:16:44.0326 1460 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
    21:16:44.0342 1460 Dnscache - ok
    21:16:44.0358 1460 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
    21:16:44.0373 1460 dot3svc - ok
    21:16:44.0373 1460 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
    21:16:44.0389 1460 DPS - ok
    21:16:44.0420 1460 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    21:16:44.0420 1460 drmkaud - ok
    21:16:44.0451 1460 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    21:16:44.0451 1460 DXGKrnl - ok
    21:16:44.0482 1460 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    21:16:44.0482 1460 EapHost - ok
    21:16:44.0545 1460 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    21:16:44.0576 1460 ebdrv - ok
    21:16:44.0592 1460 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
    21:16:44.0607 1460 EFS - ok
    21:16:44.0654 1460 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    21:16:44.0654 1460 ehRecvr - ok
    21:16:44.0670 1460 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    21:16:44.0670 1460 ehSched - ok
    21:16:44.0701 1460 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    21:16:44.0701 1460 elxstor - ok
    21:16:44.0779 1460 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    21:16:44.0779 1460 EPSON_EB_RPCV4_01 - ok
    21:16:44.0810 1460 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    21:16:44.0810 1460 EPSON_PM_RPCV4_01 - ok
    21:16:44.0826 1460 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
    21:16:44.0826 1460 ErrDev - ok
    21:16:44.0841 1460 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    21:16:44.0857 1460 EventSystem - ok
    21:16:44.0872 1460 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    21:16:44.0888 1460 exfat - ok
    21:16:44.0904 1460 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    21:16:44.0904 1460 fastfat - ok
    21:16:44.0935 1460 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
    21:16:44.0950 1460 Fax - ok
    21:16:44.0966 1460 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    21:16:44.0966 1460 fdc - ok
    21:16:44.0982 1460 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    21:16:44.0982 1460 fdPHost - ok
    21:16:44.0997 1460 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    21:16:44.0997 1460 FDResPub - ok
    21:16:45.0013 1460 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    21:16:45.0013 1460 FileInfo - ok
    21:16:45.0028 1460 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    21:16:45.0028 1460 Filetrace - ok
    21:16:45.0075 1460 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    21:16:45.0075 1460 FLEXnet Licensing Service - ok
    21:16:45.0091 1460 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    21:16:45.0091 1460 flpydisk - ok
    21:16:45.0106 1460 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    21:16:45.0106 1460 FltMgr - ok
    21:16:45.0138 1460 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
    21:16:45.0153 1460 FontCache - ok
    21:16:45.0184 1460 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    21:16:45.0200 1460 FontCache3.0.0.0 - ok
    21:16:45.0231 1460 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    21:16:45.0231 1460 FsDepends - ok
    21:16:45.0247 1460 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    21:16:45.0247 1460 Fs_Rec - ok
    21:16:45.0262 1460 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    21:16:45.0278 1460 fvevol - ok
    21:16:45.0294 1460 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    21:16:45.0294 1460 gagp30kx - ok
    21:16:45.0294 1460 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:16:45.0309 1460 GEARAspiWDM - ok
    21:16:45.0325 1460 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
    21:16:45.0340 1460 gpsvc - ok
    21:16:45.0340 1460 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    21:16:45.0340 1460 hcw85cir - ok
    21:16:45.0387 1460 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    21:16:45.0387 1460 HdAudAddService - ok
    21:16:45.0418 1460 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    21:16:45.0418 1460 HDAudBus - ok
    21:16:45.0418 1460 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    21:16:45.0418 1460 HidBatt - ok
    21:16:45.0434 1460 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    21:16:45.0450 1460 HidBth - ok
    21:16:45.0450 1460 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    21:16:45.0450 1460 HidIr - ok
    21:16:45.0465 1460 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    21:16:45.0465 1460 hidserv - ok
    21:16:45.0496 1460 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    21:16:45.0496 1460 HidUsb - ok
    21:16:45.0512 1460 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
    21:16:45.0512 1460 hkmsvc - ok
    21:16:45.0528 1460 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    21:16:45.0543 1460 HomeGroupListener - ok
    21:16:45.0574 1460 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    21:16:45.0574 1460 HomeGroupProvider - ok
    21:16:45.0590 1460 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
    21:16:45.0590 1460 HpSAMD - ok
    21:16:45.0621 1460 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    21:16:45.0637 1460 HTTP - ok
    21:16:45.0668 1460 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    21:16:45.0668 1460 hwpolicy - ok
    21:16:45.0746 1460 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    21:16:45.0746 1460 i8042prt - ok
    21:16:45.0824 1460 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
    21:16:45.0824 1460 iaStorV - ok
    21:16:45.0871 1460 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    21:16:45.0871 1460 IDriverT - ok
    21:16:45.0933 1460 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    21:16:45.0933 1460 idsvc - ok
    21:16:45.0949 1460 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    21:16:45.0949 1460 iirsp - ok
    21:16:45.0996 1460 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
    21:16:45.0996 1460 IKEEXT - ok
    21:16:46.0011 1460 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
    21:16:46.0011 1460 intelide - ok
    21:16:46.0027 1460 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    21:16:46.0027 1460 intelppm - ok
    21:16:46.0058 1460 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    21:16:46.0058 1460 IPBusEnum - ok
    21:16:46.0074 1460 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:16:46.0074 1460 IpFilterDriver - ok
    21:16:46.0105 1460 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    21:16:46.0105 1460 iphlpsvc - ok
    21:16:46.0136 1460 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
    21:16:46.0136 1460 IPMIDRV - ok
    21:16:46.0152 1460 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    21:16:46.0152 1460 IPNAT - ok
    21:16:46.0214 1460 [ D38469601B72D2DA4F847FC642174E21 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    21:16:46.0214 1460 iPod Service - ok
    21:16:46.0230 1460 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    21:16:46.0230 1460 IRENUM - ok
    21:16:46.0245 1460 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
    21:16:46.0245 1460 isapnp - ok
    21:16:46.0261 1460 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    21:16:46.0261 1460 iScsiPrt - ok
    21:16:46.0276 1460 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    21:16:46.0276 1460 kbdclass - ok
    21:16:46.0308 1460 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    21:16:46.0308 1460 kbdhid - ok
    21:16:46.0308 1460 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
    21:16:46.0308 1460 KeyIso - ok
    21:16:46.0323 1460 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    21:16:46.0323 1460 KSecDD - ok
    21:16:46.0354 1460 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    21:16:46.0354 1460 KSecPkg - ok
    21:16:46.0370 1460 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    21:16:46.0370 1460 ksthunk - ok
    21:16:46.0401 1460 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    21:16:46.0401 1460 KtmRm - ok
    21:16:46.0432 1460 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
    21:16:46.0432 1460 L1E - ok
    21:16:46.0464 1460 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
    21:16:46.0479 1460 LanmanServer - ok
    21:16:46.0510 1460 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    21:16:46.0510 1460 LanmanWorkstation - ok
    21:16:46.0510 1460 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    21:16:46.0526 1460 lltdio - ok
    21:16:46.0542 1460 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    21:16:46.0542 1460 lltdsvc - ok
    21:16:46.0557 1460 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    21:16:46.0557 1460 lmhosts - ok
    21:16:46.0588 1460 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    21:16:46.0588 1460 LSI_FC - ok
    21:16:46.0604 1460 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    21:16:46.0604 1460 LSI_SAS - ok
    21:16:46.0620 1460 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    21:16:46.0620 1460 LSI_SAS2 - ok
    21:16:46.0620 1460 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    21:16:46.0620 1460 LSI_SCSI - ok
    21:16:46.0651 1460 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    21:16:46.0651 1460 luafv - ok
    21:16:46.0682 1460 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    21:16:46.0682 1460 MBAMProtector - ok
    21:16:46.0713 1460 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    21:16:46.0713 1460 MBAMScheduler - ok
    21:16:46.0744 1460 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    21:16:46.0744 1460 MBAMService - ok
    21:16:46.0776 1460 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    21:16:46.0776 1460 Mcx2Svc - ok
    21:16:46.0791 1460 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    21:16:46.0791 1460 megasas - ok
    21:16:46.0807 1460 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    21:16:46.0807 1460 MegaSR - ok
    21:16:46.0869 1460 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    21:16:46.0869 1460 Microsoft Office Groove Audit Service - ok
    21:16:46.0916 1460 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    21:16:46.0932 1460 MMCSS - ok
    21:16:46.0947 1460 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    21:16:46.0947 1460 Modem - ok
    21:16:46.0963 1460 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    21:16:46.0963 1460 monitor - ok
    21:16:46.0963 1460 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    21:16:46.0963 1460 mouclass - ok
    21:16:46.0978 1460 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    21:16:46.0978 1460 mouhid - ok
    21:16:46.0994 1460 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    21:16:46.0994 1460 mountmgr - ok
    21:16:47.0025 1460 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    21:16:47.0025 1460 MozillaMaintenance - ok
    21:16:47.0041 1460 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
    21:16:47.0041 1460 mpio - ok
    21:16:47.0056 1460 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    21:16:47.0056 1460 mpsdrv - ok
    21:16:47.0088 1460 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
    21:16:47.0088 1460 MpsSvc - ok
    21:16:47.0119 1460 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\Windows\system32\drivers\mqac.sys
    21:16:47.0119 1460 MQAC - ok
    21:16:47.0134 1460 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    21:16:47.0134 1460 MRxDAV - ok
    21:16:47.0150 1460 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:16:47.0150 1460 mrxsmb - ok
    21:16:47.0181 1460 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:16:47.0181 1460 mrxsmb10 - ok
    21:16:47.0197 1460 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:16:47.0212 1460 mrxsmb20 - ok
    21:16:47.0212 1460 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
    21:16:47.0212 1460 msahci - ok
    21:16:47.0228 1460 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
    21:16:47.0228 1460 msdsm - ok
    21:16:47.0244 1460 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    21:16:47.0259 1460 MSDTC - ok
    21:16:47.0275 1460 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    21:16:47.0275 1460 Msfs - ok
    21:16:47.0290 1460 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    21:16:47.0290 1460 mshidkmdf - ok
    21:16:47.0290 1460 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
    21:16:47.0290 1460 msisadrv - ok
    21:16:47.0322 1460 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    21:16:47.0322 1460 MSiSCSI - ok
    21:16:47.0322 1460 msiserver - ok
    21:16:47.0353 1460 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    21:16:47.0353 1460 MSKSSRV - ok
    21:16:47.0384 1460 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\Windows\system32\mqsvc.exe
    21:16:47.0384 1460 MSMQ - ok
    21:16:47.0384 1460 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    21:16:47.0384 1460 MSPCLOCK - ok
    21:16:47.0400 1460 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    21:16:47.0400 1460 MSPQM - ok
    21:16:47.0415 1460 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    21:16:47.0415 1460 MsRPC - ok
    21:16:47.0446 1460 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    21:16:47.0446 1460 mssmbios - ok
    21:16:47.0493 1460 MSSQL$SOPHOS - ok
    21:16:47.0540 1460 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
    21:16:47.0540 1460 MSSQLServerADHelper100 - ok
    21:16:47.0540 1460 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    21:16:47.0540 1460 MSTEE - ok
    21:16:47.0571 1460 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    21:16:47.0571 1460 MTConfig - ok
    21:16:47.0587 1460 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    21:16:47.0587 1460 Mup - ok
    21:16:47.0618 1460 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
    21:16:47.0634 1460 napagent - ok
    21:16:47.0665 1460 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    21:16:47.0665 1460 NativeWifiP - ok
    21:16:47.0727 1460 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
    21:16:47.0743 1460 NDIS - ok
    21:16:47.0743 1460 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    21:16:47.0743 1460 NdisCap - ok
    21:16:47.0774 1460 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    21:16:47.0774 1460 NdisTapi - ok
    21:16:47.0790 1460 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    21:16:47.0790 1460 Ndisuio - ok
    21:16:47.0805 1460 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    21:16:47.0805 1460 NdisWan - ok
    21:16:47.0821 1460 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    21:16:47.0821 1460 NDProxy - ok
    21:16:47.0836 1460 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    21:16:47.0836 1460 NetBIOS - ok
    21:16:47.0868 1460 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    21:16:47.0868 1460 NetBT - ok
    21:16:47.0868 1460 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
    21:16:47.0868 1460 Netlogon - ok
    21:16:47.0899 1460 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    21:16:47.0914 1460 Netman - ok
    21:16:47.0930 1460 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    21:16:47.0930 1460 netprofm - ok
    21:16:47.0961 1460 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:16:47.0961 1460 NetTcpPortSharing - ok
    21:16:47.0977 1460 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    21:16:47.0977 1460 nfrd960 - ok
    21:16:47.0977 1460 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
    21:16:47.0992 1460 NlaSvc - ok
    21:16:47.0992 1460 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    21:16:48.0008 1460 Npfs - ok
    21:16:48.0024 1460 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    21:16:48.0024 1460 nsi - ok
    21:16:48.0024 1460 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    21:16:48.0039 1460 nsiproxy - ok
    21:16:48.0070 1460 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    21:16:48.0086 1460 Ntfs - ok
    21:16:48.0102 1460 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    21:16:48.0102 1460 Null - ok
    21:16:48.0133 1460 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
    21:16:48.0133 1460 nvraid - ok
    21:16:48.0148 1460 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
    21:16:48.0148 1460 nvstor - ok
    21:16:48.0164 1460 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
    21:16:48.0164 1460 nv_agp - ok
    21:16:48.0242 1460 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    21:16:48.0242 1460 odserv - ok
    21:16:48.0273 1460 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    21:16:48.0273 1460 ohci1394 - ok
    21:16:48.0304 1460 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:16:48.0320 1460 ose - ok
    21:16:48.0336 1460 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    21:16:48.0351 1460 p2pimsvc - ok
    21:16:48.0367 1460 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    21:16:48.0367 1460 p2psvc - ok
    21:16:48.0398 1460 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    21:16:48.0398 1460 Parport - ok
    21:16:48.0414 1460 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    21:16:48.0414 1460 partmgr - ok
    21:16:48.0429 1460 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    21:16:48.0445 1460 PcaSvc - ok
    21:16:48.0445 1460 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
    21:16:48.0445 1460 pci - ok
    21:16:48.0460 1460 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
    21:16:48.0460 1460 pciide - ok
    21:16:48.0476 1460 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    21:16:48.0476 1460 pcmcia - ok
    21:16:48.0492 1460 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    21:16:48.0492 1460 pcw - ok
    21:16:48.0523 1460 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    21:16:48.0523 1460 PEAUTH - ok
    21:16:48.0554 1460 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    21:16:48.0570 1460 PeerDistSvc - ok
    21:16:48.0663 1460 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    21:16:48.0663 1460 PerfHost - ok
    21:16:48.0694 1460 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
    21:16:48.0710 1460 pla - ok
    21:16:48.0741 1460 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    21:16:48.0741 1460 PlugPlay - ok
    21:16:48.0772 1460 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    21:16:48.0772 1460 PNRPAutoReg - ok
    21:16:48.0772 1460 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    21:16:48.0772 1460 PNRPsvc - ok
    21:16:48.0819 1460 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    21:16:48.0819 1460 PolicyAgent - ok
    21:16:48.0897 1460 postgresql-8.4 - ok
    21:16:48.0928 1460 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    21:16:48.0928 1460 Power - ok
    21:16:48.0960 1460 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    21:16:48.0960 1460 PptpMiniport - ok
    21:16:48.0975 1460 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    21:16:48.0975 1460 Processor - ok
    21:16:49.0006 1460 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
    21:16:49.0006 1460 ProfSvc - ok
    21:16:49.0038 1460 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
    21:16:49.0038 1460 ProtectedStorage - ok
    21:16:49.0053 1460 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    21:16:49.0053 1460 Psched - ok
    21:16:49.0100 1460 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    21:16:49.0116 1460 ql2300 - ok
    21:16:49.0131 1460 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    21:16:49.0147 1460 ql40xx - ok
    21:16:49.0147 1460 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    21:16:49.0147 1460 QWAVE - ok
    21:16:49.0162 1460 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    21:16:49.0162 1460 QWAVEdrv - ok
    21:16:49.0178 1460 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    21:16:49.0178 1460 RasAcd - ok
    21:16:49.0209 1460 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:16:49.0209 1460 RasAgileVpn - ok
    21:16:49.0225 1460 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    21:16:49.0225 1460 RasAuto - ok
    21:16:49.0256 1460 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:16:49.0256 1460 Rasl2tp - ok
    21:16:49.0272 1460 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
    21:16:49.0272 1460 RasMan - ok
    21:16:49.0303 1460 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    21:16:49.0303 1460 RasPppoe - ok
    21:16:49.0334 1460 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    21:16:49.0334 1460 RasSstp - ok
    21:16:49.0350 1460 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    21:16:49.0350 1460 rdbss - ok
    21:16:49.0365 1460 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    21:16:49.0365 1460 rdpbus - ok
    21:16:49.0365 1460 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:16:49.0381 1460 RDPCDD - ok
    21:16:49.0396 1460 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    21:16:49.0396 1460 RDPDR - ok
    21:16:49.0428 1460 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    21:16:49.0428 1460 RDPENCDD - ok
    21:16:49.0443 1460 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    21:16:49.0443 1460 RDPREFMP - ok
    21:16:49.0459 1460 [ 074AC702D8B8B660B0E1371555995386 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    21:16:49.0459 1460 RDPWD - ok
    21:16:49.0474 1460 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    21:16:49.0474 1460 rdyboost - ok
    21:16:49.0521 1460 [ EA569D48B2E755AF6D96F03F3335D98A ] Realtek11nSU C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
    21:16:49.0521 1460 Realtek11nSU - ok
    21:16:49.0568 1460 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    21:16:49.0568 1460 RemoteAccess - ok
    21:16:49.0584 1460 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    21:16:49.0599 1460 RemoteRegistry - ok
    21:16:49.0599 1460 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    21:16:49.0599 1460 RpcEptMapper - ok
    21:16:49.0630 1460 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    21:16:49.0630 1460 RpcLocator - ok
    21:16:49.0646 1460 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
    21:16:49.0662 1460 RpcSs - ok
    21:16:49.0708 1460 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
    21:16:49.0708 1460 RsFx0103 - ok
    21:16:49.0724 1460 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    21:16:49.0724 1460 rspndr - ok
    21:16:49.0755 1460 [ F8D53FFD2D4D307A8ABC5278121A9B33 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
    21:16:49.0755 1460 RTL8192su - ok
    21:16:49.0771 1460 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
    21:16:49.0771 1460 s3cap - ok
    21:16:49.0786 1460 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
    21:16:49.0786 1460 SamSs - ok
    21:16:49.0849 1460 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    21:16:49.0849 1460 SASDIFSV - ok
    21:16:49.0864 1460 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    21:16:49.0864 1460 SASKUTIL - ok
    21:16:49.0896 1460 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
    21:16:49.0896 1460 sbp2port - ok
    21:16:49.0911 1460 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    21:16:49.0927 1460 SCardSvr - ok
    21:16:49.0942 1460 [ 4B12E2E559641B0F26474BBC6D7CFAFF ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
    21:16:49.0942 1460 SCDEmu - ok
    21:16:49.0958 1460 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    21:16:49.0958 1460 scfilter - ok
    21:16:50.0005 1460 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
    21:16:50.0020 1460 Schedule - ok
    21:16:50.0036 1460 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
    21:16:50.0036 1460 SCPolicySvc - ok
    21:16:50.0052 1460 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    21:16:50.0052 1460 SDRSVC - ok
    21:16:50.0067 1460 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    21:16:50.0067 1460 secdrv - ok
    21:16:50.0083 1460 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
    21:16:50.0083 1460 seclogon - ok
    21:16:50.0098 1460 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    21:16:50.0098 1460 SENS - ok
    21:16:50.0098 1460 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    21:16:50.0114 1460 SensrSvc - ok
    21:16:50.0130 1460 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    21:16:50.0130 1460 Serenum - ok
    21:16:50.0130 1460 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    21:16:50.0130 1460 Serial - ok
    21:16:50.0145 1460 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    21:16:50.0145 1460 sermouse - ok
    21:16:50.0176 1460 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
    21:16:50.0176 1460 SessionEnv - ok
    21:16:50.0192 1460 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    21:16:50.0192 1460 sffdisk - ok
    21:16:50.0208 1460 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
    21:16:50.0208 1460 sffp_mmc - ok
    21:16:50.0208 1460 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    21:16:50.0208 1460 sffp_sd - ok
    21:16:50.0223 1460 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    21:16:50.0223 1460 sfloppy - ok
    21:16:50.0270 1460 [ 41264E06A5CB8FF21D4D2FC59CFEE8EC ] SGNBusinessLogicService C:\Program Files (x86)\Sophos\Encryption\BLService.exe
    21:16:50.0270 1460 SGNBusinessLogicService - ok
    21:16:50.0270 1460 SGN_LogSystem - ok
    21:16:50.0317 1460 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    21:16:50.0332 1460 SharedAccess - ok
    21:16:50.0348 1460 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    21:16:50.0348 1460 ShellHWDetection - ok
    21:16:50.0364 1460 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    21:16:50.0364 1460 SiSRaid2 - ok
    21:16:50.0379 1460 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    21:16:50.0379 1460 SiSRaid4 - ok
     
  6. jestein

    jestein TS Rookie Topic Starter Posts: 48

    21:16:50.0395 1460 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    21:16:50.0395 1460 Smb - ok
    21:16:50.0410 1460 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    21:16:50.0410 1460 SNMPTRAP - ok
    21:16:50.0457 1460 [ 1DD15CBAE4AA7B2F5166D0C2700AEF94 ] Sophos Agent C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
    21:16:50.0457 1460 Sophos Agent - ok
    21:16:50.0473 1460 [ F55A42C8A2FA52B2EFAB477C015AD24E ] Sophos Certification Manager C:\Program Files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe
    21:16:50.0473 1460 Sophos Certification Manager - ok
    21:16:50.0566 1460 [ AB6E2BF3AD49DDB152A53201DFF42483 ] Sophos Management Service C:\Program Files (x86)\Sophos\Enterprise Console\MgntSvc.exe
    21:16:50.0598 1460 Sophos Management Service - ok
    21:16:50.0629 1460 [ 65F816D7534D25623DA909911FF7E7D8 ] Sophos Message Router C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe
    21:16:50.0629 1460 Sophos Message Router - ok
    21:16:50.0660 1460 [ 1BE9D02F57AB179C2FB900E3B3938F41 ] SophosManagementHostService C:\Program Files\Sophos\Enterprise Console\Sophos.FrontEnd.Service.exe
    21:16:50.0660 1460 SophosManagementHostService - ok
    21:16:50.0676 1460 [ D0BC85E0D204E42EE54867A8E6EFE7A6 ] SophosPatchEndpointCommunicator C:\Program Files\Sophos\Patch\PatchEndpointCommunicator\PatchEndpointCommunicator.exe
    21:16:50.0676 1460 SophosPatchEndpointCommunicator - ok
    21:16:50.0691 1460 [ AA87E68657D0AD06C5922A01D01B47FB ] SophosPatchOrchestratorService C:\Program Files\Sophos\Patch\PatchEndpointOrchestrator\PatchEndpointOrchestrator.exe
    21:16:50.0691 1460 SophosPatchOrchestratorService - ok
    21:16:50.0722 1460 [ C5816593AC80CA028EBD8A481E70B8DB ] SophosPatchServerCommunicator C:\Program Files\Sophos\Patch\PatchServerCommunicator\PatchServerCommunicator.exe
    21:16:50.0722 1460 SophosPatchServerCommunicator - ok
    21:16:50.0738 1460 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    21:16:50.0738 1460 spldr - ok
    21:16:50.0769 1460 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
    21:16:50.0769 1460 Spooler - ok
    21:16:50.0878 1460 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
    21:16:50.0910 1460 sppsvc - ok
    21:16:50.0925 1460 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    21:16:50.0941 1460 sppuinotify - ok
    21:16:51.0003 1460 [ A5609D0178B2FEC118A7F4A24ECD1BFB ] SQLAgent$SOPHOS c:\Program Files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE
    21:16:51.0003 1460 SQLAgent$SOPHOS - ok
    21:16:51.0034 1460 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    21:16:51.0034 1460 SQLBrowser - ok
    21:16:51.0066 1460 [ C298D989D717CB153702E397B6D9AAAD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    21:16:51.0066 1460 SQLWriter - ok
    21:16:51.0097 1460 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
    21:16:51.0112 1460 srv - ok
    21:16:51.0128 1460 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    21:16:51.0128 1460 srv2 - ok
    21:16:51.0144 1460 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    21:16:51.0144 1460 srvnet - ok
    21:16:51.0159 1460 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    21:16:51.0175 1460 SSDPSRV - ok
    21:16:51.0175 1460 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    21:16:51.0190 1460 SstpSvc - ok
    21:16:51.0206 1460 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    21:16:51.0206 1460 stexstor - ok
    21:16:51.0237 1460 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
    21:16:51.0237 1460 stisvc - ok
    21:16:51.0253 1460 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
    21:16:51.0253 1460 storflt - ok
    21:16:51.0268 1460 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
    21:16:51.0268 1460 storvsc - ok
    21:16:51.0284 1460 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    21:16:51.0284 1460 swenum - ok
    21:16:51.0300 1460 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    21:16:51.0300 1460 swprv - ok
    21:16:51.0346 1460 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
    21:16:51.0362 1460 SysMain - ok
    21:16:51.0378 1460 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
    21:16:51.0378 1460 TabletInputService - ok
    21:16:51.0393 1460 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
    21:16:51.0409 1460 TapiSrv - ok
    21:16:51.0409 1460 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    21:16:51.0409 1460 TBS - ok
    21:16:51.0471 1460 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    21:16:51.0487 1460 Tcpip - ok
    21:16:51.0502 1460 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    21:16:51.0518 1460 TCPIP6 - ok
    21:16:51.0534 1460 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    21:16:51.0534 1460 tcpipreg - ok
    21:16:51.0549 1460 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    21:16:51.0549 1460 TDPIPE - ok
    21:16:51.0580 1460 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    21:16:51.0580 1460 TDTCP - ok
    21:16:51.0596 1460 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    21:16:51.0596 1460 tdx - ok
    21:16:51.0612 1460 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    21:16:51.0612 1460 TermDD - ok
    21:16:51.0643 1460 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
    21:16:51.0643 1460 TermService - ok
    21:16:51.0658 1460 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    21:16:51.0658 1460 Themes - ok
    21:16:51.0674 1460 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    21:16:51.0690 1460 THREADORDER - ok
    21:16:51.0690 1460 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    21:16:51.0705 1460 TrkWks - ok
    21:16:51.0768 1460 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    21:16:51.0768 1460 TrustedInstaller - ok
    21:16:51.0768 1460 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:16:51.0768 1460 tssecsrv - ok
    21:16:51.0799 1460 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    21:16:51.0799 1460 tunnel - ok
    21:16:51.0814 1460 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    21:16:51.0814 1460 uagp35 - ok
    21:16:51.0830 1460 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    21:16:51.0830 1460 udfs - ok
    21:16:51.0861 1460 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    21:16:51.0861 1460 UI0Detect - ok
    21:16:51.0877 1460 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
    21:16:51.0877 1460 uliagpkx - ok
    21:16:51.0908 1460 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    21:16:51.0908 1460 umbus - ok
    21:16:51.0924 1460 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    21:16:51.0939 1460 UmPass - ok
    21:16:51.0955 1460 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
    21:16:51.0955 1460 UmRdpService - ok
    21:16:51.0970 1460 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    21:16:51.0986 1460 upnphost - ok
    21:16:52.0002 1460 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    21:16:52.0002 1460 USBAAPL64 - ok
    21:16:52.0033 1460 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    21:16:52.0033 1460 usbaudio - ok
    21:16:52.0048 1460 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    21:16:52.0048 1460 usbccgp - ok
    21:16:52.0048 1460 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
    21:16:52.0048 1460 usbcir - ok
    21:16:52.0064 1460 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    21:16:52.0080 1460 usbehci - ok
    21:16:52.0095 1460 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    21:16:52.0095 1460 usbhub - ok
    21:16:52.0111 1460 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    21:16:52.0111 1460 usbohci - ok
    21:16:52.0126 1460 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    21:16:52.0126 1460 usbprint - ok
    21:16:52.0142 1460 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    21:16:52.0142 1460 usbscan - ok
    21:16:52.0173 1460 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:16:52.0173 1460 USBSTOR - ok
    21:16:52.0189 1460 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    21:16:52.0189 1460 usbuhci - ok
    21:16:52.0204 1460 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    21:16:52.0204 1460 UxSms - ok
    21:16:52.0204 1460 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
    21:16:52.0204 1460 VaultSvc - ok
    21:16:52.0220 1460 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
    21:16:52.0220 1460 vdrvroot - ok
    21:16:52.0236 1460 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
    21:16:52.0251 1460 vds - ok
    21:16:52.0267 1460 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    21:16:52.0267 1460 vga - ok
    21:16:52.0267 1460 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    21:16:52.0267 1460 VgaSave - ok
    21:16:52.0282 1460 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
    21:16:52.0282 1460 vhdmp - ok
    21:16:52.0298 1460 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
    21:16:52.0298 1460 viaide - ok
    21:16:52.0329 1460 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
    21:16:52.0329 1460 vmbus - ok
    21:16:52.0345 1460 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
    21:16:52.0345 1460 VMBusHID - ok
    21:16:52.0345 1460 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
    21:16:52.0345 1460 volmgr - ok
    21:16:52.0376 1460 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    21:16:52.0376 1460 volmgrx - ok
    21:16:52.0392 1460 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
    21:16:52.0392 1460 volsnap - ok
    21:16:52.0407 1460 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    21:16:52.0407 1460 vsmraid - ok
    21:16:52.0438 1460 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
    21:16:52.0470 1460 VSS - ok
    21:16:52.0470 1460 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    21:16:52.0470 1460 vwifibus - ok
    21:16:52.0516 1460 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    21:16:52.0516 1460 vwififlt - ok
    21:16:52.0548 1460 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    21:16:52.0563 1460 W32Time - ok
    21:16:52.0579 1460 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    21:16:52.0579 1460 WacomPen - ok
    21:16:52.0610 1460 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    21:16:52.0610 1460 WANARP - ok
    21:16:52.0610 1460 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    21:16:52.0626 1460 Wanarpv6 - ok
    21:16:52.0657 1460 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
    21:16:52.0672 1460 wbengine - ok
    21:16:52.0688 1460 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    21:16:52.0704 1460 WbioSrvc - ok
    21:16:52.0719 1460 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    21:16:52.0719 1460 wcncsvc - ok
    21:16:52.0750 1460 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    21:16:52.0766 1460 WcsPlugInService - ok
    21:16:52.0782 1460 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    21:16:52.0782 1460 Wd - ok
    21:16:52.0813 1460 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    21:16:52.0828 1460 Wdf01000 - ok
    21:16:52.0828 1460 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    21:16:52.0828 1460 WdiServiceHost - ok
    21:16:52.0844 1460 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    21:16:52.0844 1460 WdiSystemHost - ok
    21:16:52.0860 1460 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
    21:16:52.0875 1460 WebClient - ok
    21:16:52.0891 1460 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    21:16:52.0891 1460 Wecsvc - ok
    21:16:52.0906 1460 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    21:16:52.0922 1460 wercplsupport - ok
    21:16:52.0938 1460 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    21:16:52.0938 1460 WerSvc - ok
    21:16:52.0953 1460 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    21:16:52.0953 1460 WfpLwf - ok
    21:16:52.0969 1460 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    21:16:52.0969 1460 WIMMount - ok
    21:16:52.0984 1460 WinDefend - ok
    21:16:52.0984 1460 WinHttpAutoProxySvc - ok
    21:16:53.0016 1460 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    21:16:53.0031 1460 Winmgmt - ok
    21:16:53.0078 1460 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
    21:16:53.0109 1460 WinRM - ok
    21:16:53.0156 1460 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    21:16:53.0156 1460 WinUsb - ok
    21:16:53.0172 1460 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    21:16:53.0187 1460 Wlansvc - ok
    21:16:53.0187 1460 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    21:16:53.0187 1460 WmiAcpi - ok
    21:16:53.0203 1460 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    21:16:53.0203 1460 wmiApSrv - ok
    21:16:53.0218 1460 WMPNetworkSvc - ok
    21:16:53.0234 1460 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    21:16:53.0234 1460 WPCSvc - ok
    21:16:53.0250 1460 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    21:16:53.0250 1460 WPDBusEnum - ok
    21:16:53.0265 1460 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    21:16:53.0281 1460 ws2ifsl - ok
    21:16:53.0312 1460 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
    21:16:53.0312 1460 wscsvc - ok
    21:16:53.0312 1460 WSearch - ok
    21:16:53.0390 1460 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    21:16:53.0406 1460 wuauserv - ok
    21:16:53.0437 1460 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    21:16:53.0437 1460 WudfPf - ok
    21:16:53.0452 1460 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:16:53.0452 1460 WUDFRd - ok
    21:16:53.0468 1460 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    21:16:53.0468 1460 wudfsvc - ok
    21:16:53.0484 1460 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    21:16:53.0499 1460 WwanSvc - ok
    21:16:53.0530 1460 ================ Scan global ===============================
    21:16:53.0546 1460 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    21:16:53.0577 1460 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
    21:16:53.0577 1460 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
    21:16:53.0608 1460 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    21:16:53.0624 1460 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    21:16:53.0624 1460 [Global] - ok
    21:16:53.0624 1460 ================ Scan MBR ==================================
    21:16:53.0655 1460 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    21:16:53.0764 1460 \Device\Harddisk0\DR0 - ok
    21:16:53.0764 1460 ================ Scan VBR ==================================
    21:16:53.0780 1460 [ B500B05005FFF3872CC13A7D176C531B ] \Device\Harddisk0\DR0\Partition1
    21:16:53.0780 1460 \Device\Harddisk0\DR0\Partition1 - ok
    21:16:53.0780 1460 [ 359DFC2FEAD303787C79170B040CE9DD ] \Device\Harddisk0\DR0\Partition2
    21:16:53.0780 1460 \Device\Harddisk0\DR0\Partition2 - ok
    21:16:53.0811 1460 [ 1DCD00F7961C9059EFBD44E74902AD78 ] \Device\Harddisk0\DR0\Partition3
    21:16:53.0811 1460 \Device\Harddisk0\DR0\Partition3 - ok
    21:16:53.0811 1460 ============================================================
    21:16:53.0811 1460 Scan finished
    21:16:53.0811 1460 ============================================================
    21:16:53.0811 2904 Detected object count: 0
    21:16:53.0811 2904 Actual detected object count: 0
     
  7. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Possibly you're getting reinfected because you didn't have any AV program running.
    Good news though.

    I want you to re-run Rogue Killer (my post #7) and then Combofix.
    Post both logs.
     
  8. jestein

    jestein TS Rookie Topic Starter Posts: 48

    RogueKiller V8.1.0 [09/28/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : Admin [Admin rights]
    Mode : Remove -- Date : 10/15/2012 21:39:00

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\Users\Default\NTUSER.DAT
    -> D:\Users\Default User\NTUSER.DAT
    -> D:\Users\Lindsay\NTUSER.DAT
    -> D:\Documents and Settings\Default\NTUSER.DAT
    -> D:\Documents and Settings\Default User\NTUSER.DAT

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG HD103SI ATA Device +++++
    --- User ---
    [MBR] 83705addbb90ef4f12d411fa1c7315cc
    [BSP] 2d8320b323186d1f9d69d6abd392dc56 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 400000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 819406848 | Size: 553767 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  9. jestein

    jestein TS Rookie Topic Starter Posts: 48

    ComboFix 12-10-16.02 - Admin 10/15/2012 21:43:40.5.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3838.2446 [GMT -7:00]
    Running from: c:\users\Admin\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Admin\AppData\Roaming\DefaultTab\DefaultTab
    c:\users\Admin\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
    c:\users\Admin\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
    c:\users\Admin\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    c:\users\Admin\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
    c:\users\Admin\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
    c:\users\Admin\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
    c:\users\Admin\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    c:\users\Admin\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
    c:\users\Admin\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    c:\windows\SysWow64\msstdfmt.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_DefaultTabUpdate
    -------\Service_DefaultTabUpdate
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
    .
    .
    2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iPod
    2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iTunes
    2099-10-22 12:04 . 2002-01-01 18:14 -------- d-----w- c:\program files (x86)\iTunes
    2099-10-22 12:03 . 2012-04-14 02:09 -------- d-----w- c:\program files\Bonjour
    2099-10-22 12:03 . 2012-04-14 02:08 -------- d-----w- c:\program files (x86)\Bonjour
    2012-10-16 05:01 . 2012-10-16 05:01 -------- d-----w- c:\users\Admin\AppData\Local\VirtualStore
    2012-10-16 04:56 . 2012-10-16 04:56 -------- d-----w- c:\users\postgres\AppData\Local\temp
    2012-10-16 04:56 . 2012-10-16 04:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-16 04:36 . 2012-10-16 04:36 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
    2012-10-16 04:36 . 2012-10-16 04:36 -------- d-----w- c:\programdata\W3i
    2012-10-16 04:36 . 2012-10-16 04:36 -------- d-----w- c:\program files (x86)\W3i
    2012-10-16 04:35 . 2012-10-16 04:35 -------- d-----w- c:\program files (x86)\Consumer Input
    2012-10-16 04:35 . 2012-10-16 04:51 -------- d-----w- c:\users\Admin\AppData\Roaming\DefaultTab
    2012-10-16 04:35 . 2012-10-16 04:35 -------- d-----w- c:\programdata\WeCareReminder
    2012-10-15 04:09 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-10-15 04:09 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-10-15 04:09 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-10-15 04:09 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-10-15 04:09 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-15 04:09 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-10-15 04:09 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-10-15 04:08 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
    2012-10-15 04:08 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-10-14 18:40 . 2012-10-14 18:40 -------- d-----w- c:\program files (x86)\Apple Software Update
    2012-10-10 04:05 . 2012-10-15 04:08 -------- d-----w- c:\programdata\AVAST Software
    2012-10-10 04:05 . 2012-10-15 04:08 -------- d-----w- c:\program files\AVAST Software
    2012-10-10 03:27 . 2012-10-10 03:27 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
    2012-10-10 03:27 . 2012-10-10 03:27 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-10-10 03:27 . 2012-10-10 03:27 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-10-09 04:57 . 2012-10-16 04:58 -------- d-----w- c:\users\Lindsay\AppData\Local\temp
    2012-10-04 23:39 . 2012-10-10 03:43 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-10-04 23:39 . 2012-10-10 03:27 2288608 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2012-10-04 23:39 . 2012-10-10 03:27 68576 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
    2012-10-04 23:39 . 2012-10-10 03:27 192600 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-10-04 23:39 . 2012-10-10 03:27 114144 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-10-04 05:44 . 2012-10-04 05:44 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics
    2012-10-04 05:34 . 2012-10-04 05:34 -------- d-----w- c:\program files (x86)\Rosetta Stone
    2012-10-04 05:34 . 2012-10-04 05:34 -------- d-----w- c:\programdata\RosettaStoneLtdBackup
    2012-10-03 06:32 . 2012-10-03 06:32 -------- d-----w- c:\programdata\FLEXnet
    2012-10-03 06:26 . 2012-10-03 06:26 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
    2012-10-03 06:23 . 2012-10-04 05:34 -------- d-----w- c:\programdata\Rosetta Stone
    2012-10-03 06:07 . 2012-10-10 04:10 -------- d-----w- c:\users\Admin\AppData\Local\Google
    2012-10-03 06:07 . 2012-10-10 04:08 -------- d-----w- c:\program files (x86)\Google
    2012-10-03 06:07 . 2012-10-03 06:07 -------- d-----w- c:\program files (x86)\GUM17D5.tmp
    2012-10-02 03:58 . 2012-10-02 03:58 -------- d-----w- C:\FRST
    2012-09-30 01:35 . 2012-09-30 01:35 -------- d-----w- c:\users\Admin\AppData\Local\Apple Computer
    2012-09-28 04:15 . 2012-09-28 04:15 -------- d-----w- c:\users\Admin\AppData\Local\VideoDownloadConverter_4z
    2012-09-28 02:43 . 2012-09-28 02:43 -------- d-----w- c:\program files (x86)\VideoDownloadConverter_4z
    2012-09-28 01:59 . 2012-09-28 01:59 -------- d-----w- c:\users\Admin\AppData\Local\Panasonic
    2012-09-27 05:31 . 2012-10-10 03:47 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-09-17 00:54 . 2012-09-17 00:54 -------- d-----w- c:\users\Lindsay\AppData\Local\Utimaco
    2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Utimaco
    2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Sophos
    2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Common Files\Business Objects
    2012-09-17 00:52 . 2012-09-17 00:53 -------- d-----w- c:\program files\Sophos
    2012-09-17 00:50 . 2010-09-19 18:54 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
    2012-09-17 00:50 . 2010-09-19 18:54 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
    2012-09-17 00:50 . 2010-09-17 19:33 108376 ----a-w- c:\windows\system32\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
    2012-09-17 00:50 . 2010-09-17 17:16 72536 ----a-w- c:\windows\SysWow64\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
    2012-09-17 00:49 . 2012-09-17 00:49 -------- d-----w- c:\windows\system32\RsFx
    2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
    2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
    2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\SysWow64\1033
    2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\system32\1033
    2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft.NET
    2012-09-17 00:46 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
    2012-09-17 00:45 . 2012-09-17 00:49 -------- d-----w- c:\program files\Microsoft SQL Server
    2012-09-17 00:44 . 2012-10-16 05:00 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
    2012-09-17 00:43 . 2012-09-17 00:43 -------- d-----w- c:\windows\system32\msmq
    2012-09-17 00:42 . 2012-09-17 00:42 -------- d-----w- c:\program files (x86)\Business Objects
    2012-09-17 00:40 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Sophos
    2012-09-17 00:39 . 2012-09-17 00:39 -------- d-----w- C:\sec_51
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-09 05:12 . 2012-04-14 02:26 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 05:12 . 2012-02-04 22:08 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-13 03:34 . 2012-09-13 03:35 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-09-13 03:34 . 2011-04-24 00:55 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-09-08 00:04 . 2011-03-02 03:08 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll" [BU]
    .
    [HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 5664640]
    "UninstallHelper"="c:\program files (x86)\W3i\UninstallHelper\UninstallHelper.exe" [2012-10-12 898200]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
    "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    .
    c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
    EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    PHOTOfunSTUDIO 5.0.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-1-11 172544]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-10 114144]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-09-19 61976]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 SQLAgent$SOPHOS;SQL Server Agent (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-26 140672]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
    S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]
    S2 MSSQL$SOPHOS;SQL Server (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\sqlservr.exe [2010-09-17 57966424]
    S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
    S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-04-17 36864]
    S2 Sophos Certification Manager;Sophos Certification Manager;c:\program files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe [2011-10-18 77824]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-05 694376]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 05:12]
    .
    2012-10-16 c:\windows\Tasks\Sophos Patch Feed.job
    - c:\program files\Sophos\Patch\PatchDataLoader\PatchDataLoader.exe [2012-04-27 23:40]
    .
    2012-10-14 c:\windows\Tasks\Sophos Patch Purge.job
    - c:\program files\Sophos\Patch\SQL Tasks\SQLTasks.exe [2012-04-27 23:40]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: jcatsdefender.com\caaoc
    Trusted Zone: jcatsdefender.com\traincaaoc
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{C2E68E71-4D89-4571-ADDE-07B7D237543A}\E4544574541425D22343D274: NameServer = 208.67.222.222,208.67.220.220
    FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=6F2055D6-ADB1-4FDC-94C0-8138DA23D0F4&n=77ee1931&ind=2012092721&p2=^HJ^xdm003^S03103^us&si=CNu90_qf17ICFURxQgodmgQAmg&searchfor=
    FF - ExtSQL: 2012-09-12 20:35; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    FF - ExtSQL: 2012-09-27 21:15; 4zffxtbr@VideoDownloadConverter_4z.com; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com
    FF - ExtSQL: 2012-10-09 21:05; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
    FF - ExtSQL: 2012-10-15 21:35; ConsumerInput@Compete; c:\program files (x86)\Consumer Input\Firefox\src
    FF - ExtSQL: 2012-10-15 21:36; addon@defaulttab.com; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\extensions\addon@defaulttab.com.xpi
    FF - ExtSQL: 2012-10-15 21:36; wecarereminder@bryan; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\extensions\wecarereminder@bryan
    FF - ExtSQL: !HIDDEN! 2012-09-27 21:12; 4zffxtbr@VideoDownloadConverter_4z.com; c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Admin\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    SafeBoot-02332446.sys
    SafeBoot-26916800.sys
    SafeBoot-88837595.sys
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    AddRemove-DefaultTab - c:\users\Admin\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
    --
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Sophos Message Router]
    "ImagePath"="\"c:\program files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
    c:\program files (x86)\Sophos\Encryption\BLService.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\program files (x86)\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
    c:\program files (x86)\Sophos\Enterprise Console\MgntSvc.exe
    c:\program files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
    c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-15 22:22:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-16 05:21
    ComboFix2.txt 2012-10-09 04:57
    ComboFix3.txt 2012-10-04 20:23
    ComboFix4.txt 2012-10-03 05:49
    .
    Pre-Run: 484,488,781,824 bytes free
    Post-Run: 484,390,653,952 bytes free
    .
    - - End Of File - - AEE1AC48D9E54641BAA6EF324E2B7D12
     
  10. jestein

    jestein TS Rookie Topic Starter Posts: 48

    Mywebsearch is gone.
     
  11. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Good :)

    Any current issues?

    =========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
     
  12. jestein

    jestein TS Rookie Topic Starter Posts: 48

    No issues that I notice.

    OTL Extras logfile created on: 10/16/2012 4:59:43 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.87 Gb Available Physical Memory | 76.61% Memory free
    7.49 Gb Paging File | 5.66 Gb Available in Paging File | 75.55% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 540.78 Gb Total Space | 449.97 Gb Free Space | 83.21% Space Free | Partition Type: NTFS
    Drive D: | 390.62 Gb Total Space | 371.90 Gb Free Space | 95.21% Space Free | Partition Type: NTFS
    Drive E: | 149.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: LINDSAY-PC | User Name: Admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1039221757-4152704121-570408990-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-21-1039221757-4152704121-570408990-1002\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{0702A110-0E31-4B4C-B3A9-775019C6E9AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{1399650D-2D02-43A7-8B14-9A1C8B9EEBD6}" = rport=445 | protocol=6 | dir=out | app=system |
    "{1528A5DF-889D-4A62-A04B-8F127C6B7989}" = lport=9709 | protocol=17 | dir=in | name=bitcomet 9709 udp |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{217BE598-3709-4F6A-B1D7-FC67AA0154E9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2ACCB384-2A02-48C7-A6AE-7C0091AC2B30}" = rport=139 | protocol=6 | dir=out | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2FBD5F52-244C-4BE1-9585-2ECB9B14CB23}" = rport=138 | protocol=17 | dir=out | app=system |
    "{31DE2E56-58CE-4760-8533-C68C1F17B68C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{488D9F42-DED8-41B1-A301-426F3996A62C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6362E7DF-A4FC-4D00-BC24-8C8DF68E2921}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6A9948D9-AB2B-4612-A98C-3A22BDEF1CA1}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{746DC6E7-F0D6-401F-970F-B802AB660D4C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{7EB1E94D-085C-4CC2-B531-E59B106A91A7}" = lport=139 | protocol=6 | dir=in | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8FE2E637-59C8-451D-B3C8-E20E3CA96AB1}" = lport=5432 | protocol=6 | dir=in | name=postgres |
    "{93B669E6-1579-4A54-914E-0671D8E54FC1}" = rport=137 | protocol=17 | dir=out | app=system |
    "{94257130-0314-4615-A7C4-A18C6DAC2CD0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{97C698D4-6A4D-45D7-8ADF-E2233BF6C003}" = lport=9709 | protocol=6 | dir=in | name=bitcomet 9709 tcp |
    "{9A8FFF14-577B-4189-95A3-22D608259801}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{A877CB4C-11D5-492C-91D8-B64ACC4FA5DF}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
    "{AC69F03F-EF92-4DAB-857D-A8692337D272}" = lport=138 | protocol=17 | dir=in | app=system |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BDE10D9B-0D86-4C21-A23F-EB941931656C}" = lport=445 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C0A2DAFA-9792-4A17-8D4D-7AB20B0524BA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C562CD28-E4B1-478F-8971-0B95EB8A81A7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{C861EF2A-F35A-48AF-B708-EAE091F7C168}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C8C6D940-2990-4E5E-B204-1D9FB4A18D2C}" = lport=137 | protocol=17 | dir=in | app=system |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D22F300D-E395-407A-B49E-6CD638C4334B}" = lport=9709 | protocol=6 | dir=in | name=bitcomet 9709 tcp |
    "{DD8C7D88-6DCD-4D4F-8E5D-C3AC076F01A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{EA6E66B9-5EC1-4113-9000-F3DA2A6FE1F3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{EE7DB35C-76A5-48D2-823F-5E21B79B6CC7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F115B0FA-E6A4-4842-965C-8892DF4ECD56}" = lport=9709 | protocol=17 | dir=in | name=bitcomet 9709 udp |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{00571C40-2A19-47AA-B81A-B3635A5D3A07}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{19BA1779-0FAF-4364-B826-83A0AB2245EE}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone v3\rosettastoneversion3.exe |
    "{1D4C4372-7E34-42C5-B895-46540F70F192}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{1EC09AE1-13DE-491F-9129-3B2064E33914}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{24124D40-F7D3-4625-92D2-C58C21A72655}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
    "{2515AE4A-A362-427E-ACFD-B1B2D2690AA6}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
    "{368CAB6D-7B60-4CAA-BE6C-10399ACC422B}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
    "{3CA7CB42-AAAD-4529-9318-0F68E525FB27}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{4171ED4F-8948-4CAD-834C-9605BEE9C24A}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{46C55FEB-557F-42D1-992B-0FE6DBCE2E8D}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{4F87A8FD-7F92-45C7-830D-4C55AFFADBAB}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "{526E03C1-B697-4E6F-8FA4-97150BAA0F15}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{56F40DF8-0369-42FB-A67D-2FD5C8D20014}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{5BD1D20F-94AD-48BC-B17F-F1147ABDCCA4}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{620E41F2-747B-405D-B10F-44CF3CCAD504}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6D3E5E8A-CF4D-44EA-B9F0-87C32F6960B1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{6E06E98B-58DA-4655-B878-70DF272E0E0B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{6F99B3E5-9159-4D7B-8733-D11F2D89BD1E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{817CDD03-72B7-4C60-96A8-D6AF2E7691AC}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
    "{86122F4B-9BA3-4AEE-B139-13E728AED7F4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8CBFD338-406D-448B-9B49-264A7D1BA861}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "{8E69194B-CF13-4E0B-BC54-5B197071A2D1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
    "{994965BF-92C5-409D-99B8-28F58E4DEE3F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{9B3EF05D-9975-4698-ABF3-71CC215247D8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
    "{A031D756-9D05-4F17-B41C-C203E0008743}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
    "{A130172C-A7CE-4AA6-BE34-8BA946A98FF2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
    "{A2A87FDE-2E00-4B07-A999-7FBF817F1DFB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AAD341B4-A93B-49E6-A02A-9CFBF33A49C4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AFA8B102-48F7-493C-9A3D-E38D6601B6A7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B0CB4943-903D-43BB-AD04-259127F8037C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{BA36DFC9-452E-4BB8-8C4A-5D3F2A718B60}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{BEB351C9-6979-4EFE-933A-494C4E2CEF6A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{C38B2732-010F-49C9-816C-AE3383A9D8F0}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
    "{CB5FEB26-C200-48C4-B281-E2D64C33F91F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DC48D09D-72A2-4A2C-9D79-0E6F0CD9E490}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EF214C62-5648-4C8F-B554-A9A3EB3F6095}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone v3\rosettastoneversion3.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F737E618-976F-49B3-8ADC-DBCB822CA85D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{5FE69EDB-48E1-4410-9FEB-382EFD979289}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "TCP Query User{6F74CD73-23A6-405E-9B1E-2B09E2C7BCEB}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "TCP Query User{85AACF70-2282-4263-A8C6-7D6F832FA017}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "TCP Query User{F43DFE98-9B94-4F6E-AA77-1B42CE7EDF26}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
    "UDP Query User{2C46C280-99F6-4E55-94E6-D56DA3252C02}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "UDP Query User{45A00911-1C1D-4A54-A21F-0828CF600290}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "UDP Query User{B8EE9008-91EB-4428-9835-A38302EF0D93}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
    "UDP Query User{BEB05351-6BFB-454E-97CA-B19D651439C6}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
    "{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
    "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
    "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{8125F749-B244-4F7B-811E-532165C5F2D5}" = Microsoft SQL Server 2008 RsFx Driver
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{8C7C98F1-932D-4C0C-B208-BEA206083D8B}" = Sophos Management Database
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97F39BCC-881C-48C7-B9CF-004D6C2087CE}" = Sophos Management Server
    "{C0C690C8-F335-4BA4-A2AD-675EAD1DFA90}" = Microsoft SQL Server 2008 Setup Support Files
    "{C3AF5BD8-30D5-41F5-AF61-705D98146B0F}" = Microsoft SQL Server 2008 Native Client
    "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
    "{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
    "{F991EC04-D713-466B-A70B-78D460AC85D8}" = AVG 2011
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
    "EPSON NX110 Series" = EPSON NX110 Series Printer Uninstall
    "HoldemManager" = Holdem Manager
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0B30B8D2-9DE0-4EEC-AA68-8E1E77CD8322}" = Uninstall Helper
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
    "{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
    "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
    "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{69261DCF-9029-40F4-A42C-EC83BB7788F2}_is1" = Able2Extract 7.0
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BFD42CA-460A-11E1-AE58-984BE15F174E}" = Evernote v. 4.5.3
    "{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
    "{A0062526-47A2-4B18-B33D-00B90101D21A}" = TableNinja
    "{A7ACEFBB-7E78-4F25-A786-84C2D9424FD4}" = Jcats AOC
    "{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
    "{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}" = SavetheChildren Reminder by We-Care.com v4.1.18.4
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
    "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
    "{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "7-Zip" = 7-zip v9.20
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AIM_7" = AIM 7
    "avast" = avast! Free Antivirus
    "BitComet" = BitComet 1.11
    "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
    "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "DefaultTab" = DefaultTab
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EPSON Scanner" = EPSON Scan
    "Freecorder 5.0" = Freecorder 5
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Photodex Presenter" = Photodex Presenter
    "PhotoStitch" = Canon Utilities PhotoStitch
    "PokerStars" = PokerStars
    "PostgreSQL 8.4" = PostgreSQL 8.4
    "PowerISO" = PowerISO
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
    "SitNGoWizard" = SitNGo Wizard
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Uninstall Helper 2.0.0.0" = Uninstall Helper
    "Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
    "WinRAR archiver" = WinRAR archiver
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1039221757-4152704121-570408990-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "FastROI" = FastROI
    "Lock Poker" = Lock Poker
    "RPM Poker" = RPM Poker

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1039221757-4152704121-570408990-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Consumer Input Firefox Extension" = Consumer Input Firefox Extension (remove only)

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/8/2012 11:57:26 PM | Computer Name = Lindsay-PC | Source = PostgreSQL | ID = 0
    Description = 2012-10-08 20:57:26 PDTFATAL: the database system is starting up

    Error - 10/9/2012 1:03:37 AM | Computer Name = LINDSAY-PC | Source = PostgreSQL | ID = 0
    Description = 2012-10-08 22:03:37 PDTFATAL: the database system is starting up

    Error - 10/9/2012 11:44:15 PM | Computer Name = Lindsay-PC | Source = PostgreSQL | ID = 0
    Description = 2012-10-09 20:44:15 PDTFATAL: the database system is starting up

    Error - 10/11/2012 12:59:02 AM | Computer Name = Lindsay-PC | Source = PostgreSQL | ID = 0
    Description = 2012-10-10 21:59:02 PDTFATAL: the database system is starting up

    Error - 10/11/2012 12:59:21 AM | Computer Name = Lindsay-PC | Source = Sophos Management Service | ID = 8025
    Description = There is no database connection. Management Service will be shut down.

    Error - 10/11/2012 12:59:21 AM | Computer Name = Lindsay-PC | Source = Sophos Management Service | ID = 8004
    Description = Initialization failed. Step: Creating a database connection Error: std::runtime_error
    Data:
    Cannot open database "SOPHOS51" requested by the login. The login failed.

    Error - 10/11/2012 3:11:52 AM | Computer Name = Lindsay-PC | Source = PostgreSQL | ID = 0
    Description = 2012-10-11 00:11:52 PDTFATAL: the database system is starting up

    Error - 10/15/2012 6:47:35 AM | Computer Name = Lindsay-PC | Source = PostgreSQL | ID = 0
    Description = 2012-10-15 03:47:35 PDTFATAL: the database system is starting up

    Error - 10/15/2012 11:13:29 AM | Computer Name = Lindsay-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7600.16968,
    time stamp: 0x4f4c5103 Faulting module name: aswWebRepIE.dll_unloaded, version: 0.0.0.0,
    time stamp: 0x5033506e Exception code: 0xc0000005 Fault offset: 0x62306c08 Faulting
    process id: 0x16d4 Faulting application start time: 0x01cdaae797d4450f Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    aswWebRepIE.dll Report Id: dfa11228-16da-11e2-8dc5-485b3942faf1

    Error - 10/16/2012 1:00:37 AM | Computer Name = Lindsay-PC | Source = PostgreSQL | ID = 0
    Description = 2012-10-15 22:00:37 PDTFATAL: the database system is starting up

    [ OSession Events ]
    Error - 5/21/2012 2:56:57 AM | Computer Name = Lindsay-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 361679
    seconds with 100140 seconds of active time. This session ended with a crash.

    Error - 5/21/2012 3:08:04 AM | Computer Name = Lindsay-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 646
    seconds with 600 seconds of active time. This session ended with a crash.

    Error - 5/21/2012 3:10:38 AM | Computer Name = Lindsay-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 113
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 5/21/2012 3:43:34 AM | Computer Name = Lindsay-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1966
    seconds with 1800 seconds of active time. This session ended with a crash.

    Error - 5/21/2012 3:49:21 AM | Computer Name = Lindsay-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 331
    seconds with 300 seconds of active time. This session ended with a crash.

    Error - 5/21/2012 4:00:41 AM | Computer Name = Lindsay-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 665
    seconds with 600 seconds of active time. This session ended with a crash.

    Error - 5/21/2012 4:02:45 AM | Computer Name = Lindsay-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 105
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 5/21/2012 4:04:49 AM | Computer Name = Lindsay-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 114
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 5/21/2012 4:07:21 AM | Computer Name = Lindsay-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 139
    seconds with 120 seconds of active time. This session ended with a crash.


    Error encountered while reading event logs.

    < End of report >
     
  13. jestein

    jestein TS Rookie Topic Starter Posts: 48

    OTL logfile created on: 10/16/2012 4:59:41 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.87 Gb Available Physical Memory | 76.61% Memory free
    7.49 Gb Paging File | 5.66 Gb Available in Paging File | 75.55% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 540.78 Gb Total Space | 449.97 Gb Free Space | 83.21% Space Free | Partition Type: NTFS
    Drive D: | 390.62 Gb Total Space | 371.90 Gb Free Space | 95.21% Space Free | Partition Type: NTFS
    Drive E: | 149.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: LINDSAY-PC | User Name: Admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/16 16:59:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.exe
    PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/08/21 02:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/08/21 02:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/04/29 07:05:46 | 000,012,800 | ---- | M] (Utimaco Safeware AG - a member of the Sophos Group) -- C:\Program Files (x86)\Sophos\Encryption\BLService.exe
    PRC - [2012/04/27 15:46:30 | 005,839,872 | ---- | M] (Sophos Group) -- C:\Program Files (x86)\Sophos\Enterprise Console\MgntSvc.exe
    PRC - [2011/10/18 13:53:52 | 000,282,624 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
    PRC - [2011/10/18 13:49:34 | 000,077,824 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe
    PRC - [2011/10/18 13:44:04 | 000,806,912 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe
    PRC - [2010/10/29 16:43:54 | 001,167,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
    PRC - [2010/04/16 17:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
    PRC - [2009/12/02 18:36:16 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
    PRC - [2009/09/08 00:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
    PRC - [2009/09/08 00:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    PRC - [2008/12/04 14:24:30 | 000,665,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    PRC - [2007/08/06 17:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/12 15:19:42 | 000,689,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\62abebb95a790d506d74dc0be9744b4f\System.Data.SqlServerCe.ni.dll
    MOD - [2012/05/12 15:17:23 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll
    MOD - [2012/05/12 15:17:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9e953ea4e76b62ab1c4a1874abae2961\System.Windows.Forms.ni.dll
    MOD - [2012/05/12 15:16:56 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bbf2cf8dd0409f1ccc989406e2942dac\System.Drawing.ni.dll
    MOD - [2012/05/12 15:16:40 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
    MOD - [2012/05/12 15:16:37 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
    MOD - [2012/05/12 15:16:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
    MOD - [2012/05/12 15:16:32 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
    MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/06/10 14:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2008/12/03 15:05:26 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
    MOD - [2008/11/26 11:56:02 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/25 20:30:57 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2012/08/21 02:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2012/04/27 16:40:26 | 000,061,464 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Patch\PatchServerCommunicator\PatchServerCommunicator.exe -- (SophosPatchServerCommunicator)
    SRV:64bit: - [2012/04/27 16:40:22 | 000,019,992 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Patch\PatchEndpointOrchestrator\PatchEndpointOrchestrator.exe -- (SophosPatchOrchestratorService)
    SRV:64bit: - [2012/04/27 16:40:18 | 000,151,064 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Patch\PatchEndpointCommunicator\PatchEndpointCommunicator.exe -- (SophosPatchEndpointCommunicator)
    SRV:64bit: - [2012/04/27 15:18:44 | 000,009,728 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Enterprise Console\Sophos.FrontEnd.Service.exe -- (SophosManagementHostService)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/07/13 18:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
    SRV - [2012/10/10 18:05:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/08 22:12:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/10/03 22:34:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/04/29 07:05:46 | 000,012,800 | ---- | M] (Utimaco Safeware AG - a member of the Sophos Group) [Auto | Running] -- C:\Program Files (x86)\Sophos\Encryption\BLService.exe -- (SGNBusinessLogicService)
    SRV - [2012/04/27 15:46:30 | 005,839,872 | ---- | M] (Sophos Group) [Auto | Running] -- C:\Program Files (x86)\Sophos\Enterprise Console\MgntSvc.exe -- (Sophos Management Service)
    SRV - [2011/10/18 13:53:52 | 000,282,624 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
    SRV - [2011/10/18 13:49:34 | 000,077,824 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe -- (Sophos Certification Manager)
    SRV - [2011/10/18 13:44:04 | 000,806,912 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe -- (Sophos Message Router)
    SRV - [2010/04/16 17:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
    SRV - [2009/09/08 00:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/12/16 21:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
    SRV - [2007/01/10 21:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/08/21 02:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/08/21 02:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/08/21 02:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/08/21 02:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/08/21 02:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/08/21 02:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/11/05 12:13:10 | 000,694,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
    DRV:64bit: - [2010/07/09 14:19:04 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
    DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
    DRV:64bit: - [2009/07/13 14:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/06/19 19:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2007/08/06 17:21:32 | 000,057,776 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E B9 DB C2 70 3A 2F 02 [binary data]
    IE - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\..\SearchScopes\{7B42D293-AD33-4E9C-BF12-F49D559D3989}: "URL" = http://search.avg.com/route/?d=4dd4...e&q={searchTerms}&lng={language}&iy=&ychte=us
    IE - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


    IE - HKU\S-1-5-21-1039221757-4152704121-570408990-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-1039221757-4152704121-570408990-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1039221757-4152704121-570408990-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 97 C6 0A B2 9B CD 01 [binary data]
    IE - HKU\S-1-5-21-1039221757-4152704121-570408990-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1039221757-4152704121-570408990-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1039221757-4152704121-570408990-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "My Web Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
    FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/myweb...3^us&si=CNu90_qf17ICFURxQgodmgQAmg&searchfor="


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
    FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin [2012/10/15 01:05:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/14 21:08:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/15 22:37:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/12 20:35:02 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ConsumerInput@Compete: C:\Program Files (x86)\Consumer Input\Firefox\src [2012/10/15 21:35:51 | 000,000,000 | ---D | M]

    [2012/08/29 21:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
    [2012/10/15 22:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\extensions
    [2012/09/27 21:15:03 | 000,009,635 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\searchplugins\my-web-search.xml
    [2012/10/15 22:37:39 | 000,001,982 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\searchplugins\search-here.xml
    [2012/10/15 22:37:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/04/13 19:08:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/09/12 20:35:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/10/14 21:08:49 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2012/10/10 18:06:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2008/11/11 00:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
    [2012/10/10 18:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/10/10 18:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========
     
  14. jestein

    jestein TS Rookie Topic Starter Posts: 48

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.92\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
    CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
    CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
    CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: avast! WebRep = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
    CHR - Extension: Gmail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/10/15 22:01:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Admin\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (VideoDownloadConverter) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll File not found
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
    O4 - HKU\S-1-5-21-1039221757-4152704121-570408990-1000..\Run: [EPSON NX110 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBA.EXE /FU "C:\Windows\TEMP\E_S3763.tmp" /EF "HKCU" File not found
    O4 - HKU\S-1-5-21-1039221757-4152704121-570408990-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-1039221757-4152704121-570408990-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1039221757-4152704121-570408990-1002..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-1039221757-4152704121-570408990-1002..\Run: [UninstallHelper] C:\Program Files (x86)\W3i\UninstallHelper\UninstallHelper.exe (W3i, LLC)
    O4 - HKU\S-1-5-21-1039221757-4152704121-570408990-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-1039221757-4152704121-570408990-1001..\RunOnce: [spchecker] C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe ()
    O4 - Startup: C:\Users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
    O4 - Startup: C:\Users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1039221757-4152704121-570408990-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1039221757-4152704121-570408990-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1039221757-4152704121-570408990-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1039221757-4152704121-570408990-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKLM\..Trusted Domains: jcatsdefender.com ([caaoc] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: jcatsdefender.com ([caaoc] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: jcatsdefender.com ([traincaaoc] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: jcatsdefender.com ([traincaaoc] https in Trusted sites)
    O15 - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\..Trusted Domains: jcatsdefender.com ([caaoc] http in Trusted sites)
    O15 - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\..Trusted Domains: jcatsdefender.com ([caaoc] https in Trusted sites)
    O15 - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\..Trusted Domains: jcatsdefender.com ([traincaaoc] http in Trusted sites)
    O15 - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\..Trusted Domains: jcatsdefender.com ([traincaaoc] https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2E68E71-4D89-4571-ADDE-07B7D237543A}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/07/27 01:48:24 | 000,000,040 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [4103/10/08 00:18:11 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2099/10/22 05:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2099/10/22 05:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2099/10/22 05:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2099/10/22 05:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2099/10/22 05:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2099/10/22 05:03:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2099/10/22 05:03:05 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/10/15 22:36:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/10/15 22:32:01 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/10/15 22:01:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\VirtualStore
    [2012/10/15 21:36:09 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
    [2012/10/15 21:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\W3i
    [2012/10/15 21:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\W3i
    [2012/10/15 21:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Helper
    [2012/10/15 21:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Consumer Input
    [2012/10/15 21:35:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\DefaultTab
    [2012/10/15 21:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
    [2012/10/14 21:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/10/14 21:09:20 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/10/14 21:09:19 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/10/14 21:09:16 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/10/14 21:09:13 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/10/14 21:09:10 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/10/14 21:09:02 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/10/14 21:09:01 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/10/14 21:08:40 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/10/14 21:08:40 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/10/14 11:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2012/10/09 21:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/10/09 21:05:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/10/08 21:40:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/08 21:27:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/04 16:39:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/10/04 16:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/10/03 22:44:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\ElevatedDiagnostics
    [2012/10/03 22:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
    [2012/10/03 22:34:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rosetta Stone
    [2012/10/03 22:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\RosettaStoneLtdBackup
    [2012/10/02 23:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
    [2012/10/02 23:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
    [2012/10/02 23:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
    [2012/10/02 23:07:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Google
    [2012/10/02 23:07:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2012/10/02 21:07:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/02 21:07:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/02 21:06:46 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/02 21:06:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/02 20:58:55 | 004,981,258 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
    [2012/10/01 20:58:23 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/09/29 18:35:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple Computer
    [2012/09/27 21:15:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\VideoDownloadConverter_4z
    [2012/09/27 19:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoDownloadConverter_4z
    [2012/09/27 19:00:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\RK_Quarantine
    [2012/09/27 18:59:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Panasonic
    [2012/09/26 22:31:47 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/09/26 22:29:52 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\TDSSKiller.exe
    [2012/09/26 22:29:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2012/09/16 17:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Utimaco
    [2012/09/16 17:53:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
    [2012/09/16 17:53:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Business Objects
    [2012/09/16 17:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
    [2012/09/16 17:49:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx
    [2012/09/16 17:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
    [2012/09/16 17:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
    [2012/09/16 17:48:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
    [2012/09/16 17:48:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
    [2012/09/16 17:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2012/09/16 17:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
    [2012/09/16 17:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
    [2012/09/16 17:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
    [2012/09/16 17:43:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\msmq
    [2012/09/16 17:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects
    [2012/09/16 17:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
    [2012/09/16 17:39:20 | 000,000,000 | ---D | C] -- C:\sec_51
    [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2099/10/22 05:04:42 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/10/16 16:55:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Sophos Patch Feed.job
    [2012/10/16 16:49:30 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/16 16:49:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/16 02:00:00 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\Sophos Patch Purge.job
    [2012/10/15 22:37:30 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/10/15 22:07:50 | 000,809,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/15 22:07:50 | 000,683,338 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/15 22:07:50 | 000,128,422 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/15 22:06:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/15 22:06:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/15 22:01:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/15 21:59:52 | 3018,465,280 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/15 21:40:24 | 004,981,258 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
    [2012/10/15 21:02:56 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Desktop\MBR.dat
    [2012/10/14 21:09:21 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/10/14 21:09:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/10/12 17:27:22 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\TDSSKiller.exe
    [2012/10/09 20:43:46 | 455,699,991 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/09/25 22:49:33 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/09/16 17:53:55 | 000,017,486 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\services
    [2012/09/16 17:44:27 | 000,262,144 | ---- | M] () -- C:\Windows\ocsetup_install_MSMQ-Container;MSMQ-Server.etl
    [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2099/10/22 05:04:42 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/10/15 21:01:11 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR.dat
    [2012/10/14 21:09:21 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/10/14 21:09:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/10/02 23:14:34 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/10/02 23:14:34 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/10/02 21:07:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/02 21:07:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/02 21:07:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/02 21:07:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/02 21:07:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/16 17:55:45 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\Sophos Patch Purge.job
    [2012/09/16 17:55:41 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Sophos Patch Feed.job
    [2012/09/16 17:42:38 | 000,262,144 | ---- | C] () -- C:\Windows\ocsetup_install_MSMQ-Container;MSMQ-Server.etl
    [2012/02/04 17:32:43 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
    [2012/01/04 20:01:47 | 000,006,160 | -HS- | C] () -- C:\ProgramData\148wl81cw72u12151025pwdnof4e525rjf7uj88446x
    [2011/12/29 18:37:11 | 000,013,362 | -HS- | C] () -- C:\ProgramData\qej17wi58ii2gqgfuwhl155625h6ctk508k78epjxu3
    [2011/04/17 18:33:02 | 000,000,160 | ---- | C] () -- C:\ProgramData\~44883720r
    [2011/02/12 23:29:04 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/01/11 00:09:59 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
    [2011/01/11 00:09:59 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
    [2011/01/11 00:09:59 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
    [2010/12/25 15:34:16 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
    [2010/12/24 20:17:16 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
    [2010/12/24 20:17:16 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
    [2010/12/24 20:17:16 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
    [2010/12/24 20:17:16 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
    [2010/12/24 20:17:16 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
    [2010/12/24 20:17:16 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
    [2010/12/24 20:17:16 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
    [2010/12/24 20:17:16 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
    [2010/12/24 20:17:16 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
    [2010/12/24 20:17:16 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
    [2010/12/24 20:17:16 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
    [2010/12/24 20:17:16 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
    [2010/12/24 20:17:16 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
    [2010/12/24 20:17:16 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
    [2010/12/24 20:17:16 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
    [2010/12/24 20:17:16 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
    [2010/12/24 20:16:33 | 000,000,071 | ---- | C] () -- C:\Windows\EPNX110.ini
    [2010/11/29 11:25:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/11/29 11:12:36 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
    [2010/11/29 10:59:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

    ========== ZeroAccess Check ==========

    [2011/11/17 00:14:10 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{af8d9e4c-5382-0699-1de2-5974c5427e62}\L
    [2011/11/17 00:14:10 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{af8d9e4c-5382-0699-1de2-5974c5427e62}\U
    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 07:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 07:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 18:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/10/15 21:51:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DefaultTab
    [2012/08/29 21:57:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Epson
    [2010/12/24 18:58:19 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\acccore
    [2012/04/13 19:09:16 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\AVG10
    [2012/10/15 08:13:08 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Dropbox
    [2012/04/13 18:51:10 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Epson
    [2011/01/28 15:12:51 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\HEM Data
    [2012/08/19 16:24:49 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Juniper Networks
    [2010/12/24 20:44:00 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Leadertech
    [2011/02/22 21:48:05 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Netscape
    [2012/04/13 18:51:16 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\Sling Media
    [2011/12/15 03:09:37 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\uTorrent

    ========== Purity Check ==========



    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\system64] -> \systemroot\system32 -> Mount Point

    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
      FF - prefs.js..browser.search.defaultenginename: "My Web Search"
      FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/myweb...3^us&si=CNu90_qf17ICFURxQgodmgQAmg&searchfor="
      [2012/09/27 21:15:03 | 000,009,635 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\searchplugins\my-web-search.xml
      O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Admin\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
      O3 - HKLM\..\Toolbar: (VideoDownloadConverter) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O15 - HKLM\..Trusted Domains: jcatsdefender.com ([caaoc] http in Trusted sites)
      O15 - HKLM\..Trusted Domains: jcatsdefender.com ([caaoc] https in Trusted sites)
      O15 - HKLM\..Trusted Domains: jcatsdefender.com ([traincaaoc] http in Trusted sites)
      O15 - HKLM\..Trusted Domains: jcatsdefender.com ([traincaaoc] https in Trusted sites)
      O15 - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\..Trusted Domains: jcatsdefender.com ([caaoc] http in Trusted sites)
      O15 - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\..Trusted Domains: jcatsdefender.com ([caaoc] https in Trusted sites)
      O15 - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\..Trusted Domains: jcatsdefender.com ([traincaaoc] http in Trusted sites)
      O15 - HKU\S-1-5-21-1039221757-4152704121-570408990-1000\..Trusted Domains: jcatsdefender.com ([traincaaoc] https in Trusted sites)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2012/10/01 20:58:23 | 000,000,000 | ---D | C] -- C:\FRST
      [2012/01/04 20:01:47 | 000,006,160 | -HS- | C] () -- C:\ProgramData\148wl81cw72u12151025pwdnof4e525rjf7uj88446x
      [2011/12/29 18:37:11 | 000,013,362 | -HS- | C] () -- C:\ProgramData\qej17wi58ii2gqgfuwhl155625h6ctk508k78epjxu3
      [2011/11/17 00:14:10 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{af8d9e4c-5382-0699-1de2-5974c5427e62}\L
      [2011/11/17 00:14:10 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{af8d9e4c-5382-0699-1de2-5974c5427e62}\U
      [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 07:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 07:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 18:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      [2012/04/13 19:09:16 | 000,000,000 | ---D | M] -- C:\Users\Lindsay\AppData\Roaming\AVG10
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =============================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Still with me?
     
  17. jestein

    jestein TS Rookie Topic Starter Posts: 48

    Yes. give me a couple more days. Thanks so much for you help.
     
  18. jestein

    jestein TS Rookie Topic Starter Posts: 48

    Results of screen317's Security Check version 0.99.51
    Windows 7 x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Firewall Disabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    Java(TM) 6 Update 35
    Java version out of Date!
    Adobe Flash Player 11.4.402.287
    Adobe Reader 8 Adobe Reader out of Date!
    Mozilla Firefox (16.0.1)
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    Farbar Service Scanner Version: 19-10-2012
    Ran by Admin (administrator) on 22-10-2012 at 19:57:22
    Running from "C:\Users\Admin\Downloads"
    Microsoft Windows 7 Ultimate (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2012-05-10 18:49] - [2011-12-27 20:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-05-10 18:49] - [2012-03-30 04:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll
    [2009-07-13 17:09] - [2009-07-13 18:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll
    [2009-07-13 16:36] - [2009-07-13 18:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    # AdwCleaner v2.005 - Logfile created 10/22/2012 at 20:00:33
    # Updated 14/10/2012 by Xplode
    # Operating system : Windows 7 Ultimate (64 bits)
    # User : Admin - LINDSAY-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Admin\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\ProgramData\WeCareReminder
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
    File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\searchplugins\search-here.xml
    Folder Deleted : C:\Program Files (x86)\Ask.com
    Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
    Folder Deleted : C:\Users\Admin\AppData\Roaming\DefaultTab
    Folder Deleted : C:\Users\Lindsay\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\w4ibpzk6.default\extensions\toolbar@ask.com

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
    Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
    Key Deleted : HKCU\Software\Default Tab
    Key Deleted : HKCU\Software\DefaultTab
    Key Deleted : HKCU\Software\wecarereminder
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
    Key Deleted : HKLM\Software\Default Tab
    Key Deleted : HKLM\Software\Description
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKU\S-1-5-21-1039221757-4152704121-570408990-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7600.16385

    [OK] Registry is clean.

    -\\ Mozilla Firefox v16.0.1 (en-US)

    Profile name : default
    File : C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\w4ibpzk6.default\prefs.js

    C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\w4ibpzk6.default\user.js ... Deleted !

    Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

    Profile name : default
    File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\prefs.js

    C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\user.js ... Deleted !

    Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
    Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
    Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jht[...]
    Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
    Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
    Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=6F2055D6[...]

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [6287 octets] - [22/10/2012 20:00:33]

    ########## EOF - C:\AdwCleaner[S1].txt - [6347 octets] ##########

    C:\$RECYCLE.BIN\S-1-5-21-1039221757-4152704121-570408990-1000\$RQG88W5.exe a variant of Win32/Adware.iBryte.C application
    C:\Program Files (x86)\Freecorder 5\Uninstall\apptec-freecorder-us-dtx.exe Win32/Toolbar.Zugo application
    C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zPlugin.dll probably a variant of Win32/Toolbar.MyWebSearch application
    C:\TDSSKiller_Quarantine\03.10.2012_22.35.09\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
    C:\TDSSKiller_Quarantine\04.10.2012_12.23.58\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
    C:\TDSSKiller_Quarantine\09.10.2012_20.24.27\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
    C:\TDSSKiller_Quarantine\09.10.2012_20.26.46\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
    C:\TDSSKiller_Quarantine\09.10.2012_20.45.17\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
    C:\TDSSKiller_Quarantine\26.09.2012_22.30.30\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
    C:\TDSSKiller_Quarantine\27.09.2012_12.49.07\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
    C:\Users\Admin\Downloads\7zip_installer_d161680.exe a variant of Win32/InstallIQ application
     
  19. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ===========================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    13. Please, let me know, how your computer is doing.
     
  20. jestein

    jestein TS Rookie Topic Starter Posts: 48

    Donation sent. Thanks so much for you help.
     
  21. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    You're very welcome [​IMG]

    ...and thank you :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.