TechSpot

Laptop infected

Solved
By Jimmy99
Sep 27, 2012
  1. Hi Broni: you helped me before when the kids infected my PC at home. Now it's my laptop - it just turned on the camera, told me I'd violated FBI laws (!), that I was being filed and recorded, and asked for cash. Lovely.

    Where do I start?

    Many thanks.

    Jimmy (Can't blame the kids for this one!)

    PS I am travelling till Monday night: bear with me on replying. I'll do exactly as you tell me - but it will take till then. Thanks.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Hmmm....you should know the drill...

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    Cheers Broni: here we go. And sure enough I've got some trouble....

    This is MBAM. I'll get onto GMER now - but I'm away now tilL Monday night. Bear with me - and thanks for the help.

    2012/09/28 02:08:03 +0100 SWITH-MARS SMason MESSAGE Starting protection
    2012/09/28 02:08:03 +0100 SWITH-MARS SMason MESSAGE Protection started successfully
    2012/09/28 02:08:03 +0100 SWITH-MARS SMason MESSAGE Starting IP protection
    2012/09/28 02:08:05 +0100 SWITH-MARS SMason MESSAGE IP Protection started successfully
    2012/09/28 02:08:15 +0100 SWITH-MARS SMason MESSAGE Starting database refresh
    2012/09/28 02:08:15 +0100 SWITH-MARS SMason MESSAGE Stopping IP protection
    2012/09/28 02:08:16 +0100 SWITH-MARS SMason MESSAGE IP Protection stopped successfully
    2012/09/28 02:08:22 +0100 SWITH-MARS SMason MESSAGE Database refreshed successfully
    2012/09/28 02:08:22 +0100 SWITH-MARS SMason MESSAGE Starting IP protection
    2012/09/28 02:08:25 +0100 SWITH-MARS SMason MESSAGE IP Protection started successfully
    2012/09/28 07:20:09 +0100 SWITH-MARS SMason DETECTION C:\ProgramData\lsass.exe Trojan.Delf QUARANTINE
    2012/09/28 07:20:09 +0100 SWITH-MARS SMason ERROR Quarantine failed: DeleteFile failed with error code 5
    2012/09/28 07:20:15 +0100 SWITH-MARS SMason DETECTION C:\Users\smason\AppData\Local\Temp\wgsdgsdgdsgsd.exe Spyware.Passwords QUARANTINE
    2012/09/28 07:20:15 +0100 SWITH-MARS SMason ERROR Quarantine failed: DeleteFile failed with error code 5
    2012/09/28 07:25:29 +0100 SWITH-MARS SMason MESSAGE Starting protection
    2012/09/28 07:25:30 +0100 SWITH-MARS SMason MESSAGE Protection started successfully
    2012/09/28 07:25:30 +0100 SWITH-MARS SMason MESSAGE Starting IP protection
    2012/09/28 07:25:34 +0100 SWITH-MARS SMason MESSAGE IP Protection started successfully
    2012/09/28 07:30:36 +0100 SWITH-MARS SMason MESSAGE Starting database refresh
    2012/09/28 07:30:36 +0100 SWITH-MARS SMason MESSAGE Stopping IP protection
    2012/09/28 07:30:36 +0100 SWITH-MARS SMason MESSAGE IP Protection stopped successfully
    2012/09/28 07:30:41 +0100 SWITH-MARS SMason MESSAGE Database refreshed successfully
    2012/09/28 07:30:42 +0100 SWITH-MARS SMason MESSAGE Starting IP protection
    2012/09/28 07:30:45 +0100 SWITH-MARS SMason MESSAGE IP Protection started successfully
     
  4. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    Nothing logged for GMER Broni

    Here is DDS.txt (Attach.txt below)

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514
    Run by Swith at 7:52:28 on 2012-09-28
    Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3959.1886 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Canon\DIAS\CnxDIAS.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    C:\Program Files\WebDrive\wdService.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\InternetEverywhere\WTGService.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Protector Suite\upeksvr.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Users\smason\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
    C:\Program Files\Protector Suite\psqltray.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
    C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
    C:\Program Files (x86)\Microsoft Lync\communicator.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    C:\Program Files\Sony\VAIO Care\listener.exe
    C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Sony\VAIO Care\VCsystray.exe
    C:\Program Files\Sony\VAIO Care\VCService.exe
    C:\Program Files\Sony\VAIO Care\VCAgent.exe
    C:\Windows\System32\vds.exe
    C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BA2SXS3R\9gy71gxo[1].exe
    C:\Windows\sysWow64\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://news.bbc.co.uk/
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe"
    uRun: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe /trayicon
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [openvpn-gui] C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
    mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    dRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    StartupFolder: C:\Users\Swith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: NoWebServices = 1 (0x1)
    mPolicies-explorer: NoPublishingWizard = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 3 (0x3)
    mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: FilterAdministratorToken = 1 (0x1)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - C:\Users\smason\AppData\Local\Temp\f5tmp\urxvpn.cab
    DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - C:\Users\smason\AppData\Local\Temp\f5tmp\f5tunsrv.cab
    DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\Users\Swith\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab
    DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://connect.rbs.com/vdesk/terminal/f5InspectionHost.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {8DE0DD41-EC3C-4680-964B-D75BDAACAA2B} - hxxps://connect.rbs.com/policy/download_binary.php/win32/f5syschk.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://connect.rbs.com/vdesk/terminal/urxshost.cab
    DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - C:\Users\smason\AppData\Local\Temp\f5tmp\urxhost.cab
    TCP: Interfaces\{037E4D68-ED76-42EF-A319-26567CFDC4BD} : NameServer = 172.31.139.17 172.30.139.17
    TCP: Interfaces\{0E37588F-0867-4D56-8CF9-459548D4F801} : DhcpNameServer = 192.168.28.1
    TCP: Interfaces\{3301F999-6DD0-4576-80E4-44E76286F43C} : DhcpNameServer = 192.168.28.1
    TCP: Interfaces\{79FD073A-0267-465F-9A40-25D7BEF2BDF3} : DhcpNameServer = 192.168.28.1
    TCP: Interfaces\{9B5A6B87-D9E5-4C7F-9458-D035AEE95CF0} : NameServer = 172.30.139.17 172.31.139.17
    TCP: Interfaces\{F3E7BCBC-09AF-49F8-A1BA-BD1C77BB7D5A} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{F3E7BCBC-09AF-49F8-A1BA-BD1C77BB7D5A}\24C45554029435C414E44435 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{F3E7BCBC-09AF-49F8-A1BA-BD1C77BB7D5A}\5616374736F6163747D277966696D2C6F657E67656 : DhcpNameServer = 10.0.13.1
    TCP: Interfaces\{F3E7BCBC-09AF-49F8-A1BA-BD1C77BB7D5A}\77962756C6563737D27657563747 : DhcpNameServer = 207.126.96.248
    TCP: Interfaces\{F3E7BCBC-09AF-49F8-A1BA-BD1C77BB7D5A}\847475966496 : DhcpNameServer = 192.168.3.20
    TCP: Interfaces\{F3E7BCBC-09AF-49F8-A1BA-BD1C77BB7D5A}\A43435 : DhcpNameServer = 192.168.28.1
    TCP: Interfaces\{F3E7BCBC-09AF-49F8-A1BA-BD1C77BB7D5A}\C4F66796E63707F6F6E66657C6 : DhcpNameServer = 192.168.2.1
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: VESWinlogon - VESWinlogon.dll
    LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
    BHO-X64: Lync add-on BHO - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [openvpn-gui] C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
    mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
    R0 shpf;Sony HDD Protection Filter Driver;C:\Windows\system32\DRIVERS\shpf.sys --> C:\Windows\system32\DRIVERS\shpf.sys [?]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
    R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-19 397520]
    R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-7 55056]
    R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-7 61712]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2012-1-23 1740696]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-26 13336]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-28 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-28 676936]
    R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-9-28 2078112]
    R2 NMSAccess64;NMSAccess64;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-7-19 82872]
    R2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-3 330488]
    R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
    R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
    R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
    R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-12-22 259192]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-16 2673064]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-26 2314240]
    R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-8-16 822784]
    R2 WebDriveFSD;WebDrive Filesystem Driver;C:\Program Files\WebDrive\wdfsd.sys [2010-9-22 118872]
    R2 WTGService;WTGService;C:\Program Files (x86)\InternetEverywhere\WTGService.exe [2010-1-19 308688]
    R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
    R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);C:\Windows\system32\DRIVERS\qcfilterSny2k.sys --> C:\Windows\system32\DRIVERS\qcfilterSny2k.sys [?]
    R3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);C:\Windows\system32\DRIVERS\qcusbnetsny2k.sys --> C:\Windows\system32\DRIVERS\qcusbnetsny2k.sys [?]
    R3 qcusbsersny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);C:\Windows\system32\DRIVERS\qcusbserSny2k.sys --> C:\Windows\system32\DRIVERS\qcusbserSny2k.sys [?]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
    R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows\system32\DRIVERS\covpnv64.sys --> C:\Windows\system32\DRIVERS\covpnv64.sys [?]
    R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-1-19 571248]
    R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-12-22 44736]
    R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-19 133104]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250288]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
    S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys --> C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
    S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\system32\DRIVERS\ewusbwwan.sys --> C:\Windows\system32\DRIVERS\ewusbwwan.sys [?]
    S3 f5ipfw;F5 Networks StoneWall Filter;\??\C:\Windows\system32\drivers\urfltv64.sys --> C:\Windows\system32\drivers\urfltv64.sys [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-19 133104]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\system32\drivers\NMgamingms.sys --> C:\Windows\system32\drivers\NMgamingms.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-09-28 06:50:11 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6DBE39B-1473-4644-977D-E2D0C0464592}\mpengine.dll
    2012-09-28 06:30:13 -------- d-----w- C:\Users\Swith\AppData\Roaming\Malwarebytes
    2012-09-28 05:06:54 -------- d-----w- C:\Windows\TempD00508E5-342A-F301-3942-50148A96F1C1-Signatures
    2012-09-28 01:07:30 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-09-28 01:07:28 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-28 01:07:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-26 19:55:42 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-09-26 19:53:55 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-09-12 06:46:33 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-09-12 06:46:33 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-12 06:46:31 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-09-12 06:46:31 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-09-12 06:46:28 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-09-12 06:46:27 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-09-12 06:46:27 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-02 18:28:33 253440 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp02t.dll
    2012-09-02 17:56:48 138752 ----a-w- C:\Windows\System32\hpf3l02t.dll
    2012-09-02 17:39:56 644456 ----a-w- C:\Windows\System32\hpzids40.dll
    2012-09-02 17:39:55 906240 ----a-w- C:\Windows\System32\hpwwiax5.dll
    2012-09-02 17:39:54 1422848 ----a-w- C:\Windows\System32\hpwtiop4.dll
    2012-09-02 17:39:51 553472 ----a-w- C:\Windows\System32\hppldcoi.dll
    .
    ==================== Find3M ====================
    .
    2012-09-20 22:28:37 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-20 22:28:37 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-24 18:05:06 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 16:57:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 15:59:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 15:20:39 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
    2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    .
    ============= FINISH: 7:54:08.91 ===============

    And Attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 16/07/2010 08:15:26
    System Uptime: 28/09/2012 07:22:21 (0 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz | N/A | 1320/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 458 GiB total, 352.693 GiB free.
    D: is Removable
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: hp LaserJet 2420
    Device ID: ROOT\MULTIFUNCTION\0016
    Manufacturer:
    Name: hp LaserJet 2420
    PNP Device ID: ROOT\MULTIFUNCTION\0016
    Service:
    .
    Class GUID:
    Description: Officejet 6500 E709n
    Device ID: ROOT\MULTIFUNCTION\0018
    Manufacturer:
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\MULTIFUNCTION\0018
    Service:
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: R5C822
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#_??_RISD#DISK&VEN_RICOH&PROD_SD#MMCSTORAGE&REV_2.00#0001#
    Manufacturer: Microsoft
    Name: E:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#_??_RISD#DISK&VEN_RICOH&PROD_SD#MMCSTORAGE&REV_2.00#0001#
    Service: WUDFRd
    .
    Class GUID:
    Description: hp LaserJet 2420
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer:
    Name: hp LaserJet 2420
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID:
    Description: Officejet 6500 E709n
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer:
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    Class GUID:
    Description: AL-C9200
    Device ID: ROOT\MULTIFUNCTION\0002
    Manufacturer:
    Name: AL-C9200
    PNP Device ID: ROOT\MULTIFUNCTION\0002
    Service:
    .
    Class GUID:
    Description: Officejet 6500 E709n
    Device ID: ROOT\MULTIFUNCTION\0003
    Manufacturer:
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\MULTIFUNCTION\0003
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet 6500 E709n
    Device ID: ROOT\MULTIFUNCTION\0004
    Manufacturer: HP
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\MULTIFUNCTION\0004
    Service:
    .
    Class GUID:
    Description: HP LaserJet 1022n
    Device ID: ROOT\MULTIFUNCTION\0005
    Manufacturer:
    Name: HP LaserJet 1022n
    PNP Device ID: ROOT\MULTIFUNCTION\0005
    Service:
    .
    Class GUID:
    Description: Officejet 6500 E709n
    Device ID: ROOT\MULTIFUNCTION\0006
    Manufacturer:
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\MULTIFUNCTION\0006
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: HP Color LaserJet 2605dn
    Device ID: ROOT\MULTIFUNCTION\0007
    Manufacturer: Hewlett-Packard
    Name: HP Color LaserJet 2605dn
    PNP Device ID: ROOT\MULTIFUNCTION\0007
    Service:
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Officejet 6500 E709n
    Device ID: ROOT\IMAGE\0001
    Manufacturer: HP
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\IMAGE\0001
    Service: StillCam
    .
    Class GUID:
    Description: HP Color LaserJet 2840
    Device ID: ROOT\MULTIFUNCTION\0008
    Manufacturer:
    Name: HP Color LaserJet 2840
    PNP Device ID: ROOT\MULTIFUNCTION\0008
    Service:
    .
    Class GUID:
    Description: Officejet 6500 E709n
    Device ID: ROOT\MULTIFUNCTION\0009
    Manufacturer:
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\MULTIFUNCTION\0009
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2015 Series
    Device ID: ROOT\MULTIFUNCTION\0010
    Manufacturer:
    Name: HP LaserJet P2015 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0010
    Service:
    .
    Class GUID:
    Description: HP Color LaserJet 3800
    Device ID: ROOT\MULTIFUNCTION\0011
    Manufacturer:
    Name: HP Color LaserJet 3800
    PNP Device ID: ROOT\MULTIFUNCTION\0011
    Service:
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: R5C592
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#_??_RIMSPCI#DISK&VEN_RICOH&PROD_MEMORYSTICKSTORAGE&REV_1.00#MS0001#
    Manufacturer: Microsoft
    Name: D:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#_??_RIMSPCI#DISK&VEN_RICOH&PROD_MEMORYSTICKSTORAGE&REV_1.00#MS0001#
    Service: WUDFRd
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet 6500 E709n
    Device ID: ROOT\MULTIFUNCTION\0012
    Manufacturer: HP
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\MULTIFUNCTION\0012
    Service:
    .
    Class GUID:
    Description: Officejet Pro 8000 A809
    Device ID: ROOT\MULTIFUNCTION\0014
    Manufacturer:
    Name: Officejet Pro 8000 A809
    PNP Device ID: ROOT\MULTIFUNCTION\0014
    Service:
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: TCP/IP Protocol Driver
    Device ID: ROOT\LEGACY_TCPIP\0000
    Manufacturer:
    Name: TCP/IP Protocol Driver
    PNP Device ID: ROOT\LEGACY_TCPIP\0000
    Service: Tcpip
    .
    ==== System Restore Points ===================
    .
    RP305: 19/08/2012 21:56:33 - Windows Update
    RP306: 26/08/2012 07:55:34 - Windows Update
    RP307: 29/08/2012 19:46:54 - Windows Update
    RP308: 02/09/2012 17:28:15 - Windows Update
    RP309: 04/09/2012 06:00:49 - Windows Update
    RP310: 10/09/2012 21:09:09 - Windows Update
    RP311: 13/09/2012 06:01:25 - Windows Update
    RP312: 17/09/2012 08:23:23 - Windows Update
    RP313: 22/09/2012 19:27:08 - Windows Update
    RP314: 24/09/2012 08:38:32 - Windows Update
    RP315: 27/09/2012 06:00:15 - Windows Update
    RP316: 28/09/2012 06:00:14 - Windows Update
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    3Connect
    6500_E709_BasicWeb
    6500_E709_Help_BasicWeb
    7-Zip 9.20
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader X
    Adobe Shockwave Player 11.5
    Amazon MP3 Downloader 1.0.9
    Apple Application Support
    Apple Software Update
    ArcSoft WebCam Companion 3
    Astaro SSL VPN Client 1.7
    BBC iPlayer Desktop
    bpd_scan
    BPDSoftware_Ini
    BufferChm
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destinations
    DeviceDiscovery
    DocMgr
    DocProc
    Fax
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    GPBaseService2
    HP Update
    HPProductAssistant
    HPSSupply
    Huawei modem
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Driver
    Internet Everywhere
    Java Auto Updater
    Java(TM) 6 Update 30
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.65.0.1400
    MarketResearch
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Business 2010
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2007
    Microsoft Office Project MUI (English) 2010
    Microsoft Office Project Professional 2010
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Suite Activation Assistant
    Microsoft Office Visio 2007 Service Pack 3 (SP3)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word MUI (English) 2010
    Microsoft Project 2010 Service Pack 1 (SP1)
    Microsoft Project Professional 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Qualcomm Gobi 2000 Package for Sony
    QuickTime
    Rapport
    Realtek High Definition Audio Driver
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Setting Utility Series
    Skype™ 5.0
    SmartWebPrinting
    SolutionCenter
    Status
    T-Mobile Internet Manager
    TeamViewer 7
    Toolbox
    TrayApp
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Visio 2007 Help (KB963666)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    VAIO Care
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO Event Service
    VAIO Gate
    VAIO Gate Default
    VAIO Hardware Diagnostics
    VAIO Power Management
    VAIO Premium Partners
    VAIO screensaver
    VAIO Smart Network
    VAIO Transfer Support
    VAIO Update
    VAIO Wallpaper Contents
    VU5x86
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    28/09/2012 07:27:06, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
    28/09/2012 07:25:19, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
    28/09/2012 07:24:35, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {10DA4F3C-CC99-4190-BE4D-58330754E882} and APPID {7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    28/09/2012 07:24:33, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    28/09/2012 07:24:33, Error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
    28/09/2012 07:24:00, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    28/09/2012 07:22:59, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.
    28/09/2012 07:22:55, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain MCHJ due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    28/09/2012 07:22:52, Error: Service Control Manager [7000] - The Mobile IP Route Manager service failed to start due to the following error: This driver has been blocked from loading
    28/09/2012 07:22:52, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\mdvrmng.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    28/09/2012 06:13:06, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Security Essentials Client Update Package - KB2754296.
    28/09/2012 01:15:14, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.536.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    27/09/2012 18:32:00, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
    21/09/2012 06:32:25, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.
    21/09/2012 06:32:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    MBAM log is incorrect.
    Please redo.

    Next....

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  6. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    Broni: I've redone the quick scan as requested for MBAM. Here's the file (the other coming afterwards). Cheers.

    (What did I get wrong first time by the way?)



    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org
    Database version: v2012.10.01.07
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Swith :: SWITH-MARS [administrator]
    Protection: Enabled
    01/10/2012 21:13:16
    mbam-log-2012-10-01 (21-13-16).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 397816
    Time elapsed: 15 minute(s), 50 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  7. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    That is correct. Go ahead with other scans....
     
  8. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    TDSSKiller log (1/2)

    21:34:56.0257 6344 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    21:34:56.0577 6344 ============================================================
    21:34:56.0577 6344 Current date / time: 2012/10/01 21:34:56.0577
    21:34:56.0577 6344 SystemInfo:
    21:34:56.0577 6344
    21:34:56.0577 6344 OS Version: 6.1.7601 ServicePack: 1.0
    21:34:56.0577 6344 Product type: Workstation
    21:34:56.0577 6344 ComputerName: SWITH-MARS
    21:34:56.0578 6344 UserName: Swith
    21:34:56.0578 6344 Windows directory: C:\Windows
    21:34:56.0578 6344 System windows directory: C:\Windows
    21:34:56.0578 6344 Running under WOW64
    21:34:56.0578 6344 Processor architecture: Intel x64
    21:34:56.0578 6344 Number of processors: 4
    21:34:56.0578 6344 Page size: 0x1000
    21:34:56.0578 6344 Boot type: Normal boot
    21:34:56.0578 6344 ============================================================
    21:34:58.0105 6344 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:34:58.0128 6344 ============================================================
    21:34:58.0128 6344 \Device\Harddisk0\DR0:
    21:34:58.0128 6344 MBR partitions:
    21:34:58.0128 6344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF6C800, BlocksNum 0x32000
    21:34:58.0128 6344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF9E800, BlocksNum 0x393E7830
    21:34:58.0128 6344 ============================================================
    21:34:58.0150 6344 C: <-> \Device\Harddisk0\DR0\Partition2
    21:34:58.0151 6344 ============================================================
    21:34:58.0151 6344 Initialize success
    21:34:58.0151 6344 ============================================================
    21:35:35.0109 7248 ============================================================
    21:35:35.0109 7248 Scan started
    21:35:35.0109 7248 Mode: Manual;
    21:35:35.0109 7248 ============================================================
    21:35:35.0318 7248 ================ Scan system memory ========================
    21:35:35.0318 7248 System memory - ok
    21:35:35.0319 7248 ================ Scan services =============================
    21:35:35.0531 7248 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    21:35:35.0537 7248 1394ohci - ok
    21:35:35.0645 7248 [ 769DB4F484957CC98153B3C1B5D1162F ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    21:35:35.0648 7248 ACDaemon - ok
    21:35:35.0708 7248 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    21:35:35.0714 7248 ACPI - ok
    21:35:35.0748 7248 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    21:35:35.0750 7248 AcpiPmi - ok
    21:35:35.0896 7248 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    21:35:35.0899 7248 AdobeFlashPlayerUpdateSvc - ok
    21:35:35.0966 7248 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    21:35:35.0977 7248 adp94xx - ok
    21:35:36.0024 7248 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    21:35:36.0031 7248 adpahci - ok
    21:35:36.0079 7248 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    21:35:36.0083 7248 adpu320 - ok
    21:35:36.0109 7248 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    21:35:36.0111 7248 AeLookupSvc - ok
    21:35:36.0157 7248 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    21:35:36.0165 7248 AFD - ok
    21:35:36.0220 7248 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    21:35:36.0223 7248 agp440 - ok
    21:35:36.0258 7248 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    21:35:36.0261 7248 ALG - ok
    21:35:36.0306 7248 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    21:35:36.0308 7248 aliide - ok
    21:35:36.0333 7248 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    21:35:36.0335 7248 amdide - ok
    21:35:36.0364 7248 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    21:35:36.0367 7248 AmdK8 - ok
    21:35:36.0414 7248 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    21:35:36.0417 7248 AmdPPM - ok
    21:35:36.0470 7248 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    21:35:36.0473 7248 amdsata - ok
    21:35:36.0523 7248 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    21:35:36.0527 7248 amdsbs - ok
    21:35:36.0556 7248 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    21:35:36.0558 7248 amdxata - ok
    21:35:36.0596 7248 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    21:35:36.0600 7248 AppID - ok
    21:35:36.0635 7248 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    21:35:36.0637 7248 AppIDSvc - ok
    21:35:36.0685 7248 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    21:35:36.0687 7248 Appinfo - ok
    21:35:36.0767 7248 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:35:36.0771 7248 Apple Mobile Device - ok
    21:35:36.0829 7248 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    21:35:36.0833 7248 AppMgmt - ok
    21:35:36.0894 7248 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    21:35:36.0917 7248 arc - ok
    21:35:36.0953 7248 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    21:35:36.0956 7248 arcsas - ok
    21:35:36.0990 7248 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    21:35:36.0992 7248 AsyncMac - ok
    21:35:37.0040 7248 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    21:35:37.0042 7248 atapi - ok
    21:35:37.0117 7248 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
    21:35:37.0140 7248 athr - ok
    21:35:37.0196 7248 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    21:35:37.0207 7248 AudioEndpointBuilder - ok
    21:35:37.0222 7248 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    21:35:37.0229 7248 AudioSrv - ok
    21:35:37.0282 7248 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    21:35:37.0286 7248 AxInstSV - ok
    21:35:37.0329 7248 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    21:35:37.0338 7248 b06bdrv - ok
    21:35:37.0381 7248 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    21:35:37.0387 7248 b57nd60a - ok
    21:35:37.0418 7248 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    21:35:37.0422 7248 BDESVC - ok
    21:35:37.0551 7248 [ 68BF3520FE759C91FD9182F36E585374 ] BecHelperService C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
    21:35:37.0577 7248 BecHelperService - ok
    21:35:37.0619 7248 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    21:35:37.0622 7248 Beep - ok
    21:35:37.0692 7248 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    21:35:37.0703 7248 BFE - ok
    21:35:37.0735 7248 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    21:35:37.0781 7248 BITS - ok
    21:35:37.0812 7248 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    21:35:37.0815 7248 blbdrive - ok
    21:35:37.0889 7248 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    21:35:37.0896 7248 Bonjour Service - ok
    21:35:37.0933 7248 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    21:35:37.0935 7248 bowser - ok
    21:35:37.0981 7248 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    21:35:37.0982 7248 BrFiltLo - ok
    21:35:38.0013 7248 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    21:35:38.0015 7248 BrFiltUp - ok
    21:35:38.0120 7248 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    21:35:38.0123 7248 Browser - ok
    21:35:38.0159 7248 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    21:35:38.0165 7248 Brserid - ok
    21:35:38.0198 7248 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    21:35:38.0200 7248 BrSerWdm - ok
    21:35:38.0226 7248 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:35:38.0228 7248 BrUsbMdm - ok
    21:35:38.0253 7248 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    21:35:38.0255 7248 BrUsbSer - ok
    21:35:38.0289 7248 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    21:35:38.0292 7248 BthEnum - ok
    21:35:38.0326 7248 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    21:35:38.0329 7248 BTHMODEM - ok
    21:35:38.0369 7248 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    21:35:38.0373 7248 BthPan - ok
    21:35:38.0423 7248 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
    21:35:38.0433 7248 BTHPORT - ok
    21:35:38.0484 7248 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    21:35:38.0487 7248 bthserv - ok
    21:35:38.0517 7248 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
    21:35:38.0526 7248 BTHUSB - ok
    21:35:38.0570 7248 [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
    21:35:38.0572 7248 btusbflt - ok
    21:35:38.0632 7248 [ 4BDBDB86ABBA924E029FB2683BE7C505 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
    21:35:38.0635 7248 btwaudio - ok
    21:35:38.0677 7248 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
    21:35:38.0680 7248 btwavdt - ok
    21:35:38.0789 7248 [ 31DA517946FFE416442E864592548F8A ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    21:35:38.0802 7248 btwdins - ok
    21:35:38.0834 7248 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
    21:35:38.0836 7248 btwl2cap - ok
    21:35:38.0874 7248 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
    21:35:38.0877 7248 btwrchid - ok
    21:35:39.0083 7248 [ ED3C668AC393224C6D3D0CB1AD100D34 ] Canon Driver Information Assist Service C:\Program Files\Canon\DIAS\CnxDIAS.exe
    21:35:39.0222 7248 Canon Driver Information Assist Service - ok
    21:35:39.0272 7248 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    21:35:39.0415 7248 cdfs - ok
    21:35:39.0475 7248 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    21:35:39.0489 7248 cdrom - ok
    21:35:39.0530 7248 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    21:35:39.0533 7248 CertPropSvc - ok
    21:35:39.0567 7248 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    21:35:39.0570 7248 circlass - ok
    21:35:39.0607 7248 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    21:35:39.0614 7248 CLFS - ok
    21:35:39.0673 7248 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:35:39.0676 7248 clr_optimization_v2.0.50727_32 - ok
    21:35:39.0702 7248 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    21:35:39.0705 7248 clr_optimization_v2.0.50727_64 - ok
    21:35:39.0778 7248 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:35:39.0781 7248 clr_optimization_v4.0.30319_32 - ok
    21:35:39.0855 7248 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    21:35:39.0858 7248 clr_optimization_v4.0.30319_64 - ok
    21:35:39.0883 7248 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    21:35:39.0885 7248 CmBatt - ok
    21:35:39.0925 7248 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    21:35:39.0927 7248 cmdide - ok
    21:35:39.0966 7248 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    21:35:39.0974 7248 CNG - ok
    21:35:40.0029 7248 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    21:35:40.0032 7248 Compbatt - ok
    21:35:40.0071 7248 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    21:35:40.0073 7248 CompositeBus - ok
    21:35:40.0094 7248 COMSysApp - ok
    21:35:40.0120 7248 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    21:35:40.0123 7248 crcdisk - ok
    21:35:40.0167 7248 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    21:35:40.0171 7248 CryptSvc - ok
    21:35:40.0210 7248 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    21:35:40.0219 7248 CSC - ok
    21:35:40.0266 7248 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    21:35:40.0277 7248 CscService - ok
    21:35:40.0338 7248 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
    21:35:40.0341 7248 ctxusbm - ok
    21:35:40.0410 7248 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    21:35:40.0421 7248 DcomLaunch - ok
    21:35:40.0450 7248 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    21:35:40.0457 7248 defragsvc - ok
    21:35:40.0487 7248 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    21:35:40.0490 7248 DfsC - ok
    21:35:40.0551 7248 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    21:35:40.0558 7248 Dhcp - ok
    21:35:40.0585 7248 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    21:35:40.0588 7248 discache - ok
    21:35:40.0632 7248 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    21:35:40.0635 7248 Disk - ok
    21:35:40.0668 7248 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    21:35:40.0672 7248 Dnscache - ok
    21:35:40.0708 7248 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    21:35:40.0714 7248 dot3svc - ok
    21:35:40.0786 7248 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    21:35:40.0790 7248 Dot4 - ok
    21:35:40.0816 7248 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
    21:35:40.0818 7248 Dot4Print - ok
    21:35:40.0861 7248 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    21:35:40.0864 7248 dot4usb - ok
    21:35:40.0906 7248 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    21:35:40.0910 7248 DPS - ok
    21:35:40.0942 7248 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    21:35:40.0944 7248 drmkaud - ok
    21:35:40.0995 7248 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    21:35:41.0011 7248 DXGKrnl - ok
    21:35:41.0043 7248 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    21:35:41.0047 7248 EapHost - ok
    21:35:41.0183 7248 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    21:35:41.0294 7248 ebdrv - ok
    21:35:41.0330 7248 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    21:35:41.0333 7248 EFS - ok
    21:35:41.0402 7248 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    21:35:41.0414 7248 ehRecvr - ok
    21:35:41.0446 7248 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    21:35:41.0449 7248 ehSched - ok
    21:35:41.0490 7248 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    21:35:41.0499 7248 elxstor - ok
    21:35:41.0511 7248 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    21:35:41.0513 7248 ErrDev - ok
    21:35:41.0563 7248 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    21:35:41.0570 7248 EventSystem - ok
    21:35:41.0656 7248 [ 51643EE2712D9212E1E53CA7E8D8EB4A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    21:35:41.0677 7248 EvtEng - ok
    21:35:41.0733 7248 [ 334C907536E815E56CD13108A6D5FB9D ] ewusbmbb C:\Windows\system32\DRIVERS\ewusbwwan.sys
    21:35:41.0741 7248 ewusbmbb - ok
    21:35:41.0762 7248 ewusbnet - ok
    21:35:41.0798 7248 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
    21:35:41.0801 7248 ew_hwusbdev - ok
    21:35:41.0829 7248 [ 55E0EDA185869F7EA67EA97FD0655B39 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
    21:35:41.0831 7248 ew_usbenumfilter - ok
    21:35:41.0859 7248 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    21:35:41.0864 7248 exfat - ok
    21:35:41.0932 7248 [ F0948686F6EF9256E0AC0BEF470EFD2A ] f5ipfw C:\Windows\system32\drivers\urfltv64.sys
    21:35:41.0944 7248 f5ipfw - ok
    21:35:41.0977 7248 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    21:35:41.0981 7248 fastfat - ok
    21:35:42.0048 7248 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    21:35:42.0061 7248 Fax - ok
    21:35:42.0090 7248 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    21:35:42.0092 7248 fdc - ok
    21:35:42.0121 7248 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    21:35:42.0124 7248 fdPHost - ok
    21:35:42.0139 7248 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    21:35:42.0141 7248 FDResPub - ok
    21:35:42.0165 7248 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    21:35:42.0168 7248 FileInfo - ok
    21:35:42.0187 7248 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    21:35:42.0189 7248 Filetrace - ok
    21:35:42.0208 7248 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    21:35:42.0210 7248 flpydisk - ok
    21:35:42.0259 7248 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    21:35:42.0265 7248 FltMgr - ok
    21:35:42.0330 7248 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    21:35:42.0348 7248 FontCache - ok
    21:35:42.0409 7248 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    21:35:42.0411 7248 FontCache3.0.0.0 - ok
    21:35:42.0438 7248 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    21:35:42.0440 7248 FsDepends - ok
    21:35:42.0475 7248 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    21:35:42.0477 7248 fssfltr - ok
    21:35:42.0581 7248 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    21:35:42.0605 7248 fsssvc - ok
    21:35:42.0673 7248 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    21:35:42.0675 7248 Fs_Rec - ok
    21:35:42.0720 7248 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    21:35:42.0724 7248 fvevol - ok
    21:35:42.0755 7248 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    21:35:42.0758 7248 gagp30kx - ok
    21:35:42.0808 7248 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:35:42.0810 7248 GEARAspiWDM - ok
    21:35:42.0867 7248 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    21:35:42.0880 7248 gpsvc - ok
    21:35:42.0966 7248 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:35:42.0969 7248 gupdate - ok
    21:35:43.0010 7248 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:35:43.0012 7248 gupdatem - ok
    21:35:43.0057 7248 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    21:35:43.0059 7248 hcw85cir - ok
    21:35:43.0111 7248 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    21:35:43.0118 7248 HdAudAddService - ok
    21:35:43.0153 7248 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    21:35:43.0157 7248 HDAudBus - ok
    21:35:43.0217 7248 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\drivers\HECIx64.sys
    21:35:43.0219 7248 HECIx64 - ok
    21:35:43.0247 7248 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    21:35:43.0249 7248 HidBatt - ok
    21:35:43.0280 7248 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    21:35:43.0283 7248 HidBth - ok
    21:35:43.0337 7248 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    21:35:43.0340 7248 HidIr - ok
    21:35:43.0365 7248 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    21:35:43.0367 7248 hidserv - ok
    21:35:43.0420 7248 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    21:35:43.0423 7248 HidUsb - ok
    21:35:43.0463 7248 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    21:35:43.0467 7248 hkmsvc - ok
    21:35:43.0509 7248 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    21:35:43.0515 7248 HomeGroupListener - ok
    21:35:43.0570 7248 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    21:35:43.0576 7248 HomeGroupProvider - ok
    21:35:43.0705 7248 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    21:35:43.0710 7248 hpqcxs08 - ok
    21:35:43.0741 7248 [ 75CC8C5146A3FB76221A7606628778D5 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    21:35:43.0744 7248 hpqddsvc - ok
    21:35:43.0788 7248 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    21:35:43.0791 7248 HpSAMD - ok
    21:35:43.0856 7248 [ 1BE48B0542C91487BB8A94BF2278F55D ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
    21:35:43.0872 7248 HPSLPSVC - ok
    21:35:43.0925 7248 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    21:35:43.0939 7248 HTTP - ok
    21:35:43.0991 7248 [ 1642C62F1FD5E1FF44608283994A7BB8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
    21:35:43.0994 7248 huawei_enumerator - ok
    21:35:44.0047 7248 [ 04D1DE1E8ACE40CA396502C90524E945 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
    21:35:44.0053 7248 hwdatacard - ok
    21:35:44.0091 7248 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    21:35:44.0093 7248 hwpolicy - ok
    21:35:44.0111 7248 hwusbdev - ok
    21:35:44.0154 7248 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    21:35:44.0157 7248 i8042prt - ok
    21:35:44.0209 7248 [ 631FA8935163B01FC0C02966CB3ADB92 ] iaStor C:\Windows\system32\drivers\iaStor.sys
    21:35:44.0215 7248 iaStor - ok
    21:35:44.0277 7248 [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    21:35:44.0279 7248 IAStorDataMgrSvc - ok
    21:35:44.0329 7248 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    21:35:44.0337 7248 iaStorV - ok
    21:35:44.0414 7248 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    21:35:44.0428 7248 idsvc - ok
    21:35:44.0667 7248 [ B36E6868CF289040795C1FA0D0FEB399 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    21:35:45.0211 7248 igfx - ok
    21:35:45.0253 7248 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    21:35:45.0256 7248 iirsp - ok
    21:35:45.0306 7248 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    21:35:45.0320 7248 IKEEXT - ok
    21:35:45.0381 7248 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\drivers\Impcd.sys
    21:35:45.0384 7248 Impcd - ok
    21:35:45.0457 7248 [ 0F144E5F46CB9043004B5E84AA4BCA6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    21:35:45.0492 7248 IntcAzAudAddService - ok
    21:35:45.0547 7248 [ 408B401CD7CDB075C7470B0FF7BA8D0B ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    21:35:45.0593 7248 IntcDAud - ok
    21:35:45.0616 7248 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    21:35:45.0618 7248 intelide - ok
    21:35:45.0655 7248 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
    21:35:45.0658 7248 intelppm - ok
    21:35:45.0709 7248 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    21:35:45.0713 7248 IPBusEnum - ok
    21:35:45.0752 7248 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:35:45.0755 7248 IpFilterDriver - ok
    21:35:45.0786 7248 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    21:35:45.0796 7248 iphlpsvc - ok
    21:35:45.0828 7248 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    21:35:45.0832 7248 IPMIDRV - ok
    21:35:45.0849 7248 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    21:35:45.0852 7248 IPNAT - ok
    21:35:45.0948 7248 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    21:35:45.0960 7248 iPod Service - ok
    21:35:46.0008 7248 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    21:35:46.0010 7248 IRENUM - ok
    21:35:46.0041 7248 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    21:35:46.0043 7248 isapnp - ok
    21:35:46.0086 7248 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    21:35:46.0091 7248 iScsiPrt - ok
    21:35:46.0153 7248 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    21:35:46.0198 7248 kbdclass - ok
    21:35:46.0244 7248 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    21:35:46.0246 7248 kbdhid - ok
    21:35:46.0263 7248 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    21:35:46.0266 7248 KeyIso - ok
    21:35:46.0297 7248 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    21:35:46.0301 7248 KSecDD - ok
    21:35:46.0322 7248 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    21:35:46.0326 7248 KSecPkg - ok
    21:35:46.0364 7248 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    21:35:46.0366 7248 ksthunk - ok
    21:35:46.0410 7248 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    21:35:46.0420 7248 KtmRm - ok
    21:35:46.0456 7248 [ B4A3A05B0F9C81D098B96AB6AA915042 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
    21:35:46.0459 7248 L1C - ok
    21:35:46.0510 7248 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    21:35:46.0517 7248 LanmanServer - ok
    21:35:46.0555 7248 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    21:35:46.0575 7248 LanmanWorkstation - ok
    21:35:46.0648 7248 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    21:35:46.0650 7248 lltdio - ok
    21:35:46.0694 7248 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    21:35:46.0702 7248 lltdsvc - ok
    21:35:46.0734 7248 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    21:35:46.0738 7248 lmhosts - ok
    21:35:46.0749 7248 lmimirr - ok
    21:35:46.0805 7248 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    21:35:46.0810 7248 LMS - ok
    21:35:46.0842 7248 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    21:35:46.0845 7248 LSI_FC - ok
    21:35:46.0877 7248 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    21:35:46.0880 7248 LSI_SAS - ok
    21:35:46.0910 7248 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    21:35:46.0913 7248 LSI_SAS2 - ok
    21:35:46.0954 7248 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    21:35:46.0957 7248 LSI_SCSI - ok
    21:35:46.0985 7248 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    21:35:46.0989 7248 luafv - ok
    21:35:47.0056 7248 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    21:35:47.0058 7248 MBAMProtector - ok
    21:35:47.0144 7248 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    21:35:47.0151 7248 MBAMScheduler - ok
    21:35:47.0215 7248 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    21:35:47.0226 7248 MBAMService - ok
    21:35:47.0239 7248 McAfee SiteAdvisor Service - ok
    21:35:47.0274 7248 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    21:35:47.0278 7248 Mcx2Svc - ok
    21:35:47.0355 7248 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    21:35:47.0361 7248 MDM - ok
    21:35:47.0397 7248 mdvrmng - ok
    21:35:47.0425 7248 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    21:35:47.0428 7248 megasas - ok
    21:35:47.0460 7248 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    21:35:47.0466 7248 MegaSR - ok
    21:35:47.0508 7248 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    21:35:47.0512 7248 MMCSS - ok
    21:35:47.0545 7248 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    21:35:47.0547 7248 Modem - ok
    21:35:47.0589 7248 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    21:35:47.0591 7248 monitor - ok
    21:35:47.0634 7248 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    21:35:47.0637 7248 mouclass - ok
    21:35:47.0681 7248 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    21:35:47.0683 7248 mouhid - ok
    21:35:47.0723 7248 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    21:35:47.0726 7248 mountmgr - ok
    21:35:47.0791 7248 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    21:35:47.0795 7248 MpFilter - ok
    21:35:47.0820 7248 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    21:35:47.0824 7248 mpio - ok
    21:35:47.0855 7248 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    21:35:47.0858 7248 mpsdrv - ok
    21:35:47.0908 7248 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    21:35:47.0923 7248 MpsSvc - ok
    21:35:47.0959 7248 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    21:35:47.0963 7248 MRxDAV - ok
    21:35:48.0007 7248 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:35:48.0012 7248 mrxsmb - ok
    21:35:48.0056 7248 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:35:48.0062 7248 mrxsmb10 - ok
    21:35:48.0104 7248 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:35:48.0108 7248 mrxsmb20 - ok
    21:35:48.0140 7248 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    21:35:48.0142 7248 msahci - ok
    21:35:48.0181 7248 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    21:35:48.0185 7248 msdsm - ok
    21:35:48.0204 7248 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    21:35:48.0209 7248 MSDTC - ok
    21:35:48.0239 7248 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    21:35:48.0241 7248 Msfs - ok
    21:35:48.0273 7248 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    21:35:48.0275 7248 mshidkmdf - ok
    21:35:48.0308 7248 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    21:35:48.0310 7248 msisadrv - ok
    21:35:48.0351 7248 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    21:35:48.0356 7248 MSiSCSI - ok
    21:35:48.0362 7248 msiserver - ok
    21:35:48.0403 7248 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    21:35:48.0405 7248 MSKSSRV - ok
    21:35:48.0489 7248 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    21:35:48.0490 7248 MsMpSvc - ok
    21:35:48.0604 7248 [ 3D9DF5C79ABE835E58DF426B14600A33 ] msoidsvc C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
    21:35:48.0637 7248 msoidsvc - ok
    21:35:48.0673 7248 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    21:35:48.0674 7248 MSPCLOCK - ok
    21:35:48.0700 7248 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    21:35:48.0702 7248 MSPQM - ok
    21:35:48.0756 7248 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    21:35:48.0762 7248 MsRPC - ok
    21:35:48.0797 7248 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    21:35:48.0799 7248 mssmbios - ok
    21:35:48.0888 7248 MSSQL$MSSMLBIZ - ok
    21:35:48.0953 7248 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    21:35:48.0955 7248 MSSQLServerADHelper - ok
    21:35:48.0996 7248 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    21:35:48.0998 7248 MSTEE - ok
    21:35:49.0032 7248 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    21:35:49.0034 7248 MTConfig - ok
    21:35:49.0057 7248 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    21:35:49.0059 7248 Mup - ok
    21:35:49.0101 7248 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    21:35:49.0111 7248 napagent - ok
    21:35:49.0150 7248 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    21:35:49.0157 7248 NativeWifiP - ok
    21:35:49.0216 7248 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    21:35:49.0230 7248 NDIS - ok
    21:35:49.0263 7248 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    21:35:49.0266 7248 NdisCap - ok
    21:35:49.0290 7248 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    21:35:49.0292 7248 NdisTapi - ok
    21:35:49.0332 7248 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    21:35:49.0334 7248 Ndisuio - ok
    21:35:49.0373 7248 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    21:35:49.0377 7248 NdisWan - ok
    21:35:49.0419 7248 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    21:35:49.0421 7248 NDProxy - ok
    21:35:49.0451 7248 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    21:35:49.0454 7248 Net Driver HPZ12 - ok
    21:35:49.0493 7248 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    21:35:49.0495 7248 NetBIOS - ok
    21:35:49.0538 7248 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    21:35:49.0543 7248 NetBT - ok
    21:35:49.0564 7248 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    21:35:49.0567 7248 Netlogon - ok
    21:35:49.0617 7248 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    21:35:49.0625 7248 Netman - ok
    21:35:49.0658 7248 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    21:35:49.0667 7248 netprofm - ok
    21:35:49.0704 7248 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:35:49.0707 7248 NetTcpPortSharing - ok
    21:35:49.0908 7248 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
    21:35:50.0077 7248 NETw5s64 - ok
    21:35:50.0138 7248 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    21:35:50.0141 7248 nfrd960 - ok
    21:35:50.0187 7248 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    21:35:50.0190 7248 NisDrv - ok
    21:35:50.0225 7248 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    21:35:50.0230 7248 NisSrv - ok
    21:35:50.0281 7248 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    21:35:50.0288 7248 NlaSvc - ok
    21:35:50.0305 7248 [ FBCA3FD51604147770EB4FB53D6144A8 ] NMgamingmsFltr C:\Windows\system32\drivers\NMgamingms.sys
    21:35:50.0307 7248 NMgamingmsFltr - ok
    21:35:50.0369 7248 [ 8ACF8E802087880B821EC985FEACCD72 ] NMSAccess64 C:\Program Files\CDBurnerXP\NMSAccessU.exe
    21:35:50.0372 7248 NMSAccess64 - ok
    21:35:50.0411 7248 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    21:35:50.0414 7248 Npfs - ok
    21:35:50.0437 7248 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    21:35:50.0441 7248 nsi - ok
     
  9. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    TDSSKiller log (2/2)

    21:35:50.0463 7248 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    21:35:50.0465 7248 nsiproxy - ok
    21:35:50.0539 7248 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    21:35:50.0564 7248 Ntfs - ok
    21:35:50.0601 7248 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    21:35:50.0604 7248 Null - ok
    21:35:50.0639 7248 [ AD37248BD442D41C9A896E53EB8A85EE ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    21:35:50.0642 7248 NVHDA - ok
    21:35:50.0968 7248 [ CA8447574E9DAE22250C723819D3EF96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    21:35:51.0238 7248 nvlddmkm - ok
    21:35:51.0280 7248 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    21:35:51.0284 7248 nvraid - ok
    21:35:51.0323 7248 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    21:35:51.0327 7248 nvstor - ok
    21:35:51.0380 7248 [ AD1E49BCEB5D446A271C43BFA8FD71D2 ] nvsvc C:\Windows\system32\nvvsvc.exe
    21:35:51.0387 7248 nvsvc - ok
    21:35:51.0423 7248 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    21:35:51.0426 7248 nv_agp - ok
    21:35:51.0487 7248 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    21:35:51.0494 7248 odserv - ok
    21:35:51.0534 7248 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    21:35:51.0538 7248 ohci1394 - ok
    21:35:51.0593 7248 [ 5952C16DCC36907FE09F0F39311277A1 ] OpenVPNService C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe
    21:35:51.0595 7248 OpenVPNService - ok
    21:35:51.0663 7248 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:35:51.0666 7248 ose - ok
    21:35:51.0861 7248 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    21:35:51.0986 7248 osppsvc - ok
    21:35:52.0047 7248 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    21:35:52.0078 7248 p2pimsvc - ok
    21:35:52.0108 7248 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    21:35:52.0124 7248 p2psvc - ok
    21:35:52.0160 7248 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    21:35:52.0172 7248 Parport - ok
    21:35:52.0213 7248 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    21:35:52.0216 7248 partmgr - ok
    21:35:52.0263 7248 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    21:35:52.0268 7248 PcaSvc - ok
    21:35:52.0302 7248 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    21:35:52.0306 7248 pci - ok
    21:35:52.0340 7248 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    21:35:52.0353 7248 pciide - ok
    21:35:52.0390 7248 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    21:35:52.0395 7248 pcmcia - ok
    21:35:52.0409 7248 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    21:35:52.0411 7248 pcw - ok
    21:35:52.0443 7248 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    21:35:52.0454 7248 PEAUTH - ok
    21:35:52.0511 7248 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    21:35:52.0534 7248 PeerDistSvc - ok
    21:35:52.0635 7248 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    21:35:52.0638 7248 PerfHost - ok
    21:35:52.0718 7248 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    21:35:52.0741 7248 pla - ok
    21:35:52.0796 7248 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    21:35:52.0805 7248 PlugPlay - ok
    21:35:52.0852 7248 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    21:35:52.0855 7248 Pml Driver HPZ12 - ok
    21:35:52.0881 7248 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    21:35:52.0885 7248 PNRPAutoReg - ok
    21:35:52.0914 7248 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    21:35:52.0920 7248 PNRPsvc - ok
    21:35:52.0976 7248 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    21:35:52.0986 7248 PolicyAgent - ok
    21:35:53.0022 7248 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    21:35:53.0028 7248 Power - ok
    21:35:53.0083 7248 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    21:35:53.0087 7248 PptpMiniport - ok
    21:35:53.0128 7248 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    21:35:53.0131 7248 Processor - ok
    21:35:53.0174 7248 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    21:35:53.0180 7248 ProfSvc - ok
    21:35:53.0197 7248 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    21:35:53.0200 7248 ProtectedStorage - ok
    21:35:53.0234 7248 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    21:35:53.0237 7248 Psched - ok
    21:35:53.0264 7248 [ FD79ACB284B6BB288C8826FFF72778E9 ] qcfilterSny2k C:\Windows\system32\DRIVERS\qcfilterSny2k.sys
    21:35:53.0266 7248 qcfilterSny2k - ok
    21:35:53.0311 7248 [ D4168D8BEBCF573B8FFB2A0C09094DA3 ] qcusbnetsny2k C:\Windows\system32\DRIVERS\qcusbnetsny2k.sys
    21:35:53.0317 7248 qcusbnetsny2k - ok
    21:35:53.0365 7248 [ 3A5625922508A972345F096CB163D55B ] qcusbsersny2k C:\Windows\system32\DRIVERS\qcusbserSny2k.sys
    21:35:53.0369 7248 qcusbsersny2k - ok
    21:35:53.0412 7248 [ 4EF14082BF62F3B23C4E35453775FE68 ] QDLService2kSony C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe
    21:35:53.0418 7248 QDLService2kSony - ok
    21:35:53.0487 7248 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    21:35:53.0510 7248 ql2300 - ok
    21:35:53.0553 7248 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    21:35:53.0557 7248 ql40xx - ok
    21:35:53.0582 7248 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    21:35:53.0588 7248 QWAVE - ok
    21:35:53.0627 7248 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    21:35:53.0630 7248 QWAVEdrv - ok
    21:35:53.0793 7248 [ 5E0459ED0A8F540D2F7B6E52DA12C9D4 ] RapportCerberus_34302 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
    21:35:53.0800 7248 RapportCerberus_34302 - ok
    21:35:53.0925 7248 [ C3C5F9517AAC5848FFB7F66040780C3C ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
    21:35:53.0927 7248 RapportEI64 - ok
    21:35:53.0963 7248 [ F6CD072AF2E424CD4FF82194E36A6F3C ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
    21:35:53.0966 7248 RapportKE64 - ok
    21:35:54.0037 7248 [ C7D3492630472DC0546715DD4157B6C2 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    21:35:54.0052 7248 RapportMgmtService - ok
    21:35:54.0096 7248 [ 819E5A7E3729273C252AE35F9E5E0BC8 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
    21:35:54.0098 7248 RapportPG64 - ok
    21:35:54.0126 7248 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    21:35:54.0128 7248 RasAcd - ok
    21:35:54.0172 7248 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:35:54.0175 7248 RasAgileVpn - ok
    21:35:54.0246 7248 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    21:35:54.0251 7248 RasAuto - ok
    21:35:54.0303 7248 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:35:54.0307 7248 Rasl2tp - ok
    21:35:54.0371 7248 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    21:35:54.0379 7248 RasMan - ok
    21:35:54.0414 7248 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    21:35:54.0417 7248 RasPppoe - ok
    21:35:54.0433 7248 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    21:35:54.0436 7248 RasSstp - ok
    21:35:54.0470 7248 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    21:35:54.0476 7248 rdbss - ok
    21:35:54.0497 7248 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    21:35:54.0499 7248 rdpbus - ok
    21:35:54.0522 7248 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:35:54.0524 7248 RDPCDD - ok
    21:35:54.0579 7248 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    21:35:54.0583 7248 RDPDR - ok
    21:35:54.0618 7248 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    21:35:54.0620 7248 RDPENCDD - ok
    21:35:54.0641 7248 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    21:35:54.0643 7248 RDPREFMP - ok
    21:35:54.0684 7248 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    21:35:54.0689 7248 RDPWD - ok
    21:35:54.0748 7248 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    21:35:54.0755 7248 rdyboost - ok
    21:35:54.0835 7248 [ 3B71B5B91E7DCA93585D5A86C897ADC4 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    21:35:54.0849 7248 RegSrvc - ok
    21:35:54.0879 7248 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    21:35:54.0883 7248 RemoteAccess - ok
    21:35:54.0923 7248 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    21:35:54.0929 7248 RemoteRegistry - ok
    21:35:55.0036 7248 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    21:35:55.0099 7248 RFCOMM - ok
    21:35:55.0152 7248 [ 5CA4ABD888B602551B59BAA26941C167 ] rimspci C:\Windows\system32\drivers\rimssne64.sys
    21:35:55.0155 7248 rimspci - ok
    21:35:55.0177 7248 [ AA7B4AC7CB1281349CD61DE067F00D5D ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys
    21:35:55.0179 7248 risdsnpe - ok
    21:35:55.0219 7248 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    21:35:55.0223 7248 RpcEptMapper - ok
    21:35:55.0246 7248 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    21:35:55.0249 7248 RpcLocator - ok
    21:35:55.0300 7248 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    21:35:55.0309 7248 RpcSs - ok
    21:35:55.0350 7248 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    21:35:55.0353 7248 rspndr - ok
    21:35:55.0395 7248 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    21:35:55.0401 7248 s3cap - ok
    21:35:55.0454 7248 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    21:35:55.0457 7248 SamSs - ok
    21:35:55.0489 7248 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    21:35:55.0492 7248 sbp2port - ok
    21:35:55.0518 7248 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    21:35:55.0525 7248 SCardSvr - ok
    21:35:55.0562 7248 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    21:35:55.0565 7248 scfilter - ok
    21:35:55.0622 7248 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    21:35:55.0641 7248 Schedule - ok
    21:35:55.0677 7248 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    21:35:55.0679 7248 SCPolicySvc - ok
    21:35:55.0722 7248 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
    21:35:55.0726 7248 sdbus - ok
    21:35:55.0761 7248 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    21:35:55.0768 7248 SDRSVC - ok
    21:35:55.0797 7248 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    21:35:55.0799 7248 secdrv - ok
    21:35:55.0837 7248 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    21:35:55.0842 7248 seclogon - ok
    21:35:55.0872 7248 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    21:35:55.0877 7248 SENS - ok
    21:35:55.0904 7248 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    21:35:55.0909 7248 SensrSvc - ok
    21:35:55.0932 7248 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    21:35:55.0934 7248 Serenum - ok
    21:35:55.0957 7248 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    21:35:55.0962 7248 Serial - ok
    21:35:56.0009 7248 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    21:35:56.0011 7248 sermouse - ok
    21:35:56.0058 7248 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    21:35:56.0063 7248 SessionEnv - ok
    21:35:56.0099 7248 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\drivers\SFEP.sys
    21:35:56.0102 7248 SFEP - ok
    21:35:56.0140 7248 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    21:35:56.0144 7248 sffdisk - ok
    21:35:56.0190 7248 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    21:35:56.0192 7248 sffp_mmc - ok
    21:35:56.0233 7248 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    21:35:56.0235 7248 sffp_sd - ok
    21:35:56.0276 7248 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    21:35:56.0280 7248 sfloppy - ok
    21:35:56.0349 7248 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    21:35:56.0357 7248 SharedAccess - ok
    21:35:56.0405 7248 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    21:35:56.0413 7248 ShellHWDetection - ok
    21:35:56.0458 7248 [ C06CCD29F5C15B610237E86F82085E77 ] shpf C:\Windows\system32\DRIVERS\shpf.sys
    21:35:56.0482 7248 shpf - ok
    21:35:56.0531 7248 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    21:35:56.0534 7248 SiSRaid2 - ok
    21:35:56.0570 7248 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    21:35:56.0573 7248 SiSRaid4 - ok
    21:35:56.0613 7248 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    21:35:56.0617 7248 Smb - ok
    21:35:56.0673 7248 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    21:35:56.0677 7248 SNMPTRAP - ok
    21:35:56.0682 7248 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    21:35:56.0685 7248 spldr - ok
    21:35:56.0727 7248 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    21:35:56.0739 7248 Spooler - ok
    21:35:56.0857 7248 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    21:35:56.0931 7248 sppsvc - ok
    21:35:56.0968 7248 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    21:35:56.0972 7248 sppuinotify - ok
    21:35:57.0041 7248 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    21:35:57.0046 7248 SQLBrowser - ok
    21:35:57.0109 7248 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    21:35:57.0113 7248 SQLWriter - ok
    21:35:57.0146 7248 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    21:35:57.0154 7248 srv - ok

    21:35:57.0194 7248 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    21:35:57.0201 7248 srv2 - ok
    21:35:57.0242 7248 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    21:35:57.0247 7248 srvnet - ok
    21:35:57.0286 7248 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    21:35:57.0293 7248 SSDPSRV - ok
    21:35:57.0312 7248 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    21:35:57.0317 7248 SstpSvc - ok
    21:35:57.0354 7248 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
    21:35:57.0356 7248 StarOpen - ok
    21:35:57.0376 7248 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    21:35:57.0378 7248 stexstor - ok
    21:35:57.0421 7248 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    21:35:57.0423 7248 StillCam - ok
    21:35:57.0468 7248 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    21:35:57.0481 7248 stisvc - ok
    21:35:57.0520 7248 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    21:35:57.0523 7248 storflt - ok
    21:35:57.0558 7248 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
    21:35:57.0563 7248 StorSvc - ok
    21:35:57.0583 7248 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    21:35:57.0597 7248 storvsc - ok
    21:35:57.0614 7248 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    21:35:57.0616 7248 swenum - ok
    21:35:57.0650 7248 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    21:35:57.0661 7248 swprv - ok
    21:35:57.0713 7248 [ 2F827BB08CC7F1A17DF2EAD7B424D731 ] SynTP C:\Windows\system32\drivers\SynTP.sys
    21:35:57.0719 7248 SynTP - ok
    21:35:57.0813 7248 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    21:35:57.0840 7248 SysMain - ok
    21:35:57.0875 7248 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    21:35:57.0880 7248 TabletInputService - ok
    21:35:57.0935 7248 [ 8E918597ABB10DCF96810B3AFAD2E9D8 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
    21:35:57.0956 7248 tap0901 - ok
    21:35:57.0993 7248 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    21:35:58.0001 7248 TapiSrv - ok
    21:35:58.0032 7248 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    21:35:58.0036 7248 TBS - ok
    21:35:58.0119 7248 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    21:35:58.0172 7248 Tcpip - ok
    21:35:58.0248 7248 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    21:35:58.0265 7248 TCPIP6 - ok
    21:35:58.0308 7248 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    21:35:58.0310 7248 tcpipreg - ok
    21:35:58.0336 7248 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    21:35:58.0339 7248 TDPIPE - ok
    21:35:58.0374 7248 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    21:35:58.0376 7248 TDTCP - ok
    21:35:58.0422 7248 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    21:35:58.0425 7248 tdx - ok
    21:35:58.0564 7248 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    21:35:58.0618 7248 TeamViewer7 - ok
    21:35:58.0659 7248 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    21:35:58.0662 7248 TermDD - ok
    21:35:58.0715 7248 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    21:35:58.0727 7248 TermService - ok
    21:35:58.0754 7248 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    21:35:58.0758 7248 Themes - ok
    21:35:58.0787 7248 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    21:35:58.0791 7248 THREADORDER - ok
    21:35:58.0828 7248 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    21:35:58.0833 7248 TrkWks - ok
    21:35:58.0889 7248 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    21:35:58.0893 7248 TrustedInstaller - ok
    21:35:58.0935 7248 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:35:58.0938 7248 tssecsrv - ok
    21:35:58.0992 7248 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    21:35:58.0995 7248 TsUsbFlt - ok
    21:35:59.0035 7248 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    21:35:59.0039 7248 tunnel - ok
    21:35:59.0060 7248 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    21:35:59.0063 7248 uagp35 - ok
    21:35:59.0100 7248 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    21:35:59.0107 7248 udfs - ok
    21:35:59.0143 7248 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    21:35:59.0147 7248 UI0Detect - ok
    21:35:59.0190 7248 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    21:35:59.0193 7248 uliagpkx - ok
    21:35:59.0242 7248 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    21:35:59.0245 7248 umbus - ok
    21:35:59.0283 7248 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
    21:35:59.0285 7248 UmPass - ok
    21:35:59.0337 7248 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    21:35:59.0343 7248 UmRdpService - ok
    21:35:59.0443 7248 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    21:35:59.0478 7248 UNS - ok
    21:35:59.0516 7248 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    21:35:59.0526 7248 upnphost - ok
    21:35:59.0575 7248 [ 24BF32234F83DF598FE3F3E114964724 ] urvpndrv C:\Windows\system32\DRIVERS\covpnv64.sys
    21:35:59.0578 7248 urvpndrv - ok
    21:35:59.0630 7248 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    21:35:59.0633 7248 USBAAPL64 - ok
    21:35:59.0664 7248 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    21:35:59.0668 7248 usbaudio - ok
    21:35:59.0698 7248 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    21:35:59.0702 7248 usbccgp - ok
    21:35:59.0726 7248 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    21:35:59.0730 7248 usbcir - ok
    21:35:59.0745 7248 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    21:35:59.0766 7248 usbehci - ok
    21:35:59.0805 7248 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    21:35:59.0812 7248 usbhub - ok
    21:35:59.0826 7248 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    21:35:59.0842 7248 usbohci - ok
    21:35:59.0874 7248 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    21:35:59.0876 7248 usbprint - ok
    21:35:59.0911 7248 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    21:35:59.0914 7248 usbscan - ok
    21:35:59.0949 7248 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:35:59.0953 7248 USBSTOR - ok
    21:35:59.0967 7248 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    21:35:59.0970 7248 usbuhci - ok
    21:36:00.0037 7248 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    21:36:00.0041 7248 usbvideo - ok
    21:36:00.0082 7248 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    21:36:00.0086 7248 UxSms - ok
    21:36:00.0175 7248 [ 6B31C9CB94927DBEEB62E15275F4CC54 ] VAIO Event Service C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
    21:36:00.0180 7248 VAIO Event Service - ok
    21:36:00.0277 7248 [ B8C9A7010AFD5CBBE194CB9EF7C4FD14 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    21:36:00.0287 7248 VAIO Power Management - ok
    21:36:00.0310 7248 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    21:36:00.0312 7248 VaultSvc - ok
    21:36:00.0371 7248 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
    21:36:00.0373 7248 VCService - ok
    21:36:00.0397 7248 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    21:36:00.0400 7248 vdrvroot - ok
    21:36:00.0440 7248 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    21:36:00.0452 7248 vds - ok
    21:36:00.0479 7248 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    21:36:00.0482 7248 vga - ok
    21:36:00.0495 7248 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    21:36:00.0497 7248 VgaSave - ok
    21:36:00.0539 7248 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    21:36:00.0545 7248 vhdmp - ok
    21:36:00.0559 7248 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    21:36:00.0562 7248 viaide - ok
    21:36:00.0614 7248 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    21:36:00.0619 7248 vmbus - ok
    21:36:00.0647 7248 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    21:36:00.0664 7248 VMBusHID - ok
    21:36:00.0697 7248 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    21:36:00.0700 7248 volmgr - ok
    21:36:00.0745 7248 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    21:36:00.0752 7248 volmgrx - ok
    21:36:00.0779 7248 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    21:36:00.0785 7248 volsnap - ok
    21:36:00.0823 7248 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    21:36:00.0828 7248 vsmraid - ok
    21:36:00.0900 7248 [ 0C6486B4DD55D137DEADF27295C10818 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    21:36:00.0913 7248 VSNService - ok
    21:36:00.0982 7248 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    21:36:01.0010 7248 VSS - ok
    21:36:01.0109 7248 [ FB4A1695D2D74F9C92CA5E84795CDBE1 ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
    21:36:01.0128 7248 VUAgent - ok
    21:36:01.0163 7248 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    21:36:01.0166 7248 vwifibus - ok
    21:36:01.0178 7248 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    21:36:01.0181 7248 vwififlt - ok
    21:36:01.0211 7248 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    21:36:01.0213 7248 vwifimp - ok
    21:36:01.0256 7248 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    21:36:01.0265 7248 W32Time - ok
    21:36:01.0299 7248 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    21:36:01.0302 7248 WacomPen - ok
    21:36:01.0354 7248 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    21:36:01.0357 7248 WANARP - ok
    21:36:01.0365 7248 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    21:36:01.0367 7248 Wanarpv6 - ok
    21:36:01.0450 7248 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    21:36:01.0474 7248 WatAdminSvc - ok
    21:36:01.0540 7248 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    21:36:01.0566 7248 wbengine - ok
    21:36:01.0607 7248 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    21:36:01.0614 7248 WbioSrvc - ok
    21:36:01.0658 7248 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    21:36:01.0666 7248 wcncsvc - ok
    21:36:01.0719 7248 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    21:36:01.0741 7248 WcsPlugInService - ok
    21:36:01.0767 7248 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    21:36:01.0784 7248 Wd - ok
    21:36:01.0833 7248 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    21:36:01.0844 7248 Wdf01000 - ok
    21:36:01.0858 7248 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    21:36:01.0863 7248 WdiServiceHost - ok
    21:36:01.0870 7248 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    21:36:01.0874 7248 WdiSystemHost - ok
    21:36:01.0925 7248 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    21:36:01.0932 7248 WebClient - ok
    21:36:02.0001 7248 [ 36D802DBB03E01DADD3FC7D81AA72413 ] WebDriveFSD C:\Program Files\WebDrive\wdfsd.sys
    21:36:02.0004 7248 WebDriveFSD - ok
    21:36:02.0086 7248 [ B5264F95E6A039ED0EE4A98A5FCECF15 ] WebDriveService C:\Program Files\WebDrive\wdService.exe
    21:36:02.0117 7248 WebDriveService - ok
    21:36:02.0148 7248 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    21:36:02.0197 7248 Wecsvc - ok
    21:36:02.0218 7248 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    21:36:02.0223 7248 wercplsupport - ok
    21:36:02.0258 7248 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    21:36:02.0263 7248 WerSvc - ok
    21:36:02.0332 7248 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    21:36:02.0334 7248 WfpLwf - ok
    21:36:02.0354 7248 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    21:36:02.0356 7248 WIMMount - ok
    21:36:02.0375 7248 WinDefend - ok
    21:36:02.0384 7248 WinHttpAutoProxySvc - ok
    21:36:02.0463 7248 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    21:36:02.0468 7248 Winmgmt - ok
    21:36:02.0575 7248 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    21:36:02.0608 7248 WinRM - ok
    21:36:02.0674 7248 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
    21:36:02.0676 7248 WinUsb - ok
    21:36:02.0719 7248 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    21:36:02.0736 7248 Wlansvc - ok
    21:36:02.0861 7248 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    21:36:02.0896 7248 wlidsvc - ok
    21:36:02.0943 7248 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    21:36:02.0945 7248 WmiAcpi - ok
    21:36:02.0984 7248 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    21:36:02.0989 7248 wmiApSrv - ok
    21:36:03.0013 7248 WMPNetworkSvc - ok
    21:36:03.0033 7248 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    21:36:03.0037 7248 WPCSvc - ok
    21:36:03.0080 7248 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    21:36:03.0085 7248 WPDBusEnum - ok
    21:36:03.0112 7248 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    21:36:03.0114 7248 ws2ifsl - ok
    21:36:03.0145 7248 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    21:36:03.0151 7248 wscsvc - ok
    21:36:03.0193 7248 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
    21:36:03.0196 7248 WSDPrintDevice - ok
    21:36:03.0201 7248 WSearch - ok
    21:36:03.0280 7248 [ EF260B05EA540A0D8834C19A46904FF2 ] WTGService C:\Program Files (x86)\InternetEverywhere\WTGService.exe
    21:36:03.0286 7248 WTGService - ok
    21:36:03.0372 7248 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    21:36:03.0414 7248 wuauserv - ok
    21:36:03.0458 7248 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    21:36:03.0464 7248 WudfPf - ok
    21:36:03.0490 7248 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:36:03.0494 7248 WUDFRd - ok
    21:36:03.0524 7248 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    21:36:03.0529 7248 wudfsvc - ok
    21:36:03.0563 7248 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    21:36:03.0570 7248 WwanSvc - ok
    21:36:03.0663 7248 ================ Scan global ===============================
    21:36:03.0689 7248 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    21:36:03.0727 7248 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    21:36:03.0743 7248 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    21:36:03.0781 7248 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    21:36:03.0807 7248 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    21:36:03.0815 7248 [Global] - ok
    21:36:03.0820 7248 ================ Scan MBR ==================================
    21:36:03.0834 7248 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    21:36:04.0011 7248 \Device\Harddisk0\DR0 - ok
    21:36:04.0012 7248 ================ Scan VBR ==================================
    21:36:04.0028 7248 [ 186CC73C8241311CBBD01B87FBEC87DB ] \Device\Harddisk0\DR0\Partition1
    21:36:04.0030 7248 \Device\Harddisk0\DR0\Partition1 - ok
    21:36:04.0046 7248 [ 6C9EA7056F25EC83819E7249F773D30E ] \Device\Harddisk0\DR0\Partition2
    21:36:04.0048 7248 \Device\Harddisk0\DR0\Partition2 - ok
    21:36:04.0053 7248 ============================================================
    21:36:04.0053 7248 Scan finished
    21:36:04.0053 7248 ============================================================
    21:36:04.0081 7204 Detected object count: 0
    21:36:04.0081 7204 Actual detected object count: 0
     
  10. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Go on...
     
  11. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    Broni: apologies - and please bear with me! I'm working 15+ hours this week. But I know I've got two more at least to do...I'll get there. Cheers, Jimmy
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Thanks for letting me know :)
     
  13. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Still with me?
     
  14. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    Sorry Broni - yes. Been on the road. Here's RogueKiller

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : SMason [Admin rights]
    Mode : Remove -- Date : 10/09/2012 20:31:10
    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] ouc.exe -- C:\Users\smason\AppData\Roaming\T-Mobile Internet Manager\ouc.exe -> KILLED [TermProc]
    ¤¤¤ Registry Entries : 8 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{037E4D68-ED76-42EF-A319-26567CFDC4BD} : NameServer (172.31.139.17 172.30.139.17) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{9B5A6B87-D9E5-4C7F-9458-D035AEE95CF0} : NameServer (172.30.139.17 172.31.139.17) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{037E4D68-ED76-42EF-A319-26567CFDC4BD} : NameServer (172.31.139.17 172.30.139.17) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{9B5A6B87-D9E5-4C7F-9458-D035AEE95CF0} : NameServer (172.30.139.17 172.31.139.17) -> NOT REMOVED, USE DNSFIX
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++
    --- User ---
    [MBR] e42cdc99dcea2057066b32f6e147f398
    [BSP] 789bd6ac891cc901d2dfe87a568ed825 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 7895 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16173056 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16377856 | Size: 468943 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  15. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    And the final one (I think?) for now.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-09 20:35:01
    -----------------------------
    20:35:01.592 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:35:01.593 Number of processors: 4 586 0x2502
    20:35:01.594 ComputerName: SWITH-MARS UserName: SMason
    20:35:02.993 Initialize success
    20:44:36.189 AVAST engine defs: 12100900
    20:44:47.736 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    20:44:47.739 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 476940MB BusType: 3
    20:44:47.743 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000008a
    20:44:47.747 Disk 1 Vendor: RICOH 02 Size: 476940MB BusType: 0
    20:44:47.755 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000008b
    20:44:47.759 Disk 2 Vendor: RICOH 02 Size: 476940MB BusType: 0
    20:44:47.782 Disk 0 MBR read successfully
    20:44:47.787 Disk 0 MBR scan
    20:44:47.801 Disk 0 Windows 7 default MBR code
    20:44:47.824 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 7895 MB offset 2048
    20:44:47.896 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 16173056
    20:44:47.974 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 468943 MB offset 16377856
    20:44:48.153 Disk 0 scanning C:\Windows\system32\drivers
    20:45:16.399 Service scanning
    20:46:44.450 Modules scanning
    20:46:44.460 Disk 0 trace - called modules:
    20:46:44.469
    20:46:47.437 AVAST engine scan C:\Windows
    20:46:52.771 AVAST engine scan C:\Windows\system32
    20:54:29.737 AVAST engine scan C:\Windows\system32\drivers
    20:54:59.545 AVAST engine scan C:\Users\smason
    21:07:19.544 AVAST engine scan C:\ProgramData
    21:11:43.029 Scan finished successfully
    21:12:05.464 Disk 0 MBR has been saved successfully to "C:\Users\smason\Desktop\MBR.dat"
    21:12:05.618 The log file has been saved successfully to "C:\Users\smason\Desktop\aswMBR.txt"
     
  16. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  17. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    Last one Broni?

    ComboFix 12-10-09.01 - Swith 09/10/2012 23:02:55.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3959.1854 [GMT 1:00]
    Running from: c:\users\smason\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\dsgsdgdsgdsgw.pad
    c:\users\CBrennan\Desktop\Internet Explorer.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\Swith\AppData\Local\temp
    2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\marsadmin\AppData\Local\temp
    2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\vbreese\AppData\Local\temp
    2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\tempadmin\AppData\Local\temp
    2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\lkimpton\AppData\Local\temp
    2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\gtrehiou\AppData\Local\temp
    2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\grenault\AppData\Local\temp
    2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\focusedit\AppData\Local\temp
    2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\CBrennan\AppData\Local\temp
    2012-10-09 19:31 . 2012-10-03 06:02 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D83ABDA-4AE8-45EB-8593-24F4855813DB}\gapaengine.dll
    2012-10-09 19:30 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0507D588-CEEF-44DD-A0FA-82CDAD44FCF7}\mpengine.dll
    2012-10-04 11:59 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-09-28 06:30 . 2012-09-28 06:30 -------- d-----w- c:\users\Swith\AppData\Roaming\Malwarebytes
    2012-09-28 05:06 . 2012-09-28 05:06 -------- d-----w- c:\windows\TempD00508E5-342A-F301-3942-50148A96F1C1-Signatures
    2012-09-28 01:07 . 2012-09-28 01:07 -------- d-----w- c:\users\smason\AppData\Roaming\Malwarebytes
    2012-09-28 01:07 . 2012-09-28 01:07 -------- d-----w- c:\programdata\Malwarebytes
    2012-09-28 01:07 . 2012-09-07 16:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-28 01:07 . 2012-09-28 01:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-09-26 19:53 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-09-17 18:30 . 2012-09-24 10:30 -------- d-----w- c:\users\smason\Citrix
    2012-09-12 06:46 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-09-12 06:46 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2012-09-12 06:46 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-09-12 06:46 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-09-12 06:46 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-12 06:46 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-09-12 06:46 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-09 19:17 . 2012-04-01 07:55 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 19:17 . 2012-01-26 22:55 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-03 06:02 . 2012-02-11 09:49 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-09-13 05:03 . 2010-07-26 15:15 64462936 ----a-w- c:\windows\system32\MRT.exe
    2012-08-30 21:03 . 2012-08-30 21:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-30 21:03 . 2011-04-27 15:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-07-18 18:15 . 2012-08-15 19:45 3148800 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-12-31 110592]
    "WebDriveTray"="c:\program files\WebDrive\webdrive.exe" [2010-09-22 2488408]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 16862600]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "DataCardMonitor"="c:\program files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2010-08-14 253952]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "openvpn-gui"="c:\program files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe" [2010-08-11 265216]
    "Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-06-11 12099672]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 16862600]
    .
    c:\users\smason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    BBC iPlayer Desktop.lnk - c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2012-7-10 142336]
    .
    c:\users\Swith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    BBC iPlayer Desktop.lnk - c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2012-7-10 142336]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "FilterAdministratorToken"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWebServices"= 1 (0x1)
    "NoPublishingWizard"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2009-11-30 19:20 98304 ------w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-19 133104]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-03-23 117248]
    R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-03-23 13952]
    R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2011-03-23 421376]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
    R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltv64.sys [2010-12-15 18512]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-19 133104]
    R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-24 244736]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
    R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 11264]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-26 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2011-11-07 63760]
    S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2009-05-28 25120]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 87600]
    S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-19 397520]
    S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-07 55056]
    S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-07 61712]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-03-23 1740696]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
    S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-09-28 2078112]
    S2 NMSAccess64;NMSAccess64;c:\program files\CDBurnerXP\NMSAccessU.exe [2009-01-12 82872]
    S2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-03 330488]
    S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-10-29 93696]
    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-10-29 76800]
    S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-01-29 822784]
    S2 WebDriveFSD;WebDrive Filesystem Driver;c:\program files\WebDrive\wdfsd.sys [2010-09-22 118872]
    S2 WTGService;WTGService;c:\program files (x86)\InternetEverywhere\WTGService.exe [2009-11-26 308688]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-03-23 86016]
    S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-11-11 151936]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-10-08 62464]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-11-09 84512]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    S3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);c:\windows\system32\DRIVERS\qcfilterSny2k.sys [2009-12-03 6400]
    S3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);c:\windows\system32\DRIVERS\qcusbnetsny2k.sys [2009-12-03 240640]
    S3 qcusbsersny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);c:\windows\system32\DRIVERS\qcusbserSny2k.sys [2009-12-03 121216]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
    S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnv64.sys [2010-12-15 41424]
    S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
    S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
    S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:17]
    .
    2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-19 11:28]
    .
    2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-19 11:28]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2009-07-20 14:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2009-07-20 14:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WebDrive]
    @="{37D70BD3-073C-4180-ADD9-C032EA5A7204}"
    [HKEY_CLASSES_ROOT\CLSID\{37D70BD3-073C-4180-ADD9-C032EA5A7204}]
    2010-09-22 14:31 1879552 ----a-w- c:\windows\System32\wdShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-07 9636896]
    "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-07-20 84744]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-19 171520]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 16397416]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://news.bbc.co.uk/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{037E4D68-ED76-42EF-A319-26567CFDC4BD}: NameServer = 172.31.139.17 172.30.139.17
    TCP: Interfaces\{9B5A6B87-D9E5-4C7F-9458-D035AEE95CF0}: NameServer = 172.30.139.17 172.31.139.17
    DPF: {8DE0DD41-EC3C-4680-964B-D75BDAACAA2B} - hxxps://connect.rbs.com/policy/download_binary.php/win32/f5syschk.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-09 23:23:01
    ComboFix-quarantined-files.txt 2012-10-09 22:23
    .
    Pre-Run: 379,676,319,744 bytes free
    Post-Run: 381,489,385,472 bytes free
    .
    - - End Of File - - 768D3D27F2878AA6B3F86B4CFB814BDF
     
  18. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Looks good :)

    Any current issues?

    ======================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    Got it Broni:

    OTL logfile created on: 10/11/2012 7:41:31 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\smason\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.87 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 45.98% Memory free
    7.73 Gb Paging File | 5.12 Gb Available in Paging File | 66.22% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 457.95 Gb Total Space | 356.24 Gb Free Space | 77.79% Space Free | Partition Type: NTFS

    Computer Name: SWITH-MARS | User Name: Swith | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/11 07:40:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\smason\Desktop\OTL.exe
    PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/07/27 21:40:12 | 012,100,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe
    PRC - [2012/07/16 15:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
    PRC - [2012/07/16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012/07/16 15:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
    PRC - [2012/07/10 23:01:28 | 000,142,336 | ---- | M] () -- c:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
    PRC - [2012/03/24 19:42:16 | 000,647,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
    PRC - [2011/11/07 22:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2011/11/07 22:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2011/03/23 17:32:20 | 001,740,696 | ---- | M] () -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
    PRC - [2011/02/14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
    PRC - [2011/01/29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
    PRC - [2010/08/14 15:51:14 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
    PRC - [2010/08/11 15:23:54 | 000,265,216 | ---- | M] () -- C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
    PRC - [2010/05/28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
    PRC - [2010/03/11 01:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    PRC - [2010/03/11 01:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    PRC - [2009/12/31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\smason\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
    PRC - [2009/12/03 10:27:28 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe
    PRC - [2009/11/30 20:20:00 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
    PRC - [2009/11/26 17:44:50 | 000,308,688 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\WTGService.exe
    PRC - [2009/11/20 09:58:20 | 002,557,296 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\Setting Utility Series\WBCBatteryCare.exe
    PRC - [2009/10/02 22:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2009/10/02 22:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2009/10/01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/10/01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/09/04 22:35:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    PRC - [2009/08/26 20:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/10 23:01:28 | 000,142,336 | ---- | M] () -- c:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
    MOD - [2012/06/14 11:03:29 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
    MOD - [2012/06/14 11:03:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 06:04:13 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/05/28 21:37:43 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
    MOD - [2012/05/10 06:57:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/10 06:56:05 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/10 06:55:55 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/10 06:55:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/10 06:55:47 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/10 06:55:35 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/10/30 21:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
    MOD - [2010/08/11 15:23:54 | 000,265,216 | ---- | M] () -- C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2012/01/13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
    SRV:64bit: - [2011/02/14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
    SRV:64bit: - [2011/01/29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
    SRV:64bit: - [2010/09/22 15:32:18 | 002,183,768 | ---- | M] (South River Technologies, LLC) [Auto | Running] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
    SRV:64bit: - [2010/03/04 17:40:22 | 006,066,600 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Program Files\Canon\DIAS\CnxDIAS.exe -- (Canon Driver Information Assist Service)
    SRV:64bit: - [2010/01/29 10:30:34 | 000,822,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
    SRV:64bit: - [2009/11/30 20:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
    SRV:64bit: - [2009/09/21 17:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2009/09/21 17:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2009/09/04 22:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/01/12 09:15:52 | 000,082,872 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess64)
    SRV - [2012/10/09 20:17:19 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/07/16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2011/11/07 22:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2011/03/23 17:32:20 | 001,740,696 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
    SRV - [2010/08/11 15:23:54 | 000,039,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe -- (OpenVPNService)
    SRV - [2010/05/28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2010/05/28 03:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/03 10:27:28 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe -- (QDLService2kSony)
    SRV - [2009/11/26 17:44:50 | 000,308,688 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\InternetEverywhere\WTGService.exe -- (WTGService)
    SRV - [2009/10/02 22:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2009/10/01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009/10/01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/02/06 18:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/11/07 22:28:40 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
    DRV:64bit: - [2011/03/23 16:15:44 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
    DRV:64bit: - [2011/03/23 16:15:44 | 000,221,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV:64bit: - [2011/03/23 16:15:44 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
    DRV:64bit: - [2011/03/23 16:15:44 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV:64bit: - [2011/03/23 16:15:44 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/12/15 12:02:14 | 000,041,424 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv)
    DRV:64bit: - [2010/12/15 12:02:08 | 000,018,512 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/09/22 15:32:14 | 000,118,872 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
    DRV:64bit: - [2010/08/11 15:23:52 | 000,038,480 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2009/12/03 09:47:44 | 000,240,640 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbnetsny2k.sys -- (qcusbnetsny2k)
    DRV:64bit: - [2009/12/03 09:47:44 | 000,121,216 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbserSny2k.sys -- (qcusbsersny2k)
    DRV:64bit: - [2009/12/03 09:47:44 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcfilterSny2k.sys -- (qcfilterSny2k)
    DRV:64bit: - [2009/11/24 21:25:07 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2009/11/24 21:24:10 | 007,773,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/11/18 21:04:10 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2009/11/18 21:04:09 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2009/11/18 21:04:09 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2009/11/18 21:04:08 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
    DRV:64bit: - [2009/11/18 21:03:38 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
    DRV:64bit: - [2009/11/11 03:05:01 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/11/09 21:05:19 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/11/09 21:04:24 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2009/11/02 02:47:16 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/10/29 21:09:32 | 000,076,800 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
    DRV:64bit: - [2009/10/29 21:09:23 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
    DRV:64bit: - [2009/10/08 21:10:52 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2009/10/05 11:08:44 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
    DRV:64bit: - [2009/10/02 21:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/09/15 13:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
    DRV:64bit: - [2009/08/19 21:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
    DRV:64bit: - [2009/07/24 08:55:10 | 000,011,264 | ---- | M] (Primax Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NMgamingms.sys -- (NMgamingmsFltr)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/28 21:03:08 | 000,025,120 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\shpf.sys -- (shpf)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2011/12/19 10:45:03 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
    DRV - [2011/11/07 22:28:40 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
    DRV - [2011/11/07 22:28:40 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
    DRV - [2011/03/23 17:17:48 | 000,010,240 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\mdvrmng.sys -- (mdvrmng)
    DRV - [2009/11/26 16:52:54 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
    IE - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    IE - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..\SearchScopes,DefaultScope = {0A364059-F301-477C-8651-35A342E648E9}
    IE - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..\SearchScopes\{0A364059-F301-477C-8651-35A342E648E9}: "URL" = http://www.google.com/search?q={sea...ng?}&oe={outputEncoding?}&rlz=1I7ADFA_enGB468
    IE - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
  20. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    2/2

    IE - HKU\S-1-5-21-819168926-2306700828-1092731191-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-819168926-2306700828-1092731191-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    IE - HKU\S-1-5-21-819168926-2306700828-1092731191-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-819168926-2306700828-1092731191-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-819168926-2306700828-1092731191-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/12 22:08:57 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/12 22:08:57 | 000,000,000 | ---D | M]

    [2012/07/27 21:37:30 | 000,031,848 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

    O1 HOSTS File: ([2012/10/09 23:18:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
    O3 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-819168926-2306700828-1092731191-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [openvpn-gui] C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe ()
    O4 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
    O4 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
    O4 - HKU\S-1-5-21-819168926-2306700828-1092731191-1004..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
    O4 - HKU\S-1-5-21-819168926-2306700828-1092731191-1004..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-819168926-2306700828-1092731191-1004..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe (South River Technologies, LLC)
    O4 - Startup: C:\Users\smason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
    O4 - Startup: C:\Users\Swith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-819168926-2306700828-1092731191-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-819168926-2306700828-1092731191-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..Trusted Domains: rbs.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..Trusted Domains: rbs.com ([connect] https in Trusted sites)
    O15 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..Trusted Domains: rbsgrp.net ([]https in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} C:\Users\smason\AppData\Local\Temp\f5tmp\urxvpn.cab (F5 Networks VPN Manager)
    O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\smason\AppData\Local\Temp\f5tmp\f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
    O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\Swith\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab (F5 Networks Auto Update)
    O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://connect.rbs.com/vdesk/terminal/f5InspectionHost.cab (F5 Networks Policy Agent Host Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {8DE0DD41-EC3C-4680-964B-D75BDAACAA2B} https://connect.rbs.com/policy/download_binary.php/win32/f5syschk.cab (F5 Networks File Policy Agent)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://connect.rbs.com/vdesk/terminal/urxshost.cab (F5 Networks SuperHost Class)
    O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\smason\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mchj.local
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{037E4D68-ED76-42EF-A319-26567CFDC4BD}: NameServer = 172.31.139.17 172.30.139.17
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E37588F-0867-4D56-8CF9-459548D4F801}: DhcpNameServer = 192.168.28.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3301F999-6DD0-4576-80E4-44E76286F43C}: DhcpNameServer = 192.168.28.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79FD073A-0267-465F-9A40-25D7BEF2BDF3}: DhcpNameServer = 192.168.28.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B5A6B87-D9E5-4C7F-9458-D035AEE95CF0}: NameServer = 172.30.139.17 172.31.139.17
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3E7BCBC-09AF-49F8-A1BA-BD1C77BB7D5A}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\dssrequest - No CLSID value found
    O18 - Protocol\Handler\sacore - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
    O18:64bit: - Protocol\Filter\ica - No CLSID value found
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
    O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.)
    O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/11 07:21:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/10/11 06:25:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/10/09 22:57:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/09 22:57:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/09 22:57:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/09 22:56:48 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/09 22:56:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/09/28 07:30:13 | 000,000,000 | ---D | C] -- C:\Users\Swith\AppData\Roaming\Malwarebytes
    [2012/09/28 06:06:54 | 000,000,000 | ---D | C] -- C:\Windows\TempD00508E5-342A-F301-3942-50148A96F1C1-Signatures
    [2012/09/28 02:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/28 02:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/28 02:07:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/28 02:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/11 07:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/11 07:24:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/11 07:22:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/11 06:52:26 | 000,013,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/11 06:52:26 | 000,013,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/11 06:47:54 | 000,796,332 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/11 06:47:54 | 000,678,552 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/11 06:47:54 | 000,129,458 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/11 06:42:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/11 06:42:02 | 3113,398,272 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/09 23:18:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/09 21:29:49 | 652,308,224 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/10/02 06:03:34 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/09/28 02:07:40 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/17 15:41:12 | 000,113,914 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/09 22:57:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/09 22:57:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/09 22:57:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/09 22:57:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/09 22:57:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/28 02:07:40 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/02 18:53:11 | 000,231,375 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
    [2012/09/02 18:53:11 | 000,001,501 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
    [2012/01/23 20:19:48 | 000,067,156 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
    [2012/01/23 20:19:44 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\mdvrmng.sys
    [2011/01/07 10:31:06 | 000,113,914 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/12/04 19:39:02 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
    [2010/07/20 19:56:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/07/28 10:58:53 | 000,000,000 | ---D | M] -- C:\Users\CBrennan\AppData\Roaming\Protector Suite
    [2011/04/28 03:24:34 | 000,000,000 | ---D | M] -- C:\Users\CBrennan\AppData\Roaming\Trusteer
    [2011/09/27 10:01:48 | 000,000,000 | ---D | M] -- C:\Users\CBrennan\AppData\Roaming\webex
    [2010/11/01 11:39:45 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
    [2010/11/01 11:39:45 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
    [2011/01/07 10:32:36 | 000,000,000 | ---D | M] -- C:\Users\focusedit\AppData\Roaming\Protector Suite
    [2010/11/01 11:39:45 | 000,000,000 | ---D | M] -- C:\Users\focusedit\AppData\Roaming\Trusteer
    [2011/11/08 17:24:20 | 000,000,000 | ---D | M] -- C:\Users\grenault\AppData\Roaming\Protector Suite
    [2011/09/27 10:01:22 | 000,000,000 | ---D | M] -- C:\Users\grenault\AppData\Roaming\webex
    [2011/05/04 14:50:13 | 000,000,000 | ---D | M] -- C:\Users\gtrehiou\AppData\Roaming\Protector Suite
    [2011/05/04 14:49:51 | 000,000,000 | ---D | M] -- C:\Users\gtrehiou\AppData\Roaming\Trusteer
    [2011/06/03 15:32:09 | 000,000,000 | ---D | M] -- C:\Users\lkimpton\AppData\Roaming\FileZilla
    [2011/06/29 10:30:42 | 000,000,000 | ---D | M] -- C:\Users\lkimpton\AppData\Roaming\Protector Suite
    [2011/06/29 10:30:12 | 000,000,000 | ---D | M] -- C:\Users\lkimpton\AppData\Roaming\Trusteer
    [2012/01/23 20:20:55 | 000,000,000 | ---D | M] -- C:\Users\marsadmin\AppData\Roaming\Birdstep Technology
    [2011/12/22 10:18:25 | 000,000,000 | ---D | M] -- C:\Users\marsadmin\AppData\Roaming\Protector Suite
    [2012/01/11 12:20:44 | 000,000,000 | ---D | M] -- C:\Users\marsadmin\AppData\Roaming\TeamViewer
    [2010/11/01 11:39:45 | 000,000,000 | ---D | M] -- C:\Users\marsadmin\AppData\Roaming\Trusteer
    [2011/02/03 12:15:22 | 000,000,000 | ---D | M] -- C:\Users\smason\AppData\Roaming\Auslogics
    [2012/04/17 20:55:17 | 000,000,000 | ---D | M] -- C:\Users\smason\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2012/01/30 22:51:27 | 000,000,000 | ---D | M] -- C:\Users\smason\AppData\Roaming\Birdstep Technology
    [2012/03/03 17:45:23 | 000,000,000 | ---D | M] -- C:\Users\smason\AppData\Roaming\ICAClient
    [2011/01/07 10:37:45 | 000,000,000 | ---D | M] -- C:\Users\smason\AppData\Roaming\Protector Suite
    [2011/03/07 12:48:47 | 000,000,000 | ---D | M] -- C:\Users\smason\AppData\Roaming\T-Mobile Internet Manager
    [2012/01/15 14:47:27 | 000,000,000 | ---D | M] -- C:\Users\smason\AppData\Roaming\TeamViewer
    [2011/01/07 10:37:21 | 000,000,000 | ---D | M] -- C:\Users\smason\AppData\Roaming\Trusteer
    [2011/03/30 16:22:26 | 000,000,000 | ---D | M] -- C:\Users\smason\AppData\Roaming\webex
    [2010/11/06 12:28:53 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\Amazon
    [2010/08/16 07:06:54 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\Auslogics
    [2010/07/18 21:36:06 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2010/07/23 19:00:26 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\InternetEverywhere
    [2010/07/16 08:19:43 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\Protector Suite
    [2010/07/19 07:47:09 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\SoftGrid Client
    [2010/08/14 15:51:12 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\T-Mobile
    [2010/08/14 16:22:08 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\T-Mobile Internet Manager
    [2010/07/16 08:37:48 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\TP
    [2010/09/13 08:42:36 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\Trusteer
    [2011/07/05 10:52:25 | 000,000,000 | ---D | M] -- C:\Users\tempadmin\AppData\Roaming\Protector Suite
    [2010/11/01 11:39:45 | 000,000,000 | ---D | M] -- C:\Users\tempadmin\AppData\Roaming\Trusteer
    [2011/12/19 10:36:17 | 000,000,000 | ---D | M] -- C:\Users\vbreese\AppData\Roaming\Protector Suite

    ========== Purity Check ==========


    < End of report >
     
  21. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    And Extras.txt

    OTL Extras logfile created on: 10/11/2012 7:41:31 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\smason\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.87 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 45.98% Memory free
    7.73 Gb Paging File | 5.12 Gb Available in Paging File | 66.22% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 457.95 Gb Total Space | 356.24 Gb Free Space | 77.79% Space Free | Partition Type: NTFS

    Computer Name: SWITH-MARS | User Name: Swith | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
    "PolicyVersion" = 522

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
    "AllowLocalPolicyMerge" = 1
    "DisableNotifications" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1
    "AllowLocalIPsecPolicyMerge" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
    "Enabled" = 1
    "RemoteAddresses" = localsubnet

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
    "Enabled" = 1
    "RemoteAddresses" = localsubnet

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
    "FPS-LLMNR-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28548|Desc=@FirewallAPI.dll,-28549|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-ICMP6-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-ICMP4-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-SpoolSvc-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-NB_Datagram-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-NB_Name-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-SMB-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-NB_Session-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|
    "CoreNet-IPv6-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-IPHTTPS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|Name=@FirewallAPI.dll,-25426|Desc=@FirewallAPI.dll,-25428|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-Teredo-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-DHCPV6-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25304|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-DHCP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-IGMP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP4-DUFRAG-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-LD-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-LR2-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-LR-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-LQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-RS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|Name=@FirewallAPI.dll,-25009|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-RA-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-NDA-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
    "CoreNet-ICMP6-NDS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
    "CoreNet-ICMP6-PP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
    "CoreNet-ICMP6-TE-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
    "CoreNet-ICMP6-PTB-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
    "CoreNet-ICMP6-DU-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
    "NETDIS-FDRESPUB-WSD-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-LLMNR-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-FDPHOST-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-SSDPSrv-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-WSDEVNT-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5357|App=System|Name=@FirewallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-WSDEVNTS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5358|App=System|Name=@FirewallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-NB_Datagram-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=138|App=System|Name=@FirewallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-NB_Name-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=137|App=System|Name=@FirewallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-UPnPHost-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|App=System|Name=@FirewallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|
    "RemoteAdmin-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29765|Desc=@FirewallAPI.dll,-29768|EmbedCtxt=@FirewallAPI.dll,-29752|
    "RemoteAdmin-NP-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=445|App=System|Name=@FirewallAPI.dll,-29757|Desc=@FirewallAPI.dll,-29760|EmbedCtxt=@FirewallAPI.dll,-29752|
    "RemoteAdmin-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=*|Name=@FirewallAPI.dll,-29753|Desc=@FirewallAPI.dll,-29756|EmbedCtxt=@FirewallAPI.dll,-29752|
    "RemoteDesktop-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|
    "WMI-ASYNC-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|
    "WMI-WINMGMT-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|
    "WMI-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|
    "CoreNet-GP-LSASS-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-DNS-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-GP-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-GP-NP-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-IPv6-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-IPHTTPS-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25427|Desc=@FirewallAPI.dll,-25429|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-Teredo-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-DHCPV6-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25305|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-DHCP-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-IGMP-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-LD-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-LR2-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-LR-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-LQ-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-RS-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA4=LocalSubnet|RA6=LocalSubnet|RA6=ff02::2|RA6=fe80::/64|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-RA-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA4=LocalSubnet|RA6=LocalSubnet|RA6=ff02::1|RA6=fe80::/64|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-NDA-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-NDS-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-PP-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-TE-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-PTB-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|
    "FPS-LLMNR-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28550|Desc=@FirewallAPI.dll,-28551|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-ICMP6-ERQ-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-ICMP4-ERQ-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-NB_Datagram-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-NB_Name-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-SMB-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-NB_Session-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|
    "NETDIS-FDRESPUB-WSD-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-LLMNR-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-FDPHOST-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-UPnP-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-SSDPSrv-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-WSDEVNT-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=5357|App=System|Name=@FirewallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-WSDEVNTS-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=5358|App=System|Name=@FirewallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-NB_Datagram-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=138|App=System|Name=@FirewallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-NB_Name-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=137|App=System|Name=@FirewallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-UPnPHost-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@FirewallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|
    "{A460EF61-54C5-438A-A01A-D9DC938C4F34}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=Remote Assistance (DCOM-In)|Desc=Inbound rule for Remote Assistance to allow offers for assistance via DCOM. [TCP 135]|
    "{0AABDA7B-C8BC-4ABA-A528-8F2F35C76C16}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=Remote Assistance (PNRP-In)|Desc=Inbound rule for Remote Assistance to allow use Peer Name Resolution Protocol. [UDP 3540]|
    "{1A843BC2-4DC5-49C7-B090-BF81F7F1F3E8}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\raserver.exe|Name=Remote Assistance (RA Server TCP-In)|Desc=Inbound rule for Remote Assistance to allow offers for assistance. [TCP]|
    "{76DC1A5A-7DE1-47AB-8E17-520B2F994443}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP TCP-In)|Desc=Inbound rule for Remote Assistance to allow use of Universal Plug and Play. [TCP 2869]|
    "{813F24CF-3A72-4A6A-9422-8BF0CF924051}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP UDP-In)|Desc=Inbound rule for Remote Assistance to allow use of the Simple Service Discovery Protocol. [UDP 1900]|
    "{A6A79CA3-246D-430D-AFFB-3CDB31D7E158}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=Remote Assistance (TCP-In)|Desc=Inbound rule for Remote Assistance traffic. [TCP]|
    "{5CE5A3AE-910C-492F-96AB-F86D53EC6373}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=Remote Assistance (PNRP-Out)|Desc=Outbound rule for Remote Assistance to allow use of Peer Name Resolution Protocol. [UDP]|
    "{CBB9EC46-06AE-4F2E-B50C-16392DD8E4FF}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\raserver.exe|Name=Remote Assistance (RA Server TCP-Out)|Desc=Outbound rule for Remote Assistance to allow offers for assistance. [TCP]|
    "{0D07F8B9-6FD3-42C8-A8B3-6F758A412F63}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP TCP-Out)|Desc=Outbound rule for Remote Assistance to allow use of Universal Plug and Play. [TCP]|
    "{FA5BD56E-BCA7-48C3-8975-F2434F460BC8}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP UDP-Out)|Desc=Outbound rule for Remote Assistance to allow use of the Simple Service Discovery Protocol. [UDP 1900]|
    "{7D43157C-6142-47B8-B5E3-AB80A8304278}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=Remote Assistance (TCP-Out)|Desc=Outbound rule for Remote Assistance traffic. [TCP]|

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
    "DisableUnicastResponsesToMulticastBroadcast" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "AllowLocalPolicyMerge" = 1
    "AllowLocalIPsecPolicyMerge" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
    "DefaultInboundAction" = 1
    "EnableFirewall" = 1
    "AllowLocalPolicyMerge" = 1
    "DefaultOutboundAction" = 0
    "AllowLocalIPsecPolicyMerge" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 1
    "DisableNotifications" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
    "PolicyVersion" = 522

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
    "AllowLocalPolicyMerge" = 1
    "DisableNotifications" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1
    "AllowLocalIPsecPolicyMerge" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
    "Enabled" = 1
    "RemoteAddresses" = localsubnet

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
    "Enabled" = 1
    "RemoteAddresses" = localsubnet

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
    "FPS-LLMNR-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28548|Desc=@FirewallAPI.dll,-28549|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-ICMP6-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-ICMP4-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-SpoolSvc-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-NB_Datagram-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-NB_Name-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-SMB-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-NB_Session-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|
    "CoreNet-IPv6-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-IPHTTPS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|Name=@FirewallAPI.dll,-25426|Desc=@FirewallAPI.dll,-25428|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-Teredo-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-DHCPV6-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25304|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-DHCP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-IGMP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP4-DUFRAG-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-LD-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-LR2-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-LR-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-LQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-RS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|Name=@FirewallAPI.dll,-25009|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-RA-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-NDA-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
    "CoreNet-ICMP6-NDS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
    "CoreNet-ICMP6-PP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
    "CoreNet-ICMP6-TE-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
    "CoreNet-ICMP6-PTB-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
    "CoreNet-ICMP6-DU-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
    "NETDIS-FDRESPUB-WSD-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-LLMNR-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-FDPHOST-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-SSDPSrv-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-WSDEVNT-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5357|App=System|Name=@FirewallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-WSDEVNTS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5358|App=System|Name=@FirewallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-NB_Datagram-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=138|App=System|Name=@FirewallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-NB_Name-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=137|App=System|Name=@FirewallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-UPnPHost-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|App=System|Name=@FirewallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|
    "RemoteAdmin-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29765|Desc=@FirewallAPI.dll,-29768|EmbedCtxt=@FirewallAPI.dll,-29752|
    "RemoteAdmin-NP-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=445|App=System|Name=@FirewallAPI.dll,-29757|Desc=@FirewallAPI.dll,-29760|EmbedCtxt=@FirewallAPI.dll,-29752|
    "RemoteAdmin-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=*|Name=@FirewallAPI.dll,-29753|Desc=@FirewallAPI.dll,-29756|EmbedCtxt=@FirewallAPI.dll,-29752|
    "RemoteDesktop-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|
    "WMI-ASYNC-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|
    "WMI-WINMGMT-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|
    "WMI-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|
    "CoreNet-GP-LSASS-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-DNS-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-GP-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-GP-NP-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-IPv6-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-IPHTTPS-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25427|Desc=@FirewallAPI.dll,-25429|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-Teredo-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-DHCPV6-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25305|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-DHCP-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-IGMP-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-LD-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-LR2-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-LR-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-LQ-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-RS-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA4=LocalSubnet|RA6=LocalSubnet|RA6=ff02::2|RA6=fe80::/64|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-RA-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA4=LocalSubnet|RA6=LocalSubnet|RA6=ff02::1|RA6=fe80::/64|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-NDA-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-NDS-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-PP-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-TE-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|
    "CoreNet-ICMP6-PTB-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|
    "FPS-LLMNR-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28550|Desc=@FirewallAPI.dll,-28551|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-ICMP6-ERQ-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-ICMP4-ERQ-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-NB_Datagram-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-NB_Name-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-SMB-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|
    "FPS-NB_Session-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|
    "NETDIS-FDRESPUB-WSD-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-LLMNR-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-FDPHOST-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-UPnP-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-SSDPSrv-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-WSDEVNT-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=5357|App=System|Name=@FirewallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-WSDEVNTS-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=5358|App=System|Name=@FirewallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-NB_Datagram-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=138|App=System|Name=@FirewallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-NB_Name-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=137|App=System|Name=@FirewallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|
    "NETDIS-UPnPHost-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@FirewallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|
    "{A460EF61-54C5-438A-A01A-D9DC938C4F34}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=Remote Assistance (DCOM-In)|Desc=Inbound rule for Remote Assistance to allow offers for assistance via DCOM. [TCP 135]|
    "{0AABDA7B-C8BC-4ABA-A528-8F2F35C76C16}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=Remote Assistance (PNRP-In)|Desc=Inbound rule for Remote Assistance to allow use Peer Name Resolution Protocol. [UDP 3540]|
    "{1A843BC2-4DC5-49C7-B090-BF81F7F1F3E8}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\raserver.exe|Name=Remote Assistance (RA Server TCP-In)|Desc=Inbound rule for Remote Assistance to allow offers for assistance. [TCP]|
    "{76DC1A5A-7DE1-47AB-8E17-520B2F994443}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP TCP-In)|Desc=Inbound rule for Remote Assistance to allow use of Universal Plug and Play. [TCP 2869]|
    "{813F24CF-3A72-4A6A-9422-8BF0CF924051}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP UDP-In)|Desc=Inbound rule for Remote Assistance to allow use of the Simple Service Discovery Protocol. [UDP 1900]|
    "{A6A79CA3-246D-430D-AFFB-3CDB31D7E158}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=Remote Assistance (TCP-In)|Desc=Inbound rule for Remote Assistance traffic. [TCP]|
    "{5CE5A3AE-910C-492F-96AB-F86D53EC6373}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=Remote Assistance (PNRP-Out)|Desc=Outbound rule for Remote Assistance to allow use of Peer Name Resolution Protocol. [UDP]|
    "{CBB9EC46-06AE-4F2E-B50C-16392DD8E4FF}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\raserver.exe|Name=Remote Assistance (RA Server TCP-Out)|Desc=Outbound rule for Remote Assistance to allow offers for assistance. [TCP]|
    "{0D07F8B9-6FD3-42C8-A8B3-6F758A412F63}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP TCP-Out)|Desc=Outbound rule for Remote Assistance to allow use of Universal Plug and Play. [TCP]|
    "{FA5BD56E-BCA7-48C3-8975-F2434F460BC8}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP UDP-Out)|Desc=Outbound rule for Remote Assistance to allow use of the Simple Service Discovery Protocol. [UDP 1900]|
    "{7D43157C-6142-47B8-B5E3-AB80A8304278}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=Remote Assistance (TCP-Out)|Desc=Outbound rule for Remote Assistance traffic. [TCP]|
     
  22. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    2/2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
    "DisableUnicastResponsesToMulticastBroadcast" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "AllowLocalPolicyMerge" = 1
    "AllowLocalIPsecPolicyMerge" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
    "DefaultInboundAction" = 1
    "EnableFirewall" = 1
    "AllowLocalPolicyMerge" = 1
    "DefaultOutboundAction" = 0
    "AllowLocalIPsecPolicyMerge" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 1
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03FCED8F-C481-4ABD-AAEA-0F854B984CE6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{11344E73-A038-4906-995A-0F6C225215CB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{11C9B6A3-1286-4DB8-8C0A-D98CE3DCDF43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{1E4100E8-1807-484D-8BCD-B101FA23CE3E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{289C6482-81B6-4EB3-B3BD-0AF6A067E56E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3F968841-7117-4A45-ACE9-3870C0105A57}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{43770286-6A9B-49D4-869D-5850D1D359F7}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{46E20E18-A1CB-4C01-BF74-BBD667B251BA}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{4D6784BC-2931-4834-B384-4F1006DD9D9E}" = lport=137 | protocol=17 | dir=in | app=system |
    "{4DB33342-52F0-4B52-ACA0-F39C751409CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{4DDD1ED0-22A9-43F5-A05F-7A3694561A1C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5457F245-B5FE-4B84-BAF3-DBA2C9D258D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{675E11E2-C3CC-4D5D-AE23-B52CF64A59BB}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6E9CB73F-46E9-4DAF-BDD7-1C68A91039CE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{70149DE7-8399-484A-96E0-8742D89CF826}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{778FFFDA-A8E0-4DDC-AC30-75FCEBD8ADAE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{79AF9ACD-374E-43DD-AAA8-83E9A45FF5B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{866F81F1-B258-494F-8A04-5F677F19F110}" = lport=445 | protocol=6 | dir=in | app=system |
    "{86A91E50-E64E-4F56-8671-C0FC07700AF9}" = rport=445 | protocol=6 | dir=out | app=system |
    "{8CDE3B5C-2BB4-460E-AD0A-2E429CE7A2E0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8D1DCC77-5E6D-4DF9-9723-D887868F538A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8FF87BD2-604D-4529-8AE9-4A345905B8C1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{91BF951E-57F0-4CE8-AA7A-41BE76FE02B1}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{96212DB8-1360-4B84-9D2B-7C31475F65D8}" = rport=138 | protocol=17 | dir=out | app=system |
    "{9A6F5B8D-1891-4F2B-93B7-5875B81113CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9F24E329-B8FB-41FC-9BDD-0FA0BD410B0F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{AA700B8B-3A12-4FFD-9E20-BB1C1D4D070A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{AE59F478-2837-4154-92AA-88F562B67A09}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{B1CEB7C3-BC23-447B-840B-3CC935EBBFE2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{BBF94CBB-57D7-475B-8D20-80651E8D1A1C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{C0C71C5F-16C6-4FB9-B03D-2D943B3A252E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C1FA1824-BD4C-4998-8B80-FE6F2A7F1F30}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{D854CFAC-A1E7-41E8-96EB-0AF6C289458E}" = rport=137 | protocol=17 | dir=out | app=system |
    "{DBD8292F-4B88-4781-B685-183FD55B91BF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DF21B017-B4FE-4633-9C15-DDE7A25BC022}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EBB64CA8-E0C2-409D-A72F-F49DB141565A}" = rport=139 | protocol=6 | dir=out | app=system |
    "{F05B71D7-9912-442E-A17A-F3D5B5CEDD16}" = lport=138 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0511F8D3-6C6E-46D7-AE6E-C434A9FF0930}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{08ECB300-A76A-4275-B97E-977F4DDBC761}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{097A95E8-6C70-4B41-B2DC-6CF938D1A943}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{0A6E1BFA-6582-485E-B8A8-D8036CFE772E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{1AF224DE-2B09-405C-8DED-CED48688C5BD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{1B432DE7-5215-4C29-AEC4-059DCDB5524E}" = dir=in | app=c:\program files (x86)\microsoft lync\ucmapi.exe |
    "{33524F3A-2C7B-49B5-A4F6-8018551598AB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{34075982-D024-4703-BC07-9BFAE87F61D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{35669107-5F8B-4C2E-BE76-F7E3E5C72259}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{360E1357-DD2F-4076-95A1-26E8C9338F6C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{3993EEF2-A11F-4937-81F7-9CB33E4169EA}" = protocol=17 | dir=in | app=c:\program files (x86)\gladinet\gladinet cloud desktop\gladinetclient.exe |
    "{3A63129C-6096-4EA9-8A76-4C20C5B5B6F1}" = protocol=6 | dir=out | app=system |
    "{3B35BFC7-F635-4F3B-A06A-D4C4E86E0EA9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{3B7DEAA0-52BC-4D57-AD1C-3F2C049305EC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{3C9A0379-7DBC-4F41-9C03-3C0A1F4FA716}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3E6B85AE-86E3-45FC-8221-44A2B58ABF57}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{43873C8A-F144-4CB3-9497-43444B4D54C0}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{44F73347-DDA4-4197-AF27-A995AC6E2FE1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{48314776-6298-4257-9DAF-B620D29CE753}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{497807C7-7B70-4DCD-9C90-51FDEB56B262}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{4E850815-7529-4DDF-913D-7E49C86F87C3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{6270AACF-2538-4785-98F8-B6FB187BD525}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68DFBC91-A323-4BD3-93C5-EA3CFADBCF16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{71CE4CC9-CAA2-4E72-AB4E-42AB9773818B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{7539FF0C-9C0C-4F6F-8726-E81EBA080192}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7D3D8540-3B8F-4B9B-89F5-4ACD3DE66CBB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{82FDBF81-A8E1-4754-A404-1BEFAF47B902}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{869B53FC-8576-426D-973C-5C972866BD6F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
    "{8A5E1D6E-8C66-44E5-8F75-C335243F1EA0}" = dir=in | app=f:\setup\hpznui40.exe |
    "{8F50BE14-29A1-4572-B508-2B70CAE21CB9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{923379BB-DE9A-4126-8546-23162344FE74}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{96B06765-243A-4988-BCBC-6361ADD5C030}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
    "{986F40BC-E350-4F4F-AE8C-D81D330334A3}" = dir=in | app=c:\program files\canon\dias\cnxdias.exe |
    "{99528586-B5FA-4C5E-BDB7-CF69EA1F61FF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
    "{A788AEFA-4F51-4CF3-9258-0B797DAFCAEC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
    "{B3F1A08C-0026-424B-A350-437A385CB70C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BF49A4F5-99E7-40FA-8A52-F3916BB30793}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C104A27A-4A95-445F-817E-E0F4DF4D4D63}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
    "{C168B648-EAE8-4F31-AA3C-9811AA013FE3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{C2939E60-C769-42CD-B64C-F9520D046661}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{CD1D85DC-975C-4AD4-B2F4-4E80A636BB9A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{D78A8396-D34A-46A5-ACA2-C29DD5FF990B}" = dir=in | app=c:\program files\microsoft lync\ucmapi64.exe |
    "{D839E557-8ABE-41B0-A6D5-F2D692C09F7A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{D913BB3E-3CD6-4B1E-B31E-972047C613D4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{DD5FB1B9-9B71-4768-8DE5-856BDF587E41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{EA1F4EEC-80FE-4C4C-9CCC-2B5D42FE7834}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{ED3B283B-FF31-4021-B392-F0A8FA809773}" = protocol=6 | dir=in | app=c:\program files (x86)\gladinet\gladinet cloud desktop\gladinetclient.exe |
    "{F468C8E1-BEA9-4C3F-A0A9-7889291B496F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{6F83D407-1073-4AF3-84F1-DCBFC2871837}C:\program files (x86)\microsoft lync\communicator.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe |
    "UDP Query User{987CFBF8-77A1-4C5B-BBAB-F28CB688D74C}C:\program files (x86)\microsoft lync\communicator.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
    "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
    "{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
    "{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4C8C6D37-CA3C-4EF6-A1E5-0D188E7B6021}" = HP Officejet 6500 E709 Series
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{81BE0B17-563B-45D4-B198-5721E6C665CD}" = Microsoft Lync 2010
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{CB974C3D-D101-4411-8F54-DCDC58DED815}" = Protector Suite 2009
    "{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{E20B2752-0909-4B28-B8A9-A9BE519CA1A1}" = Microsoft Online Services Sign-in Assistant
    "{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
    "{F08E87FD-F62B-4BAC-A2D6-A94755653F30}" = WebDrive
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    "930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
    "CutePDF Writer Installation" = CutePDF Writer 2.8
    "HP Document Manager" = HP Document Manager 2.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v3.7.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "NVIDIA Drivers" = NVIDIA Drivers
    "ProInst" = Intel PROSet Wireless
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
    "{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{11968F04-71FB-4C8C-B4D8-14FA4171EE36}" = 6500_E709_Help_BasicWeb
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
    "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 30
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
    "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
    "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix online plug-in (USB)
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{70991E0A-1108-437E-BA7D-085702C670C0}" =
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7ED89AE0-5832-4ED3-B29A-099F65295E82}" = Qualcomm Gobi 2000 Package for Sony
    "{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Power Management
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
    "{86196C81-759C-4F74-8DFF-36F9F50FEEAC}" = 6500_E709_BasicWeb
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_VISPROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPROR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PRJPROR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPROR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
    "{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPROR_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PRJPROR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
    "{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
    "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C538746-C2DC-40FC-B1FB-D4EA7966ABEB}" = Skype™ 5.0
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
    "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
    "{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
    "{D6A0DD73-6EF2-9A8D-6F60-4F338F922B37}" = BBC iPlayer Desktop
    "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ECCA150B-31A5-412E-B8D0-4CB5DDA900D3}" = Adobe Shockwave Player 11.5
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "{FAD96046-769E-4A4B-949B-8D29D885EFD6}" = BPDSoftware_Ini
    "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
    "Astaro SSL VPN Client" = Astaro SSL VPN Client 1.7
    "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
    "CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
    "Google Chrome" = Google Chrome
    "Huawei Modems" = Huawei modem
    "InternetEverywhere" = Internet Everywhere
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Office14.PRJPROR" = Microsoft Project Professional 2010
    "Office14.SingleImage" = Microsoft Office Home and Business 2010
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "Rapport_msi" = Rapport
    "TeamViewer 7" = TeamViewer 7
    "T-Mobile Internet Manager" = T-Mobile Internet Manager
    "VAIO Help and Support" =
    "VAIO Premium Partners" = VAIO Premium Partners
    "VAIO screensaver" = VAIO screensaver
    "VISPROR" = Microsoft Office Visio Professional 2007
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3000817141-1124392607-3766751980-1122\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "ActiveTouchMeetingClient" = WebEx

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/19/2012 11:42:29 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5210

    Error - 9/19/2012 11:42:31 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/19/2012 11:42:31 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 6302

    Error - 9/19/2012 11:42:31 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 6302

    Error - 9/19/2012 11:42:32 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/19/2012 11:42:32 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 7301

    Error - 9/19/2012 11:42:32 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7301

    Error - 9/19/2012 11:42:33 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/19/2012 11:42:33 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 8377

    Error - 9/19/2012 11:42:33 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 8377

    [ OSession Events ]
    Error - 3/9/2011 11:16:28 AM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 98599
    seconds with 20460 seconds of active time. This session ended with a crash.

    Error - 3/15/2011 10:55:37 AM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 341887
    seconds with 15600 seconds of active time. This session ended with a crash.

    Error - 3/23/2011 11:21:08 AM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 785524
    seconds with 16560 seconds of active time. This session ended with a crash.

    Error - 4/26/2011 7:04:08 AM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 531572
    seconds with 5820 seconds of active time. This session ended with a crash.

    Error - 1/15/2012 12:37:06 PM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8801
    seconds with 5820 seconds of active time. This session ended with a crash.

    Error - 1/15/2012 12:44:29 PM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 434
    seconds with 240 seconds of active time. This session ended with a crash.

    Error - 6/7/2012 5:37:17 PM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 579270
    seconds with 8880 seconds of active time. This session ended with a crash.

    Error - 6/22/2012 4:15:03 AM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
    12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1674
    seconds with 480 seconds of active time. This session ended with a crash.

    Error - 6/22/2012 4:26:36 AM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
    12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 671
    seconds with 540 seconds of active time. This session ended with a crash.

    Error - 6/22/2012 5:16:38 AM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
    12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2988
    seconds with 1800 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 10/11/2012 1:43:05 AM | Computer Name = Swith-MARS.mchj.local | Source = Service Control Manager | ID = 7000
    Description = The Mobile IP Route Manager service failed to start due to the following
    error: %%1275

    Error - 10/11/2012 1:43:08 AM | Computer Name = Swith-MARS.mchj.local | Source = NETLOGON | ID = 5719
    Description = This computer was not able to set up a secure session with a domain
    controller
    in domain MCHJ due to the following: %%1311 This may lead to authentication problems.
    Make sure that this computer is connected to the network. If the problem persists,
    please
    contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
    for the specified domain, it sets up the secure session to the primary domain controller
    emulator in the specified domain. Otherwise, this computer sets up the secure session
    to any domain controller in the specified domain.

    Error - 10/11/2012 1:43:13 AM | Computer Name = Swith-MARS.mchj.local | Source = Service Control Manager | ID = 7000
    Description = The McAfee SiteAdvisor Service service failed to start due to the
    following error: %%2

    Error - 10/11/2012 1:44:12 AM | Computer Name = Swith-MARS.mchj.local | Source = DCOM | ID = 10016
    Description =

    Error - 10/11/2012 1:44:58 AM | Computer Name = Swith-MARS.mchj.local | Source = Service Control Manager | ID = 7022
    Description = The Windows Image Acquisition (WIA) service hung on starting.

    Error - 10/11/2012 1:44:58 AM | Computer Name = Swith-MARS.mchj.local | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 10/11/2012 1:44:59 AM | Computer Name = Swith-MARS.mchj.local | Source = DCOM | ID = 10016
    Description =

    Error - 10/11/2012 1:45:09 AM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
    Description = The processing of Group Policy failed because of lack of network connectivity
    to a domain controller. This may be a transient condition. A success message would
    be generated once the machine gets connected to the domain controller and Group
    Policy has succesfully processed. If you do not see a success message for several
    hours, then contact your administrator.

    Error - 10/11/2012 1:47:31 AM | Computer Name = Swith-MARS.mchj.local | Source = TermService | ID = 1067
    Description =

    Error - 10/11/2012 2:21:57 AM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
    Description = The processing of Group Policy failed because of lack of network connectivity
    to a domain controller. This may be a transient condition. A success message would
    be generated once the machine gets connected to the domain controller and Group
    Policy has succesfully processed. If you do not see a success message for several
    hours, then contact your administrator.


    < End of report >
     
  23. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    All good though Broni: no obvious issues. Seems to be fine. Look clean to you?
     
  24. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Cool :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
      O3 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKU\S-1-5-21-819168926-2306700828-1092731191-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O4 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
      O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
      O15 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..Trusted Domains: rbs.com ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..Trusted Domains: rbs.com ([connect] https in Trusted sites)
      O15 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..Trusted Domains: rbsgrp.net ([]https in Trusted sites)
      O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
      [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  25. Jimmy99

    Jimmy99 TS Rookie Topic Starter Posts: 39

    OTL...

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3000817141-1124392607-3766751980-1122\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_USERS\S-1-5-21-819168926-2306700828-1092731191-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3000817141-1124392607-3766751980-1122\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
    Registry key HKEY_USERS\S-1-5-21-3000817141-1124392607-3766751980-1122\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rbs.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3000817141-1124392607-3766751980-1122\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rbs.com\connect\ not found.
    Registry key HKEY_USERS\S-1-5-21-3000817141-1124392607-3766751980-1122\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rbsgrp.net\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\sacore\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}\ deleted successfully.
    File {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found not found.
    C:\Windows\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: CBrennan
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 8420012 bytes
    ->Flash cache emptied: 80595 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56504 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: focusedit
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 7140 bytes
    ->Flash cache emptied: 56502 bytes

    User: grenault
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 28333875 bytes
    ->Flash cache emptied: 20698 bytes

    User: gtrehiou
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 57896609 bytes
    ->Java cache emptied: 488 bytes
    ->Flash cache emptied: 9111 bytes

    User: lkimpton
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 26049982 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 13794 bytes

    User: marsadmin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 53102654 bytes
    ->Java cache emptied: 2023 bytes
    ->Flash cache emptied: 57316 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: smason
    ->Temp folder emptied: 4734332 bytes
    ->Temporary Internet Files folder emptied: 404683209 bytes
    ->Java cache emptied: 1289121 bytes
    ->Flash cache emptied: 83662 bytes

    User: Swith
    ->Temporary Internet Files folder emptied: 483673952 bytes
    ->Java cache emptied: 10928876 bytes
    ->Flash cache emptied: 82890 bytes

    User: tempadmin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 2702403 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 57266 bytes

    User: vbreese
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33237 bytes
    ->Flash cache emptied: 26248 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 1526784 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 98863 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66876 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,034.00 mb


    [EMPTYJAVA]

    User: All Users

    User: CBrennan

    User: Default

    User: Default User

    User: focusedit
    ->Java cache emptied: 0 bytes

    User: grenault

    User: gtrehiou
    ->Java cache emptied: 0 bytes

    User: lkimpton
    ->Java cache emptied: 0 bytes

    User: marsadmin
    ->Java cache emptied: 0 bytes

    User: Public

    User: smason
    ->Java cache emptied: 0 bytes

    User: Swith
    ->Java cache emptied: 0 bytes

    User: tempadmin
    ->Java cache emptied: 0 bytes

    User: vbreese

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: CBrennan
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: focusedit
    ->Flash cache emptied: 0 bytes

    User: grenault
    ->Flash cache emptied: 0 bytes

    User: gtrehiou
    ->Flash cache emptied: 0 bytes

    User: lkimpton
    ->Flash cache emptied: 0 bytes

    User: marsadmin
    ->Flash cache emptied: 0 bytes

    User: Public

    User: smason
    ->Flash cache emptied: 0 bytes

    User: Swith
    ->Flash cache emptied: 0 bytes

    User: tempadmin
    ->Flash cache emptied: 0 bytes

    User: vbreese
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10152012_192259
    Files\Folders moved on Reboot...
    File\Folder C:\Users\smason\AppData\Local\Temp\hsperfdata_SMason\8596 not found!
    C:\Users\smason\AppData\Local\Temp\ExchangePerflog_8484fa31b9f56a3ab6f4d04e.dat moved successfully.
    C:\Users\smason\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XUXEZQ5M\optn=64[3].htm moved successfully.
    C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTMT06TX\google_co_uk[1].htm moved successfully.
    C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTMT06TX\page-2[1].htm moved successfully.
    C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTMT06TX\partner[5].htm moved successfully.
    C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTMT06TX\partner[6].htm moved successfully.
    C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTMT06TX\partner[7].htm moved successfully.
    C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6W3F4IJ\4773[1].htm moved successfully.
    C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6W3F4IJ\pixel[7].htm moved successfully.
    C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IN2J55GD\my.logon[2].htm moved successfully.
    C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IN2J55GD\timing[2].txt moved successfully.
    C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IN2J55GD\um[1].htm moved successfully.
    C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.