Sirefef.y virus removal and 60 second reboot loop

Inactive
By Midian76
Oct 28, 2012
  1. Hello Forum,

    I have a similar issue to the one this gentlemen had:

    http://www.techspot.com/community/topics/sirefef-removal-60-seconds-reboot.181609/

    I am infected with the Sirefef.y virus. It has disabled Windows Defender, Security Essentials and Windows update. I am able to run MBAM which did clean out a bunch of infections initially but it's not picking up anything further.
    If I try to reinstall Security Essentials I end up in the 'critical error and reboot after 60 seconds warning' loop. I have this same problem in Safe Mode.

    I am running Windows 7 Home Premium 64bit. I ran the Farbar Recovery Scan Tool 64-Bit. I'll post the FRST64.txt log in the next message. I'm hoping someone can help me.

    Cheers,

    -Jeff
  2. Midian76

    Midian76 Newcomer, in training Topic Starter Posts: 16

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2012
    Ran by SYSTEM at 28-10-2012 07:38:01
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [Launch LCore] "C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized [110360 2011-07-28] (Logitech Inc.)
    HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-09-15] ()
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-11-23] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
    HKU\David\...\Run: [fsm] [x]
    HKU\David\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit [1160224 2012-08-28] (Soluto)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

    ==================== Services (Whitelisted) ===================

    3 Akamai; C:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll [4537664 2012-08-30] (Akamai Technologies, Inc.)
    2 CLKMSVC10_C6F09094; "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe" /svc [245232 2010-11-25] (CyberLink)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 RealNetworks Downloader Resolver Service; "C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe" [31408 2011-12-02] ()

    ==================== Drivers (Whitelisted) =====================

    3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121280 2010-04-07] (SlySoft, Inc.)
    3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [121280 2010-04-07] (SlySoft, Inc.)
    3 HCW723x; C:\Windows\System32\Drivers\HCW723x.sys [1799552 2009-12-15] (Hauppauge Computer Works, Inc.)
    0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation)
    3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation)
    2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-08-28] (CyberLink Corp.)
    3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-10-28 07:37 - 2012-10-28 07:37 - 00000000 ____D C:\FRST
    2012-10-27 18:37 - 2012-10-27 23:52 - 00000000 ___SD C:\32788R22FWJFW
    2012-10-27 16:42 - 2012-09-29 14:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-10-27 14:33 - 2012-10-27 14:33 - 00000000 ____D C:\Users\David\AppData\Roaming\Malwarebytes
    2012-10-27 14:30 - 2012-10-27 16:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-27 14:30 - 2012-10-27 14:30 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-10-25 07:59 - 2012-10-25 07:59 - 00616017 ____A C:\Users\David\Downloads\Christopher Hitchens - god is not Great (How Religion Poisons E.mobi
    2012-10-25 07:59 - 2012-10-25 07:59 - 00616017 ____A C:\Users\David\Desktop\Christopher Hitchens - god is not Great (How Religion Poisons E.mobi
    2012-10-20 13:48 - 2012-10-20 13:48 - 00000000 ____D C:\Users\David\Desktop\A Devil's Chaplain
    2012-10-20 13:43 - 2012-10-20 13:44 - 00000000 ____D C:\Users\David\Desktop\NYT Bestsellers September October 2012
    2012-10-19 09:18 - 2012-10-19 09:19 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-1.65.1.1000.exe
    2012-10-19 07:48 - 2012-10-27 18:58 - 00000000 ___RD C:\Users\David\Desktop\SHORTCUTS
    2012-10-19 04:32 - 2012-10-19 08:20 - 00000000 ____D C:\Users\David\Desktop\Dad
    2012-10-10 12:45 - 2012-10-10 12:45 - 00011073 ____A C:\Users\David\Downloads\SatClinics (1).html
    2012-10-07 12:00 - 2012-10-07 10:31 - 00396018 ____A C:\Users\David\Desktop\Groucho and Me - Groucho Marx.mobi
    2012-10-07 12:00 - 2012-10-04 15:39 - 00317706 ____A C:\Users\David\Desktop\I Suck at Girls - Justin Halpern.mobi
    2012-10-01 14:33 - 2012-10-01 14:33 - 00011073 ____A C:\Users\David\Downloads\SatClinics.html

    ==================== 3 Months Modified Files ==================

    2012-10-28 02:31 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-28 02:31 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-28 02:11 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-28 02:11 - 2009-07-13 20:51 - 00159291 ____A C:\Windows\setupact.log
    2012-10-27 17:23 - 2011-03-04 12:21 - 00423142 ____A C:\Windows\PFRO.log
    2012-10-27 17:22 - 2012-03-10 10:08 - 00002243 ____A C:\Windows\epplauncher.mif
    2012-10-27 17:18 - 2011-02-17 11:29 - 01960377 ____A C:\Windows\WindowsUpdate.log
    2012-10-27 16:36 - 2009-07-13 21:08 - 00032536 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-10-25 07:59 - 2012-10-25 07:59 - 00616017 ____A C:\Users\David\Downloads\Christopher Hitchens - god is not Great (How Religion Poisons E.mobi
    2012-10-25 07:59 - 2012-10-25 07:59 - 00616017 ____A C:\Users\David\Desktop\Christopher Hitchens - god is not Great (How Religion Poisons E.mobi
    2012-10-22 07:52 - 2012-02-25 14:32 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-135675634-2142226353-352299039-1000UA.job
    2012-10-22 07:46 - 2011-07-03 13:58 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-20 16:52 - 2012-02-25 14:32 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-135675634-2142226353-352299039-1000Core.job
    2012-10-20 13:42 - 2009-07-13 21:13 - 00730572 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-10-19 09:31 - 2011-07-21 07:58 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForDavid.job
    2012-10-19 09:31 - 2011-07-03 13:58 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-10-19 09:19 - 2012-10-19 09:18 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-1.65.1.1000.exe
    2012-10-19 09:11 - 2011-03-10 07:56 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-10-14 13:52 - 2011-03-05 08:56 - 00007308 __ASH C:\Users\All Users\KGyGaAvL.sys
    2012-10-11 13:45 - 2012-03-10 10:56 - 00006212 ____A C:\Users\David\AppData\Roaming\wklnhst.dat
    2012-10-10 12:45 - 2012-10-10 12:45 - 00011073 ____A C:\Users\David\Downloads\SatClinics (1).html
    2012-10-07 10:31 - 2012-10-07 12:00 - 00396018 ____A C:\Users\David\Desktop\Groucho and Me - Groucho Marx.mobi
    2012-10-04 15:39 - 2012-10-07 12:00 - 00317706 ____A C:\Users\David\Desktop\I Suck at Girls - Justin Halpern.mobi
    2012-10-01 14:33 - 2012-10-01 14:33 - 00011073 ____A C:\Users\David\Downloads\SatClinics.html
    2012-09-29 14:54 - 2012-10-27 16:42 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-26 11:06 - 2011-06-03 18:06 - 00000356 ____A C:\Windows\Tasks\HPCeeScheduleForDAVID-HPPC-2011$.job
    2012-09-19 18:09 - 2012-01-09 19:18 - 00001771 ____A C:\Users\David\AppData\Roaming\Rim.DesktopHelper.Exception.log
    2012-09-19 18:09 - 2012-01-09 19:18 - 00001617 ____A C:\Users\David\AppData\Roaming\Rim.Desktop.Exception.log
    2012-09-12 15:10 - 2012-01-09 19:03 - 00002907 ____A C:\Users\David\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2012-09-03 15:14 - 2012-09-03 14:54 - 05272849 ____A C:\Users\David\Downloads\Dietrich, Marlene.zip
    2012-08-28 10:32 - 2012-03-10 10:18 - 00054728 ____A (Soluto LTD.) C:\Windows\System32\Drivers\Soluto.sys
    2012-08-26 11:01 - 2012-04-17 06:52 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-26 11:01 - 2011-05-14 06:02 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    ZeroAccess:
    C:\Windows\Installer\{952cc8e1-d451-0e38-bf20-b8fddcb773a2}
    C:\Windows\Installer\{952cc8e1-d451-0e38-bf20-b8fddcb773a2}\@
    C:\Windows\Installer\{952cc8e1-d451-0e38-bf20-b8fddcb773a2}\L
    C:\Windows\Installer\{952cc8e1-d451-0e38-bf20-b8fddcb773a2}\U
    C:\Windows\Installer\{952cc8e1-d451-0e38-bf20-b8fddcb773a2}\U\00000001.@

    ZeroAccess:
    C:\Users\David\AppData\Local\{952cc8e1-d451-0e38-bf20-b8fddcb773a2}
    C:\Users\David\AppData\Local\{952cc8e1-d451-0e38-bf20-b8fddcb773a2}\@
    C:\Users\David\AppData\Local\{952cc8e1-d451-0e38-bf20-b8fddcb773a2}\L
    C:\Users\David\AppData\Local\{952cc8e1-d451-0e38-bf20-b8fddcb773a2}\n
    C:\Users\David\AppData\Local\{952cc8e1-d451-0e38-bf20-b8fddcb773a2}\U
    C:\Users\David\AppData\Local\{952cc8e1-d451-0e38-bf20-b8fddcb773a2}\U\00000001.@
    C:\Users\David\AppData\Local\{952cc8e1-d451-0e38-bf20-b8fddcb773a2}\U\80000000.@
    C:\Users\David\AppData\Local\{952cc8e1-d451-0e38-bf20-b8fddcb773a2}\U\800000cb.@

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-10-27 17:42:35

    ==================== Memory info ===========================

    Percentage of memory in use: 12%
    Total physical RAM: 8191.28 MB
    Available physical RAM: 7161.05 MB
    Total Pagefile: 8189.43 MB
    Available Pagefile: 7140.52 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:1383.63 GB) (Free:561.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (one terrabyte) (Fixed) (Total:931.5 GB) (Free:18.61 GB) NTFS
    3 Drive f: (HP_RECOVERY) (Fixed) (Total:13.53 GB) (Free:1.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    5 Drive h: (PATRIOT) (Removable) (Total:14.91 GB) (Free:0.03 GB) NTFS
    10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    11 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 1397 GB 0 B
    Disk 1 Online 931 GB 6144 KB
    Disk 2 Online 14 GB 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 1383 GB 101 MB
    Partition 3 Primary 13 GB 1383 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 1383 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F HP_RECOVERY NTFS Partition 13 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 0 Extended 931 GB 8032 KB
    Partition 1 Logical 931 GB 8064 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 D one terraby NTFS Partition 931 GB Healthy

    =========================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 14 GB 4032 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H PATRIOT NTFS Removable 14 GB Healthy

    =========================================================

    Last Boot: 2012-10-26 12:32

    ==================== End Of Log =============================
  3. Broni

    Broni Malware Annihilator Posts: 46,423   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.
  4. Midian76

    Midian76 Newcomer, in training Topic Starter Posts: 16

    Hi Broni,

    Thank you so much for the prompt reply. I really do appreciate it. Here's the Search.txt log:


    Farbar Recovery Scan Tool (x64) Version: 26-10-2012
    Ran by SYSTEM at 2012-10-28 15:20:33
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
  5. Broni

    Broni Malware Annihilator Posts: 46,423   +252

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    ================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    Attached Files:

  6. Midian76

    Midian76 Newcomer, in training Topic Starter Posts: 16

    Ok done. Here are all the logs in the next several posts.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2012
    Ran by SYSTEM at 2012-10-28 15:58:04 Run:1
    Running from H:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_USERS\David\Software\Microsoft\Windows\CurrentVersion\Run\\fsm Value deleted successfully.
    C:\Windows\Installer\{952cc8e1-d451-0e38-bf20-b8fddcb773a2} moved successfully.
    C:\Users\David\AppData\Local\{952cc8e1-d451-0e38-bf20-b8fddcb773a2} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
  7. Midian76

    Midian76 Newcomer, in training Topic Starter Posts: 16

    16:03:31.0442 3348 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    16:03:34.0000 3348 ============================================================
    16:03:34.0000 3348 Current date / time: 2012/10/28 16:03:34.0000
    16:03:34.0000 3348 SystemInfo:
    16:03:34.0000 3348
    16:03:34.0000 3348 OS Version: 6.1.7601 ServicePack: 1.0
    16:03:34.0000 3348 Product type: Workstation
    16:03:34.0000 3348 ComputerName: DAVID-HPPC-2011
    16:03:34.0047 3348 UserName: David
    16:03:34.0047 3348 Windows directory: C:\Windows
    16:03:34.0047 3348 System windows directory: C:\Windows
    16:03:34.0047 3348 Running under WOW64
    16:03:34.0047 3348 Processor architecture: Intel x64
    16:03:34.0047 3348 Number of processors: 6
    16:03:34.0047 3348 Page size: 0x1000
    16:03:34.0047 3348 Boot type: Normal boot
    16:03:34.0047 3348 ============================================================
    16:04:02.0267 3348 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:04:02.0361 3348 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:04:02.0392 3348 Drive \Device\Harddisk2\DR2 - Size: 0x3BA800000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    16:04:02.0423 3348 ============================================================
    16:04:02.0423 3348 \Device\Harddisk0\DR0:
    16:04:02.0454 3348 MBR partitions:
    16:04:02.0454 3348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    16:04:02.0454 3348 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xACF43800
    16:04:02.0454 3348 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xACF76000, BlocksNum 0x1B11000
    16:04:02.0454 3348 \Device\Harddisk1\DR1:
    16:04:02.0501 3348 MBR partitions:
    16:04:02.0688 3348 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x74701AC1
    16:04:02.0688 3348 \Device\Harddisk2\DR2:
    16:04:02.0688 3348 MBR partitions:
    16:04:02.0688 3348 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x1F80, BlocksNum 0x1DD2080
    16:04:02.0688 3348 ============================================================
    16:04:03.0203 3348 C: <-> \Device\Harddisk0\DR0\Partition2
    16:04:03.0453 3348 D: <-> \Device\Harddisk0\DR0\Partition3
    16:04:03.0952 3348 F: <-> \Device\Harddisk1\DR1\Partition1
    16:04:03.0952 3348 ============================================================
    16:04:03.0952 3348 Initialize success
    16:04:03.0952 3348 ============================================================
    16:04:16.0806 3596 ============================================================
    16:04:16.0806 3596 Scan started
    16:04:16.0806 3596 Mode: Manual;
    16:04:16.0806 3596 ============================================================
    16:04:57.0694 3596 ================ Scan system memory ========================
    16:04:57.0694 3596 System memory - ok
    16:04:57.0694 3596 ================ Scan services =============================
    16:05:00.0892 3596 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    16:05:00.0970 3596 1394ohci - ok
    16:05:01.0204 3596 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    16:05:01.0235 3596 ACPI - ok
    16:05:01.0345 3596 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    16:05:01.0423 3596 AcpiPmi - ok
    16:05:02.0265 3596 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    16:05:02.0265 3596 AdobeARMservice - ok
    16:05:02.0515 3596 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    16:05:02.0608 3596 adp94xx - ok
    16:05:02.0873 3596 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    16:05:03.0045 3596 adpahci - ok
    16:05:03.0295 3596 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    16:05:03.0326 3596 adpu320 - ok
    16:05:03.0451 3596 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    16:05:03.0466 3596 AeLookupSvc - ok
    16:05:03.0825 3596 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    16:05:03.0856 3596 AFD - ok
    16:05:04.0028 3596 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    16:05:04.0137 3596 agp440 - ok
    16:05:05.0978 3596 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll
    16:05:05.0978 3596 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
    16:05:05.0993 3596 Akamai ( HiddenFile.Multi.Generic ) - warning
    16:05:05.0993 3596 Akamai - detected HiddenFile.Multi.Generic (1)
    16:05:06.0103 3596 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    16:05:06.0165 3596 ALG - ok
    16:05:06.0274 3596 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    16:05:06.0305 3596 aliide - ok
    16:05:06.0446 3596 [ 694B7056F66A9DFFE18836655477589A ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    16:05:06.0461 3596 AMD External Events Utility - ok
    16:05:06.0524 3596 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    16:05:06.0555 3596 amdide - ok
    16:05:06.0711 3596 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    16:05:06.0742 3596 AmdK8 - ok
    16:05:08.0708 3596 [ 600C89344A1DC910E5AF3852A0BC86F4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    16:05:09.0098 3596 amdkmdag - ok
    16:05:09.0363 3596 [ B191851B6FBF30532470D3541A104EEF ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    16:05:09.0457 3596 amdkmdap - ok
    16:05:09.0597 3596 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    16:05:09.0597 3596 AmdPPM - ok
    16:05:09.0769 3596 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    16:05:09.0847 3596 amdsata - ok
    16:05:10.0174 3596 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    16:05:10.0268 3596 amdsbs - ok
    16:05:10.0408 3596 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    16:05:10.0408 3596 amdxata - ok
    16:05:10.0533 3596 [ 8A2B4818215D8A6FF54DC3F0D63CBB2D ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
    16:05:10.0533 3596 amd_sata - ok
    16:05:10.0595 3596 [ A2D8977623E13591B15F6370C6CC37B0 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
    16:05:10.0595 3596 amd_xata - ok
    16:05:11.0251 3596 [ 454B3CB335089B674917247CA67D5BB0 ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
    16:05:11.0251 3596 AnyDVD - ok
    16:05:12.0155 3596 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    16:05:12.0389 3596 AppID - ok
    16:05:12.0873 3596 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    16:05:13.0123 3596 AppIDSvc - ok
    16:05:13.0575 3596 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    16:05:13.0715 3596 Appinfo - ok
    16:05:14.0230 3596 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    16:05:14.0511 3596 arc - ok
    16:05:14.0854 3596 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    16:05:15.0229 3596 arcsas - ok
    16:05:15.0556 3596 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    16:05:15.0681 3596 AsyncMac - ok
    16:05:16.0165 3596 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    16:05:16.0258 3596 atapi - ok
    16:05:16.0570 3596 [ E02B26650ACC2F4901342D4A66774AD7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
    16:05:16.0586 3596 AtiHDAudioService - ok
    16:05:16.0882 3596 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
    16:05:16.0882 3596 AtiPcie - ok
    16:05:18.0146 3596 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    16:05:18.0395 3596 AudioEndpointBuilder - ok
    16:05:19.0706 3596 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    16:05:19.0721 3596 AudioSrv - ok
    16:05:20.0455 3596 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    16:05:20.0548 3596 AxInstSV - ok
    16:05:21.0515 3596 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    16:05:21.0921 3596 b06bdrv - ok
    16:05:22.0779 3596 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    16:05:23.0075 3596 b57nd60a - ok
    16:05:23.0815 3596 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    16:05:23.0965 3596 BBSvc - ok
    16:05:24.0121 3596 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    16:05:24.0153 3596 BDESVC - ok
    16:05:24.0309 3596 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    16:05:24.0340 3596 Beep - ok
    16:05:24.0621 3596 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    16:05:24.0667 3596 blbdrive - ok
    16:05:25.0026 3596 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    16:05:25.0042 3596 bowser - ok
    16:05:25.0338 3596 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    16:05:25.0401 3596 BrFiltLo - ok
    16:05:25.0432 3596 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    16:05:25.0619 3596 BrFiltUp - ok
    16:05:25.0759 3596 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
    16:05:25.0822 3596 Browser - ok
    16:05:26.0118 3596 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    16:05:26.0321 3596 Brserid - ok
    16:05:26.0383 3596 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    16:05:26.0430 3596 BrSerWdm - ok
    16:05:26.0508 3596 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    16:05:26.0524 3596 BrUsbMdm - ok
    16:05:27.0353 3596 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    16:05:27.0385 3596 BrUsbSer - ok
    16:05:27.0494 3596 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    16:05:27.0525 3596 BTHMODEM - ok
    16:05:27.0821 3596 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    16:05:27.0884 3596 bthserv - ok
    16:05:28.0040 3596 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    16:05:28.0149 3596 cdfs - ok
    16:05:28.0445 3596 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    16:05:28.0492 3596 cdrom - ok
    16:05:28.0882 3596 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    16:05:29.0007 3596 CertPropSvc - ok
    16:05:29.0350 3596 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    16:05:29.0350 3596 circlass - ok
    16:05:29.0475 3596 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    16:05:29.0615 3596 CLFS - ok
    16:05:30.0302 3596 [ DEDE5EC7DC09D840D5D74E06FF4DE127 ] CLKMSVC10_C6F09094 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
    16:05:30.0349 3596 CLKMSVC10_C6F09094 - ok
    16:05:31.0113 3596 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:05:31.0441 3596 clr_optimization_v2.0.50727_32 - ok
    16:05:31.0877 3596 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    16:05:31.0893 3596 clr_optimization_v2.0.50727_64 - ok
    16:05:32.0798 3596 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:05:33.0765 3596 clr_optimization_v4.0.30319_32 - ok
    16:05:34.0061 3596 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    16:05:34.0077 3596 clr_optimization_v4.0.30319_64 - ok
    16:05:34.0249 3596 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    16:05:34.0249 3596 CmBatt - ok
    16:05:34.0295 3596 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    16:05:34.0295 3596 cmdide - ok
    16:05:34.0483 3596 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys
    16:05:34.0483 3596 CNG - ok
    16:05:34.0498 3596 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    16:05:34.0498 3596 Compbatt - ok
    16:05:34.0607 3596 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    16:05:34.0639 3596 CompositeBus - ok
    16:05:34.0670 3596 COMSysApp - ok
    16:05:34.0748 3596 cpuz135 - ok
    16:05:34.0779 3596 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    16:05:34.0779 3596 crcdisk - ok
    16:05:34.0966 3596 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    16:05:34.0982 3596 CryptSvc - ok
    16:05:35.0653 3596 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    16:05:35.0668 3596 cvhsvc - ok
    16:05:35.0777 3596 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    16:05:35.0809 3596 DcomLaunch - ok
    16:05:36.0011 3596 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    16:05:36.0011 3596 defragsvc - ok
    16:05:36.0105 3596 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    16:05:36.0152 3596 DfsC - ok
    16:05:36.0448 3596 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    16:05:36.0464 3596 Dhcp - ok
    16:05:36.0495 3596 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    16:05:36.0495 3596 discache - ok
    16:05:36.0557 3596 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    16:05:36.0557 3596 Disk - ok
    16:05:36.0620 3596 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    16:05:36.0620 3596 Dnscache - ok
    16:05:36.0729 3596 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    16:05:36.0760 3596 dot3svc - ok
    16:05:36.0823 3596 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    16:05:36.0823 3596 DPS - ok
    16:05:36.0885 3596 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    16:05:36.0916 3596 drmkaud - ok
    16:05:37.0275 3596 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    16:05:37.0275 3596 DXGKrnl - ok
    16:05:37.0369 3596 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    16:05:37.0384 3596 EapHost - ok
    16:05:37.0587 3596 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    16:05:37.0868 3596 ebdrv - ok
    16:05:37.0915 3596 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    16:05:37.0915 3596 EFS - ok
    16:05:38.0008 3596 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    16:05:38.0039 3596 ehRecvr - ok
    16:05:38.0102 3596 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    16:05:38.0149 3596 ehSched - ok
    16:05:38.0242 3596 [ A14D6E3EF78F6D6AC42F98D633F2400A ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
    16:05:38.0242 3596 ElbyCDIO - ok
    16:05:38.0398 3596 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    16:05:38.0414 3596 elxstor - ok
    16:05:38.0476 3596 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    16:05:38.0507 3596 ErrDev - ok
    16:05:38.0570 3596 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    16:05:38.0570 3596 EventSystem - ok
    16:05:38.0632 3596 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    16:05:38.0648 3596 exfat - ok
    16:05:38.0726 3596 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    16:05:38.0773 3596 fastfat - ok
    16:05:38.0960 3596 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    16:05:38.0991 3596 Fax - ok
    16:05:39.0022 3596 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    16:05:39.0022 3596 fdc - ok
    16:05:39.0085 3596 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    16:05:39.0085 3596 fdPHost - ok
    16:05:39.0131 3596 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    16:05:39.0131 3596 FDResPub - ok
    16:05:39.0147 3596 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    16:05:39.0147 3596 FileInfo - ok
    16:05:39.0163 3596 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    16:05:39.0163 3596 Filetrace - ok
    16:05:39.0209 3596 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    16:05:39.0209 3596 flpydisk - ok
    16:05:39.0272 3596 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    16:05:39.0272 3596 FltMgr - ok
    16:05:39.0365 3596 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    16:05:39.0397 3596 FontCache - ok
    16:05:39.0537 3596 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    16:05:39.0537 3596 FontCache3.0.0.0 - ok
    16:05:39.0553 3596 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    16:05:39.0553 3596 FsDepends - ok
    16:05:39.0584 3596 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    16:05:39.0584 3596 Fs_Rec - ok
    16:05:39.0677 3596 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    16:05:39.0677 3596 fvevol - ok
    16:05:39.0724 3596 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    16:05:39.0724 3596 gagp30kx - ok
    16:05:39.0833 3596 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    16:05:39.0833 3596 GameConsoleService - ok
    16:05:39.0880 3596 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    16:05:39.0880 3596 gpsvc - ok
  8. Midian76

    Midian76 Newcomer, in training Topic Starter Posts: 16

    16:05:40.0036 3596 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:05:40.0036 3596 gupdate - ok
    16:05:40.0083 3596 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:05:40.0083 3596 gupdatem - ok
    16:05:40.0239 3596 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    16:05:40.0255 3596 gusvc - ok
    16:05:40.0645 3596 [ 4307C9853ADDC675B561E6C74F9FE437 ] HCW723x C:\Windows\system32\DRIVERS\HCW723x.sys
    16:05:40.0660 3596 HCW723x - ok
    16:05:40.0754 3596 [ 6D0F56D217545E2D0ADDBF301B35260F ] HCW85BDA C:\Windows\system32\drivers\HCW85BDA.sys
    16:05:40.0785 3596 HCW85BDA - ok
    16:05:40.0863 3596 [ 25581DCFE6CB06CC0E48FA5B63F67532 ] hcw85cir C:\Windows\system32\drivers\hcw85cir3.sys
    16:05:40.0879 3596 hcw85cir - ok
    16:05:41.0003 3596 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    16:05:41.0019 3596 HdAudAddService - ok
    16:05:41.0066 3596 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    16:05:41.0066 3596 HDAudBus - ok
    16:05:41.0144 3596 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    16:05:41.0144 3596 HidBatt - ok
    16:05:41.0191 3596 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    16:05:41.0206 3596 HidBth - ok
    16:05:41.0237 3596 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    16:05:41.0237 3596 HidIr - ok
    16:05:41.0269 3596 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    16:05:41.0269 3596 hidserv - ok
    16:05:41.0315 3596 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    16:05:41.0315 3596 HidUsb - ok
    16:05:41.0347 3596 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    16:05:41.0347 3596 hkmsvc - ok
    16:05:41.0425 3596 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    16:05:41.0425 3596 HomeGroupListener - ok
    16:05:41.0456 3596 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    16:05:41.0471 3596 HomeGroupProvider - ok
    16:05:41.0549 3596 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    16:05:41.0549 3596 HP Support Assistant Service - ok
    16:05:41.0674 3596 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    16:05:41.0674 3596 HPClientSvc - ok
    16:05:41.0752 3596 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    16:05:41.0752 3596 HPDrvMntSvc.exe - ok
    16:05:41.0877 3596 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    16:05:41.0893 3596 hpqwmiex - ok
    16:05:41.0955 3596 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    16:05:41.0955 3596 HpSAMD - ok
    16:05:42.0017 3596 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    16:05:42.0033 3596 HTTP - ok
    16:05:42.0080 3596 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    16:05:42.0080 3596 hwpolicy - ok
    16:05:42.0251 3596 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    16:05:42.0283 3596 i8042prt - ok
    16:05:42.0361 3596 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    16:05:42.0361 3596 iaStorV - ok
    16:05:42.0517 3596 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    16:05:42.0517 3596 IDriverT - ok
    16:05:42.0579 3596 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    16:05:42.0579 3596 idsvc - ok
    16:05:42.0595 3596 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    16:05:42.0626 3596 iirsp - ok
    16:05:42.0688 3596 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    16:05:42.0704 3596 IKEEXT - ok
    16:05:42.0844 3596 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    16:05:42.0860 3596 IntcAzAudAddService - ok
    16:05:43.0031 3596 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    16:05:43.0063 3596 intelide - ok
    16:05:43.0109 3596 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    16:05:43.0125 3596 intelppm - ok
    16:05:43.0250 3596 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    16:05:43.0297 3596 IPBusEnum - ok
    16:05:43.0375 3596 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:05:43.0437 3596 IpFilterDriver - ok
    16:05:43.0484 3596 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    16:05:43.0499 3596 IPMIDRV - ok
    16:05:43.0577 3596 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    16:05:43.0640 3596 IPNAT - ok
    16:05:43.0702 3596 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    16:05:43.0702 3596 IRENUM - ok
    16:05:43.0796 3596 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    16:05:43.0796 3596 isapnp - ok
    16:05:43.0811 3596 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    16:05:43.0827 3596 iScsiPrt - ok
    16:05:43.0889 3596 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    16:05:43.0889 3596 kbdclass - ok
    16:05:43.0983 3596 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    16:05:43.0983 3596 kbdhid - ok
    16:05:43.0999 3596 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    16:05:43.0999 3596 KeyIso - ok
    16:05:44.0077 3596 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    16:05:44.0077 3596 KSecDD - ok
    16:05:44.0155 3596 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    16:05:44.0155 3596 KSecPkg - ok
    16:05:44.0186 3596 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    16:05:44.0186 3596 ksthunk - ok
    16:05:44.0295 3596 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    16:05:44.0295 3596 KtmRm - ok
    16:05:44.0404 3596 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    16:05:44.0420 3596 LanmanServer - ok
    16:05:44.0482 3596 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    16:05:44.0513 3596 LanmanWorkstation - ok
    16:05:44.0560 3596 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
    16:05:44.0560 3596 LGBusEnum - ok
    16:05:44.0607 3596 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
    16:05:44.0607 3596 LGVirHid - ok
    16:05:44.0747 3596 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    16:05:44.0763 3596 LightScribeService - ok
    16:05:45.0044 3596 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    16:05:45.0075 3596 lltdio - ok
    16:05:45.0231 3596 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    16:05:45.0247 3596 lltdsvc - ok
    16:05:45.0262 3596 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    16:05:45.0293 3596 lmhosts - ok
    16:05:45.0418 3596 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    16:05:45.0434 3596 LSI_FC - ok
    16:05:45.0481 3596 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    16:05:45.0496 3596 LSI_SAS - ok
    16:05:45.0527 3596 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    16:05:45.0543 3596 LSI_SAS2 - ok
    16:05:45.0559 3596 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    16:05:45.0621 3596 LSI_SCSI - ok
    16:05:45.0699 3596 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    16:05:45.0699 3596 luafv - ok
    16:05:45.0761 3596 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    16:05:45.0808 3596 Mcx2Svc - ok
    16:05:45.0839 3596 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    16:05:45.0855 3596 megasas - ok
    16:05:45.0964 3596 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    16:05:45.0995 3596 MegaSR - ok
    16:05:46.0058 3596 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    16:05:46.0120 3596 MMCSS - ok
    16:05:46.0183 3596 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    16:05:46.0214 3596 Modem - ok
    16:05:46.0323 3596 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    16:05:46.0323 3596 monitor - ok
    16:05:46.0401 3596 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    16:05:46.0401 3596 mouclass - ok
    16:05:46.0526 3596 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    16:05:46.0557 3596 mouhid - ok
    16:05:46.0651 3596 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    16:05:46.0697 3596 mountmgr - ok
    16:05:46.0963 3596 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    16:05:46.0994 3596 MozillaMaintenance - ok
    16:05:47.0243 3596 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    16:05:47.0290 3596 MpFilter - ok
    16:05:47.0399 3596 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    16:05:47.0399 3596 mpio - ok
    16:05:47.0477 3596 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    16:05:47.0509 3596 mpsdrv - ok
    16:05:47.0587 3596 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    16:05:47.0587 3596 MRxDAV - ok
    16:05:47.0727 3596 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:05:47.0774 3596 mrxsmb - ok
    16:05:47.0836 3596 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:05:47.0852 3596 mrxsmb10 - ok
    16:05:48.0039 3596 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:05:48.0055 3596 mrxsmb20 - ok
    16:05:48.0086 3596 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    16:05:48.0086 3596 msahci - ok
    16:05:48.0179 3596 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    16:05:48.0211 3596 msdsm - ok
    16:05:48.0273 3596 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    16:05:48.0289 3596 MSDTC - ok
    16:05:48.0335 3596 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    16:05:48.0335 3596 Msfs - ok
    16:05:48.0413 3596 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    16:05:48.0413 3596 mshidkmdf - ok
    16:05:48.0445 3596 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    16:05:48.0445 3596 msisadrv - ok
    16:05:48.0523 3596 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    16:05:48.0554 3596 MSiSCSI - ok
    16:05:48.0554 3596 msiserver - ok
    16:05:48.0663 3596 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    16:05:48.0694 3596 MSKSSRV - ok
    16:05:48.0757 3596 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    16:05:48.0772 3596 MSPCLOCK - ok
    16:05:48.0866 3596 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    16:05:48.0897 3596 MSPQM - ok
    16:05:48.0975 3596 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    16:05:49.0006 3596 MsRPC - ok
    16:05:49.0069 3596 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    16:05:49.0069 3596 mssmbios - ok
    16:05:49.0084 3596 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    16:05:49.0084 3596 MSTEE - ok
    16:05:49.0100 3596 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    16:05:49.0178 3596 MTConfig - ok
    16:05:49.0256 3596 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    16:05:49.0256 3596 Mup - ok
    16:05:49.0318 3596 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    16:05:49.0334 3596 napagent - ok
    16:05:49.0443 3596 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    16:05:49.0443 3596 NativeWifiP - ok
    16:05:49.0568 3596 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    16:05:49.0615 3596 NDIS - ok
    16:05:49.0661 3596 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    16:05:49.0677 3596 NdisCap - ok
    16:05:49.0724 3596 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    16:05:49.0724 3596 NdisTapi - ok
    16:05:49.0771 3596 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    16:05:49.0771 3596 Ndisuio - ok
    16:05:49.0817 3596 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    16:05:49.0817 3596 NdisWan - ok
    16:05:49.0895 3596 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    16:05:49.0911 3596 NDProxy - ok
    16:05:49.0989 3596 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    16:05:50.0020 3596 NetBIOS - ok
    16:05:50.0067 3596 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    16:05:50.0114 3596 NetBT - ok
    16:05:50.0145 3596 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    16:05:50.0145 3596 Netlogon - ok
    16:05:50.0207 3596 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    16:05:50.0207 3596 Netman - ok
    16:05:50.0270 3596 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    16:05:50.0285 3596 netprofm - ok
    16:05:50.0785 3596 [ 1982B291DF9833FB3ADC397EBD310A18 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
    16:05:50.0800 3596 netr28x - ok
    16:05:50.0878 3596 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    16:05:50.0909 3596 NetTcpPortSharing - ok
    16:05:51.0065 3596 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    16:05:51.0065 3596 nfrd960 - ok
    16:05:51.0143 3596 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    16:05:51.0221 3596 NisDrv - ok
    16:05:51.0627 3596 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
    16:05:51.0752 3596 NisSrv - ok
    16:05:52.0251 3596 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    16:05:52.0313 3596 NlaSvc - ok
    16:05:54.0981 3596 [ B1EF4686961986DFFB7FE8F18E6FCB5B ] nlsX86cc C:\Windows\SysWOW64\nlssrv32.exe
    16:05:54.0997 3596 nlsX86cc - ok
    16:05:55.0215 3596 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    16:05:55.0402 3596 Npfs - ok
    16:05:55.0433 3596 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    16:05:55.0449 3596 nsi - ok
    16:05:55.0449 3596 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    16:05:55.0449 3596 nsiproxy - ok
    16:05:56.0837 3596 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    16:05:56.0931 3596 Ntfs - ok
    16:05:57.0149 3596 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    16:05:57.0227 3596 Null - ok
    16:05:57.0430 3596 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    16:05:57.0851 3596 nvraid - ok
    16:05:58.0257 3596 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    16:05:58.0460 3596 nvstor - ok
    16:05:58.0881 3596 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    16:05:59.0021 3596 nv_agp - ok
    16:05:59.0396 3596 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    16:05:59.0474 3596 ohci1394 - ok
    16:05:59.0723 3596 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:05:59.0739 3596 ose - ok
    16:06:01.0112 3596 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    16:06:01.0268 3596 osppsvc - ok
    16:06:01.0424 3596 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    16:06:01.0549 3596 p2pimsvc - ok
    16:06:01.0720 3596 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    16:06:01.0751 3596 p2psvc - ok
    16:06:02.0048 3596 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    16:06:02.0110 3596 Parport - ok
    16:06:02.0173 3596 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    16:06:02.0219 3596 partmgr - ok
    16:06:02.0360 3596 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    16:06:02.0453 3596 PcaSvc - ok
    16:06:02.0500 3596 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    16:06:02.0563 3596 pci - ok
    16:06:02.0656 3596 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    16:06:02.0672 3596 pciide - ok
    16:06:02.0781 3596 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    16:06:02.0797 3596 pcmcia - ok
    16:06:02.0828 3596 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    16:06:02.0828 3596 pcw - ok
    16:06:03.0031 3596 pdfcDispatcher - ok
    16:06:03.0421 3596 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    16:06:03.0686 3596 PEAUTH - ok
    16:06:03.0826 3596 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    16:06:03.0889 3596 PerfHost - ok
    16:06:04.0513 3596 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    16:06:04.0653 3596 pla - ok
    16:06:04.0840 3596 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    16:06:05.0059 3596 PlugPlay - ok
    16:06:05.0074 3596 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    16:06:05.0121 3596 PNRPAutoReg - ok
    16:06:05.0417 3596 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    16:06:05.0417 3596 PNRPsvc - ok
    16:06:06.0478 3596 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    16:06:06.0572 3596 PolicyAgent - ok
    16:06:06.0899 3596 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    16:06:07.0009 3596 Power - ok
    16:06:07.0118 3596 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    16:06:07.0180 3596 PptpMiniport - ok
    16:06:07.0305 3596 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    16:06:07.0445 3596 Processor - ok
    16:06:08.0085 3596 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    16:06:08.0319 3596 ProfSvc - ok
    16:06:08.0381 3596 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    16:06:08.0397 3596 ProtectedStorage - ok
    16:06:09.0083 3596 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    16:06:09.0364 3596 Psched - ok
    16:06:10.0253 3596 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    16:06:10.0550 3596 PSI_SVC_2 - ok
    16:06:12.0515 3596 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    16:06:12.0593 3596 ql2300 - ok
    16:06:12.0734 3596 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    16:06:12.0781 3596 ql40xx - ok
    16:06:13.0124 3596 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    16:06:13.0373 3596 QWAVE - ok
    16:06:13.0592 3596 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    16:06:13.0639 3596 QWAVEdrv - ok
    16:06:13.0904 3596 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    16:06:14.0341 3596 RasAcd - ok
    16:06:14.0777 3596 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    16:06:14.0855 3596 RasAgileVpn - ok
    16:06:14.0980 3596 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    16:06:15.0043 3596 RasAuto - ok
    16:06:15.0245 3596 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:06:15.0292 3596 Rasl2tp - ok
    16:06:15.0386 3596 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    16:06:15.0417 3596 RasMan - ok
    16:06:15.0589 3596 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    16:06:15.0667 3596 RasPppoe - ok
    16:06:16.0135 3596 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    16:06:16.0369 3596 RasSstp - ok
    16:06:16.0946 3596 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    16:06:17.0195 3596 rdbss - ok
    16:06:17.0663 3596 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    16:06:18.0194 3596 rdpbus - ok
    16:06:18.0615 3596 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:06:18.0833 3596 RDPCDD - ok
    16:06:19.0801 3596 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    16:06:19.0832 3596 RDPENCDD - ok
    16:06:20.0035 3596 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    16:06:20.0159 3596 RDPREFMP - ok
    16:06:20.0487 3596 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    16:06:20.0503 3596 RDPWD - ok
    16:06:20.0877 3596 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    16:06:21.0127 3596 rdyboost - ok
    16:06:22.0936 3596 [ 6B220CC1B8EB7F8723F5082F4A990B3C ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    16:06:23.0108 3596 RealNetworks Downloader Resolver Service - ok
    16:06:24.0059 3596 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    16:06:24.0075 3596 RemoteAccess - ok
    16:06:24.0356 3596 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    16:06:24.0574 3596 RemoteRegistry - ok
    16:06:25.0510 3596 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
    16:06:25.0994 3596 RimUsb - ok
    16:06:26.0945 3596 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    16:06:27.0226 3596 RimVSerPort - ok
    16:06:27.0413 3596 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
    16:06:27.0523 3596 ROOTMODEM - ok
    16:06:27.0991 3596 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    16:06:28.0006 3596 RpcEptMapper - ok
    16:06:28.0069 3596 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    16:06:28.0287 3596 RpcLocator - ok
    16:06:29.0285 3596 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    16:06:29.0285 3596 RpcSs - ok
    16:06:29.0441 3596 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    16:06:29.0675 3596 rspndr - ok
    16:06:30.0471 3596 [ B15C021C2C9BB217A799D9532E8F04D4 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    16:06:30.0471 3596 RTL8167 - ok
    16:06:30.0689 3596 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    16:06:30.0705 3596 SamSs - ok
    16:06:31.0142 3596 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    16:06:31.0391 3596 sbp2port - ok
    16:06:31.0953 3596 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    16:06:32.0031 3596 SCardSvr - ok
    16:06:32.0827 3596 [ C81EB41E9FFC35560E5025891DC01A6E ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
    16:06:32.0827 3596 SCDEmu - ok
    16:06:33.0264 3596 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    16:06:33.0529 3596 scfilter - ok
    16:06:34.0792 3596 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    16:06:34.0870 3596 Schedule - ok
    16:06:35.0151 3596 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    16:06:35.0167 3596 SCPolicySvc - ok
    16:06:35.0432 3596 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    16:06:35.0541 3596 SDRSVC - ok
    16:06:35.0962 3596 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    16:06:36.0040 3596 SeaPort - ok
    16:06:36.0368 3596 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    16:06:36.0446 3596 secdrv - ok
    16:06:36.0586 3596 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    16:06:36.0649 3596 seclogon - ok
    16:06:37.0086 3596 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    16:06:37.0210 3596 SENS - ok
    16:06:37.0320 3596 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    16:06:37.0398 3596 SensrSvc - ok
    16:06:38.0178 3596 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    16:06:38.0396 3596 Serenum - ok
    16:06:38.0692 3596 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    16:06:38.0786 3596 Serial - ok
    16:06:38.0926 3596 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    16:06:39.0036 3596 sermouse - ok
    16:06:39.0082 3596 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    16:06:39.0379 3596 SessionEnv - ok
    16:06:39.0675 3596 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    16:06:39.0706 3596 sffdisk - ok
    16:06:39.0738 3596 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    16:06:39.0769 3596 sffp_mmc - ok
    16:06:39.0784 3596 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    16:06:39.0816 3596 sffp_sd - ok
    16:06:40.0143 3596 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    16:06:40.0440 3596 sfloppy - ok
    16:06:41.0844 3596 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
    16:06:41.0844 3596 Sftfs - ok
    16:06:42.0858 3596 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    16:06:42.0873 3596 sftlist - ok
    16:06:43.0185 3596 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
    16:06:43.0185 3596 Sftplay - ok
    16:06:44.0168 3596 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
    16:06:44.0168 3596 Sftredir - ok
    16:06:44.0433 3596 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
    16:06:44.0433 3596 Sftvol - ok
    16:06:45.0073 3596 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    16:06:45.0135 3596 sftvsa - ok
    16:06:45.0322 3596 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    16:06:45.0338 3596 ShellHWDetection - ok
    16:06:45.0759 3596 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    16:06:46.0352 3596 SiSRaid2 - ok
    16:06:46.0508 3596 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    16:06:46.0617 3596 SiSRaid4 - ok
    16:06:46.0742 3596 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    16:06:46.0773 3596 Smb - ok
    16:06:46.0882 3596 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    16:06:46.0929 3596 SNMPTRAP - ok
    16:06:47.0787 3596 [ F9369327409492097B0BB7CE86BD29DE ] Soluto C:\Windows\system32\DRIVERS\Soluto.sys
    16:06:47.0787 3596 Soluto - ok
    16:06:48.0832 3596 [ 3971E30B64AF2EF61F8F68E41586517B ] SolutoService C:\Program Files\Soluto\SolutoService.exe
    16:06:48.0910 3596 SolutoService - ok
    16:06:49.0878 3596 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    16:06:49.0878 3596 spldr - ok
    16:06:50.0174 3596 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    16:06:50.0190 3596 Spooler - ok
    16:06:54.0168 3596 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    16:06:54.0324 3596 sppsvc - ok
    16:06:54.0433 3596 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    16:06:54.0480 3596 sppuinotify - ok
    16:06:54.0714 3596 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    16:06:54.0823 3596 srv - ok
    16:06:55.0057 3596 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    16:06:55.0119 3596 srv2 - ok
    16:06:55.0260 3596 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    16:06:55.0291 3596 srvnet - ok
    16:06:55.0556 3596 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    16:06:55.0759 3596 SSDPSRV - ok
    16:06:56.0180 3596 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    16:06:56.0632 3596 SstpSvc - ok
    16:06:56.0944 3596 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    16:06:57.0756 3596 stexstor - ok
    16:06:58.0130 3596 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    16:06:58.0192 3596 stisvc - ok
    16:06:58.0286 3596 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    16:06:58.0286 3596 swenum - ok
    16:07:01.0437 3596 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    16:07:02.0295 3596 SwitchBoard - ok
    16:07:02.0576 3596 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    16:07:02.0779 3596 swprv - ok
    16:07:05.0509 3596 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    16:07:05.0743 3596 SysMain - ok
    16:07:06.0164 3596 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    16:07:06.0195 3596 TabletInputService - ok
    16:07:07.0365 3596 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    16:07:07.0646 3596 TapiSrv - ok
    16:07:08.0083 3596 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    16:07:08.0473 3596 TBS - ok
    16:07:10.0002 3596 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    16:07:10.0750 3596 Tcpip - ok
    16:07:16.0242 3596 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    16:07:16.0257 3596 TCPIP6 - ok
    16:07:16.0912 3596 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    16:07:16.0990 3596 tcpipreg - ok
    16:07:17.0146 3596 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    16:07:17.0271 3596 TDPIPE - ok
    16:07:17.0474 3596 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    16:07:17.0583 3596 TDTCP - ok
    16:07:17.0880 3596 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    16:07:17.0942 3596 tdx - ok
    16:07:18.0441 3596 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    16:07:18.0441 3596 TermDD - ok
    16:07:19.0658 3596 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    16:07:19.0736 3596 TermService - ok
    16:07:19.0845 3596 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    16:07:19.0892 3596 Themes - ok
    16:07:20.0173 3596 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    16:07:20.0173 3596 THREADORDER - ok
    16:07:20.0828 3596 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    16:07:20.0875 3596 TrkWks - ok
    16:07:21.0202 3596 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    16:07:21.0374 3596 TrustedInstaller - ok
    16:07:21.0982 3596 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:07:21.0998 3596 tssecsrv - ok
    16:07:22.0809 3596 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    16:07:22.0965 3596 TsUsbFlt - ok
    16:07:23.0605 3596 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    16:07:23.0698 3596 tunnel - ok
    16:07:23.0932 3596 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    16:07:24.0276 3596 uagp35 - ok
    16:07:24.0962 3596 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    16:07:25.0102 3596 udfs - ok
    16:07:25.0180 3596 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    16:07:25.0243 3596 UI0Detect - ok
    16:07:25.0274 3596 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    16:07:25.0321 3596 uliagpkx - ok
    16:07:25.0383 3596 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    16:07:25.0555 3596 umbus - ok
    16:07:25.0976 3596 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    16:07:26.0257 3596 UmPass - ok
    16:07:26.0662 3596 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    16:07:26.0928 3596 upnphost - ok
    16:07:27.0084 3596 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    16:07:27.0130 3596 usbccgp - ok
    16:07:27.0739 3596 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    16:07:27.0910 3596 usbcir - ok
    16:07:28.0519 3596 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    16:07:28.0675 3596 usbehci - ok
    16:07:28.0878 3596 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
    16:07:28.0878 3596 usbfilter - ok
    16:07:29.0424 3596 [ 68BAD03835873D4BBBDE95CBB135A395 ] UsbFltr C:\Windows\system32\Drivers\UsbFltr.sys
    16:07:29.0985 3596 UsbFltr - ok
    16:07:30.0266 3596 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    16:07:30.0469 3596 usbhub - ok
    16:07:30.0984 3596 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    16:07:31.0062 3596 usbohci - ok
    16:07:31.0342 3596 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    16:07:31.0436 3596 usbprint - ok
    16:07:31.0686 3596 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    16:07:31.0826 3596 usbscan - ok
    16:07:32.0185 3596 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:07:32.0356 3596 USBSTOR - ok
    16:07:32.0528 3596 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    16:07:32.0590 3596 usbuhci - ok
    16:07:33.0355 3596 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
    16:07:33.0433 3596 usb_rndisx - ok
    16:07:33.0573 3596 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    16:07:33.0636 3596 UxSms - ok
    16:07:33.0651 3596 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    16:07:33.0651 3596 VaultSvc - ok
    16:07:33.0807 3596 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    16:07:33.0807 3596 vdrvroot - ok
    16:07:34.0618 3596 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    16:07:34.0790 3596 vds - ok
    16:07:35.0508 3596 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    16:07:35.0554 3596 vga - ok
    16:07:35.0601 3596 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    16:07:35.0648 3596 VgaSave - ok
    16:07:35.0820 3596 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    16:07:35.0820 3596 vhdmp - ok
    16:07:36.0646 3596 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    16:07:36.0709 3596 viaide - ok
    16:07:37.0442 3596 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    16:07:37.0458 3596 volmgr - ok
    16:07:37.0910 3596 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    16:07:37.0926 3596 volmgrx - ok
    16:07:38.0940 3596 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    16:07:39.0064 3596 volsnap - ok
    16:07:39.0236 3596 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    16:07:39.0610 3596 vsmraid - ok
    16:07:41.0233 3596 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    16:07:41.0373 3596 VSS - ok
    16:07:41.0623 3596 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    16:07:42.0216 3596 vwifibus - ok
    16:07:42.0340 3596 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    16:07:42.0372 3596 vwififlt - ok
    16:07:42.0793 3596 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    16:07:42.0855 3596 W32Time - ok
    16:07:43.0042 3596 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    16:07:43.0152 3596 WacomPen - ok
    16:07:43.0339 3596 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    16:07:43.0448 3596 WANARP - ok
    16:07:43.0620 3596 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    16:07:43.0620 3596 Wanarpv6 - ok
    16:07:45.0039 3596 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    16:07:45.0226 3596 WatAdminSvc - ok
    16:07:46.0272 3596 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    16:07:46.0927 3596 wbengine - ok
    16:07:47.0582 3596 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    16:07:47.0707 3596 WbioSrvc - ok
    16:07:48.0144 3596 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    16:07:48.0190 3596 wcncsvc - ok
    16:07:49.0002 3596 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    16:07:49.0080 3596 WcsPlugInService - ok
    16:07:49.0142 3596 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    16:07:49.0173 3596 Wd - ok
    16:07:49.0392 3596 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
    16:07:49.0672 3596 WDC_SAM - ok
    16:07:50.0608 3596 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    16:07:50.0671 3596 Wdf01000 - ok
    16:07:50.0780 3596 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    16:07:50.0874 3596 WdiServiceHost - ok
    16:07:50.0889 3596 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    16:07:50.0889 3596 WdiSystemHost - ok
    16:07:50.0967 3596 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    16:07:50.0983 3596 WebClient - ok
    16:07:51.0747 3596 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    16:07:51.0997 3596 Wecsvc - ok
    16:07:52.0137 3596 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    16:07:52.0200 3596 wercplsupport - ok
    16:07:52.0278 3596 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    16:07:52.0324 3596 WerSvc - ok
    16:07:52.0543 3596 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    16:07:53.0089 3596 WfpLwf - ok
    16:07:53.0182 3596 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    16:07:53.0245 3596 WIMMount - ok
    16:07:53.0245 3596 WinHttpAutoProxySvc - ok
    16:07:54.0867 3596 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    16:07:55.0507 3596 Winmgmt - ok
    16:07:57.0176 3596 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    16:07:58.0050 3596 WinRM - ok
    16:07:58.0533 3596 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    16:07:58.0564 3596 Wlansvc - ok
    16:08:00.0811 3596 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    16:08:01.0716 3596 wlidsvc - ok
    16:08:01.0809 3596 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    16:08:01.0809 3596 WmiAcpi - ok
    16:08:01.0981 3596 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    16:08:02.0012 3596 wmiApSrv - ok
    16:08:02.0792 3596 WMPNetworkSvc - ok
    16:08:02.0948 3596 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    16:08:03.0182 3596 WPCSvc - ok
    16:08:04.0040 3596 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    16:08:04.0118 3596 WPDBusEnum - ok
    16:08:04.0165 3596 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    16:08:04.0165 3596 ws2ifsl - ok
    16:08:04.0352 3596 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
    16:08:04.0383 3596 WSDPrintDevice - ok
    16:08:04.0898 3596 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
    16:08:05.0678 3596 WSDScan - ok
    16:08:05.0678 3596 WSearch - ok
    16:08:05.0881 3596 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    16:08:06.0052 3596 WudfPf - ok
    16:08:06.0630 3596 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:08:06.0661 3596 WUDFRd - ok
    16:08:06.0739 3596 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    16:08:06.0770 3596 wudfsvc - ok
    16:08:06.0848 3596 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    16:08:06.0957 3596 WwanSvc - ok
    16:08:09.0235 3596 [ 74983ADDCA2D9618512C088D856D6615 ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
    16:08:09.0828 3596 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
    16:08:09.0828 3596 ================ Scan global ===============================
    16:08:09.0952 3596 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    16:08:11.0528 3596 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    16:08:11.0762 3596 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    16:08:12.0121 3596 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    16:08:12.0948 3596 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    16:08:13.0010 3596 [Global] - ok
    16:08:13.0010 3596 ================ Scan MBR ==================================
    16:08:13.0197 3596 [ 1C5941C92F894D6FAB256DF227597982 ] \Device\Harddisk0\DR0
    16:09:32.0040 3596 \Device\Harddisk0\DR0 - ok
    16:09:32.0133 3596 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
    16:09:32.0789 3596 \Device\Harddisk1\DR1 - ok
    16:09:32.0804 3596 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
    16:09:32.0882 3596 \Device\Harddisk2\DR2 - ok
    16:09:32.0882 3596 ================ Scan VBR ==================================
    16:09:32.0945 3596 [ 6E0D8FEC764A71914360BF9A955C3A12 ] \Device\Harddisk0\DR0\Partition1
    16:09:34.0130 3596 \Device\Harddisk0\DR0\Partition1 - ok
    16:09:34.0286 3596 [ 9FC735A01585AA9C7F2AFFF69DCA398B ] \Device\Harddisk0\DR0\Partition2
    16:09:34.0364 3596 \Device\Harddisk0\DR0\Partition2 - ok
    16:09:34.0411 3596 [ 3C94C3C1EFCE05B21F83552D2EE1A3F6 ] \Device\Harddisk0\DR0\Partition3
    16:09:34.0473 3596 \Device\Harddisk0\DR0\Partition3 - ok
    16:09:34.0505 3596 [ 74B96304B5D905905443B49696211DC7 ] \Device\Harddisk1\DR1\Partition1
    16:09:34.0707 3596 \Device\Harddisk1\DR1\Partition1 - ok
    16:09:34.0739 3596 [ 49A3CBBD336813D87EA22C4C2C7044AD ] \Device\Harddisk2\DR2\Partition1
    16:09:34.0957 3596 \Device\Harddisk2\DR2\Partition1 - ok
    16:09:34.0957 3596 ============================================================
    16:09:34.0957 3596 Scan finished
    16:09:34.0957 3596 ============================================================
    16:09:34.0957 2124 Detected object count: 1
    16:09:34.0957 2124 Actual detected object count: 1
    16:14:55.0428 2124 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
    16:14:55.0428 2124 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
  9. Midian76

    Midian76 Newcomer, in training Topic Starter Posts: 16

    16:05:40.0036 3596 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:05:40.0036 3596 gupdate - ok
    16:05:40.0083 3596 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:05:40.0083 3596 gupdatem - ok
    16:05:40.0239 3596 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    16:05:40.0255 3596 gusvc - ok
    16:05:40.0645 3596 [ 4307C9853ADDC675B561E6C74F9FE437 ] HCW723x C:\Windows\system32\DRIVERS\HCW723x.sys
    16:05:40.0660 3596 HCW723x - ok
    16:05:40.0754 3596 [ 6D0F56D217545E2D0ADDBF301B35260F ] HCW85BDA C:\Windows\system32\drivers\HCW85BDA.sys
    16:05:40.0785 3596 HCW85BDA - ok
    16:05:40.0863 3596 [ 25581DCFE6CB06CC0E48FA5B63F67532 ] hcw85cir C:\Windows\system32\drivers\hcw85cir3.sys
    16:05:40.0879 3596 hcw85cir - ok
    16:05:41.0003 3596 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    16:05:41.0019 3596 HdAudAddService - ok
    16:05:41.0066 3596 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    16:05:41.0066 3596 HDAudBus - ok
    16:05:41.0144 3596 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    16:05:41.0144 3596 HidBatt - ok
    16:05:41.0191 3596 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    16:05:41.0206 3596 HidBth - ok
    16:05:41.0237 3596 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    16:05:41.0237 3596 HidIr - ok
    16:05:41.0269 3596 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    16:05:41.0269 3596 hidserv - ok
    16:05:41.0315 3596 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    16:05:41.0315 3596 HidUsb - ok
    16:05:41.0347 3596 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    16:05:41.0347 3596 hkmsvc - ok
    16:05:41.0425 3596 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    16:05:41.0425 3596 HomeGroupListener - ok
    16:05:41.0456 3596 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    16:05:41.0471 3596 HomeGroupProvider - ok
    16:05:41.0549 3596 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    16:05:41.0549 3596 HP Support Assistant Service - ok
    16:05:41.0674 3596 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    16:05:41.0674 3596 HPClientSvc - ok
    16:05:41.0752 3596 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    16:05:41.0752 3596 HPDrvMntSvc.exe - ok
    16:05:41.0877 3596 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    16:05:41.0893 3596 hpqwmiex - ok
    16:05:41.0955 3596 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    16:05:41.0955 3596 HpSAMD - ok
    16:05:42.0017 3596 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    16:05:42.0033 3596 HTTP - ok
    16:05:42.0080 3596 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    16:05:42.0080 3596 hwpolicy - ok
    16:05:42.0251 3596 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    16:05:42.0283 3596 i8042prt - ok
    16:05:42.0361 3596 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    16:05:42.0361 3596 iaStorV - ok
    16:05:42.0517 3596 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    16:05:42.0517 3596 IDriverT - ok
    16:05:42.0579 3596 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    16:05:42.0579 3596 idsvc - ok
    16:05:42.0595 3596 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    16:05:42.0626 3596 iirsp - ok
    16:05:42.0688 3596 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    16:05:42.0704 3596 IKEEXT - ok
    16:05:42.0844 3596 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    16:05:42.0860 3596 IntcAzAudAddService - ok
    16:05:43.0031 3596 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    16:05:43.0063 3596 intelide - ok
    16:05:43.0109 3596 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    16:05:43.0125 3596 intelppm - ok
    16:05:43.0250 3596 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    16:05:43.0297 3596 IPBusEnum - ok
    16:05:43.0375 3596 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:05:43.0437 3596 IpFilterDriver - ok
    16:05:43.0484 3596 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    16:05:43.0499 3596 IPMIDRV - ok
    16:05:43.0577 3596 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    16:05:43.0640 3596 IPNAT - ok
    16:05:43.0702 3596 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    16:05:43.0702 3596 IRENUM - ok
    16:05:43.0796 3596 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    16:05:43.0796 3596 isapnp - ok
    16:05:43.0811 3596 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    16:05:43.0827 3596 iScsiPrt - ok
    16:05:43.0889 3596 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    16:05:43.0889 3596 kbdclass - ok
    16:05:43.0983 3596 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    16:05:43.0983 3596 kbdhid - ok
    16:05:43.0999 3596 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    16:05:43.0999 3596 KeyIso - ok
    16:05:44.0077 3596 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    16:05:44.0077 3596 KSecDD - ok
    16:05:44.0155 3596 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    16:05:44.0155 3596 KSecPkg - ok
    16:05:44.0186 3596 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    16:05:44.0186 3596 ksthunk - ok
    16:05:44.0295 3596 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    16:05:44.0295 3596 KtmRm - ok
    16:05:44.0404 3596 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    16:05:44.0420 3596 LanmanServer - ok
    16:05:44.0482 3596 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    16:05:44.0513 3596 LanmanWorkstation - ok
    16:05:44.0560 3596 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
    16:05:44.0560 3596 LGBusEnum - ok
    16:05:44.0607 3596 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
    16:05:44.0607 3596 LGVirHid - ok
    16:05:44.0747 3596 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    16:05:44.0763 3596 LightScribeService - ok
    16:05:45.0044 3596 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    16:05:45.0075 3596 lltdio - ok
    16:05:45.0231 3596 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    16:05:45.0247 3596 lltdsvc - ok
    16:05:45.0262 3596 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    16:05:45.0293 3596 lmhosts - ok
    16:05:45.0418 3596 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    16:05:45.0434 3596 LSI_FC - ok
    16:05:45.0481 3596 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    16:05:45.0496 3596 LSI_SAS - ok
    16:05:45.0527 3596 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    16:05:45.0543 3596 LSI_SAS2 - ok
    16:05:45.0559 3596 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    16:05:45.0621 3596 LSI_SCSI - ok
    16:05:45.0699 3596 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    16:05:45.0699 3596 luafv - ok
    16:05:45.0761 3596 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    16:05:45.0808 3596 Mcx2Svc - ok
    16:05:45.0839 3596 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    16:05:45.0855 3596 megasas - ok
    16:05:45.0964 3596 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    16:05:45.0995 3596 MegaSR - ok
    16:05:46.0058 3596 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    16:05:46.0120 3596 MMCSS - ok
    16:05:46.0183 3596 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    16:05:46.0214 3596 Modem - ok
    16:05:46.0323 3596 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    16:05:46.0323 3596 monitor - ok
    16:05:46.0401 3596 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    16:05:46.0401 3596 mouclass - ok
    16:05:46.0526 3596 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    16:05:46.0557 3596 mouhid - ok
    16:05:46.0651 3596 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    16:05:46.0697 3596 mountmgr - ok
    16:05:46.0963 3596 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    16:05:46.0994 3596 MozillaMaintenance - ok
    16:05:47.0243 3596 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    16:05:47.0290 3596 MpFilter - ok
    16:05:47.0399 3596 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    16:05:47.0399 3596 mpio - ok
    16:05:47.0477 3596 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    16:05:47.0509 3596 mpsdrv - ok
    16:05:47.0587 3596 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    16:05:47.0587 3596 MRxDAV - ok
    16:05:47.0727 3596 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:05:47.0774 3596 mrxsmb - ok
    16:05:47.0836 3596 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:05:47.0852 3596 mrxsmb10 - ok
    16:05:48.0039 3596 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:05:48.0055 3596 mrxsmb20 - ok
    16:05:48.0086 3596 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    16:05:48.0086 3596 msahci - ok
    16:05:48.0179 3596 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    16:05:48.0211 3596 msdsm - ok
    16:05:48.0273 3596 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    16:05:48.0289 3596 MSDTC - ok
    16:05:48.0335 3596 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    16:05:48.0335 3596 Msfs - ok
    16:05:48.0413 3596 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    16:05:48.0413 3596 mshidkmdf - ok
    16:05:48.0445 3596 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    16:05:48.0445 3596 msisadrv - ok
    16:05:48.0523 3596 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    16:05:48.0554 3596 MSiSCSI - ok
    16:05:48.0554 3596 msiserver - ok
    16:05:48.0663 3596 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    16:05:48.0694 3596 MSKSSRV - ok
    16:05:48.0757 3596 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    16:05:48.0772 3596 MSPCLOCK - ok
    16:05:48.0866 3596 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    16:05:48.0897 3596 MSPQM - ok
    16:05:48.0975 3596 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    16:05:49.0006 3596 MsRPC - ok
    16:05:49.0069 3596 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    16:05:49.0069 3596 mssmbios - ok
    16:05:49.0084 3596 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    16:05:49.0084 3596 MSTEE - ok
    16:05:49.0100 3596 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    16:05:49.0178 3596 MTConfig - ok
    16:05:49.0256 3596 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    16:05:49.0256 3596 Mup - ok
    16:05:49.0318 3596 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    16:05:49.0334 3596 napagent - ok
    16:05:49.0443 3596 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    16:05:49.0443 3596 NativeWifiP - ok
    16:05:49.0568 3596 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    16:05:49.0615 3596 NDIS - ok
    16:05:49.0661 3596 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    16:05:49.0677 3596 NdisCap - ok
    16:05:49.0724 3596 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    16:05:49.0724 3596 NdisTapi - ok
    16:05:49.0771 3596 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    16:05:49.0771 3596 Ndisuio - ok
    16:05:49.0817 3596 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    16:05:49.0817 3596 NdisWan - ok
    16:05:49.0895 3596 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    16:05:49.0911 3596 NDProxy - ok
    16:05:49.0989 3596 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    16:05:50.0020 3596 NetBIOS - ok
    16:05:50.0067 3596 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    16:05:50.0114 3596 NetBT - ok
    16:05:50.0145 3596 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    16:05:50.0145 3596 Netlogon - ok
    16:05:50.0207 3596 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    16:05:50.0207 3596 Netman - ok
    16:05:50.0270 3596 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    16:05:50.0285 3596 netprofm - ok
    16:05:50.0785 3596 [ 1982B291DF9833FB3ADC397EBD310A18 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
    16:05:50.0800 3596 netr28x - ok
    16:05:50.0878 3596 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    16:05:50.0909 3596 NetTcpPortSharing - ok
    16:05:51.0065 3596 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    16:05:51.0065 3596 nfrd960 - ok
    16:05:51.0143 3596 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    16:05:51.0221 3596 NisDrv - ok
    16:05:51.0627 3596 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
    16:05:51.0752 3596 NisSrv - ok
    16:05:52.0251 3596 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    16:05:52.0313 3596 NlaSvc - ok
    16:05:54.0981 3596 [ B1EF4686961986DFFB7FE8F18E6FCB5B ] nlsX86cc C:\Windows\SysWOW64\nlssrv32.exe
    16:05:54.0997 3596 nlsX86cc - ok
    16:05:55.0215 3596 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    16:05:55.0402 3596 Npfs - ok
    16:05:55.0433 3596 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    16:05:55.0449 3596 nsi - ok
    16:05:55.0449 3596 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    16:05:55.0449 3596 nsiproxy - ok
    16:05:56.0837 3596 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    16:05:56.0931 3596 Ntfs - ok
    16:05:57.0149 3596 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    16:05:57.0227 3596 Null - ok
    16:05:57.0430 3596 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    16:05:57.0851 3596 nvraid - ok
    16:05:58.0257 3596 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    16:05:58.0460 3596 nvstor - ok
    16:05:58.0881 3596 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    16:05:59.0021 3596 nv_agp - ok
    16:05:59.0396 3596 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    16:05:59.0474 3596 ohci1394 - ok
    16:05:59.0723 3596 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:05:59.0739 3596 ose - ok
    16:06:01.0112 3596 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    16:06:01.0268 3596 osppsvc - ok
    16:06:01.0424 3596 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    16:06:01.0549 3596 p2pimsvc - ok
    16:06:01.0720 3596 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    16:06:01.0751 3596 p2psvc - ok
    16:06:02.0048 3596 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    16:06:02.0110 3596 Parport - ok
    16:06:02.0173 3596 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    16:06:02.0219 3596 partmgr - ok
    16:06:02.0360 3596 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    16:06:02.0453 3596 PcaSvc - ok
    16:06:02.0500 3596 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    16:06:02.0563 3596 pci - ok
    16:06:02.0656 3596 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    16:06:02.0672 3596 pciide - ok
    16:06:02.0781 3596 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    16:06:02.0797 3596 pcmcia - ok
    16:06:02.0828 3596 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    16:06:02.0828 3596 pcw - ok
    16:06:03.0031 3596 pdfcDispatcher - ok
    16:06:03.0421 3596 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    16:06:03.0686 3596 PEAUTH - ok
    16:06:03.0826 3596 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    16:06:03.0889 3596 PerfHost - ok
    16:06:04.0513 3596 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    16:06:04.0653 3596 pla - ok
    16:06:04.0840 3596 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    16:06:05.0059 3596 PlugPlay - ok
    16:06:05.0074 3596 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    16:06:05.0121 3596 PNRPAutoReg - ok
    16:06:05.0417 3596 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    16:06:05.0417 3596 PNRPsvc - ok
    16:06:06.0478 3596 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    16:06:06.0572 3596 PolicyAgent - ok
    16:06:06.0899 3596 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
  10. Midian76

    Midian76 Newcomer, in training Topic Starter Posts: 16

    16:06:01.0112 3596 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    16:06:01.0268 3596 osppsvc - ok
    16:06:01.0424 3596 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    16:06:01.0549 3596 p2pimsvc - ok
    16:06:01.0720 3596 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    16:06:01.0751 3596 p2psvc - ok
    16:06:02.0048 3596 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    16:06:02.0110 3596 Parport - ok
    16:06:02.0173 3596 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    16:06:02.0219 3596 partmgr - ok
    16:06:02.0360 3596 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    16:06:02.0453 3596 PcaSvc - ok
    16:06:02.0500 3596 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    16:06:02.0563 3596 pci - ok
    16:06:02.0656 3596 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    16:06:02.0672 3596 pciide - ok
    16:06:02.0781 3596 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    16:06:02.0797 3596 pcmcia - ok
    16:06:02.0828 3596 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    16:06:02.0828 3596 pcw - ok
    16:06:03.0031 3596 pdfcDispatcher - ok
    16:06:03.0421 3596 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    16:06:03.0686 3596 PEAUTH - ok
    16:06:03.0826 3596 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    16:06:03.0889 3596 PerfHost - ok
    16:06:04.0513 3596 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    16:06:04.0653 3596 pla - ok
    16:06:04.0840 3596 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    16:06:05.0059 3596 PlugPlay - ok
    16:06:05.0074 3596 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    16:06:05.0121 3596 PNRPAutoReg - ok
    16:06:05.0417 3596 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    16:06:05.0417 3596 PNRPsvc - ok
    16:06:06.0478 3596 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    16:06:06.0572 3596 PolicyAgent - ok
    16:06:06.0899 3596 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    16:06:07.0009 3596 Power - ok
    16:06:07.0118 3596 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    16:06:07.0180 3596 PptpMiniport - ok
    16:06:07.0305 3596 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    16:06:07.0445 3596 Processor - ok
    16:06:08.0085 3596 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    16:06:08.0319 3596 ProfSvc - ok
    16:06:08.0381 3596 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    16:06:08.0397 3596 ProtectedStorage - ok
    16:06:09.0083 3596 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    16:06:09.0364 3596 Psched - ok
    16:06:10.0253 3596 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    16:06:10.0550 3596 PSI_SVC_2 - ok
    16:06:12.0515 3596 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    16:06:12.0593 3596 ql2300 - ok
    16:06:12.0734 3596 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    16:06:12.0781 3596 ql40xx - ok
    16:06:13.0124 3596 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    16:06:13.0373 3596 QWAVE - ok
    16:06:13.0592 3596 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    16:06:13.0639 3596 QWAVEdrv - ok
    16:06:13.0904 3596 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    16:06:14.0341 3596 RasAcd - ok
    16:06:14.0777 3596 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    16:06:14.0855 3596 RasAgileVpn - ok
    16:06:14.0980 3596 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    16:06:15.0043 3596 RasAuto - ok
    16:06:15.0245 3596 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:06:15.0292 3596 Rasl2tp - ok
    16:06:15.0386 3596 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    16:06:15.0417 3596 RasMan - ok
    16:06:15.0589 3596 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    16:06:15.0667 3596 RasPppoe - ok
    16:06:16.0135 3596 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    16:06:16.0369 3596 RasSstp - ok
    16:06:16.0946 3596 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    16:06:17.0195 3596 rdbss - ok
    16:06:17.0663 3596 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    16:06:18.0194 3596 rdpbus - ok
    16:06:18.0615 3596 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:06:18.0833 3596 RDPCDD - ok
    16:06:19.0801 3596 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    16:06:19.0832 3596 RDPENCDD - ok
    16:06:20.0035 3596 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    16:06:20.0159 3596 RDPREFMP - ok
    16:06:20.0487 3596 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    16:06:20.0503 3596 RDPWD - ok
    16:06:20.0877 3596 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    16:06:21.0127 3596 rdyboost - ok
    16:06:22.0936 3596 [ 6B220CC1B8EB7F8723F5082F4A990B3C ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    16:06:23.0108 3596 RealNetworks Downloader Resolver Service - ok
    16:06:24.0059 3596 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    16:06:24.0075 3596 RemoteAccess - ok
    16:06:24.0356 3596 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    16:06:24.0574 3596 RemoteRegistry - ok
    16:06:25.0510 3596 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
    16:06:25.0994 3596 RimUsb - ok
    16:06:26.0945 3596 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    16:06:27.0226 3596 RimVSerPort - ok
    16:06:27.0413 3596 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
    16:06:27.0523 3596 ROOTMODEM - ok
    16:06:27.0991 3596 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    16:06:28.0006 3596 RpcEptMapper - ok
    16:06:28.0069 3596 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    16:06:28.0287 3596 RpcLocator - ok
    16:06:29.0285 3596 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    16:06:29.0285 3596 RpcSs - ok
    16:06:29.0441 3596 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    16:06:29.0675 3596 rspndr - ok
    16:06:30.0471 3596 [ B15C021C2C9BB217A799D9532E8F04D4 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    16:06:30.0471 3596 RTL8167 - ok
    16:06:30.0689 3596 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    16:06:30.0705 3596 SamSs - ok
    16:06:31.0142 3596 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    16:06:31.0391 3596 sbp2port - ok
    16:06:31.0953 3596 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    16:06:32.0031 3596 SCardSvr - ok
    16:06:32.0827 3596 [ C81EB41E9FFC35560E5025891DC01A6E ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
    16:06:32.0827 3596 SCDEmu - ok
    16:06:33.0264 3596 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    16:06:33.0529 3596 scfilter - ok
    16:06:34.0792 3596 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    16:06:34.0870 3596 Schedule - ok
    16:06:35.0151 3596 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    16:06:35.0167 3596 SCPolicySvc - ok
    16:06:35.0432 3596 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    16:06:35.0541 3596 SDRSVC - ok
    16:06:35.0962 3596 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    16:06:36.0040 3596 SeaPort - ok
    16:06:36.0368 3596 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    16:06:36.0446 3596 secdrv - ok
    16:06:36.0586 3596 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    16:06:36.0649 3596 seclogon - ok
    16:06:37.0086 3596 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    16:06:37.0210 3596 SENS - ok
    16:06:37.0320 3596 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    16:06:37.0398 3596 SensrSvc - ok
    16:06:38.0178 3596 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    16:06:38.0396 3596 Serenum - ok
    16:06:38.0692 3596 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    16:06:38.0786 3596 Serial - ok
    16:06:38.0926 3596 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    16:06:39.0036 3596 sermouse - ok
    16:06:39.0082 3596 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    16:06:39.0379 3596 SessionEnv - ok
    16:06:39.0675 3596 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    16:06:39.0706 3596 sffdisk - ok
    16:06:39.0738 3596 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    16:06:39.0769 3596 sffp_mmc - ok
    16:06:39.0784 3596 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    16:06:39.0816 3596 sffp_sd - ok
    16:06:40.0143 3596 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    16:06:40.0440 3596 sfloppy - ok
    16:06:41.0844 3596 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
    16:06:41.0844 3596 Sftfs - ok
    16:06:42.0858 3596 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    16:06:42.0873 3596 sftlist - ok
    16:06:43.0185 3596 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
    16:06:43.0185 3596 Sftplay - ok
    16:06:44.0168 3596 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
    16:06:44.0168 3596 Sftredir - ok
    16:06:44.0433 3596 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
    16:06:44.0433 3596 Sftvol - ok
    16:06:45.0073 3596 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    16:06:45.0135 3596 sftvsa - ok
    16:06:45.0322 3596 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    16:06:45.0338 3596 ShellHWDetection - ok
    16:06:45.0759 3596 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    16:06:46.0352 3596 SiSRaid2 - ok
    16:06:46.0508 3596 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    16:06:46.0617 3596 SiSRaid4 - ok
    16:06:46.0742 3596 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    16:06:46.0773 3596 Smb - ok
    16:06:46.0882 3596 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    16:06:46.0929 3596 SNMPTRAP - ok
    16:06:47.0787 3596 [ F9369327409492097B0BB7CE86BD29DE ] Soluto C:\Windows\system32\DRIVERS\Soluto.sys
    16:06:47.0787 3596 Soluto - ok
    16:06:48.0832 3596 [ 3971E30B64AF2EF61F8F68E41586517B ] SolutoService C:\Program Files\Soluto\SolutoService.exe
    16:06:48.0910 3596 SolutoService - ok
    16:06:49.0878 3596 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    16:06:49.0878 3596 spldr - ok
    16:06:50.0174 3596 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    16:06:50.0190 3596 Spooler - ok
    16:06:54.0168 3596 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    16:06:54.0324 3596 sppsvc - ok
    16:06:54.0433 3596 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    16:06:54.0480 3596 sppuinotify - ok
    16:06:54.0714 3596 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    16:06:54.0823 3596 srv - ok
    16:06:55.0057 3596 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    16:06:55.0119 3596 srv2 - ok
    16:06:55.0260 3596 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    16:06:55.0291 3596 srvnet - ok
    16:06:55.0556 3596 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    16:06:55.0759 3596 SSDPSRV - ok
    16:06:56.0180 3596 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    16:06:56.0632 3596 SstpSvc - ok
    16:06:56.0944 3596 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    16:06:57.0756 3596 stexstor - ok
    16:06:58.0130 3596 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    16:06:58.0192 3596 stisvc - ok
    16:06:58.0286 3596 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    16:06:58.0286 3596 swenum - ok
    16:07:01.0437 3596 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    16:07:02.0295 3596 SwitchBoard - ok
    16:07:02.0576 3596 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    16:07:02.0779 3596 swprv - ok
    16:07:05.0509 3596 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    16:07:05.0743 3596 SysMain - ok
    16:07:06.0164 3596 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    16:07:06.0195 3596 TabletInputService - ok
    16:07:07.0365 3596 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    16:07:07.0646 3596 TapiSrv - ok
    16:07:08.0083 3596 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    16:07:08.0473 3596 TBS - ok
    16:07:10.0002 3596 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    16:07:10.0750 3596 Tcpip - ok
    16:07:16.0242 3596 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    16:07:16.0257 3596 TCPIP6 - ok
    16:07:16.0912 3596 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    16:07:16.0990 3596 tcpipreg - ok
    16:07:17.0146 3596 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    16:07:17.0271 3596 TDPIPE - ok
    16:07:17.0474 3596 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    16:07:17.0583 3596 TDTCP - ok
    16:07:17.0880 3596 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    16:07:17.0942 3596 tdx - ok
    16:07:18.0441 3596 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    16:07:18.0441 3596 TermDD - ok
    16:07:19.0658 3596 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    16:07:19.0736 3596 TermService - ok
    16:07:19.0845 3596 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    16:07:19.0892 3596 Themes - ok
    16:07:20.0173 3596 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    16:07:20.0173 3596 THREADORDER - ok
    16:07:20.0828 3596 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    16:07:20.0875 3596 TrkWks - ok
    16:07:21.0202 3596 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    16:07:21.0374 3596 TrustedInstaller - ok
    16:07:21.0982 3596 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:07:21.0998 3596 tssecsrv - ok
    16:07:22.0809 3596 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    16:07:22.0965 3596 TsUsbFlt - ok
    16:07:23.0605 3596 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    16:07:23.0698 3596 tunnel - ok
    16:07:23.0932 3596 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    16:07:24.0276 3596 uagp35 - ok
    16:07:24.0962 3596 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    16:07:25.0102 3596 udfs - ok
    16:07:25.0180 3596 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    16:07:25.0243 3596 UI0Detect - ok
    16:07:25.0274 3596 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    16:07:25.0321 3596 uliagpkx - ok
    16:07:25.0383 3596 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    16:07:25.0555 3596 umbus - ok
    16:07:25.0976 3596 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    16:07:26.0257 3596 UmPass - ok
    16:07:26.0662 3596 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    16:07:26.0928 3596 upnphost - ok
    16:07:27.0084 3596 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    16:07:27.0130 3596 usbccgp - ok
    16:07:27.0739 3596 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    16:07:27.0910 3596 usbcir - ok
    16:07:28.0519 3596 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    16:07:28.0675 3596 usbehci - ok
    16:07:28.0878 3596 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
    16:07:28.0878 3596 usbfilter - ok
    16:07:29.0424 3596 [ 68BAD03835873D4BBBDE95CBB135A395 ] UsbFltr C:\Windows\system32\Drivers\UsbFltr.sys
    16:07:29.0985 3596 UsbFltr - ok
    16:07:30.0266 3596 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    16:07:30.0469 3596 usbhub - ok
    16:07:30.0984 3596 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    16:07:31.0062 3596 usbohci - ok
    16:07:31.0342 3596 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    16:07:31.0436 3596 usbprint - ok
    16:07:31.0686 3596 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    16:07:31.0826 3596 usbscan - ok
    16:07:32.0185 3596 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:07:32.0356 3596 USBSTOR - ok
    16:07:32.0528 3596 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    16:07:32.0590 3596 usbuhci - ok
    16:07:33.0355 3596 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
    16:07:33.0433 3596 usb_rndisx - ok
    16:07:33.0573 3596 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    16:07:33.0636 3596 UxSms - ok
    16:07:33.0651 3596 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    16:07:33.0651 3596 VaultSvc - ok
    16:07:33.0807 3596 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    16:07:33.0807 3596 vdrvroot - ok
    16:07:34.0618 3596 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    16:07:34.0790 3596 vds - ok
    16:07:35.0508 3596 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    16:07:35.0554 3596 vga - ok
    16:07:35.0601 3596 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    16:07:35.0648 3596 VgaSave - ok
    16:07:35.0820 3596 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    16:07:35.0820 3596 vhdmp - ok
    16:07:36.0646 3596 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    16:07:36.0709 3596 viaide - ok
    16:07:37.0442 3596 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    16:07:37.0458 3596 volmgr - ok
    16:07:37.0910 3596 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    16:07:37.0926 3596 volmgrx - ok
    16:07:38.0940 3596 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    16:07:39.0064 3596 volsnap - ok
    16:07:39.0236 3596 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    16:07:39.0610 3596 vsmraid - ok
    16:07:41.0233 3596 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    16:07:41.0373 3596 VSS - ok
    16:07:41.0623 3596 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    16:07:42.0216 3596 vwifibus - ok
    16:07:42.0340 3596 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    16:07:42.0372 3596 vwififlt - ok
    16:07:42.0793 3596 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    16:07:42.0855 3596 W32Time - ok
    16:07:43.0042 3596 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    16:07:43.0152 3596 WacomPen - ok
    16:07:43.0339 3596 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    16:07:43.0448 3596 WANARP - ok
    16:07:43.0620 3596 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    16:07:43.0620 3596 Wanarpv6 - ok
    16:07:45.0039 3596 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    16:07:45.0226 3596 WatAdminSvc - ok
    16:07:46.0272 3596 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    16:07:46.0927 3596 wbengine - ok
    16:07:47.0582 3596 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    16:07:47.0707 3596 WbioSrvc - ok
    16:07:48.0144 3596 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    16:07:48.0190 3596 wcncsvc - ok
    16:07:49.0002 3596 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    16:07:49.0080 3596 WcsPlugInService - ok
    16:07:49.0142 3596 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    16:07:49.0173 3596 Wd - ok
    16:07:49.0392 3596 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
    16:07:49.0672 3596 WDC_SAM - ok
    16:07:50.0608 3596 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    16:07:50.0671 3596 Wdf01000 - ok
    16:07:50.0780 3596 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    16:07:50.0874 3596 WdiServiceHost - ok
    16:07:50.0889 3596 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    16:07:50.0889 3596 WdiSystemHost - ok
    16:07:50.0967 3596 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    16:07:50.0983 3596 WebClient - ok
    16:07:51.0747 3596 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    16:07:51.0997 3596 Wecsvc - ok
    16:07:52.0137 3596 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    16:07:52.0200 3596 wercplsupport - ok
    16:07:52.0278 3596 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    16:07:52.0324 3596 WerSvc - ok
    16:07:52.0543 3596 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    16:07:53.0089 3596 WfpLwf - ok
    16:07:53.0182 3596 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    16:07:53.0245 3596 WIMMount - ok
    16:07:53.0245 3596 WinHttpAutoProxySvc - ok
    16:07:54.0867 3596 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    16:07:55.0507 3596 Winmgmt - ok
    16:07:57.0176 3596 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    16:07:58.0050 3596 WinRM - ok
    16:07:58.0533 3596 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    16:07:58.0564 3596 Wlansvc - ok
    16:08:00.0811 3596 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    16:08:01.0716 3596 wlidsvc - ok
    16:08:01.0809 3596 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    16:08:01.0809 3596 WmiAcpi - ok
    16:08:01.0981 3596 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    16:08:02.0012 3596 wmiApSrv - ok
    16:08:02.0792 3596 WMPNetworkSvc - ok
    16:08:02.0948 3596 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    16:08:03.0182 3596 WPCSvc - ok
    16:08:04.0040 3596 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    16:08:04.0118 3596 WPDBusEnum - ok
    16:08:04.0165 3596 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    16:08:04.0165 3596 ws2ifsl - ok
    16:08:04.0352 3596 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
    16:08:04.0383 3596 WSDPrintDevice - ok
    16:08:04.0898 3596 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
    16:08:05.0678 3596 WSDScan - ok
    16:08:05.0678 3596 WSearch - ok
    16:08:05.0881 3596 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    16:08:06.0052 3596 WudfPf - ok
    16:08:06.0630 3596 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:08:06.0661 3596 WUDFRd - ok
    16:08:06.0739 3596 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    16:08:06.0770 3596 wudfsvc - ok
    16:08:06.0848 3596 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    16:08:06.0957 3596 WwanSvc - ok
    16:08:09.0235 3596 [ 74983ADDCA2D9618512C088D856D6615 ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
    16:08:09.0828 3596 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
    16:08:09.0828 3596 ================ Scan global ===============================
    16:08:09.0952 3596 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    16:08:11.0528 3596 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    16:08:11.0762 3596 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    16:08:12.0121 3596 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    16:08:12.0948 3596 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    16:08:13.0010 3596 [Global] - ok
    16:08:13.0010 3596 ================ Scan MBR ==================================
    16:08:13.0197 3596 [ 1C5941C92F894D6FAB256DF227597982 ] \Device\Harddisk0\DR0
    16:09:32.0040 3596 \Device\Harddisk0\DR0 - ok
    16:09:32.0133 3596 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
    16:09:32.0789 3596 \Device\Harddisk1\DR1 - ok
    16:09:32.0804 3596 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
    16:09:32.0882 3596 \Device\Harddisk2\DR2 - ok
    16:09:32.0882 3596 ================ Scan VBR ==================================
    16:09:32.0945 3596 [ 6E0D8FEC764A71914360BF9A955C3A12 ] \Device\Harddisk0\DR0\Partition1
    16:09:34.0130 3596 \Device\Harddisk0\DR0\Partition1 - ok
    16:09:34.0286 3596 [ 9FC735A01585AA9C7F2AFFF69DCA398B ] \Device\Harddisk0\DR0\Partition2
    16:09:34.0364 3596 \Device\Harddisk0\DR0\Partition2 - ok
    16:09:34.0411 3596 [ 3C94C3C1EFCE05B21F83552D2EE1A3F6 ] \Device\Harddisk0\DR0\Partition3
    16:09:34.0473 3596 \Device\Harddisk0\DR0\Partition3 - ok
    16:09:34.0505 3596 [ 74B96304B5D905905443B49696211DC7 ] \Device\Harddisk1\DR1\Partition1
    16:09:34.0707 3596 \Device\Harddisk1\DR1\Partition1 - ok
    16:09:34.0739 3596 [ 49A3CBBD336813D87EA22C4C2C7044AD ] \Device\Harddisk2\DR2\Partition1
    16:09:34.0957 3596 \Device\Harddisk2\DR2\Partition1 - ok
    16:09:34.0957 3596 ============================================================
    16:09:34.0957 3596 Scan finished
    16:09:34.0957 3596 ============================================================
    16:09:34.0957 2124 Detected object count: 1
    16:09:34.0957 2124 Actual detected object count: 1
    16:14:55.0428 2124 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
    16:14:55.0428 2124 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
  11. Midian76

    Midian76 Newcomer, in training Topic Starter Posts: 16

    RogueKiller Report (1)

    RogueKiller V8.2.0 [10/22/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : David [Admin rights]
    Mode : Scan -- Date : 10/28/2012 16:19:25

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 10 ¤¤¤
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (\??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl) -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (\??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl) -> FOUND
    [TASK][SUSP PATH] {3A13BAE9-F33C-4888-A229-9198290511B8} : C:\Windows\system32\pcalua.exe -a "C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VHV4UEAN\AutodeskDesignRevSetup.exe" -d C:\Users\David\Desktop -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\David\AppData\Local\{952cc8e1-d451-0e38-bf20-b8fddcb773a2}\n.) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 adobe.activate.com
    127.0.0.1 adobeereg.com
    127.0.0.1 www.adobeereg.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 125.252.224.90
    127.0.0.1 125.252.224.91
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD15 EARS-60MVWB0 SATA Disk Device +++++
    --- User ---
    [MBR] bce84e50061618e22321992d57176828
    [BSP] 3a6ba95c20048b0b5ed33c2973d7b463 : Windows Vista/7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1416839 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2901893120 | Size: 13858 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] cfe18fbfe1aebcf7f4f4d76225ba471b
    [BSP] c0b513f8eb8adfa39824feed3c10efd6 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo

    +++++ PhysicalDrive1: ST310003 33AS SATA Disk Device +++++
    --- User ---
    [MBR] b37dddbf3fd9def2b5a8c30aa73f6a2a
    [BSP] c44304f86552e5204d0ba1c9b8f05f6d : MBR Code unknown
    Partition table:
    1 - [ACTIVE] EXTEN (0x05) [VISIBLE] Offset (sectors): 16065 | Size: 953859 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: Patriot Memory USB Device +++++
    --- User ---
    [MBR] 96a1f06fc6c064eb0d69836404b3ee9d
    [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 8064 | Size: 15268 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  12. Midian76

    Midian76 Newcomer, in training Topic Starter Posts: 16

    RogueKiller Report (2)

    RogueKiller V8.2.0 [10/22/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : David [Admin rights]
    Mode : Remove -- Date : 10/28/2012 16:20:17

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (\??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (\??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl) -> DELETED
    [TASK][SUSP PATH] {3A13BAE9-F33C-4888-A229-9198290511B8} : C:\Windows\system32\pcalua.exe -a "C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VHV4UEAN\AutodeskDesignRevSetup.exe" -d C:\Users\David\Desktop -> DELETED
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\David\AppData\Local\{952cc8e1-d451-0e38-bf20-b8fddcb773a2}\n.) -> REPLACED (C:\Windows\system32\shell32.dll)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 adobe.activate.com
    127.0.0.1 adobeereg.com
    127.0.0.1 www.adobeereg.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 125.252.224.90
    127.0.0.1 125.252.224.91
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD15 EARS-60MVWB0 SATA Disk Device +++++
    --- User ---
    [MBR] bce84e50061618e22321992d57176828
    [BSP] 3a6ba95c20048b0b5ed33c2973d7b463 : Windows Vista/7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1416839 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2901893120 | Size: 13858 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] cfe18fbfe1aebcf7f4f4d76225ba471b
    [BSP] c0b513f8eb8adfa39824feed3c10efd6 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo

    +++++ PhysicalDrive1: ST310003 33AS SATA Disk Device +++++
    --- User ---
    [MBR] b37dddbf3fd9def2b5a8c30aa73f6a2a
    [BSP] c44304f86552e5204d0ba1c9b8f05f6d : MBR Code unknown
    Partition table:
    1 - [ACTIVE] EXTEN (0x05) [VISIBLE] Offset (sectors): 16065 | Size: 953859 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: Patriot Memory USB Device +++++
    --- User ---
    [MBR] 96a1f06fc6c064eb0d69836404b3ee9d
    [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 8064 | Size: 15268 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive4: Generic- Compact Flash USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  13. Midian76

    Midian76 Newcomer, in training Topic Starter Posts: 16

    MBAM Log

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.10.28.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    David :: DAVID-HPPC-2011 [administrator]

    28/10/2012 4:23:43 PM
    mbam-log-2012-10-28 (16-23-43).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 216403
    Time elapsed: 11 minute(s), 1 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  14. Midian76

    Midian76 Newcomer, in training Topic Starter Posts: 16

    AswMBR log

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-28 16:35:39
    -----------------------------
    16:35:39.375 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:35:39.375 Number of processors: 6 586 0xA00
    16:35:39.375 ComputerName: DAVID-HPPC-2011 UserName: David
    16:35:41.106 Initialize success
    16:43:22.434 AVAST engine defs: 12102800
    16:43:33.682 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
    16:43:33.682 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 11
    16:43:33.697 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000060
    16:43:33.697 Disk 1 Vendor: ST310003 CC3H Size: 953869MB BusType: 11
    16:43:33.713 Disk 0 MBR read successfully
    16:43:33.728 Disk 0 MBR scan
    16:43:33.728 Disk 0 unknown MBR code
    16:43:33.760 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    16:43:33.775 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1416839 MB offset 206848
    16:43:33.822 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13858 MB offset 2901893120
    16:43:33.884 Disk 0 scanning C:\Windows\system32\drivers
    16:43:48.314 Service scanning
    16:44:13.430 Modules scanning
    16:44:13.446 Disk 0 trace - called modules:
    16:44:13.477 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    16:44:13.493 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800721b790]
    16:44:13.493 3 CLASSPNP.SYS[fffff8800198243f] -> nt!IofCallDriver -> [0xfffffa8006d53ac0]
    16:44:13.508 5 amd_xata.sys[fffff880011388b4] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa8006d4b9c0]
    16:44:16.956 AVAST engine scan C:\Windows
    16:44:21.215 AVAST engine scan C:\Windows\system32
    16:48:49.410 AVAST engine scan C:\Windows\system32\drivers
    16:49:08.068 AVAST engine scan C:\Users\David
    16:54:49.303 Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
    16:54:49.303 The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"
  15. Broni

    Broni Malware Annihilator Posts: 46,423   +252

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ==================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  16. Midian76

    Midian76 Newcomer, in training Topic Starter Posts: 16

    Ok, here is the ComboFix log:

    ComboFix 12-10-26.05 - David 28/10/2012 17:23:54.1.6 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8191.6310 [GMT -3:00]
    Running from: c:\users\David\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\F25CC3A71C.sys
    C:\Thumbs.db
    c:\users\David\Documents\~WRL1587.tmp
    c:\windows\jestertb.dll
    F:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-28 20:29 . 2012-10-28 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-28 15:37 . 2012-10-28 15:37 -------- d-----w- C:\FRST
    2012-10-28 00:42 . 2012-09-29 22:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-27 22:33 . 2012-10-27 22:33 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes
    2012-10-27 22:30 . 2012-10-27 22:30 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-27 22:30 . 2012-10-28 00:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-14 21:52 . 2011-03-05 16:56 7308 --sha-w- c:\programdata\KGyGaAvL.sys
    2012-08-28 18:32 . 2012-03-10 18:18 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
    2012-08-26 19:01 . 2012-04-17 14:52 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-26 19:01 . 2011-05-14 14:02 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-23 98304]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
    @="Service"
    .
    R2 CLKMSVC10_C6F09094;CyberLink Product - 2011/02/17 11:56;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-11-26 245232]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
    R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 136176]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 136176]
    R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-09-12 1705600]
    R3 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R3 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-09-21 16008]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-24 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-06 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
    S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-08-28 54728]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-23 203264]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-12-02 66560]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2011-12-02 31408]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-08-28 598032]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-23 7886848]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-23 285696]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
    S3 HCW723x;Hauppauge WinTV 723x PCIe Card;c:\windows\system32\DRIVERS\HCW723x.sys [2009-12-16 1799552]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-09-21 22408]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-07-22 1002848]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - CLKMDRV10_C6F09094
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 21:57]
    .
    2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 21:57]
    .
    2012-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-135675634-2142226353-352299039-1000Core.job
    - c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 23:26]
    .
    2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-135675634-2142226353-352299039-1000UA.job
    - c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 23:26]
    .
    2012-10-28 c:\windows\Tasks\HPCeeScheduleForDAVID-HPPC-2011$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    2012-10-19 c:\windows\Tasks\HPCeeScheduleForDavid.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ca.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Free YouTube Download - c:\users\David\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
    FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\c9c61fc3.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://ca.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=111434&tt=2912_6&babsrc=KW_ss&mntrId=9471200c0000000000001c659dfcd669&q=
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2012-10-27 23:07; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\c9c61fc3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434&tt=2912_6
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 9471200c0000000000001c659dfcd669
    FF - user.js: extensions.BabylonToolbar_i.hardId - 9471200c0000000000001c659dfcd669
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15541
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:15
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-MsMpSvc
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
    "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
    89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
    "{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
    71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
    "{F3FEE66E-E034-436A-86E4-9690573BEE8A}"=hex:51,66,7a,6c,4c,1d,38,12,00,e5,ed,
    f7,06,ae,04,06,f9,f2,d5,d0,52,65,aa,9e
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
    34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
    "{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
    33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
    d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
    25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:26,e9,4a,52,cd,56,cd,01
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.032"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.abr"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ani"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.apd"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ARW\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="HPMSPhoto.ARW"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.bay"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="HPMSPhoto.BMP"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.bw"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CR2\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="HPMSPhoto.CR2"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.crw"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.cs1"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.cur"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.dcr"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.dcx"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.dib"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.djv"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.djvu"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DNG\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="HPMSPhoto.DNG"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.emf"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="HPMSPhoto.EPS"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ERF\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="HPMSPhoto.ERF"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.fff"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.fpx"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="HPMSPhoto.GIF"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.hdr"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.icl"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.icn"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.iff"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ilbm"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.int"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.inta"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.iw4"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.j2c"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.j2k"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jbr"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jfif"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jif"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jp2"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jpc"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jpe"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="HPMSPhoto.JPEG"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="PhotoViewer.FileAssoc.Jpeg"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jpk"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jpx"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.KDC\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="HPMSPhoto.KDC"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.lbm"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.mef"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.mos"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MRW\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="HPMSPhoto.MRW"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NEF\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Applications\\lightroom.exe"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="HPMSPhoto.NRW"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ORF\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Applications\\lightroom.exe"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pbm"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pbr"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pcd"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pct"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="HPMSPhoto.PCX"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PEF\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="HPMSPhoto.PEF"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pgm"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pic"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pict"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pix"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="PhotoViewer.FileAssoc.Png"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ppm"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.psd"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.psp"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pspbrush"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pspimage"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAF\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Applications\\lightroom.exe"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ras"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.raw"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rgb"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rgba"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rle"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rsb"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="HPMSPhoto.RW2"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rwl"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.sgi"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SR2\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="HPMSPhoto.SR2"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="HPMSPhoto.SRF"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.tga"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.thm"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="HPMSPhoto.TIF"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
    @Denied: (2) (S-1-5-21-135675634-2142226353-352299039-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="HPMSPhoto.TIFF"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ttc"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ttf"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.v30po"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.v30pp"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.v30ppf"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.wbm"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.wbmp"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.wmf"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.xbm"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.xif"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.xmp"
    .
    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.xpm"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files (x86)\Windows Media Player\wmplayer.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-28 17:43:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-28 20:43
    .
    Pre-Run: 602,802,335,744 bytes free
    Post-Run: 604,050,292,736 bytes free
    .
    - - End Of File - - 4225444417D21B857E1DDBB9B2454CC9
  17. Broni

    Broni Malware Annihilator Posts: 46,423   +252

    Looks good :)

    Any current issues?

    ===========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  18. Midian76

    Midian76 Newcomer, in training Topic Starter Posts: 16

    No issues that I can tell. You do very good work :)

    I can't seem to copy and paste the OTL output as the forum says I 'don't have permission to tag people'. Must be something in the text that thinks I'm trying to tag or something.

    I've attached the text files.

    Attached Files:

  19. Broni

    Broni Malware Annihilator Posts: 46,423   +252

    Yeah, there is bug I reported already...

    OTL logfile created on: 10/28/2012 7:55:25 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    8.00 Gb Total Physical Memory | 6.63 Gb Available Physical Memory | 82.86% Memory free
    16.00 Gb Paging File | 14.45 Gb Available in Paging File | 90.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1383.63 Gb Total Space | 562.24 Gb Free Space | 40.64% Space Free | Partition Type: NTFS
    Drive D: | 13.53 Gb Total Space | 1.67 Gb Free Space | 12.32% Space Free | Partition Type: NTFS
    Drive F: | 931.50 Gb Total Space | 35.22 Gb Free Space | 3.78% Space Free | Partition Type: NTFS
    Drive K: | 14.91 Gb Total Space | 11.21 Gb Free Space | 75.20% Space Free | Partition Type: NTFS

    Computer Name: DAVID-HPPC-2011 | User Name: David | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/28 19:22:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
    PRC - [2012/01/03 10:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/12/02 19:24:04 | 000,031,408 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2011/12/01 21:59:00 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
    PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    PRC - [2011/10/01 10:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 10:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2010/11/20 09:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    PRC - [2010/11/20 09:17:56 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmpshare.exe
    PRC - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/08/28 15:38:22 | 000,598,032 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
    SRV:64bit: - [2012/03/26 19:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2010/11/23 14:21:52 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/08/06 00:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2009/07/13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/09/24 12:58:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/08/30 17:03:28 | 004,537,664 | ---- | M] () [On_Demand | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
    SRV - [2012/01/03 10:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/12/02 19:24:04 | 000,031,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2011/12/01 21:59:00 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
    SRV - [2011/10/01 10:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 10:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/09/09 19:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/05/06 11:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) [On_Demand | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2011/03/28 19:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/11/26 01:20:28 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
    SRV - [2010/06/18 22:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/28 15:32:58 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
    DRV:64bit: - [2012/03/20 21:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/09 03:06:36 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
    DRV:64bit: - [2011/10/01 10:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 10:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 10:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 10:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/09/21 12:51:38 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
    DRV:64bit: - [2011/09/21 12:51:38 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
    DRV:64bit: - [2011/07/25 19:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2011/07/20 16:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/23 14:53:44 | 007,886,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/11/23 13:46:42 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/09/24 12:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010/09/03 03:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/08/13 10:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2010/08/13 10:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2010/07/22 00:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2010/04/07 11:28:22 | 000,121,280 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
    DRV:64bit: - [2010/03/10 12:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
    DRV:64bit: - [2010/01/01 14:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2009/12/22 06:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009/12/15 22:53:20 | 001,799,552 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW723x.sys -- (HCW723x)
    DRV:64bit: - [2009/09/11 21:19:08 | 001,705,600 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
    DRV:64bit: - [2009/09/11 21:18:28 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
    DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 21:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 21:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
    DRV:64bit: - [2009/07/13 21:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/07/13 21:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2008/05/06 18:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2007/04/09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
    DRV - [2010/04/07 11:28:22 | 000,121,280 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
    DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
    IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
    IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPDTDF
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
    IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-135675634-2142226353-352299039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
    IE - HKU\S-1-5-21-135675634-2142226353-352299039-1000\..\SearchScopes,DefaultScope = {5203C2BA-6CF6-4F48-8742-81132839454B}
    IE - HKU\S-1-5-21-135675634-2142226353-352299039-1000\..\SearchScopes\{5203C2BA-6CF6-4F48-8742-81132839454B}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKU\S-1-5-21-135675634-2142226353-352299039-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKU\S-1-5-21-135675634-2142226353-352299039-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-135675634-2142226353-352299039-1000\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
    IE - HKU\S-1-5-21-135675634-2142226353-352299039-1000\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://ca.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF - prefs.js..extensions.enabledItems: color_management@seanhayes.name:0.5.3
    FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:6.0
    FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:6.0
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=11...ss&mntrId=9471200c0000000000001c659dfcd669&q="
    FF - prefs.js..network.proxy.type: 0


    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.0.2: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.0.2: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\David\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\David\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/01/30 16:21:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/28 04:52:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/28 02:23:44 | 000,000,000 | ---D | M]

    [2011/03/05 17:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
    [2012/10/27 22:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\c9c61fc3.default\extensions
    [2011/05/01 15:10:27 | 000,000,000 | ---D | M] (Color Management) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\c9c61fc3.default\extensions\color_management@seanhayes.name
    [2012/10/27 23:07:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\c9c61fc3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2011/12/14 17:47:54 | 000,002,333 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\c9c61fc3.default\searchplugins\askcom.xml
    [2011/06/03 22:28:04 | 000,002,126 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\c9c61fc3.default\searchplugins\GoogleFeed.xml
    [2012/07/12 23:00:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/24 12:58:36 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/07/12 22:59:55 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/07/20 19:15:09 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/10/27 23:12:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/07/12 22:59:55 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/07/12 22:59:55 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/10/27 23:12:16 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    [2012/07/12 22:59:55 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - default_search_provider: Yahoo! Canada (Enabled)
    CHR - default_search_provider: search_url = http://ca.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
    CHR - default_search_provider: suggest_url = http://gossip.ca.yahoo.com/gossip-ca-sayt?output=fxjsonp&command={searchTerms}
    CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=9471200c0000000000001c659dfcd669
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\David\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\David\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\David\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\David\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: YouTube = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: Google Search = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
    CHR - Extension: RealNetworks Downloader Extension = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.0_0\
    CHR - Extension: Gmail = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
    CHR - Extension: Gmail = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/10/28 17:34:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKU\S-1-5-21-135675634-2142226353-352299039-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-135675634-2142226353-352299039-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-135675634-2142226353-352299039-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-135675634-2142226353-352299039-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-135675634-2142226353-352299039-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Free YouTube Download - C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52ABDEB3-8E4F-40C0-9BB4-413C445C7E59}: DhcpNameServer = 192.168.2.1 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A0E1B96-5989-46D8-9557-4CD116A87F89}: DhcpNameServer = 192.168.2.1 192.168.2.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  20. Broni

    Broni Malware Annihilator Posts: 46,423   +252

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/28 19:44:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
    [2012/10/28 17:43:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/28 17:35:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/10/28 17:21:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/28 17:21:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/28 17:21:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/28 17:20:53 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/28 17:17:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/28 17:16:12 | 004,989,309 | R--- | C] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
    [2012/10/28 16:18:12 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\RK_Quarantine
    [2012/10/28 16:02:45 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\tdsskiller
    [2012/10/28 16:02:27 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\David\Desktop\aswMBR.exe
    [2012/10/28 12:37:49 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/10/27 21:42:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/10/27 20:39:50 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\DesktopDocuments
    [2012/10/27 19:33:42 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Malwarebytes
    [2012/10/27 19:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/27 19:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/27 19:30:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/20 18:48:49 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\A Devil's Chaplain
    [2012/10/20 18:43:42 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\NYT Bestsellers September October 2012
    [2012/10/19 12:48:23 | 000,000,000 | R--D | C] -- C:\Users\David\Desktop\SHORTCUTS
    [2012/10/19 09:32:44 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Dad
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/28 20:00:03 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/28 20:00:02 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/28 19:52:05 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-135675634-2142226353-352299039-1000UA.job
    [2012/10/28 19:47:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/28 19:46:49 | 2146,914,303 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/28 19:22:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
    [2012/10/28 18:46:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/28 17:34:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/28 17:14:55 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
    [2012/10/28 16:54:49 | 000,000,512 | ---- | M] () -- C:\Users\David\Desktop\MBR.dat
    [2012/10/28 16:08:16 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDAVID-HPPC-2011$.job
    [2012/10/28 15:54:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\David\Desktop\aswMBR.exe
    [2012/10/28 15:52:49 | 001,580,544 | ---- | M] () -- C:\Users\David\Desktop\RogueKiller.exe
    [2012/10/28 15:52:23 | 002,194,704 | ---- | M] () -- C:\Users\David\Desktop\tdsskiller.zip
    [2012/10/27 22:22:07 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/10/25 12:59:17 | 000,616,017 | ---- | M] () -- C:\Users\David\Desktop\Christopher Hitchens - god is not Great (How Religion Poisons E.mobi
    [2012/10/20 21:52:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-135675634-2142226353-352299039-1000Core.job
    [2012/10/20 18:42:28 | 000,730,572 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/20 18:42:28 | 000,630,986 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/20 18:42:28 | 000,111,812 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/19 14:31:22 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/19 14:31:22 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDavid.job
    [2012/10/14 18:52:59 | 000,007,308 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
    [2012/10/11 18:45:25 | 000,006,212 | ---- | M] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
    [2012/10/08 21:45:17 | 025,435,897 | ---- | M] () -- C:\Users\David\Documents\nikon d600 manual.pdf
    [2012/10/07 15:31:29 | 000,396,018 | ---- | M] () -- C:\Users\David\Desktop\Groucho and Me - Groucho Marx.mobi
    [2012/10/04 20:39:40 | 000,317,706 | ---- | M] () -- C:\Users\David\Desktop\I Suck at Girls - Justin Halpern.mobi
    [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/28 17:21:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/28 17:21:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/28 17:21:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/28 17:21:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/28 17:21:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/28 16:54:49 | 000,000,512 | ---- | C] () -- C:\Users\David\Desktop\MBR.dat
    [2012/10/28 16:02:28 | 002,194,704 | ---- | C] () -- C:\Users\David\Desktop\tdsskiller.zip
    [2012/10/28 16:02:27 | 001,580,544 | ---- | C] () -- C:\Users\David\Desktop\RogueKiller.exe
    [2012/10/25 12:59:47 | 000,616,017 | ---- | C] () -- C:\Users\David\Desktop\Christopher Hitchens - god is not Great (How Religion Poisons E.mobi
    [2012/10/08 21:40:03 | 025,435,897 | ---- | C] () -- C:\Users\David\Documents\nikon d600 manual.pdf
    [2012/10/07 17:00:55 | 000,317,706 | ---- | C] () -- C:\Users\David\Desktop\I Suck at Girls - Justin Halpern.mobi
    [2012/10/07 17:00:42 | 000,396,018 | ---- | C] () -- C:\Users\David\Desktop\Groucho and Me - Groucho Marx.mobi
    [2012/03/10 15:56:08 | 000,006,212 | ---- | C] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
    [2012/03/10 15:19:57 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
    [2012/03/09 15:14:21 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2011/12/01 21:59:04 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll
    [2011/11/22 19:16:04 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll
    [2011/05/14 17:56:05 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
    [2011/05/14 17:52:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\InkjetPrinter
    [2011/05/14 17:52:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Importer
    [2011/05/14 17:52:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Images
    [2011/05/14 17:52:17 | 000,000,268 | RH-- | C] () -- C:\Users\David\AppData\Roaming\Image Manipulation
    [2011/05/14 17:52:17 | 000,000,268 | RH-- | C] () -- C:\Users\David\AppData\Roaming\Image Capture
    [2011/05/14 17:52:17 | 000,000,268 | RH-- | C] () -- C:\Users\David\AppData\Roaming\Icons
    [2011/05/14 17:52:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
    [2011/05/14 17:52:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
    [2011/05/14 17:52:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
    [2011/03/25 18:09:48 | 000,002,144 | ---- | C] () -- C:\Users\David\.recently-used.xbel
    [2011/03/12 15:18:44 | 000,736,148 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/03/08 14:32:06 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2011/03/06 21:42:09 | 000,048,128 | ---- | C] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/03/05 13:56:45 | 000,007,308 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2011/02/17 17:25:45 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/02/17 16:47:15 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2011/02/17 16:29:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

    ========== ZeroAccess Check ==========

    [2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "ThreadingModel" = Both
    "" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 07:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 07:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 05:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/03/04 23:27:31 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\ACD Systems
    [2012/09/23 14:19:30 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AnvSoft
    [2012/07/20 20:27:00 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Autodesk
    [2011/10/03 19:30:00 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Babylon
    [2012/02/28 21:32:26 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\BHOK IT Consulting
    [2011/03/07 23:51:40 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Blio
    [2011/05/23 19:30:19 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Canon
    [2011/05/10 15:46:32 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Digiarty
    [2012/09/19 18:21:02 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DVDVideoSoft
    [2011/12/08 01:33:56 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\JLAdventCalendarLondon2011
    [2011/05/14 17:55:01 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Nikon
    [2011/05/01 15:10:27 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PictureMover
    [2012/01/10 00:20:24 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Research In Motion
    [2012/10/28 02:21:48 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SoftGrid Client
    [2012/05/21 12:21:58 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Software Informer
    [2012/03/10 15:56:17 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Template
    [2011/03/12 15:19:14 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\TP
    [2011/05/01 21:05:38 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Western Digital
    [2011/09/22 12:25:19 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\WinBatch
    [2011/09/12 19:56:26 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    < End of report >
  21. Broni

    Broni Malware Annihilator Posts: 46,423   +252

    OTL Extras logfile created on: 10/28/2012 7:55:25 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    8.00 Gb Total Physical Memory | 6.63 Gb Available Physical Memory | 82.86% Memory free
    16.00 Gb Paging File | 14.45 Gb Available in Paging File | 90.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1383.63 Gb Total Space | 562.24 Gb Free Space | 40.64% Space Free | Partition Type: NTFS
    Drive D: | 13.53 Gb Total Space | 1.67 Gb Free Space | 12.32% Space Free | Partition Type: NTFS
    Drive F: | 931.50 Gb Total Space | 35.22 Gb Free Space | 3.78% Space Free | Partition Type: NTFS
    Drive K: | 14.91 Gb Total Space | 11.21 Gb Free Space | 75.20% Space Free | Partition Type: NTFS

    Computer Name: DAVID-HPPC-2011 | User Name: David | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B768C1CC-10B9-4D5B-88A2-38C7E42E337E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{ED431997-3D42-4DEB-B98D-4C23332018EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0A92C0FA-737A-4279-AE5A-5179A7E2E5C3}" = Soluto
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{3001791D-2CA6-6FE3-BE0F-8EA7522B32D4}" = ATI Catalyst Install Manager
    "{3184267F-B0D9-0657-D705-0C700B481A18}" = ccc-utility64
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4ACA6F0A-97D9-4CD0-9F66-2CFB30A97E3C}" = Microsoft Image Composite Editor
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.01
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}" = ATI Stream SDK v2 Developer
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{88C9A605-843E-4615-AA40-ECC23031391F}" = StudioTax 2011
    "{8BBA6F77-4A79-4E90-BD82-E24669ACF221}" = Adobe Photoshop Lightroom 3.4.1 64-bit
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{E13890DC-1654-47A7-9F28-1A397AA1CE2F}" = StudioTax 2010
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0E59637F-DA32-E400-92F6-3E84DB1DFB8D}" = CCC Help Portuguese
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{13FED2DC-8185-351F-72B2-C1CAB3A8860B}" = CCC Help Turkish
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{1826A2E3-22EE-ACC6-BB3A-80EEFF23167A}" = CCC Help Danish
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
    "{1A66A9AD-7BC1-8E9C-25EE-A5C2B07FA59E}" = CCC Help Finnish
    "{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
    "{28CD5009-54CA-ED14-6A17-47803585FF5F}" = Catalyst Control Center Localization All
    "{28D1AF2F-9574-DABC-BA08-72F3356960D2}" = CCC Help Polish
    "{2A41AD80-C9C8-3CD0-2BEA-05731A9483DF}" = ccc-core-static
    "{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 3.1
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2C9CA30C-E2B7-0D3A-291D-4808973E6F8C}" = CCC Help Italian
    "{2F4C493B-28D8-5054-13E9-91F05903887B}" = CCC Help Dutch
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{38069E07-617C-8074-4F67-BAFFFBB7E7FA}" = CCC Help Spanish
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3D4C2961-3353-4C56-B0B8-82AC1923695F}" = Catalyst Control Center - Branding
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{4229F016-3A60-439E-B626-DE4BD457469F}" = BlackBerry Device Manager 7.0
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{49DA021B-1C01-36D0-ABDF-3B9BED567EED}" = CCC Help Chinese Traditional
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BDC0530-445B-47F2-36A0-758DE8903B44}" = CCC Help German
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
    "{5208F7DB-9DAA-E5CA-EEC3-1B004D66A8EB}" = CCC Help Chinese Standard
    "{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{58F095F8-3F66-528A-0BF6-DF1A7B304EC0}" = CCC Help Korean
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5E38ABC5-71C2-04D8-62F0-C44B53E7DED8}" = Catalyst Control Center Graphics Previews Vista
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{751D221F-7C37-C83F-1973-A1F92A0F4DF6}" = HydraVision
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
    "{7CC978FD-AE31-419D-A7AB-2A137689AE1F}" = OLYMPUS Digital Camera Updater
    "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A168327-7618-4266-8990-568092659FA3}" = RealDownloader
    "{8D03A164-B586-4318-AFE6-870A5E2739C1}" = PHOTORECOVERY LE
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{912CED74-88D3-4C5B-ACB0-13231864975E}" = PressReader
    "{913E7600-FA3A-B125-1EA6-391D59C258F6}" = CCC Help Czech
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
    "{959DFE5E-B55F-4A0A-9E71-2970C98C3164}" = CCC Help Russian
    "{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9AEDD629-A40E-5EB1-2E70-E84DDE915C16}" = CCC Help Norwegian
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{AEDDD2D4-0BE7-71D9-2091-9F8AA4A4806D}" = Catalyst Control Center InstallProxy
    "{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
    "{B31D9B68-A844-191A-C652-4EA715A8CD92}" = CCC Help French
    "{B3435D6A-B061-D8E5-C9AD-2D63C823C50C}" = CCC Help Swedish
    "{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{BE05B1E6-3C47-32DC-113B-7DB85FD6BE75}" = CCC Help Hungarian
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C6FD5FE2-3635-0C15-6D3C-95FCAA51A3CE}" = CCC Help Greek
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D9742D19-38EE-B2BE-5902-44130C4008FA}" = CCC Help Japanese
    "{DBF625A1-9F84-1533-E08E-D1EBBE5001DD}" = Catalyst Control Center Graphics Previews Common
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DE6E96CA-AD23-BBD7-4304-B6D4EA0F1933}" = CCC Help Thai
    "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E141B1E0-BA8A-750F-4106-FC6AAB8950E0}" = CCC Help English
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Akamai" = Akamai NetSession Interface Service
    "Any Video Converter_is1" = Any Video Converter 3.5.3
    "AnyDVD" = AnyDVD
    "BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
    "BlackBerry_HandheldManager" = BlackBerry Device Manager 7.0
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenuEX" = Canon Solution Menu EX
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "CloneDVD2" = CloneDVD2
    "Color Efex Pro 4" = Color Efex Pro 4
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "DOFMaster" = DOFMaster
    "Easy Video Splitter_is1" = Easy Video Splitter 1.28
    "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "Emicsoft HD Video Converter_is1" = Emicsoft HD Video Converter
    "FilmOn HDi Player" = FilmOn HDi Player
    "Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
    "HP Remote Solution" = HP Remote Solution
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
    "MakeMKV" = MakeMKV v1.7.4
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "MediaNavigation.CDLabelPrint" = CD-LabelPrint
    "Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
    "My HP Game Console" = HP Game Console
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "PDF Complete" = PDF Complete Special Edition
    "Picasa 3" = Picasa 3
    "PowerISO" = PowerISO
    "ShapeCollage" = Shape Collage
    "Silver Efex Pro 2" = Silver Efex Pro 2
    "Software Informer_is1" = Software Informer 1.1
    "The KMPlayer" = The KMPlayer (remove only)
    "VLC media player" = VLC media player 1.1.5
    "WildTangent hp Master Uninstall" = HP Games
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinLiveSuite" = Windows Live
    "WT087328" = Blackhawk Striker 2
    "WT087330" = Bounce Symphony
    "WT087343" = Dora's World Adventure
    "WT087361" = FATE
    "WT087362" = Final Drive Nitro
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087428" = Bejeweled 2 Deluxe
    "WT087453" = Chuzzle Deluxe
    "WT087501" = Plants vs. Zombies
    "WT087533" = Zuma Deluxe
    "WT089299" = Mystery P.I. - The London Caper
    "WT089300" = World Cup Cricket 20-20
    "WT089307" = Virtual Villagers 4 - The Tree of Life
    "WT089308" = Blasterball 3
    "WT089328" = Farm Frenzy
    "WT089359" = Cake Mania
    "WT089362" = Agatha Christie - Peril at End House
    "ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 5/10/2012 2:11:15 PM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/11/2012 10:25:16 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/11/2012 10:35:34 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/12/2012 10:44:16 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/12/2012 10:54:35 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/13/2012 10:54:51 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/13/2012 11:05:13 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/13/2012 10:05:19 PM | Computer Name = David-HPPC-2011 | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 129c Start
    Time: 01cd317595a73fed Termination Time: 24 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    Error - 5/14/2012 10:52:13 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/14/2012 11:02:29 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    [ Hewlett-Packard Events ]
    Error - 5/10/2012 2:11:28 PM | Computer Name = David-HPPC-2011 | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 8191 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 5/10/2012 2:31:38 PM | Computer Name = David-HPPC-2011 | Source = HPSF.exe | ID = 4000
    Description =

    [ Media Center Events ]
    Error - 3/22/2011 4:28:47 PM | Computer Name = David-HPPC-2011 | Source = MCUpdate | ID = 0
    Description = 4:28:42 PM - Error connecting to the internet. 4:28:42 PM - Unable
    to contact server..

    Error - 5/19/2011 9:21:26 AM | Computer Name = David-HPPC-2011 | Source = MCUpdate | ID = 0
    Description = 9:21:25 AM - Error connecting to the internet. 9:21:26 AM - Unable
    to contact server..

    [ System Events ]
    Error - 10/28/2012 3:00:14 PM | Computer Name = David-HPPC-2011 | Source = Service Control Manager | ID = 7003
    Description = The IKE and AuthIP IPsec Keying Modules service depends the following
    service: BFE. This service might not be installed.

    Error - 10/28/2012 3:00:25 PM | Computer Name = David-HPPC-2011 | Source = Service Control Manager | ID = 7003
    Description = The IPsec Policy Agent service depends the following service: BFE.
    This service might not be installed.

    Error - 10/28/2012 3:02:55 PM | Computer Name = David-HPPC-2011 | Source = DCOM | ID = 10016
    Description =

    Error - 10/28/2012 4:27:20 PM | Computer Name = David-HPPC-2011 | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 10/28/2012 4:29:20 PM | Computer Name = David-HPPC-2011 | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 10/28/2012 4:31:42 PM | Computer Name = David-HPPC-2011 | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 10/28/2012 4:36:39 PM | Computer Name = David-HPPC-2011 | Source = DCOM | ID = 10016
    Description =

    Error - 10/28/2012 6:48:48 PM | Computer Name = David-HPPC-2011 | Source = DCOM | ID = 10016
    Description =

    Error - 10/28/2012 6:53:50 PM | Computer Name = David-HPPC-2011 | Source = DCOM | ID = 10010
    Description =

    Error - 10/28/2012 6:55:04 PM | Computer Name = David-HPPC-2011 | Source = Service Control Manager | ID = 7022
    Description = The Windows Update service hung on starting.


    < End of report >
  22. Broni

    Broni Malware Annihilator Posts: 46,423   +252

    OTL Extras logfile created on: 10/28/2012 7:55:25 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    8.00 Gb Total Physical Memory | 6.63 Gb Available Physical Memory | 82.86% Memory free
    16.00 Gb Paging File | 14.45 Gb Available in Paging File | 90.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1383.63 Gb Total Space | 562.24 Gb Free Space | 40.64% Space Free | Partition Type: NTFS
    Drive D: | 13.53 Gb Total Space | 1.67 Gb Free Space | 12.32% Space Free | Partition Type: NTFS
    Drive F: | 931.50 Gb Total Space | 35.22 Gb Free Space | 3.78% Space Free | Partition Type: NTFS
    Drive K: | 14.91 Gb Total Space | 11.21 Gb Free Space | 75.20% Space Free | Partition Type: NTFS

    Computer Name: DAVID-HPPC-2011 | User Name: David | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B768C1CC-10B9-4D5B-88A2-38C7E42E337E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{ED431997-3D42-4DEB-B98D-4C23332018EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0A92C0FA-737A-4279-AE5A-5179A7E2E5C3}" = Soluto
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{3001791D-2CA6-6FE3-BE0F-8EA7522B32D4}" = ATI Catalyst Install Manager
    "{3184267F-B0D9-0657-D705-0C700B481A18}" = ccc-utility64
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4ACA6F0A-97D9-4CD0-9F66-2CFB30A97E3C}" = Microsoft Image Composite Editor
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.01
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}" = ATI Stream SDK v2 Developer
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{88C9A605-843E-4615-AA40-ECC23031391F}" = StudioTax 2011
    "{8BBA6F77-4A79-4E90-BD82-E24669ACF221}" = Adobe Photoshop Lightroom 3.4.1 64-bit
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{E13890DC-1654-47A7-9F28-1A397AA1CE2F}" = StudioTax 2010
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0E59637F-DA32-E400-92F6-3E84DB1DFB8D}" = CCC Help Portuguese
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{13FED2DC-8185-351F-72B2-C1CAB3A8860B}" = CCC Help Turkish
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{1826A2E3-22EE-ACC6-BB3A-80EEFF23167A}" = CCC Help Danish
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
    "{1A66A9AD-7BC1-8E9C-25EE-A5C2B07FA59E}" = CCC Help Finnish
    "{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
    "{28CD5009-54CA-ED14-6A17-47803585FF5F}" = Catalyst Control Center Localization All
    "{28D1AF2F-9574-DABC-BA08-72F3356960D2}" = CCC Help Polish
    "{2A41AD80-C9C8-3CD0-2BEA-05731A9483DF}" = ccc-core-static
    "{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 3.1
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2C9CA30C-E2B7-0D3A-291D-4808973E6F8C}" = CCC Help Italian
    "{2F4C493B-28D8-5054-13E9-91F05903887B}" = CCC Help Dutch
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{38069E07-617C-8074-4F67-BAFFFBB7E7FA}" = CCC Help Spanish
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3D4C2961-3353-4C56-B0B8-82AC1923695F}" = Catalyst Control Center - Branding
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{4229F016-3A60-439E-B626-DE4BD457469F}" = BlackBerry Device Manager 7.0
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{49DA021B-1C01-36D0-ABDF-3B9BED567EED}" = CCC Help Chinese Traditional
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BDC0530-445B-47F2-36A0-758DE8903B44}" = CCC Help German
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
    "{5208F7DB-9DAA-E5CA-EEC3-1B004D66A8EB}" = CCC Help Chinese Standard
    "{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{58F095F8-3F66-528A-0BF6-DF1A7B304EC0}" = CCC Help Korean
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5E38ABC5-71C2-04D8-62F0-C44B53E7DED8}" = Catalyst Control Center Graphics Previews Vista
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{751D221F-7C37-C83F-1973-A1F92A0F4DF6}" = HydraVision
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
    "{7CC978FD-AE31-419D-A7AB-2A137689AE1F}" = OLYMPUS Digital Camera Updater
    "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A168327-7618-4266-8990-568092659FA3}" = RealDownloader
    "{8D03A164-B586-4318-AFE6-870A5E2739C1}" = PHOTORECOVERY LE
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{912CED74-88D3-4C5B-ACB0-13231864975E}" = PressReader
    "{913E7600-FA3A-B125-1EA6-391D59C258F6}" = CCC Help Czech
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
    "{959DFE5E-B55F-4A0A-9E71-2970C98C3164}" = CCC Help Russian
    "{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9AEDD629-A40E-5EB1-2E70-E84DDE915C16}" = CCC Help Norwegian
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{AEDDD2D4-0BE7-71D9-2091-9F8AA4A4806D}" = Catalyst Control Center InstallProxy
    "{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
    "{B31D9B68-A844-191A-C652-4EA715A8CD92}" = CCC Help French
    "{B3435D6A-B061-D8E5-C9AD-2D63C823C50C}" = CCC Help Swedish
    "{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{BE05B1E6-3C47-32DC-113B-7DB85FD6BE75}" = CCC Help Hungarian
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C6FD5FE2-3635-0C15-6D3C-95FCAA51A3CE}" = CCC Help Greek
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D9742D19-38EE-B2BE-5902-44130C4008FA}" = CCC Help Japanese
    "{DBF625A1-9F84-1533-E08E-D1EBBE5001DD}" = Catalyst Control Center Graphics Previews Common
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DE6E96CA-AD23-BBD7-4304-B6D4EA0F1933}" = CCC Help Thai
    "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E141B1E0-BA8A-750F-4106-FC6AAB8950E0}" = CCC Help English
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Akamai" = Akamai NetSession Interface Service
    "Any Video Converter_is1" = Any Video Converter 3.5.3
    "AnyDVD" = AnyDVD
    "BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
    "BlackBerry_HandheldManager" = BlackBerry Device Manager 7.0
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenuEX" = Canon Solution Menu EX
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "CloneDVD2" = CloneDVD2
    "Color Efex Pro 4" = Color Efex Pro 4
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "DOFMaster" = DOFMaster
    "Easy Video Splitter_is1" = Easy Video Splitter 1.28
    "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "Emicsoft HD Video Converter_is1" = Emicsoft HD Video Converter
    "FilmOn HDi Player" = FilmOn HDi Player
    "Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
    "HP Remote Solution" = HP Remote Solution
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
    "MakeMKV" = MakeMKV v1.7.4
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "MediaNavigation.CDLabelPrint" = CD-LabelPrint
    "Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
    "My HP Game Console" = HP Game Console
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "PDF Complete" = PDF Complete Special Edition
    "Picasa 3" = Picasa 3
    "PowerISO" = PowerISO
    "ShapeCollage" = Shape Collage
    "Silver Efex Pro 2" = Silver Efex Pro 2
    "Software Informer_is1" = Software Informer 1.1
    "The KMPlayer" = The KMPlayer (remove only)
    "VLC media player" = VLC media player 1.1.5
    "WildTangent hp Master Uninstall" = HP Games
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinLiveSuite" = Windows Live
    "WT087328" = Blackhawk Striker 2
    "WT087330" = Bounce Symphony
    "WT087343" = Dora's World Adventure
    "WT087361" = FATE
    "WT087362" = Final Drive Nitro
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087428" = Bejeweled 2 Deluxe
    "WT087453" = Chuzzle Deluxe
    "WT087501" = Plants vs. Zombies
    "WT087533" = Zuma Deluxe
    "WT089299" = Mystery P.I. - The London Caper
    "WT089300" = World Cup Cricket 20-20
    "WT089307" = Virtual Villagers 4 - The Tree of Life
    "WT089308" = Blasterball 3
    "WT089328" = Farm Frenzy
    "WT089359" = Cake Mania
    "WT089362" = Agatha Christie - Peril at End House
    "ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 5/10/2012 2:11:15 PM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/11/2012 10:25:16 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/11/2012 10:35:34 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/12/2012 10:44:16 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/12/2012 10:54:35 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/13/2012 10:54:51 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/13/2012 11:05:13 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/13/2012 10:05:19 PM | Computer Name = David-HPPC-2011 | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 129c Start
    Time: 01cd317595a73fed Termination Time: 24 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    Error - 5/14/2012 10:52:13 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/14/2012 11:02:29 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    [ Hewlett-Packard Events ]
    Error - 5/10/2012 2:11:28 PM | Computer Name = David-HPPC-2011 | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 8191 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 5/10/2012 2:31:38 PM | Computer Name = David-HPPC-2011 | Source = HPSF.exe | ID = 4000
    Description =

    [ Media Center Events ]
    Error - 3/22/2011 4:28:47 PM | Computer Name = David-HPPC-2011 | Source = MCUpdate | ID = 0
    Description = 4:28:42 PM - Error connecting to the internet. 4:28:42 PM - Unable
    to contact server..

    Error - 5/19/2011 9:21:26 AM | Computer Name = David-HPPC-2011 | Source = MCUpdate | ID = 0
    Description = 9:21:25 AM - Error connecting to the internet. 9:21:26 AM - Unable
    to contact server..

    [ System Events ]
    Error - 10/28/2012 3:00:14 PM | Computer Name = David-HPPC-2011 | Source = Service Control Manager | ID = 7003
    Description = The IKE and AuthIP IPsec Keying Modules service depends the following
    service: BFE. This service might not be installed.

    Error - 10/28/2012 3:00:25 PM | Computer Name = David-HPPC-2011 | Source = Service Control Manager | ID = 7003
    Description = The IPsec Policy Agent service depends the following service: BFE.
    This service might not be installed.

    Error - 10/28/2012 3:02:55 PM | Computer Name = David-HPPC-2011 | Source = DCOM | ID = 10016
    Description =

    Error - 10/28/2012 4:27:20 PM | Computer Name = David-HPPC-2011 | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 10/28/2012 4:29:20 PM | Computer Name = David-HPPC-2011 | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 10/28/2012 4:31:42 PM | Computer Name = David-HPPC-2011 | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 10/28/2012 4:36:39 PM | Computer Name = David-HPPC-2011 | Source = DCOM | ID = 10016
    Description =

    Error - 10/28/2012 6:48:48 PM | Computer Name = David-HPPC-2011 | Source = DCOM | ID = 10016
    Description =

    Error - 10/28/2012 6:53:50 PM | Computer Name = David-HPPC-2011 | Source = DCOM | ID = 10010
    Description =

    Error - 10/28/2012 6:55:04 PM | Computer Name = David-HPPC-2011 | Source = Service Control Manager | ID = 7022
    Description = The Windows Update service hung on starting.


    < End of report >
  23. Broni

    Broni Malware Annihilator Posts: 46,423   +252

    OTL Extras logfile created on: 10/28/2012 7:55:25 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    8.00 Gb Total Physical Memory | 6.63 Gb Available Physical Memory | 82.86% Memory free
    16.00 Gb Paging File | 14.45 Gb Available in Paging File | 90.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1383.63 Gb Total Space | 562.24 Gb Free Space | 40.64% Space Free | Partition Type: NTFS
    Drive D: | 13.53 Gb Total Space | 1.67 Gb Free Space | 12.32% Space Free | Partition Type: NTFS
    Drive F: | 931.50 Gb Total Space | 35.22 Gb Free Space | 3.78% Space Free | Partition Type: NTFS
    Drive K: | 14.91 Gb Total Space | 11.21 Gb Free Space | 75.20% Space Free | Partition Type: NTFS

    Computer Name: DAVID-HPPC-2011 | User Name: David | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B768C1CC-10B9-4D5B-88A2-38C7E42E337E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{ED431997-3D42-4DEB-B98D-4C23332018EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0A92C0FA-737A-4279-AE5A-5179A7E2E5C3}" = Soluto
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{3001791D-2CA6-6FE3-BE0F-8EA7522B32D4}" = ATI Catalyst Install Manager
    "{3184267F-B0D9-0657-D705-0C700B481A18}" = ccc-utility64
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4ACA6F0A-97D9-4CD0-9F66-2CFB30A97E3C}" = Microsoft Image Composite Editor
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.01
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}" = ATI Stream SDK v2 Developer
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{88C9A605-843E-4615-AA40-ECC23031391F}" = StudioTax 2011
    "{8BBA6F77-4A79-4E90-BD82-E24669ACF221}" = Adobe Photoshop Lightroom 3.4.1 64-bit
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{E13890DC-1654-47A7-9F28-1A397AA1CE2F}" = StudioTax 2010
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0E59637F-DA32-E400-92F6-3E84DB1DFB8D}" = CCC Help Portuguese
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{13FED2DC-8185-351F-72B2-C1CAB3A8860B}" = CCC Help Turkish
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{1826A2E3-22EE-ACC6-BB3A-80EEFF23167A}" = CCC Help Danish
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
    "{1A66A9AD-7BC1-8E9C-25EE-A5C2B07FA59E}" = CCC Help Finnish
    "{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
    "{28CD5009-54CA-ED14-6A17-47803585FF5F}" = Catalyst Control Center Localization All
    "{28D1AF2F-9574-DABC-BA08-72F3356960D2}" = CCC Help Polish
    "{2A41AD80-C9C8-3CD0-2BEA-05731A9483DF}" = ccc-core-static
    "{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 3.1
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2C9CA30C-E2B7-0D3A-291D-4808973E6F8C}" = CCC Help Italian
    "{2F4C493B-28D8-5054-13E9-91F05903887B}" = CCC Help Dutch
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{38069E07-617C-8074-4F67-BAFFFBB7E7FA}" = CCC Help Spanish
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3D4C2961-3353-4C56-B0B8-82AC1923695F}" = Catalyst Control Center - Branding
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{4229F016-3A60-439E-B626-DE4BD457469F}" = BlackBerry Device Manager 7.0
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{49DA021B-1C01-36D0-ABDF-3B9BED567EED}" = CCC Help Chinese Traditional
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BDC0530-445B-47F2-36A0-758DE8903B44}" = CCC Help German
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
    "{5208F7DB-9DAA-E5CA-EEC3-1B004D66A8EB}" = CCC Help Chinese Standard
    "{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{58F095F8-3F66-528A-0BF6-DF1A7B304EC0}" = CCC Help Korean
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5E38ABC5-71C2-04D8-62F0-C44B53E7DED8}" = Catalyst Control Center Graphics Previews Vista
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{751D221F-7C37-C83F-1973-A1F92A0F4DF6}" = HydraVision
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
    "{7CC978FD-AE31-419D-A7AB-2A137689AE1F}" = OLYMPUS Digital Camera Updater
    "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A168327-7618-4266-8990-568092659FA3}" = RealDownloader
    "{8D03A164-B586-4318-AFE6-870A5E2739C1}" = PHOTORECOVERY LE
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{912CED74-88D3-4C5B-ACB0-13231864975E}" = PressReader
    "{913E7600-FA3A-B125-1EA6-391D59C258F6}" = CCC Help Czech
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
    "{959DFE5E-B55F-4A0A-9E71-2970C98C3164}" = CCC Help Russian
    "{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9AEDD629-A40E-5EB1-2E70-E84DDE915C16}" = CCC Help Norwegian
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{AEDDD2D4-0BE7-71D9-2091-9F8AA4A4806D}" = Catalyst Control Center InstallProxy
    "{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
    "{B31D9B68-A844-191A-C652-4EA715A8CD92}" = CCC Help French
    "{B3435D6A-B061-D8E5-C9AD-2D63C823C50C}" = CCC Help Swedish
    "{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{BE05B1E6-3C47-32DC-113B-7DB85FD6BE75}" = CCC Help Hungarian
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C6FD5FE2-3635-0C15-6D3C-95FCAA51A3CE}" = CCC Help Greek
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D9742D19-38EE-B2BE-5902-44130C4008FA}" = CCC Help Japanese
    "{DBF625A1-9F84-1533-E08E-D1EBBE5001DD}" = Catalyst Control Center Graphics Previews Common
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DE6E96CA-AD23-BBD7-4304-B6D4EA0F1933}" = CCC Help Thai
    "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E141B1E0-BA8A-750F-4106-FC6AAB8950E0}" = CCC Help English
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Akamai" = Akamai NetSession Interface Service
    "Any Video Converter_is1" = Any Video Converter 3.5.3
    "AnyDVD" = AnyDVD
    "BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
    "BlackBerry_HandheldManager" = BlackBerry Device Manager 7.0
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenuEX" = Canon Solution Menu EX
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "CloneDVD2" = CloneDVD2
    "Color Efex Pro 4" = Color Efex Pro 4
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "DOFMaster" = DOFMaster
    "Easy Video Splitter_is1" = Easy Video Splitter 1.28
    "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "Emicsoft HD Video Converter_is1" = Emicsoft HD Video Converter
    "FilmOn HDi Player" = FilmOn HDi Player
    "Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
    "HP Remote Solution" = HP Remote Solution
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
    "MakeMKV" = MakeMKV v1.7.4
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "MediaNavigation.CDLabelPrint" = CD-LabelPrint
    "Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
    "My HP Game Console" = HP Game Console
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "PDF Complete" = PDF Complete Special Edition
    "Picasa 3" = Picasa 3
    "PowerISO" = PowerISO
    "ShapeCollage" = Shape Collage
    "Silver Efex Pro 2" = Silver Efex Pro 2
    "Software Informer_is1" = Software Informer 1.1
    "The KMPlayer" = The KMPlayer (remove only)
    "VLC media player" = VLC media player 1.1.5
    "WildTangent hp Master Uninstall" = HP Games
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinLiveSuite" = Windows Live
    "WT087328" = Blackhawk Striker 2
    "WT087330" = Bounce Symphony
    "WT087343" = Dora's World Adventure
    "WT087361" = FATE
    "WT087362" = Final Drive Nitro
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087428" = Bejeweled 2 Deluxe
    "WT087453" = Chuzzle Deluxe
    "WT087501" = Plants vs. Zombies
    "WT087533" = Zuma Deluxe
    "WT089299" = Mystery P.I. - The London Caper
    "WT089300" = World Cup Cricket 20-20
    "WT089307" = Virtual Villagers 4 - The Tree of Life
    "WT089308" = Blasterball 3
    "WT089328" = Farm Frenzy
    "WT089359" = Cake Mania
    "WT089362" = Agatha Christie - Peril at End House
    "ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-135675634-2142226353-352299039-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 5/10/2012 2:11:15 PM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/11/2012 10:25:16 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/11/2012 10:35:34 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/12/2012 10:44:16 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/12/2012 10:54:35 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/13/2012 10:54:51 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/13/2012 11:05:13 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/13/2012 10:05:19 PM | Computer Name = David-HPPC-2011 | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 129c Start
    Time: 01cd317595a73fed Termination Time: 24 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    Error - 5/14/2012 10:52:13 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/14/2012 11:02:29 AM | Computer Name = David-HPPC-2011 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    [ Hewlett-Packard Events ]
    Error - 5/10/2012 2:11:28 PM | Computer Name = David-HPPC-2011 | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 8191 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 5/10/2012 2:31:38 PM | Computer Name = David-HPPC-2011 | Source = HPSF.exe | ID = 4000
    Description =

    [ Media Center Events ]
    Error - 3/22/2011 4:28:47 PM | Computer Name = David-HPPC-2011 | Source = MCUpdate | ID = 0
    Description = 4:28:42 PM - Error connecting to the internet. 4:28:42 PM - Unable
    to contact server..

    Error - 5/19/2011 9:21:26 AM | Computer Name = David-HPPC-2011 | Source = MCUpdate | ID = 0
    Description = 9:21:25 AM - Error connecting to the internet. 9:21:26 AM - Unable
    to contact server..

    [ System Events ]
    Error - 10/28/2012 3:00:14 PM | Computer Name = David-HPPC-2011 | Source = Service Control Manager | ID = 7003
    Description = The IKE and AuthIP IPsec Keying Modules service depends the following
    service: BFE. This service might not be installed.

    Error - 10/28/2012 3:00:25 PM | Computer Name = David-HPPC-2011 | Source = Service Control Manager | ID = 7003
    Description = The IPsec Policy Agent service depends the following service: BFE.
    This service might not be installed.

    Error - 10/28/2012 3:02:55 PM | Computer Name = David-HPPC-2011 | Source = DCOM | ID = 10016
    Description =

    Error - 10/28/2012 4:27:20 PM | Computer Name = David-HPPC-2011 | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 10/28/2012 4:29:20 PM | Computer Name = David-HPPC-2011 | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 10/28/2012 4:31:42 PM | Computer Name = David-HPPC-2011 | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 10/28/2012 4:36:39 PM | Computer Name = David-HPPC-2011 | Source = DCOM | ID = 10016
    Description =

    Error - 10/28/2012 6:48:48 PM | Computer Name = David-HPPC-2011 | Source = DCOM | ID = 10016
    Description =

    Error - 10/28/2012 6:53:50 PM | Computer Name = David-HPPC-2011 | Source = DCOM | ID = 10010
    Description =

    Error - 10/28/2012 6:55:04 PM | Computer Name = David-HPPC-2011 | Source = Service Control Manager | ID = 7022
    Description = The Windows Update service hung on starting.


    < End of report >
  24. Broni

    Broni Malware Annihilator Posts: 46,423   +252

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-135675634-2142226353-352299039-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      FF - prefs.js..browser.search.defaultengine: "Ask.com"
      [2011/12/14 17:47:54 | 000,002,333 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\c9c61fc3.default\searchplugins\askcom.xml
      O3 - HKU\S-1-5-21-135675634-2142226353-352299039-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKU\S-1-5-21-135675634-2142226353-352299039-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
      O8 - Extra context menu item: Free YouTube Download - C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  25. Midian76

    Midian76 Newcomer, in training Topic Starter Posts: 16

    All is good :) Windows Update, Security Essentials are both back online. MBAM reports no issues and all temp files have been cleaned.

    Thanks again Broni for all your help.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.