TechSpot

Windows restarts each 1 minute. Sirefef.w Sirefef.ab

By OscarZ
Oct 7, 2012
  1. Hello,

    Each time I start my Windows, Essentials detects a trojan and it restarts after a minute, it says that is Sirefef.w and Sirefef.ab

    I read the instructions to somebody with a similar problem and downloaded the Farbar Recovery Scan Tool.

    Thank you very much for your help.

    Here the FRST Log

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-10-2012
    Ran by SYSTEM at 07-10-2012 20:42:51
    Running from G:\
    Windows 7 Professional N (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [309248 2009-02-27] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
    HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG)
    HKLM-x32\...\Run: [vmware-tray] "D:\ProgramFiles\VMWare\vmware-tray.exe" [x]
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKU\Oscar\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\Oscar\...\Run: [Google Update] "C:\Users\Oscar\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-05-10] (Google Inc.)
    HKU\Oscar\...\Run: [] [x]
    HKU\Oscar\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1084840 2012-05-16] (Nokia)
    HKU\Oscar\...\Run: [Windows Time] rundll32.exe "C:\ProgramData\OvvifwenYafz.dll",EntryPoint [31232 2012-08-08] (G-view)
    Tcpip\Parameters: [DhcpNameServer] 200.118.2.91 190.157.2.140
    Startup: C:\Users\Oscar\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\Oscar\Start Menu\Programs\Startup\Recorte de pantalla y Selector de OneNote 2010.lnk
    ShortcutTarget: Recorte de pantalla y Selector de OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Services (Whitelisted) ===================

    2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2003-04-18] ()
    2 LogWatch; C:\Windows\LogWatNT.exe [50176 2000-06-08] ()
    2 MKSAUTH; C:\Windows\SysWOW64\mksauth.exe [94168 2007-07-25] (Mortice Kern Systems Inc.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
    2 nsverctl; "C:\Program Files\Citrix\Secure Access Client\nsverctl.exe" [154776 2011-01-19] (Citrix Systems, Inc)
    2 NuTCRACKERService; C:\Windows\system32\nutsrv4.exe [423896 2007-07-20] (MKS Software Inc.)
    2 RetroExp Helper; "C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.5\rthlpsvc.exe" [128280 2008-07-16] (EMC Corporation)
    2 RetroExpLauncher; "C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.5\retrorun.exe" [107800 2008-07-16] (EMC Corporation)
    2 rpcnetp; C:\Windows\System32\rpcnetp.exe [17920 2012-10-07] ()
    2 rpcnetp; C:\Windows\SysWow64\rpcnetp.exe [17920 2012-10-07] ()
    2 VMUSBArbService; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2009-10-22] (VMware, Inc.)
    2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
    2 ASCLCSSrv; C:\IBM\InformationServer\MCM\ClientSwitcherService.exe /start [x]
    3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]
    2 TeamViewer7; C:\ProgramFiles\Version7\TeamViewer_Service.exe [x]
    3 ufad-ws60; C:\ProgramFiles\VMWare\vmware-ufad.exe -d "C:\ProgramFiles\VMWare\\" -s ufad-p2v.xml [x]
    2 VMAuthdService; "C:\ProgramFiles\VMWare\vmware-authd.exe" [x]

    ==================== Drivers (Whitelisted) =====================

    2 cag; \??\C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [96384 2010-08-04] (Citrix Systems, Inc.)
    3 ctxva51; C:\Windows\System32\Drivers\ctxva51.sys [45720 2011-01-19] (Citrix Systems, Inc.)
    2 DLABMFSE; C:\Windows\System32\Drivers\DLABMFSE.sys [46448 2007-07-23] (Roxio)
    2 DLABOIOE; C:\Windows\System32\Drivers\DLABOIOE.sys [42352 2007-07-23] (Roxio)
    0 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.sys [17776 2007-07-23] (Roxio)
    2 DLADResE; C:\Windows\System32\Drivers\DLADResE.sys [9968 2007-07-23] (Roxio)
    2 DLAIFS_E; C:\Windows\System32\Drivers\DLAIFS_E.sys [146672 2007-07-23] (Roxio)
    2 DLAOPIOE; C:\Windows\System32\Drivers\DLAOPIOE.sys [35056 2007-07-23] (Roxio)
    2 DLAPoolE; C:\Windows\System32\Drivers\DLAPoolE.sys [19824 2007-07-23] (Roxio)
    1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.sys [41072 2007-07-23] (Roxio)
    2 DLAUDFAE; C:\Windows\System32\Drivers\DLAUDFAE.sys [135152 2007-07-23] (Roxio)
    2 DLAUDF_E; C:\Windows\System32\Drivers\DLAUDF_E.sys [144112 2007-07-23] (Roxio)
    0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.sys [124112 2007-07-23] (Sonic Solutions)
    2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.sys [63984 2007-07-23] (Roxio)
    3 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
    3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [32768 2010-01-18] (Huawei Tech. Co., Ltd.)
    3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-11] (Huawei Technologies Co., Ltd.)
    3 msloop; C:\Windows\System32\DRIVERS\loop.sys [7680 2009-07-13] (Microsoft Corporation)
    2 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
    3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [48800 2009-05-07] (O2Micro )
    3 OEM13Vfx; C:\Windows\System32\Drivers\OEM13Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
    3 OEM13Vid; C:\Windows\System32\Drivers\OEM13Vid.sys [267296 2008-05-28] (Creative Technology Ltd.)
    0 pavboot; C:\Windows\System32\drivers\pavboot64.sys [33800 2009-06-30] (Panda Security, S.L.)
    3 s125bus; C:\Windows\System32\Drivers\s125bus.sys [108296 2007-04-24] (MCCI Corporation)
    3 s125mdfl; C:\Windows\System32\Drivers\s125mdfl.sys [19720 2007-04-24] (MCCI Corporation)
    3 s125mdm; C:\Windows\System32\Drivers\s125mdm.sys [144648 2007-04-24] (MCCI Corporation)
    3 s125mgmt; C:\Windows\System32\Drivers\s125mgmt.sys [126216 2007-04-24] (MCCI Corporation)
    3 s125obex; C:\Windows\System32\Drivers\s125obex.sys [123656 2007-04-24] (MCCI Corporation)
    2 vstor2-ws60; \??\D:\ProgramFiles\VMWare\vstor2-ws60.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-10-07 20:42 - 2012-10-07 20:42 - 00000000 ____D C:\FRST
    2012-10-07 16:41 - 2012-10-07 16:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EB2E2F2256B466F3
    2012-10-07 16:31 - 2012-10-07 16:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E21C948CC2A0677A
    2012-10-07 16:22 - 2012-10-07 16:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.17B677EA6C7C465A
    2012-10-07 16:14 - 2012-10-07 16:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.89104D6F9D9BB4A1
    2012-10-07 16:07 - 2012-10-07 16:09 - 13540328 ____A (Microsoft Corporation) C:\Users\Oscar\Downloads\mseinstall(1).exe
    2012-10-07 16:02 - 2012-10-07 16:04 - 13529576 ____A (Microsoft Corporation) C:\Users\Oscar\Downloads\mseinstall.exe
    2012-10-07 11:13 - 2012-10-07 11:13 - 00000000 ____D C:\Users\Oscar\AppData\Roaming\Rational
    2012-10-07 11:07 - 2012-10-07 11:17 - 00000105 ____A C:\Users\All Users\.sdplic
    2012-10-07 10:42 - 2012-10-07 10:42 - 00000000 ____D C:\Users\Oscar\AppData\Local\{70A8234C-ECD8-43BD-ACCD-EFDAE1D67234}
    2012-10-07 10:35 - 2012-10-07 10:35 - 00000000 ____D C:\Users\Oscar\AppData\Local\{09551C6C-DEC1-41B1-83C1-33EB53E78DB4}
    2012-10-07 09:39 - 2012-10-07 09:39 - 00000000 ____D C:\Users\Oscar\AppData\Local\javasharedresources
    2012-10-07 09:28 - 2012-10-07 09:28 - 00000000 ____D C:\Users\Oscar\AppData\Roaming\IBM
    2012-10-07 09:28 - 2012-10-07 09:28 - 00000000 ____D C:\Users\All Users\IBM
    2012-10-07 09:24 - 2012-10-07 09:24 - 00000000 ____D C:\Users\Oscar\AppData\Local\{9DFA4BAE-95DC-4DEC-96EC-13BAF28BC294}
    2012-10-06 08:09 - 2012-10-06 08:10 - 00000000 ____D C:\Users\Oscar\AppData\Local\{0465A75F-5699-4213-A3EF-D711A56261D4}
    2012-10-05 18:01 - 2012-10-05 18:01 - 00000000 ____D C:\Users\Oscar\Downloads\fwdcasamodeloproyectoterraocre
    2012-10-05 18:00 - 2012-10-05 18:00 - 00581069 ____A C:\Users\Oscar\Downloads\fwdcasamodeloproyectoterraocre.zip
    2012-10-05 14:05 - 2012-10-05 14:05 - 00000000 ____D C:\Users\Oscar\AppData\Local\{D4768795-1147-4A55-96BC-084691A115CB}
    2012-10-04 12:27 - 2012-10-04 12:28 - 00000000 ____D C:\Users\Oscar\AppData\Local\{12A3830E-E764-4E85-ACDF-CCD8BEF3674A}
    2012-10-03 14:04 - 2012-10-03 14:05 - 00000000 ____D C:\Users\Oscar\AppData\Local\{3A13BFC4-95D8-469C-B780-B567E825371A}
    2012-10-02 13:01 - 2012-10-02 13:01 - 00000000 ____D C:\Users\Oscar\AppData\Local\{A05A0ECA-8C7C-4AFE-9A65-589BF46EE8C7}
    2012-10-01 15:17 - 2012-10-01 15:17 - 00000000 ____D C:\Users\Oscar\AppData\Local\{899BF719-8DE7-4845-8A29-81BE3534B388}
    2012-10-01 13:10 - 2012-09-04 10:30 - 00038912 ____A (Absolute Software Corporation) C:\Windows\SysWOW64\identprv.dll
    2012-09-30 06:23 - 2012-09-30 06:23 - 00000000 ____D C:\Users\Oscar\AppData\Local\{7845DACA-8CB2-40BA-86F6-D841F67CCC46}
    2012-09-29 04:04 - 2012-09-29 04:05 - 00000000 ____D C:\Users\Oscar\AppData\Local\{0D6ACF0F-A93D-43E3-910F-A683DBAC7690}
    2012-09-27 12:09 - 2012-09-27 12:10 - 00000000 ____D C:\Users\Oscar\AppData\Local\{83C1E754-AF8D-418E-9DF8-08E00B671C20}
    2012-09-26 15:37 - 2012-09-26 15:37 - 00000000 ____D C:\Users\Oscar\AppData\Local\{E680FD49-273E-47D2-B24D-2FEFBB59C8A6}
    2012-09-25 16:09 - 2012-09-25 16:09 - 00000000 ____D C:\Users\Oscar\AppData\Local\{A3CD9CC7-4912-419E-81C3-81AA16D60B44}
    2012-09-24 14:21 - 2012-09-24 14:22 - 00000000 ____D C:\Users\Oscar\AppData\Local\{3BD60750-A904-4FFA-A8C7-85D450363123}
    2012-09-23 17:38 - 2012-09-23 17:38 - 00000000 ____D C:\Users\Oscar\AppData\Local\{F098413E-E56C-4E3B-B384-DFE2F9CFC646}
    2012-09-22 16:06 - 2012-09-22 16:06 - 00000000 ____D C:\Users\Oscar\AppData\Local\{F34C45D1-AC7B-457C-A53D-14DAE1669BC2}
    2012-09-21 14:45 - 2012-09-21 14:45 - 00000000 ____D C:\Users\Oscar\AppData\Local\{52F8F118-0E7C-44C3-96C8-A5FDBA5FF281}
    2012-09-20 13:33 - 2012-09-20 13:34 - 00000000 ____D C:\Users\Oscar\AppData\Local\{774E50B8-99C4-4694-9A93-E4124D9F85E0}
    2012-09-19 13:43 - 2012-09-19 13:44 - 00000000 ____D C:\Users\Oscar\AppData\Local\{22E0198D-E899-4329-A9E6-EC5C0B3FD851}
    2012-09-18 13:36 - 2012-09-18 13:36 - 00000000 ____D C:\Users\Oscar\AppData\Local\{E41BC32C-DB30-4CDB-9414-537F7050271D}
    2012-09-17 12:13 - 2012-09-17 12:13 - 00000000 ____D C:\Users\Oscar\AppData\Local\{FF7BDED2-30D5-479E-BEC0-93B69BB821A7}
    2012-09-16 15:17 - 2012-09-16 15:17 - 00000000 ____D C:\Users\Oscar\AppData\Local\{6FA8EE90-94FF-4A83-B8F1-AE6094663A00}
    2012-09-15 06:38 - 2012-09-15 06:38 - 00000000 ____D C:\Users\Oscar\AppData\Local\{EDE2D357-DFE7-4167-885F-2CC4891AA4FC}
    2012-09-14 16:05 - 2012-09-14 16:05 - 00000000 ____D C:\Users\Oscar\AppData\Local\{FC7D132C-2B7A-4B40-BE9B-48343F30948F}
    2012-09-13 12:13 - 2012-09-13 12:13 - 00000000 ____D C:\Users\Oscar\AppData\Local\{2AC906E7-952F-471E-BB65-FDBE77E71ACB}
    2012-09-12 13:01 - 2012-09-12 13:02 - 00000000 ____D C:\Users\Oscar\AppData\Local\{9F614F6F-8A70-4E74-BD0A-7F4193FAC31A}
    2012-09-09 13:39 - 2012-09-09 13:40 - 00000000 ____D C:\Users\Oscar\AppData\Local\{1AB49357-EA84-437F-82F2-A9C953D9FC43}
    2012-09-08 08:11 - 2012-09-08 08:11 - 00000000 ____D C:\Users\Oscar\AppData\Local\{FCC26B3C-8204-4600-899D-1FC048E7B6C3}
    2012-09-07 15:14 - 2012-09-29 10:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-09-07 14:10 - 2012-09-07 14:10 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-09-07 13:38 - 2012-09-07 13:39 - 00000000 ____D C:\Users\Oscar\AppData\Local\{36074283-52D7-470B-A8E2-897386CC71ED}

    ==================== 3 Months Modified Files ==================

    2012-10-07 17:38 - 2012-04-28 18:57 - 00058288 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
    2012-10-07 17:38 - 2011-01-25 17:53 - 00001030 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-10-07 17:38 - 2010-03-09 09:21 - 00017920 ____A C:\Windows\SysWOW64\rpcnetp.dll
    2012-10-07 17:38 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-07 17:37 - 2011-06-27 09:40 - 00072260 ____A C:\Windows\setupact.log
    2012-10-07 17:37 - 2010-03-09 10:16 - 01773571 ____A C:\Windows\WindowsUpdate.log
    2012-10-07 17:36 - 2010-03-09 09:20 - 00017920 ____A C:\Windows\SysWOW64\rpcnetp.exe
    2012-10-07 17:36 - 2010-03-09 09:20 - 00017920 ____A C:\Windows\System32\rpcnetp.exe
    2012-10-07 17:26 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-10-07 16:41 - 2012-10-07 16:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EB2E2F2256B466F3
    2012-10-07 16:31 - 2012-10-07 16:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E21C948CC2A0677A
    2012-10-07 16:22 - 2012-10-07 16:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.17B677EA6C7C465A
    2012-10-07 16:14 - 2012-10-07 16:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.89104D6F9D9BB4A1
    2012-10-07 16:12 - 2011-01-28 22:15 - 00002155 ____A C:\Windows\epplauncher.mif
    2012-10-07 16:09 - 2012-10-07 16:07 - 13540328 ____A (Microsoft Corporation) C:\Users\Oscar\Downloads\mseinstall(1).exe
    2012-10-07 16:08 - 2012-04-02 06:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-10-07 16:04 - 2012-10-07 16:02 - 13529576 ____A (Microsoft Corporation) C:\Users\Oscar\Downloads\mseinstall.exe
    2012-10-07 15:32 - 2011-01-25 17:54 - 00001034 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-07 15:24 - 2010-05-10 19:10 - 00001046 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3223265864-3949170350-323350453-1000UA.job
    2012-10-07 12:24 - 2010-05-10 19:10 - 00000994 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3223265864-3949170350-323350453-1000Core.job
    2012-10-07 11:17 - 2012-10-07 11:07 - 00000105 ____A C:\Users\All Users\.sdplic
    2012-10-07 10:47 - 2009-07-13 20:50 - 00015200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-07 10:47 - 2009-07-13 20:50 - 00015200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-07 09:36 - 2010-03-10 06:42 - 00007620 ____A C:\Users\Oscar\AppData\Local\resmon.resmoncfg
    2012-10-07 09:26 - 2009-07-13 21:12 - 00936528 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-10-05 18:00 - 2012-10-05 18:00 - 00581069 ____A C:\Users\Oscar\Downloads\fwdcasamodeloproyectoterraocre.zip
    2012-09-29 10:38 - 2011-04-15 13:47 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-09-21 15:09 - 2012-04-02 06:08 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-21 15:09 - 2011-06-07 17:16 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-04 14:11 - 2010-03-10 09:33 - 00058288 ____N (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
    2012-09-04 14:11 - 2010-03-10 09:33 - 00013160 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\Upgrd.exe
    2012-09-04 10:30 - 2012-10-01 13:10 - 00038912 ____A (Absolute Software Corporation) C:\Windows\SysWOW64\identprv.dll
    2012-09-02 18:33 - 2012-09-02 18:33 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
    2012-08-30 19:03 - 2012-08-30 19:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
    2012-08-30 19:03 - 2010-10-24 18:25 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
    2012-08-20 17:47 - 2012-01-21 09:10 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
    2012-08-20 12:47 - 2012-08-20 12:47 - 00507302 ____A C:\Users\Oscar\Downloads\gmc_setup_v1.exe
    2012-08-11 05:23 - 2009-07-13 21:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-08 16:25 - 2012-08-08 16:25 - 00031232 ____A (G-view) C:\Users\All Users\OvvifwenYafz.dll
    2012-08-04 20:49 - 2012-08-04 20:49 - 00001282 ____A C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
    2012-08-04 20:49 - 2012-08-04 20:46 - 19198344 ____A (Panda Security ) C:\Users\Oscar\Downloads\PandaCloudCleaner.exe
    2012-08-04 20:42 - 2011-07-06 09:31 - 00028516 ____A C:\Windows\PFRO.log
    2012-08-04 18:27 - 2012-08-04 18:26 - 04533848 ____A (www.orbitdownloader.com ) C:\Users\Oscar\Downloads\OrbitDownloaderSetup.exe
    2012-07-29 17:24 - 2012-07-29 17:24 - 00001176 ____A C:\Users\Public\Desktop\Paint.NET.lnk
    2012-07-29 17:22 - 2012-07-29 17:22 - 03730109 ____A C:\Users\Oscar\Downloads\Paint.NET.3.5.10.Install.zip
    2012-07-15 10:23 - 2012-07-15 10:23 - 03623673 ____A C:\Users\Oscar\Downloads\documentosdelreacienciasnaturales.zip
    2012-07-13 16:13 - 2009-07-13 20:50 - 04965224 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-12 18:52 - 2010-03-12 05:12 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

    ZeroAccess:
    C:\Windows\Installer\{4a97ea77-0bb0-3f60-6279-0682757e39c6}
    C:\Windows\Installer\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\@
    C:\Windows\Installer\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\L
    C:\Windows\Installer\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\n
    C:\Windows\Installer\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\U
    C:\Windows\Installer\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\U\00000001.@

    ZeroAccess:
    C:\Users\Oscar\AppData\Local\{4a97ea77-0bb0-3f60-6279-0682757e39c6}
    C:\Users\Oscar\AppData\Local\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\@
    C:\Users\Oscar\AppData\Local\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\L
    C:\Users\Oscar\AppData\Local\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\n.vir
    C:\Users\Oscar\AppData\Local\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\U
    C:\Users\Oscar\AppData\Local\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\U\00000001.@
    C:\Users\Oscar\AppData\Local\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\U\80000000.@
    C:\Users\Oscar\AppData\Local\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\U\800000cb.@

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 16%
    Total physical RAM: 4056.88 MB
    Available physical RAM: 3385.59 MB
    Total Pagefile: 4055.03 MB
    Available Pagefile: 3387.52 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:50 GB) (Free:4.08 GB) NTFS
    2 Drive e: () (Fixed) (Total:182.79 GB) (Free:42.79 GB) NTFS
    4 Drive g: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 0 B
    Disk 1 Online 3835 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 50 GB 101 MB
    Partition 3 Primary 182 GB 50 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 50 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E NTFS Partition 182 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3827 MB 19 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT32 Removable 3827 MB Healthy

    =========================================================

    Last Boot: 2012-09-27 12:04

    ==================== End Of Log =============================
     
  2. OscarZ

    OscarZ TS Rookie Topic Starter Posts: 48

    Here the other log

    Farbar Recovery Scan Tool (x64) Version: 07-10-2012
    Ran by SYSTEM at 2012-10-07 20:44:53
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2012-10-07 17:26] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======


    Any help would be appreciate.

    Thanks in advance...

    Oscar.
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    =====================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ===================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     

    Attached Files:

  4. OscarZ

    OscarZ TS Rookie Topic Starter Posts: 48

    Thank you very much, it worked, I'm pasting the logs....

    1 - Fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-10-2012
    Ran by SYSTEM at 2012-10-08 18:36:24 Run:1
    Running from G:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\System32\services.exe.EB2E2F2256B466F3 moved successfully.
    C:\Windows\System32\services.exe.E21C948CC2A0677A moved successfully.
    C:\Windows\System32\services.exe.17B677EA6C7C465A moved successfully.
    C:\Windows\System32\services.exe.89104D6F9D9BB4A1 moved successfully.
    C:\Windows\Installer\{4a97ea77-0bb0-3f60-6279-0682757e39c6} moved successfully.
    C:\Users\Oscar\AppData\Local\{4a97ea77-0bb0-3f60-6279-0682757e39c6} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====


    2 - TDSSKiller.2.8.10.0_08.10.2012_18.47.33_log

    18:47:33.0330 2392 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    18:47:35.0332 2392 ============================================================
    18:47:35.0332 2392 Current date / time: 2012/10/08 18:47:35.0332
    18:47:35.0332 2392 SystemInfo:
    18:47:35.0332 2392
    18:47:35.0332 2392 OS Version: 6.1.7601 ServicePack: 1.0
    18:47:35.0332 2392 Product type: Workstation
    18:47:35.0333 2392 ComputerName: DELL_1320
    18:47:35.0333 2392 UserName: Oscar
    18:47:35.0333 2392 Windows directory: C:\Windows
    18:47:35.0333 2392 System windows directory: C:\Windows
    18:47:35.0333 2392 Running under WOW64
    18:47:35.0333 2392 Processor architecture: Intel x64
    18:47:35.0333 2392 Number of processors: 2
    18:47:35.0333 2392 Page size: 0x1000
    18:47:35.0333 2392 Boot type: Normal boot
    18:47:35.0333 2392 ============================================================
    18:47:36.0947 2392 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:47:36.0962 2392 Drive \Device\Harddisk1\DR1 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    18:47:36.0967 2392 ============================================================
    18:47:36.0967 2392 \Device\Harddisk0\DR0:
    18:47:36.0968 2392 MBR partitions:
    18:47:36.0968 2392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    18:47:36.0968 2392 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6400000
    18:47:36.0968 2392 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6432800, BlocksNum 0x16D92800
    18:47:36.0968 2392 \Device\Harddisk1\DR1:
    18:47:36.0968 2392 MBR partitions:
    18:47:36.0968 2392 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2
    18:47:36.0968 2392 ============================================================
    18:47:36.0991 2392 C: <-> \Device\Harddisk0\DR0\Partition2
    18:47:37.0287 2392 D: <-> \Device\Harddisk0\DR0\Partition3
    18:47:37.0288 2392 ============================================================
    18:47:37.0288 2392 Initialize success
    18:47:37.0288 2392 ============================================================
    18:47:39.0254 5896 ============================================================
    18:47:39.0254 5896 Scan started
    18:47:39.0254 5896 Mode: Manual;
    18:47:39.0254 5896 ============================================================
    18:47:40.0527 5896 ================ Scan system memory ========================
    18:47:40.0527 5896 System memory - ok
    18:47:40.0528 5896 ================ Scan services =============================
    18:47:41.0811 5896 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    18:47:41.0831 5896 1394ohci - ok
    18:47:41.0904 5896 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    18:47:41.0918 5896 ACPI - ok
    18:47:41.0939 5896 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    18:47:41.0940 5896 AcpiPmi - ok
    18:47:42.0140 5896 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    18:47:42.0254 5896 AdobeFlashPlayerUpdateSvc - ok
    18:47:42.0300 5896 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    18:47:42.0308 5896 adp94xx - ok
    18:47:42.0334 5896 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    18:47:42.0339 5896 adpahci - ok
    18:47:42.0358 5896 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    18:47:42.0361 5896 adpu320 - ok
    18:47:42.0386 5896 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    18:47:42.0388 5896 AeLookupSvc - ok
    18:47:42.0436 5896 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    18:47:42.0443 5896 AFD - ok
    18:47:42.0491 5896 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    18:47:42.0502 5896 agp440 - ok
    18:47:42.0516 5896 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    18:47:42.0519 5896 ALG - ok
    18:47:42.0543 5896 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    18:47:42.0545 5896 aliide - ok
    18:47:42.0555 5896 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    18:47:42.0557 5896 amdide - ok
    18:47:42.0595 5896 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    18:47:42.0598 5896 AmdK8 - ok
    18:47:42.0613 5896 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    18:47:42.0616 5896 AmdPPM - ok
    18:47:42.0636 5896 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    18:47:42.0640 5896 amdsata - ok
    18:47:42.0650 5896 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    18:47:42.0655 5896 amdsbs - ok
    18:47:42.0673 5896 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    18:47:42.0674 5896 amdxata - ok
    18:47:42.0716 5896 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
    18:47:42.0758 5896 androidusb - ok
    18:47:42.0821 5896 [ 3CC4531F11648A6081A7BA3AA4924D04 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
    18:47:42.0827 5896 ApfiltrService - ok
    18:47:42.0898 5896 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
    18:47:42.0911 5896 AppHostSvc - ok
    18:47:42.0938 5896 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    18:47:42.0941 5896 AppID - ok
    18:47:42.0968 5896 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    18:47:42.0970 5896 AppIDSvc - ok
    18:47:43.0008 5896 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    18:47:43.0022 5896 Appinfo - ok
    18:47:43.0056 5896 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    18:47:43.0060 5896 AppMgmt - ok
    18:47:43.0094 5896 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    18:47:43.0097 5896 arc - ok
    18:47:43.0117 5896 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    18:47:43.0120 5896 arcsas - ok
    18:47:43.0276 5896 ASCLCSSrv - ok
    18:47:43.0570 5896 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    18:47:43.0611 5896 aspnet_state - ok
    18:47:43.0631 5896 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    18:47:43.0633 5896 AsyncMac - ok
    18:47:43.0677 5896 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    18:47:43.0678 5896 atapi - ok
    18:47:43.0823 5896 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    18:47:43.0834 5896 AudioEndpointBuilder - ok
    18:47:43.0851 5896 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    18:47:43.0858 5896 AudioSrv - ok
    18:47:43.0926 5896 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    18:47:43.0929 5896 AxInstSV - ok
    18:47:43.0975 5896 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    18:47:43.0984 5896 b06bdrv - ok
    18:47:44.0013 5896 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:47:44.0019 5896 b57nd60a - ok
    18:47:44.0178 5896 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    18:47:44.0222 5896 BCM43XX - ok
    18:47:44.0256 5896 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    18:47:44.0260 5896 BDESVC - ok
    18:47:44.0284 5896 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    18:47:44.0285 5896 Beep - ok
    18:47:44.0308 5896 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    18:47:44.0310 5896 blbdrive - ok
    18:47:44.0365 5896 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    18:47:44.0372 5896 bowser - ok
    18:47:44.0395 5896 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:47:44.0397 5896 BrFiltLo - ok
    18:47:44.0406 5896 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:47:44.0407 5896 BrFiltUp - ok
    18:47:44.0451 5896 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
    18:47:44.0453 5896 Browser - ok
    18:47:44.0470 5896 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    18:47:44.0475 5896 Brserid - ok
    18:47:44.0488 5896 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    18:47:44.0489 5896 BrSerWdm - ok
    18:47:44.0500 5896 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:47:44.0501 5896 BrUsbMdm - ok
    18:47:44.0515 5896 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    18:47:44.0517 5896 BrUsbSer - ok
    18:47:44.0558 5896 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
    18:47:44.0597 5896 BthEnum - ok
    18:47:44.0620 5896 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    18:47:44.0647 5896 BTHMODEM - ok
    18:47:44.0680 5896 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    18:47:44.0698 5896 BthPan - ok
    18:47:44.0770 5896 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
    18:47:44.0779 5896 BTHPORT - ok
    18:47:44.0815 5896 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    18:47:44.0818 5896 bthserv - ok
    18:47:44.0837 5896 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
    18:47:44.0839 5896 BTHUSB - ok
    18:47:44.0978 5896 [ CE52D435A50AFDA0077322DB4F404A6E ] cag C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys
    18:47:44.0979 5896 cag - ok
    18:47:45.0026 5896 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    18:47:45.0028 5896 cdfs - ok
    18:47:45.0086 5896 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    18:47:45.0097 5896 cdrom - ok
    18:47:45.0139 5896 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    18:47:45.0143 5896 CertPropSvc - ok
    18:47:45.0178 5896 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    18:47:45.0180 5896 circlass - ok
    18:47:45.0221 5896 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    18:47:45.0227 5896 CLFS - ok
    18:47:45.0291 5896 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:47:45.0303 5896 clr_optimization_v2.0.50727_32 - ok
    18:47:45.0353 5896 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    18:47:45.0356 5896 clr_optimization_v2.0.50727_64 - ok
    18:47:45.0461 5896 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:47:45.0551 5896 clr_optimization_v4.0.30319_32 - ok
    18:47:45.0576 5896 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    18:47:45.0582 5896 clr_optimization_v4.0.30319_64 - ok
    18:47:45.0625 5896 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    18:47:45.0626 5896 CmBatt - ok
    18:47:45.0661 5896 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    18:47:45.0662 5896 cmdide - ok
    18:47:45.0762 5896 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    18:47:45.0771 5896 CNG - ok
    18:47:45.0799 5896 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    18:47:45.0799 5896 Compbatt - ok
    18:47:45.0836 5896 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    18:47:45.0837 5896 CompositeBus - ok
    18:47:45.0842 5896 COMSysApp - ok
    18:47:45.0863 5896 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    18:47:45.0864 5896 crcdisk - ok
    18:47:45.0921 5896 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    18:47:45.0926 5896 CryptSvc - ok
    18:47:46.0039 5896 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    18:47:46.0050 5896 CSC - ok
    18:47:46.0088 5896 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    18:47:46.0098 5896 CscService - ok
    18:47:46.0149 5896 [ 27E10900B64730A8EC19FCF34228E917 ] ctxva51 C:\Windows\system32\DRIVERS\ctxva51.sys
    18:47:46.0163 5896 ctxva51 - ok
    18:47:46.0225 5896 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
    18:47:46.0239 5896 dc3d - ok
    18:47:46.0306 5896 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    18:47:46.0315 5896 DcomLaunch - ok
    18:47:46.0356 5896 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    18:47:46.0362 5896 defragsvc - ok
    18:47:46.0401 5896 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    18:47:46.0403 5896 DfsC - ok
    18:47:46.0434 5896 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    18:47:46.0439 5896 Dhcp - ok
    18:47:46.0461 5896 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    18:47:46.0463 5896 discache - ok
    18:47:46.0487 5896 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    18:47:46.0488 5896 Disk - ok
    18:47:46.0522 5896 [ EA30E307C7597CD63FD80789381AA7EE ] DLABMFSE C:\Windows\system32\Drivers\DLABMFSE.SYS
    18:47:46.0522 5896 DLABMFSE - ok
    18:47:46.0528 5896 [ 1D393BA0B3E3CD9C104CB38FF72FBE95 ] DLABOIOE C:\Windows\system32\Drivers\DLABOIOE.SYS
    18:47:46.0530 5896 DLABOIOE - ok
    18:47:46.0547 5896 [ 2575C3CA7C51B9D14A3ABFC622C9E6C7 ] DLACDBHE C:\Windows\system32\Drivers\DLACDBHE.SYS
    18:47:46.0548 5896 DLACDBHE - ok
    18:47:46.0574 5896 [ F622A3F80CB7C7A1EC0A1764753C5126 ] DLADResE C:\Windows\system32\Drivers\DLADResE.SYS
    18:47:46.0575 5896 DLADResE - ok
    18:47:46.0592 5896 [ 431F127D564ABADE3AC737B4575C6B9C ] DLAIFS_E C:\Windows\system32\Drivers\DLAIFS_E.SYS
    18:47:46.0593 5896 DLAIFS_E - ok
    18:47:46.0608 5896 [ EC379D9C31DD6597CFDF97DB44C3B370 ] DLAOPIOE C:\Windows\system32\Drivers\DLAOPIOE.SYS
    18:47:46.0608 5896 DLAOPIOE - ok
    18:47:46.0626 5896 [ 4F64A963E4213FC83943B8D6E6C4C5C6 ] DLAPoolE C:\Windows\system32\Drivers\DLAPoolE.SYS
    18:47:46.0627 5896 DLAPoolE - ok
    18:47:46.0642 5896 [ 6D818721DD4A5E86683CC4BC5FD447FB ] DLARTL_E C:\Windows\system32\Drivers\DLARTL_E.SYS
    18:47:46.0651 5896 DLARTL_E - ok
    18:47:46.0681 5896 [ 3ADEF2CF78438F74035F5D1248204124 ] DLAUDFAE C:\Windows\system32\Drivers\DLAUDFAE.SYS
    18:47:46.0682 5896 DLAUDFAE - ok
    18:47:46.0698 5896 [ ADF79D03473E320788EC0F2CFF3091D4 ] DLAUDF_E C:\Windows\system32\Drivers\DLAUDF_E.SYS
    18:47:46.0699 5896 DLAUDF_E - ok
    18:47:46.0750 5896 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
    18:47:46.0765 5896 DNE - ok
    18:47:46.0822 5896 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    18:47:46.0826 5896 Dnscache - ok
    18:47:46.0879 5896 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    18:47:46.0885 5896 dot3svc - ok
    18:47:46.0920 5896 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    18:47:46.0924 5896 DPS - ok
    18:47:46.0953 5896 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    18:47:46.0954 5896 drmkaud - ok
    18:47:46.0993 5896 [ 0E0C5B8768CFB27A513FE8528A291EF9 ] DRVECDB C:\Windows\system32\Drivers\DRVECDB.SYS
    18:47:46.0996 5896 DRVECDB - ok
    18:47:47.0007 5896 [ FBF2605C90BD04C3B625A67961EEABB6 ] DRVEDDM C:\Windows\system32\Drivers\DRVEDDM.SYS
    18:47:47.0008 5896 DRVEDDM - ok
    18:47:47.0088 5896 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    18:47:47.0111 5896 DXGKrnl - ok
    18:47:47.0136 5896 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    18:47:47.0139 5896 EapHost - ok
    18:47:47.0238 5896 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    18:47:47.0326 5896 ebdrv - ok
    18:47:47.0385 5896 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    18:47:47.0411 5896 EFS - ok
    18:47:47.0614 5896 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    18:47:47.0630 5896 ehRecvr - ok
    18:47:47.0671 5896 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    18:47:47.0679 5896 ehSched - ok
    18:47:47.0743 5896 [ 9A47AC3DFCF81D30922CDAAF1C2D579F ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
    18:47:47.0758 5896 ElbyCDIO - ok
    18:47:47.0811 5896 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    18:47:47.0827 5896 elxstor - ok
    18:47:47.0870 5896 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    18:47:47.0872 5896 ErrDev - ok
    18:47:47.0912 5896 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    18:47:47.0918 5896 EventSystem - ok
    18:47:47.0964 5896 [ 8ADACFFAD67394C711698EA074CE3BAB ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
    18:47:47.0968 5896 ewusbnet - ok
    18:47:48.0000 5896 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    18:47:48.0004 5896 exfat - ok
    18:47:48.0021 5896 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    18:47:48.0025 5896 fastfat - ok
    18:47:48.0158 5896 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    18:47:48.0171 5896 Fax - ok
    18:47:48.0196 5896 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    18:47:48.0197 5896 fdc - ok
    18:47:48.0223 5896 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    18:47:48.0225 5896 fdPHost - ok
    18:47:48.0239 5896 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    18:47:48.0240 5896 FDResPub - ok
    18:47:48.0252 5896 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    18:47:48.0253 5896 FileInfo - ok
    18:47:48.0264 5896 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    18:47:48.0265 5896 Filetrace - ok
    18:47:48.0559 5896 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    18:47:48.0598 5896 FLEXnet Licensing Service - ok
    18:47:48.0630 5896 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    18:47:48.0638 5896 flpydisk - ok
    18:47:48.0687 5896 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    18:47:48.0693 5896 FltMgr - ok
    18:47:48.0761 5896 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    18:47:48.0783 5896 FontCache - ok
    18:47:48.0871 5896 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    18:47:48.0906 5896 FontCache3.0.0.0 - ok
    18:47:48.0949 5896 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    18:47:48.0957 5896 FsDepends - ok
    18:47:48.0998 5896 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    18:47:48.0999 5896 Fs_Rec - ok
    18:47:49.0060 5896 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    18:47:49.0066 5896 fvevol - ok
    18:47:49.0086 5896 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:47:49.0088 5896 gagp30kx - ok
    18:47:49.0163 5896 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    18:47:49.0186 5896 gpsvc - ok
    18:47:49.0276 5896 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:47:49.0280 5896 gupdate - ok
    18:47:49.0323 5896 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:47:49.0325 5896 gupdatem - ok
    18:47:49.0367 5896 [ 8CDAD7B707DDD77D45588F74D59C9AFF ] hcmon C:\Windows\system32\drivers\hcmon.sys
    18:47:49.0368 5896 hcmon - ok
    18:47:49.0419 5896 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    18:47:49.0421 5896 hcw85cir - ok
    18:47:49.0493 5896 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    18:47:49.0512 5896 HdAudAddService - ok
    18:47:49.0540 5896 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    18:47:49.0543 5896 HDAudBus - ok
    18:47:49.0569 5896 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    18:47:49.0571 5896 HidBatt - ok
    18:47:49.0586 5896 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    18:47:49.0588 5896 HidBth - ok
    18:47:49.0597 5896 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    18:47:49.0598 5896 HidIr - ok
    18:47:49.0629 5896 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    18:47:49.0631 5896 hidserv - ok
    18:47:49.0659 5896 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    18:47:49.0660 5896 HidUsb - ok
    18:47:49.0694 5896 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    18:47:49.0702 5896 hkmsvc - ok
    18:47:49.0742 5896 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    18:47:49.0753 5896 HomeGroupListener - ok
    18:47:49.0767 5896 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    18:47:49.0773 5896 HomeGroupProvider - ok
    18:47:49.0805 5896 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    18:47:49.0807 5896 HpSAMD - ok
    18:47:49.0836 5896 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    18:47:49.0847 5896 HTTP - ok
    18:47:49.0883 5896 [ 06691B7CB86444BE0F95ACEB700F8140 ] Huawei C:\Windows\system32\DRIVERS\ewdcsc.sys
    18:47:49.0884 5896 Huawei - ok
    18:47:49.0946 5896 [ D969D0E26C5B1E813B17066A8318D5D4 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
    18:47:49.0958 5896 hwdatacard - ok
    18:47:49.0980 5896 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    18:47:49.0981 5896 hwpolicy - ok
    18:47:50.0016 5896 [ B45B3647BA32749B94FA689175EC8C26 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
    18:47:50.0018 5896 hwusbdev - ok
    18:47:50.0075 5896 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    18:47:50.0078 5896 i8042prt - ok
    18:47:50.0121 5896 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    18:47:50.0128 5896 iaStorV - ok
    18:47:50.0278 5896 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    18:47:50.0295 5896 idsvc - ok
    18:47:51.0227 5896 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    18:47:51.0507 5896 igfx - ok
    18:47:51.0545 5896 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    18:47:51.0546 5896 iirsp - ok
    18:47:51.0616 5896 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    18:47:51.0629 5896 IKEEXT - ok
    18:47:51.0653 5896 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    18:47:51.0655 5896 intelide - ok
    18:47:51.0690 5896 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    18:47:51.0690 5896 intelppm - ok
    18:47:51.0713 5896 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    18:47:51.0716 5896 IPBusEnum - ok
    18:47:51.0753 5896 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:47:51.0761 5896 IpFilterDriver - ok
    18:47:51.0797 5896 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    18:47:51.0814 5896 IPMIDRV - ok
    18:47:51.0847 5896 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    18:47:51.0850 5896 IPNAT - ok
    18:47:51.0868 5896 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    18:47:51.0869 5896 IRENUM - ok
    18:47:51.0883 5896 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    18:47:51.0885 5896 isapnp - ok
    18:47:51.0906 5896 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    18:47:51.0911 5896 iScsiPrt - ok
    18:47:51.0937 5896 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    18:47:51.0939 5896 kbdclass - ok
    18:47:51.0962 5896 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    18:47:51.0964 5896 kbdhid - ok
    18:47:51.0986 5896 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    18:47:52.0000 5896 KeyIso - ok
    18:47:52.0073 5896 KMService - ok
    18:47:52.0138 5896 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    18:47:52.0146 5896 KSecDD - ok
    18:47:52.0192 5896 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    18:47:52.0195 5896 KSecPkg - ok
    18:47:52.0221 5896 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    18:47:52.0222 5896 ksthunk - ok
    18:47:52.0267 5896 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    18:47:52.0283 5896 KtmRm - ok
    18:47:52.0317 5896 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    18:47:52.0333 5896 LanmanServer - ok
    18:47:52.0387 5896 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    18:47:52.0391 5896 LanmanWorkstation - ok
    18:47:52.0424 5896 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    18:47:52.0426 5896 lltdio - ok
    18:47:52.0449 5896 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    18:47:52.0456 5896 lltdsvc - ok
    18:47:52.0471 5896 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    18:47:52.0473 5896 lmhosts - ok
    18:47:52.0519 5896 [ 495CB30967059F48F75F56AF85137BD2 ] LogWatch C:\Windows\LogWatNT.exe
    18:47:52.0520 5896 LogWatch - ok
    18:47:52.0549 5896 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:47:52.0553 5896 LSI_FC - ok
    18:47:52.0579 5896 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:47:52.0582 5896 LSI_SAS - ok
    18:47:52.0596 5896 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:47:52.0599 5896 LSI_SAS2 - ok
    18:47:52.0615 5896 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:47:52.0617 5896 LSI_SCSI - ok
    18:47:52.0632 5896 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    18:47:52.0635 5896 luafv - ok
    18:47:52.0677 5896 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    18:47:52.0680 5896 Mcx2Svc - ok
    18:47:52.0695 5896 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    18:47:52.0696 5896 megasas - ok
    18:47:52.0715 5896 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    18:47:52.0719 5896 MegaSR - ok
    18:47:52.0918 5896 Microsoft SharePoint Workspace Audit Service - ok
    18:47:53.0348 5896 [ 654C464CEF3834C3E260366F0E2BAC32 ] MKSAUTH C:\Windows\SysWOW64\mksauth.exe
    18:47:53.0350 5896 MKSAUTH - ok
    18:47:53.0400 5896 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    18:47:53.0411 5896 MMCSS - ok
    18:47:53.0441 5896 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    18:47:53.0443 5896 Modem - ok
    18:47:53.0466 5896 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    18:47:53.0467 5896 monitor - ok
    18:47:53.0484 5896 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    18:47:53.0485 5896 mouclass - ok
    18:47:53.0510 5896 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    18:47:53.0511 5896 mouhid - ok
    18:47:53.0560 5896 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    18:47:53.0563 5896 mountmgr - ok
    18:47:53.0673 5896 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    18:47:53.0772 5896 MozillaMaintenance - ok
    18:47:53.0814 5896 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    18:47:53.0816 5896 MpFilter - ok
    18:47:53.0899 5896 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    18:47:53.0920 5896 mpio - ok
    18:47:53.0950 5896 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    18:47:53.0953 5896 mpsdrv - ok
    18:47:54.0011 5896 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    18:47:54.0025 5896 MRxDAV - ok
    18:47:54.0064 5896 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:47:54.0068 5896 mrxsmb - ok
    18:47:54.0113 5896 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:47:54.0119 5896 mrxsmb10 - ok
    18:47:54.0131 5896 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:47:54.0135 5896 mrxsmb20 - ok
    18:47:54.0183 5896 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    18:47:54.0184 5896 msahci - ok
    18:47:54.0217 5896 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    18:47:54.0251 5896 msdsm - ok
    18:47:54.0272 5896 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    18:47:54.0276 5896 MSDTC - ok
    18:47:54.0303 5896 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    18:47:54.0304 5896 Msfs - ok
    18:47:54.0327 5896 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    18:47:54.0328 5896 mshidkmdf - ok
    18:47:54.0345 5896 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    18:47:54.0345 5896 msisadrv - ok
    18:47:54.0369 5896 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    18:47:54.0373 5896 MSiSCSI - ok
    18:47:54.0378 5896 msiserver - ok
    18:47:54.0408 5896 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    18:47:54.0409 5896 MSKSSRV - ok
    18:47:54.0445 5896 [ 103B3BBE23AB774B009D182276EC6786 ] msloop C:\Windows\system32\DRIVERS\loop.sys
    18:47:54.0446 5896 msloop - ok
    18:47:54.0573 5896 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
    18:47:54.0574 5896 MsMpSvc - ok
    18:47:54.0585 5896 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    18:47:54.0601 5896 MSPCLOCK - ok
    18:47:54.0613 5896 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    18:47:54.0615 5896 MSPQM - ok
    18:47:54.0665 5896 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    18:47:54.0681 5896 MsRPC - ok
    18:47:54.0715 5896 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    18:47:54.0716 5896 mssmbios - ok
    18:47:54.0743 5896 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    18:47:54.0744 5896 MSTEE - ok
    18:47:54.0752 5896 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    18:47:54.0753 5896 MTConfig - ok
    18:47:54.0767 5896 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    18:47:54.0768 5896 Mup - ok
    18:47:54.0846 5896 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    18:47:54.0866 5896 napagent - ok
    18:47:54.0918 5896 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    18:47:54.0924 5896 NativeWifiP - ok
    18:47:55.0007 5896 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    18:47:55.0028 5896 NDIS - ok
    18:47:55.0057 5896 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    18:47:55.0059 5896 NdisCap - ok
    18:47:55.0081 5896 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    18:47:55.0082 5896 NdisTapi - ok
    18:47:55.0113 5896 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    18:47:55.0115 5896 Ndisuio - ok
    18:47:55.0153 5896 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    18:47:55.0157 5896 NdisWan - ok
    18:47:55.0173 5896 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    18:47:55.0175 5896 NDProxy - ok
    18:47:55.0208 5896 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    18:47:55.0211 5896 NetBIOS - ok
    18:47:55.0255 5896 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    18:47:55.0271 5896 NetBT - ok
    18:47:55.0303 5896 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    18:47:55.0305 5896 Netlogon - ok
    18:47:55.0364 5896 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    18:47:55.0382 5896 Netman - ok
    18:47:55.0475 5896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:47:55.0503 5896 NetMsmqActivator - ok
    18:47:55.0519 5896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:47:55.0522 5896 NetPipeActivator - ok
    18:47:55.0545 5896 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    18:47:55.0556 5896 netprofm - ok
    18:47:55.0561 5896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:47:55.0563 5896 NetTcpActivator - ok
    18:47:55.0575 5896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:47:55.0576 5896 NetTcpPortSharing - ok
    18:47:55.0598 5896 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    18:47:55.0600 5896 nfrd960 - ok
    18:47:55.0641 5896 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    18:47:55.0659 5896 NisDrv - ok
    18:47:55.0716 5896 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
    18:47:55.0749 5896 NisSrv - ok
    18:47:55.0852 5896 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    18:47:55.0875 5896 NlaSvc - ok
    18:47:55.0922 5896 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
    18:47:55.0951 5896 nmwcd - ok
    18:47:55.0978 5896 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
    18:47:55.0991 5896 nmwcdc - ok
    18:47:56.0040 5896 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\drivers\npf.sys
    18:47:56.0041 5896 NPF - ok
    18:47:56.0063 5896 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    18:47:56.0076 5896 Npfs - ok
    18:47:56.0103 5896 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    18:47:56.0105 5896 nsi - ok
    18:47:56.0134 5896 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    18:47:56.0135 5896 nsiproxy - ok
    18:47:56.0227 5896 [ EB1BD783256DA5BA845BB982663D6127 ] nsverctl C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
    18:47:56.0229 5896 nsverctl - ok
    18:47:56.0517 5896 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    18:47:56.0557 5896 Ntfs - ok
    18:47:56.0579 5896 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    18:47:56.0581 5896 Null - ok
    18:47:56.0627 5896 [ CFBB7EA71FD9E3146C66334669E6FEEA ] NuTCRACKERService C:\Windows\system32\nutsrv4.exe
    18:47:56.0633 5896 NuTCRACKERService - ok
    18:47:56.0729 5896 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    18:47:56.0745 5896 nvraid - ok
    18:47:56.0767 5896 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    18:47:56.0772 5896 nvstor - ok
    18:47:56.0810 5896 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    18:47:56.0813 5896 nv_agp - ok
    18:47:56.0857 5896 [ D955D5DE998DB2476BF0892BE3A96C26 ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
    18:47:56.0860 5896 O2FLASH - ok
    18:47:56.0875 5896 [ 1B2E099223F16AAB166E9602F7A5ECD4 ] O2MDGRDR C:\Windows\system32\DRIVERS\o2mdgx64.sys
    18:47:56.0877 5896 O2MDGRDR - ok
    18:47:56.0887 5896 [ 4C9C52D9F4EA5579FF70123004B9FD06 ] O2SDGRDR C:\Windows\system32\DRIVERS\o2sdgx64.sys
    18:47:56.0890 5896 O2SDGRDR - ok
    18:47:57.0271 5896 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    18:47:57.0289 5896 odserv - ok
    18:47:57.0349 5896 [ 766F689564BC30E5A91F8621CE65AD68 ] OEM13Vfx C:\Windows\system32\DRIVERS\OEM13Vfx.sys
    18:47:57.0351 5896 OEM13Vfx - ok
    18:47:57.0377 5896 [ 10DA4A1271F9790BCAD5150F5D861655 ] OEM13Vid C:\Windows\system32\DRIVERS\OEM13Vid.sys
    18:47:57.0383 5896 OEM13Vid - ok
    18:47:57.0437 5896 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    18:47:57.0453 5896 ohci1394 - ok
    18:47:57.0500 5896 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:47:57.0505 5896 ose - ok
    18:47:58.0956 5896 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    18:47:59.0102 5896 osppsvc - ok
    18:47:59.0184 5896 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    18:47:59.0234 5896 p2pimsvc - ok
    18:47:59.0256 5896 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    18:47:59.0266 5896 p2psvc - ok
    18:47:59.0286 5896 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    18:47:59.0289 5896 Parport - ok
    18:47:59.0329 5896 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    18:47:59.0337 5896 partmgr - ok
    18:47:59.0372 5896 [ 8A0F8A9580D9F2FC512A35D5709088A9 ] pavboot C:\Windows\system32\drivers\pavboot64.sys
    18:47:59.0373 5896 pavboot - ok
    18:47:59.0434 5896 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    18:47:59.0445 5896 PcaSvc - ok
    18:47:59.0496 5896 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
    18:47:59.0518 5896 pccsmcfd - ok
    18:47:59.0627 5896 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    18:47:59.0633 5896 pci - ok
    18:47:59.0657 5896 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    18:47:59.0658 5896 pciide - ok
    18:47:59.0686 5896 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    18:47:59.0691 5896 pcmcia - ok
    18:47:59.0708 5896 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    18:47:59.0709 5896 pcw - ok
    18:47:59.0802 5896 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    18:47:59.0843 5896 PEAUTH - ok
    18:48:00.0225 5896 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    18:48:00.0268 5896 PeerDistSvc - ok
    18:48:00.0310 5896 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    18:48:00.0312 5896 PerfHost - ok
    18:48:00.0516 5896 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    18:48:00.0544 5896 pla - ok
    18:48:00.0637 5896 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    18:48:00.0659 5896 PlugPlay - ok
    18:48:00.0686 5896 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    18:48:00.0688 5896 PNRPAutoReg - ok
    18:48:00.0708 5896 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    18:48:00.0711 5896 PNRPsvc - ok
    18:48:00.0890 5896 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    18:48:00.0906 5896 PolicyAgent - ok
    18:48:00.0938 5896 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    18:48:00.0943 5896 Power - ok
    18:48:00.0980 5896 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    18:48:00.0983 5896 PptpMiniport - ok
    18:48:01.0017 5896 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    18:48:01.0020 5896 Processor - ok
    18:48:01.0071 5896 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    18:48:01.0077 5896 ProfSvc - ok
    18:48:01.0095 5896 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    18:48:01.0097 5896 ProtectedStorage - ok
    18:48:01.0162 5896 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    18:48:01.0164 5896 Psched - ok
    18:48:01.0224 5896 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    18:48:01.0225 5896 PxHlpa64 - ok
    18:48:01.0302 5896 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    18:48:01.0324 5896 ql2300 - ok
    18:48:01.0345 5896 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    18:48:01.0347 5896 ql40xx - ok
    18:48:01.0372 5896 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    18:48:01.0377 5896 QWAVE - ok
    18:48:01.0402 5896 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    18:48:01.0404 5896 QWAVEdrv - ok
    18:48:01.0434 5896 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    18:48:01.0435 5896 RasAcd - ok
    18:48:01.0463 5896 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:48:01.0465 5896 RasAgileVpn - ok
    18:48:01.0487 5896 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    18:48:01.0490 5896 RasAuto - ok
    18:48:01.0500 5896 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:48:01.0502 5896 Rasl2tp - ok
    18:48:01.0551 5896 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    18:48:01.0557 5896 RasMan - ok
    18:48:01.0587 5896 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    18:48:01.0599 5896 RasPppoe - ok
    18:48:01.0618 5896 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    18:48:01.0620 5896 RasSstp - ok
    18:48:01.0644 5896 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    18:48:01.0650 5896 rdbss - ok
    18:48:01.0684 5896 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    18:48:01.0685 5896 rdpbus - ok
    18:48:01.0697 5896 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:48:01.0698 5896 RDPCDD - ok
    18:48:01.0790 5896 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    18:48:01.0798 5896 RDPDR - ok
    18:48:01.0824 5896 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    18:48:01.0825 5896 RDPENCDD - ok
    18:48:01.0843 5896 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    18:48:01.0845 5896 RDPREFMP - ok
    18:48:01.0884 5896 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    18:48:01.0887 5896 RDPWD - ok
    18:48:01.0901 5896 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    18:48:01.0903 5896 rdyboost - ok
    18:48:01.0995 5896 [ BBFCAC1C23B867AE5D7EF96DF40680C5 ] Realtek87B C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
    18:48:01.0996 5896 Realtek87B - ok
    18:48:02.0034 5896 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    18:48:02.0038 5896 RemoteAccess - ok
    18:48:02.0065 5896 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    18:48:02.0071 5896 RemoteRegistry - ok
    18:48:02.0197 5896 [ 37C5BEF8F6606C71DBF373ABCB57F21D ] RetroExp Helper C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.5\rthlpsvc.exe
    18:48:02.0198 5896 RetroExp Helper - ok
    18:48:02.0224 5896 [ 4BBF1CD30D1177941BD421CAF6BC5909 ] RetroExpLauncher C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.5\retrorun.exe
    18:48:02.0226 5896 RetroExpLauncher - ok
     
  5. OscarZ

    OscarZ TS Rookie Topic Starter Posts: 48

    18:48:02.0283 5896 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
    18:48:02.0322 5896 Revoflt - ok
    18:48:02.0378 5896 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    18:48:02.0409 5896 RFCOMM - ok
    18:48:02.0450 5896 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
    18:48:02.0451 5896 RimUsb - ok
    18:48:02.0481 5896 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
    18:48:02.0492 5896 rpcapd - ok
    18:48:02.0517 5896 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    18:48:02.0520 5896 RpcEptMapper - ok
    18:48:02.0546 5896 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    18:48:02.0547 5896 RpcLocator - ok
    18:48:02.0587 5896 [ 6684437F3628EF237C354F77D33426D1 ] rpcnet C:\Windows\SysWOW64\rpcnet.exe
    18:48:02.0589 5896 rpcnet - ok
    18:48:02.0749 5896 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    18:48:02.0756 5896 RpcSs - ok
    18:48:02.0806 5896 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    18:48:02.0808 5896 rspndr - ok
    18:48:02.0865 5896 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    18:48:02.0876 5896 RTL8167 - ok
    18:48:02.0942 5896 [ 333224D4D25F9BCCA488E08345083E1C ] RTL8187 C:\Windows\system32\DRIVERS\rtl8187.sys
    18:48:02.0963 5896 RTL8187 - ok
    18:48:03.0027 5896 [ AE722FD346B75B776CA75F297347EE8A ] s125bus C:\Windows\system32\DRIVERS\s125bus.sys
    18:48:03.0044 5896 s125bus - ok
    18:48:03.0072 5896 [ 651362AADC145D0028DF288182989136 ] s125mdfl C:\Windows\system32\DRIVERS\s125mdfl.sys
    18:48:03.0073 5896 s125mdfl - ok
    18:48:03.0090 5896 [ 0744248B0EE7C0F652882AE3B67E6429 ] s125mdm C:\Windows\system32\DRIVERS\s125mdm.sys
    18:48:03.0094 5896 s125mdm - ok
    18:48:03.0115 5896 [ 51C6262AD6DD5DA12543F623B0EE2EBF ] s125mgmt C:\Windows\system32\DRIVERS\s125mgmt.sys
    18:48:03.0117 5896 s125mgmt - ok
    18:48:03.0137 5896 [ 5A5B9B10A9545A832B436884A1D1A848 ] s125obex C:\Windows\system32\DRIVERS\s125obex.sys
    18:48:03.0140 5896 s125obex - ok
    18:48:03.0171 5896 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    18:48:03.0185 5896 s3cap - ok
    18:48:03.0203 5896 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    18:48:03.0204 5896 SamSs - ok
    18:48:03.0222 5896 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    18:48:03.0233 5896 sbp2port - ok
    18:48:03.0261 5896 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    18:48:03.0266 5896 SCardSvr - ok
    18:48:03.0329 5896 [ B2F50286DC82B93C013E3FC57BA1A956 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
    18:48:03.0352 5896 SCDEmu - ok
    18:48:03.0397 5896 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    18:48:03.0411 5896 scfilter - ok
    18:48:03.0681 5896 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    18:48:03.0712 5896 Schedule - ok
    18:48:03.0731 5896 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    18:48:03.0733 5896 SCPolicySvc - ok
    18:48:03.0784 5896 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
    18:48:03.0787 5896 sdbus - ok
    18:48:03.0849 5896 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    18:48:03.0855 5896 SDRSVC - ok
    18:48:03.0997 5896 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    18:48:04.0016 5896 SeaPort - ok
    18:48:04.0046 5896 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    18:48:04.0047 5896 secdrv - ok
    18:48:04.0081 5896 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    18:48:04.0085 5896 seclogon - ok
    18:48:04.0111 5896 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    18:48:04.0124 5896 SENS - ok
    18:48:04.0149 5896 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    18:48:04.0152 5896 SensrSvc - ok
    18:48:04.0166 5896 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    18:48:04.0168 5896 Serenum - ok
    18:48:04.0194 5896 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    18:48:04.0196 5896 Serial - ok
    18:48:04.0233 5896 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    18:48:04.0234 5896 sermouse - ok
    18:48:04.0352 5896 [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    18:48:04.0376 5896 ServiceLayer - ok
    18:48:04.0436 5896 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    18:48:04.0439 5896 SessionEnv - ok
    18:48:04.0475 5896 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    18:48:04.0477 5896 sffdisk - ok
    18:48:04.0487 5896 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    18:48:04.0489 5896 sffp_mmc - ok
    18:48:04.0498 5896 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    18:48:04.0499 5896 sffp_sd - ok
    18:48:04.0520 5896 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    18:48:04.0521 5896 sfloppy - ok
    18:48:04.0651 5896 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    18:48:04.0690 5896 ShellHWDetection - ok
    18:48:04.0709 5896 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:48:04.0713 5896 SiSRaid2 - ok
    18:48:04.0729 5896 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    18:48:04.0731 5896 SiSRaid4 - ok
    18:48:04.0890 5896 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    18:48:04.0892 5896 SkypeUpdate - ok
    18:48:05.0012 5896 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    18:48:05.0051 5896 Smb - ok
    18:48:05.0098 5896 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    18:48:05.0100 5896 SNMPTRAP - ok
    18:48:05.0108 5896 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    18:48:05.0109 5896 spldr - ok
    18:48:05.0239 5896 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    18:48:05.0264 5896 Spooler - ok
    18:48:05.0823 5896 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    18:48:05.0924 5896 sppsvc - ok
    18:48:05.0968 5896 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    18:48:05.0971 5896 sppuinotify - ok
    18:48:06.0020 5896 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    18:48:06.0034 5896 srv - ok
    18:48:06.0083 5896 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    18:48:06.0091 5896 srv2 - ok
    18:48:06.0106 5896 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    18:48:06.0110 5896 srvnet - ok
    18:48:06.0173 5896 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
    18:48:06.0177 5896 ssadbus - ok
    18:48:06.0222 5896 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
    18:48:06.0223 5896 ssadmdfl - ok
    18:48:06.0252 5896 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
    18:48:06.0256 5896 ssadmdm - ok
    18:48:06.0293 5896 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
    18:48:06.0296 5896 ssadserd - ok
    18:48:06.0345 5896 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    18:48:06.0350 5896 SSDPSRV - ok
    18:48:06.0369 5896 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    18:48:06.0373 5896 SstpSvc - ok
    18:48:06.0426 5896 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    18:48:06.0427 5896 stexstor - ok
    18:48:06.0470 5896 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    18:48:06.0481 5896 stisvc - ok
    18:48:06.0527 5896 [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    18:48:06.0590 5896 stllssvr - ok
    18:48:06.0622 5896 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    18:48:06.0623 5896 storflt - ok
    18:48:06.0651 5896 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
    18:48:06.0654 5896 StorSvc - ok
    18:48:06.0690 5896 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    18:48:06.0692 5896 storvsc - ok
    18:48:06.0729 5896 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    18:48:06.0730 5896 swenum - ok
    18:48:06.0780 5896 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    18:48:06.0789 5896 swprv - ok
    18:48:06.0886 5896 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    18:48:06.0915 5896 SysMain - ok
    18:48:06.0955 5896 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    18:48:06.0958 5896 TabletInputService - ok
    18:48:06.0997 5896 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    18:48:07.0002 5896 TapiSrv - ok
    18:48:07.0017 5896 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    18:48:07.0018 5896 TBS - ok
    18:48:07.0183 5896 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    18:48:07.0230 5896 Tcpip - ok
    18:48:07.0374 5896 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    18:48:07.0392 5896 TCPIP6 - ok
    18:48:07.0420 5896 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    18:48:07.0438 5896 tcpipreg - ok
    18:48:07.0463 5896 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    18:48:07.0464 5896 TDPIPE - ok
    18:48:07.0500 5896 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    18:48:07.0505 5896 TDTCP - ok
    18:48:07.0543 5896 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    18:48:07.0546 5896 tdx - ok
    18:48:09.0129 5896 [ 3E85BDD019E3DB66D9471DAD7FD6A887 ] TeamViewer7 D:\ProgramFiles\Version7\TeamViewer_Service.exe
    18:48:09.0157 5896 TeamViewer7 - ok
    18:48:09.0328 5896 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    18:48:09.0331 5896 TermDD - ok
    18:48:09.0696 5896 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    18:48:09.0714 5896 TermService - ok
    18:48:09.0755 5896 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    18:48:09.0764 5896 Themes - ok
    18:48:09.0809 5896 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    18:48:09.0811 5896 THREADORDER - ok
    18:48:09.0841 5896 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    18:48:09.0846 5896 TrkWks - ok
    18:48:09.0931 5896 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    18:48:09.0945 5896 TrustedInstaller - ok
    18:48:09.0988 5896 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:48:09.0989 5896 tssecsrv - ok
    18:48:10.0007 5896 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    18:48:10.0009 5896 TsUsbFlt - ok
    18:48:10.0047 5896 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    18:48:10.0050 5896 tunnel - ok
    18:48:10.0076 5896 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    18:48:10.0078 5896 uagp35 - ok
    18:48:10.0116 5896 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    18:48:10.0133 5896 udfs - ok
    18:48:10.0171 5896 ufad-ws60 - ok
    18:48:10.0222 5896 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    18:48:10.0230 5896 UI0Detect - ok
    18:48:10.0253 5896 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    18:48:10.0256 5896 uliagpkx - ok
    18:48:10.0300 5896 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    18:48:10.0302 5896 umbus - ok
    18:48:10.0328 5896 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    18:48:10.0329 5896 UmPass - ok
    18:48:10.0371 5896 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    18:48:10.0377 5896 UmRdpService - ok
    18:48:10.0404 5896 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    18:48:10.0432 5896 upnphost - ok
    18:48:10.0494 5896 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
    18:48:10.0510 5896 upperdev - ok
    18:48:10.0540 5896 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    18:48:10.0543 5896 usbaudio - ok
    18:48:10.0559 5896 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    18:48:10.0562 5896 usbccgp - ok
    18:48:10.0578 5896 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    18:48:10.0593 5896 usbcir - ok
    18:48:10.0609 5896 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    18:48:10.0611 5896 usbehci - ok
    18:48:10.0648 5896 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    18:48:10.0653 5896 usbhub - ok
    18:48:10.0666 5896 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    18:48:10.0668 5896 usbohci - ok
    18:48:10.0694 5896 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    18:48:10.0695 5896 usbprint - ok
    18:48:10.0714 5896 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    18:48:10.0715 5896 usbscan - ok
    18:48:10.0759 5896 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
    18:48:10.0771 5896 usbser - ok
    18:48:10.0798 5896 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
    18:48:10.0808 5896 UsbserFilt - ok
    18:48:10.0823 5896 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:48:10.0826 5896 USBSTOR - ok
    18:48:10.0835 5896 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    18:48:10.0836 5896 usbuhci - ok
    18:48:10.0859 5896 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    18:48:10.0862 5896 usbvideo - ok
    18:48:10.0885 5896 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    18:48:10.0887 5896 UxSms - ok
    18:48:10.0904 5896 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    18:48:10.0905 5896 VaultSvc - ok
    18:48:10.0960 5896 [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
    18:48:10.0982 5896 VClone - ok
    18:48:11.0037 5896 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    18:48:11.0038 5896 vdrvroot - ok
    18:48:11.0183 5896 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    18:48:11.0203 5896 vds - ok
    18:48:11.0236 5896 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    18:48:11.0238 5896 vga - ok
    18:48:11.0254 5896 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    18:48:11.0259 5896 VgaSave - ok
    18:48:11.0299 5896 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    18:48:11.0305 5896 vhdmp - ok
    18:48:11.0325 5896 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    18:48:11.0326 5896 viaide - ok
    18:48:11.0402 5896 [ 85A0E62AC295B2958070EBF60CED22BC ] VMAuthdService D:\ProgramFiles\VMWare\vmware-authd.exe
    18:48:11.0404 5896 VMAuthdService - ok
    18:48:11.0443 5896 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    18:48:11.0457 5896 vmbus - ok
    18:48:11.0481 5896 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    18:48:11.0482 5896 VMBusHID - ok
    18:48:11.0521 5896 [ CDAA992C18F3F3612444C818A478CF57 ] vmci C:\Windows\system32\drivers\vmci.sys
    18:48:11.0523 5896 vmci - ok
    18:48:11.0572 5896 [ EA9C266CD4B4BB7C7D818C1C27461959 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
    18:48:11.0573 5896 vmkbd - ok
    18:48:11.0619 5896 [ B2E25DB5A6A178C056342ABD747B7326 ] vmm C:\Windows\system32\Drivers\vmm.sys
    18:48:11.0624 5896 vmm - ok
    18:48:11.0673 5896 [ 9D54F1339E78C95BF3D9939EBCB66378 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
    18:48:11.0695 5896 VMnetAdapter - ok
    18:48:11.0753 5896 [ FB54EF3AA613D2832FD3812E7CB2FC75 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
    18:48:11.0754 5896 VMnetBridge - ok
    18:48:11.0761 5896 VMnetDHCP - ok
    18:48:11.0794 5896 [ 479948EB42E189C076B45EBAF2D12BBC ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
    18:48:11.0797 5896 VMnetuserif - ok
    18:48:12.0105 5896 [ 346AF8B2BE7E2E349B0FCA70C55CAC03 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
    18:48:12.0126 5896 VMUSBArbService - ok
    18:48:12.0162 5896 VMware NAT Service - ok
    18:48:12.0211 5896 [ 05645D6651CA7A02298AAE475BBCAD6E ] vmx86 C:\Windows\system32\drivers\vmx86.sys
    18:48:12.0212 5896 vmx86 - ok
    18:48:12.0234 5896 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    18:48:12.0236 5896 volmgr - ok
    18:48:12.0274 5896 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    18:48:12.0281 5896 volmgrx - ok
    18:48:12.0298 5896 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    18:48:12.0304 5896 volsnap - ok
    18:48:12.0368 5896 [ 6BDCA00FC57CC40DA3C8E88B2CEA21AB ] VPCNetS2 C:\Windows\system32\DRIVERS\VMNetSrv.sys
    18:48:12.0369 5896 VPCNetS2 - ok
    18:48:12.0479 5896 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    18:48:12.0501 5896 vsmraid - ok
    18:48:13.0078 5896 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    18:48:13.0124 5896 VSS - ok
    18:48:13.0186 5896 [ 69F57E89E6EBC5012D210527AF005A70 ] vstor2-ws60 D:\ProgramFiles\VMWare\vstor2-ws60.sys
    18:48:13.0187 5896 vstor2-ws60 - ok
    18:48:13.0221 5896 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    18:48:13.0251 5896 vwifibus - ok
    18:48:13.0290 5896 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    18:48:13.0292 5896 vwififlt - ok
    18:48:13.0325 5896 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    18:48:13.0327 5896 vwifimp - ok
    18:48:13.0372 5896 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    18:48:13.0381 5896 W32Time - ok
    18:48:13.0565 5896 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
    18:48:13.0641 5896 W3SVC - ok
    18:48:13.0688 5896 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    18:48:13.0697 5896 WacomPen - ok
    18:48:13.0748 5896 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    18:48:13.0750 5896 WANARP - ok
    18:48:13.0757 5896 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    18:48:13.0759 5896 Wanarpv6 - ok
    18:48:13.0773 5896 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
    18:48:13.0777 5896 WAS - ok
    18:48:13.0851 5896 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    18:48:13.0874 5896 WatAdminSvc - ok
    18:48:14.0207 5896 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    18:48:14.0257 5896 wbengine - ok
    18:48:14.0377 5896 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    18:48:14.0423 5896 WbioSrvc - ok
    18:48:14.0464 5896 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    18:48:14.0500 5896 wcncsvc - ok
    18:48:14.0532 5896 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    18:48:14.0536 5896 WcsPlugInService - ok
    18:48:14.0554 5896 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    18:48:14.0556 5896 Wd - ok
    18:48:14.0584 5896 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    18:48:14.0593 5896 Wdf01000 - ok
    18:48:14.0611 5896 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    18:48:14.0614 5896 WdiServiceHost - ok
    18:48:14.0618 5896 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    18:48:14.0620 5896 WdiSystemHost - ok
    18:48:14.0639 5896 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    18:48:14.0645 5896 WebClient - ok
    18:48:14.0663 5896 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    18:48:14.0667 5896 Wecsvc - ok
    18:48:14.0691 5896 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    18:48:14.0694 5896 wercplsupport - ok
    18:48:14.0714 5896 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    18:48:14.0717 5896 WerSvc - ok
    18:48:14.0738 5896 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    18:48:14.0739 5896 WfpLwf - ok
    18:48:14.0754 5896 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    18:48:14.0755 5896 WIMMount - ok
    18:48:14.0774 5896 WinHttpAutoProxySvc - ok
    18:48:14.0817 5896 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    18:48:14.0843 5896 Winmgmt - ok
    18:48:15.0165 5896 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    18:48:15.0210 5896 WinRM - ok
    18:48:15.0302 5896 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    18:48:15.0313 5896 WinUsb - ok
    18:48:15.0357 5896 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    18:48:15.0391 5896 Wlansvc - ok
    18:48:15.0919 5896 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    18:48:15.0963 5896 wlidsvc - ok
    18:48:16.0039 5896 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    18:48:16.0068 5896 WmiAcpi - ok
    18:48:16.0121 5896 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    18:48:16.0150 5896 wmiApSrv - ok
    18:48:16.0193 5896 WMPNetworkSvc - ok
    18:48:16.0259 5896 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    18:48:16.0286 5896 WPCSvc - ok
    18:48:16.0358 5896 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    18:48:16.0363 5896 WPDBusEnum - ok
    18:48:16.0385 5896 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    18:48:16.0387 5896 ws2ifsl - ok
    18:48:16.0394 5896 WSearch - ok
    18:48:16.0439 5896 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    18:48:16.0469 5896 WudfPf - ok
    18:48:16.0512 5896 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:48:16.0516 5896 WUDFRd - ok
    18:48:16.0537 5896 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    18:48:16.0541 5896 wudfsvc - ok
    18:48:16.0558 5896 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    18:48:16.0565 5896 WwanSvc - ok
    18:48:16.0660 5896 ================ Scan global ===============================
    18:48:16.0680 5896 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    18:48:16.0739 5896 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    18:48:16.0774 5896 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    18:48:16.0819 5896 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    18:48:16.0853 5896 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    18:48:16.0859 5896 [Global] - ok
    18:48:16.0860 5896 ================ Scan MBR ==================================
    18:48:16.0874 5896 [ 9801056AD9F09C717483E73336EEC920 ] \Device\Harddisk0\DR0
    18:48:17.0021 5896 \Device\Harddisk0\DR0 - ok
    18:48:17.0030 5896 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
    18:48:17.0037 5896 \Device\Harddisk1\DR1 - ok
    18:48:17.0041 5896 ================ Scan VBR ==================================
    18:48:17.0045 5896 [ 55D20DA709DB1FF79A1166670EE6A68D ] \Device\Harddisk0\DR0\Partition1
    18:48:17.0046 5896 \Device\Harddisk0\DR0\Partition1 - ok
    18:48:17.0056 5896 [ 8D0C936BD5F27DDBCE76078FA950600F ] \Device\Harddisk0\DR0\Partition2
    18:48:17.0058 5896 \Device\Harddisk0\DR0\Partition2 - ok
    18:48:17.0080 5896 [ 583F76297227A8DFB6507620C29269F7 ] \Device\Harddisk0\DR0\Partition3
    18:48:17.0090 5896 \Device\Harddisk0\DR0\Partition3 - ok
    18:48:17.0095 5896 [ 62E1CB5F28D1B966B15772ECB30B7FB3 ] \Device\Harddisk1\DR1\Partition1
    18:48:17.0097 5896 \Device\Harddisk1\DR1\Partition1 - ok
    18:48:17.0097 5896 ============================================================
    18:48:17.0097 5896 Scan finished
    18:48:17.0097 5896 ============================================================
    18:48:17.0110 5236 Detected object count: 0
    18:48:17.0110 5236 Actual detected object count: 0
    18:48:32.0946 0380 Deinitialize success
     
  6. OscarZ

    OscarZ TS Rookie Topic Starter Posts: 48

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Oscar [Admin rights]
    Mode : Scan -- Date : 10/08/2012 18:50:47

    ¤¤¤ Bad processes : 2 ¤¤¤
    [SUSP PATH] LogWatNT.exe -- C:\Windows\LogWatNT.exe -> KILLED [TermProc]
    [SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\ProgramData\OvvifwenYafz.dll -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 12 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : Windows Time (rundll32.exe "C:\ProgramData\OvvifwenYafz.dll",EntryPoint) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-3223265864-3949170350-323350453-1000[...]\Run : Windows Time (rundll32.exe "C:\ProgramData\OvvifwenYafz.dll",EntryPoint) -> FOUND
    [TASK][SUSP PATH] RunAsStdUser Task : C:\Users\Oscar\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -secondattempt hxxp://sp.ask.com/toolbar/toolbarS/toolbar.php?tb=CDS&browser=IE&success=1 -> FOUND
    [TASK][SUSP PATH] {2002497A-948D-436C-A7FD-5293F11EA076} : C:\Windows\system32\pcalua.exe -a "C:\Users\Oscar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LKLEB3G\pulsingcolorsviz[1].exe" -d D:\Oscar\Desktop -> FOUND
    [TASK][SUSP PATH] {51D1A394-2913-48FE-82FC-83B3AC756A37} : C:\Windows\system32\pcalua.exe -a "C:\Users\Oscar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WB7PVIOG\jre-6u30-windows-i586-iftw.exe" -d D:\Oscar\Desktop -> FOUND
    [TASK][SUSP PATH] {DCB17E6D-5142-44AD-928C-0B603E8822A0} : C:\Windows\system32\pcalua.exe -a "C:\Users\Oscar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\37P2QK1N\TX105_x86_661APS_C1[1].exe" -d D:\Oscar\Desktop -> FOUND
    [TASK][SUSP PATH] {FB89DADC-D160-4972-A583-E92E65735CC2} : C:\Windows\system32\pcalua.exe -a "C:\Users\Oscar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1I14XRBT\SoftwareManagerUninstall.exe" -d D:\Oscar\Desktop -> FOUND
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (10.226.5.161:80) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Oscar\AppData\Local\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\n.) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost localtdcop1
    10.4.35.54 dstageprod
    10.226.4.155 pegaso
    10.4.35.55 dstagedes


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS723225L9A362 ATA Device +++++
    --- User ---
    [MBR] 9b84cc8c52053a5efb37e78b16126815
    [BSP] 77a6452fe5847f4e24f49f447e45ee9a : MBR Code unknown
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 51200 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 105064448 | Size: 187173 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: SanDisk Cruzer Blade USB Device +++++
    --- User ---
    [MBR] f9fea5fa2c02941e7b8826eb1f747bd8
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 38 | Size: 3827 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt


    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Oscar [Admin rights]
    Mode : Remove -- Date : 10/08/2012 18:52:26

    ¤¤¤ Bad processes : 2 ¤¤¤
    [SUSP PATH] LogWatNT.exe -- C:\Windows\LogWatNT.exe -> KILLED [TermProc]
    [SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\ProgramData\OvvifwenYafz.dll -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 11 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : Windows Time (rundll32.exe "C:\ProgramData\OvvifwenYafz.dll",EntryPoint) -> DELETED
    [TASK][SUSP PATH] RunAsStdUser Task : C:\Users\Oscar\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -secondattempt hxxp://sp.ask.com/toolbar/toolbarS/toolbar.php?tb=CDS&browser=IE&success=1 -> DELETED
    [TASK][SUSP PATH] {2002497A-948D-436C-A7FD-5293F11EA076} : C:\Windows\system32\pcalua.exe -a "C:\Users\Oscar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LKLEB3G\pulsingcolorsviz[1].exe" -d D:\Oscar\Desktop -> DELETED
    [TASK][SUSP PATH] {51D1A394-2913-48FE-82FC-83B3AC756A37} : C:\Windows\system32\pcalua.exe -a "C:\Users\Oscar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WB7PVIOG\jre-6u30-windows-i586-iftw.exe" -d D:\Oscar\Desktop -> DELETED
    [TASK][SUSP PATH] {DCB17E6D-5142-44AD-928C-0B603E8822A0} : C:\Windows\system32\pcalua.exe -a "C:\Users\Oscar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\37P2QK1N\TX105_x86_661APS_C1[1].exe" -d D:\Oscar\Desktop -> DELETED
    [TASK][SUSP PATH] {FB89DADC-D160-4972-A583-E92E65735CC2} : C:\Windows\system32\pcalua.exe -a "C:\Users\Oscar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1I14XRBT\SoftwareManagerUninstall.exe" -d D:\Oscar\Desktop -> DELETED
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (10.226.5.161:80) -> NOT REMOVED, USE PROXYFIX
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Oscar\AppData\Local\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\n.) -> REPLACED (C:\Windows\system32\shell32.dll)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost localtdcop1
    10.4.35.54 dstageprod
    10.226.4.155 pegaso
    10.4.35.55 dstagedes


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS723225L9A362 ATA Device +++++
    --- User ---
    [MBR] 9b84cc8c52053a5efb37e78b16126815
    [BSP] 77a6452fe5847f4e24f49f447e45ee9a : MBR Code unknown
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 51200 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 105064448 | Size: 187173 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: SanDisk Cruzer Blade USB Device +++++
    --- User ---
    [MBR] f9fea5fa2c02941e7b8826eb1f747bd8
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 38 | Size: 3827 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  7. OscarZ

    OscarZ TS Rookie Topic Starter Posts: 48

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.08.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Oscar :: DELL_1320 [administrator]

    08/10/2012 19:05:29
    mbam-log-2012-10-08 (19-05-29).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 257376
    Time elapsed: 10 minute(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 3
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\command.exe (Security.Hijack) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\Oscar\Downloads\Keygen de Win RaR 3.90 - 3.92 - 3.93 beta 3.exe (RiskWare.Agent.CK) -> Quarantined and deleted successfully.
    C:\Users\Oscar\Downloads\SoftonicDownloader_para_flv-player.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.

    (end)
     
  8. OscarZ

    OscarZ TS Rookie Topic Starter Posts: 48

    I couldn't execute aswMBR.exe it got updated but when I try the scan after a few minutes it shows a windows message error:

    "Avast! antirootkit has stopped working"

    I tried three times and every time the same message appeared. Please let me know if my laptop keeps at risk. Again thank you very much for your help.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    See if it'll run from safe mode.
     
  10. OscarZ

    OscarZ TS Rookie Topic Starter Posts: 48

    Tried in safe mode, but the same error appeared...
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  12. OscarZ

    OscarZ TS Rookie Topic Starter Posts: 48

    Hi Broni, here the ComboFix Log. Despite of I disabled the Essentials antivirus a message appeard telling me that disable it.

    Again thank you very much for all your help, I'll donate something, it's really nothing compared with all the help you gave me

    ComboFix 12-10-10.02 - Oscar 10/10/2012 19:19:06.1.2 - x64
    Microsoft Windows 7 Professional N 6.1.7601.1.1252.57.1033.18.4057.2479 [GMT -5:00]
    Running from: c:\users\Oscar\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\DragToDiscUserNameE.txt
    c:\programdata\Telmex
    c:\programdata\Telmex\config.cps
    c:\users\Oscar\AppData\Local\assembly\tmp
    c:\users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
    c:\windows\pkunzip.pif
    c:\windows\pkzip.pif
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    c:\windows\SysWow64\wpcap.dll
    c:\windows\XSxS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-11 to 2012-10-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-11 00:29 . 2012-10-11 00:29 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2012-10-11 00:29 . 2012-10-11 00:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-11 00:29 . 2012-10-11 00:29 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-10-09 00:02 . 2012-10-09 00:02 -------- d-----w- c:\users\Oscar\AppData\Roaming\Malwarebytes
    2012-10-09 00:02 . 2012-10-09 00:02 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-09 00:01 . 2012-10-09 00:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-09 00:01 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-08 23:49 . 2012-09-19 05:58 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF3D770F-2937-44DC-907F-A76DA46F87CC}\mpengine.dll
    2012-10-08 04:42 . 2012-10-08 04:42 -------- d-----w- C:\FRST
    2012-10-07 19:13 . 2012-10-07 19:13 -------- d-----w- c:\users\Oscar\AppData\Roaming\Rational
    2012-10-07 17:39 . 2012-10-07 17:39 -------- d-----w- c:\users\Oscar\AppData\Local\javasharedresources
    2012-10-07 17:28 . 2012-10-07 17:28 -------- d-----w- c:\programdata\IBM
    2012-10-07 17:28 . 2012-10-07 17:28 -------- d-----w- c:\users\Oscar\AppData\Roaming\IBM
    2012-10-01 21:10 . 2012-09-04 18:30 38912 ----a-w- c:\windows\SysWow64\identprv.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-11 00:32 . 2012-04-29 02:57 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
    2012-10-11 00:32 . 2010-03-09 17:21 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
    2012-10-11 00:31 . 2010-03-09 17:20 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
    2012-10-11 00:31 . 2010-03-09 17:20 17920 ----a-w- c:\windows\system32\rpcnetp.exe
    2012-10-10 16:30 . 2010-03-10 17:33 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
    2012-10-10 16:30 . 2010-03-10 17:33 58288 ------w- c:\windows\SysWow64\rpcnet.exe
    2012-10-09 01:09 . 2012-04-02 14:08 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 01:09 . 2011-06-08 01:16 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-19 05:58 . 2012-10-11 00:42 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C85B1B03-3107-4D2E-9228-811891A594B5}\mpengine.dll
    2012-09-19 05:58 . 2012-10-08 23:49 9308616 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-31 03:03 . 2010-10-25 02:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-07-13 02:52 . 2010-03-12 13:12 59701280 ----a-w- c:\windows\system32\MRT.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_P.dll" [2009-12-31 2349080]
    .
    [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
    2009-12-31 16:53 2349080 ----a-w- c:\program files (x86)\BS_Player\tbBS_P.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_P.dll" [2009-12-31 2349080]
    .
    [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Oscar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Oscar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Oscar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Oscar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "vmware-tray"="d:\programfiles\VMWare\vmware-tray.exe" [2009-10-22 129584]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    .
    c:\users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Oscar\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]
    Recorte de pantalla y Selector de OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux7"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Servicio Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
    R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
    R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [2000-06-08 50176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
    R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 246224]
    R3 gupdatem;Google Update Servicio (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
    R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2010-01-18 32768]
    R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 448512]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-02 1255736]
    S0 DLACDBHE;DLACDBHE;c:\windows\System32\Drivers\DLACDBHE.SYS [2007-07-23 17776]
    S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS [2007-07-23 124112]
    S0 pavboot;Panda Boot Driver;c:\windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
    S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS [2007-07-23 41072]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 ASCLCSSrv;DataStage Multi-Client Manager Service;d:\ibm\InformationServer\MCM\ClientSwitcherService.exe [2008-10-23 69632]
    S2 cag;Citrix cag plugin for Access Gateway;c:\program files\Common Files\Deterministic Networks\Common Files\cag.sys [2010-08-04 96384]
    S2 DLABMFSE;DLABMFSE;c:\windows\system32\Drivers\DLABMFSE.SYS [2007-07-23 46448]
    S2 DLABOIOE;DLABOIOE;c:\windows\system32\Drivers\DLABOIOE.SYS [2007-07-23 42352]
    S2 DLADResE;DLADResE;c:\windows\system32\Drivers\DLADResE.SYS [2007-07-23 9968]
    S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\Drivers\DLAIFS_E.SYS [2007-07-23 146672]
    S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\Drivers\DLAOPIOE.SYS [2007-07-23 35056]
    S2 DLAPoolE;DLAPoolE;c:\windows\system32\Drivers\DLAPoolE.SYS [2007-07-23 19824]
    S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\Drivers\DLAUDF_E.SYS [2007-07-23 144112]
    S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\Drivers\DLAUDFAE.SYS [2007-07-23 135152]
    S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS [2007-07-23 63984]
    S2 MKSAUTH;MKSAUTH;c:\windows\SysWOW64\mksauth.exe [2007-07-25 94168]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
    S2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe [2011-01-19 154776]
    S2 NuTCRACKERService;NuTCRACKER Service;c:\windows\system32\nutsrv4.exe [2007-07-20 423896]
    S2 Realtek87B;Realtek87B;c:\program files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [2009-12-07 40960]
    S2 TeamViewer7;TeamViewer 7;d:\programfiles\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
    S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 80944]
    S3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\DRIVERS\ctxva51.sys [2011-01-19 45720]
    S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-05-22 69152]
    S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [2009-05-07 48800]
    S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 12288]
    S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 267296]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 01:09]
    .
    2012-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 01:53]
    .
    2012-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 01:53]
    .
    2012-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3223265864-3949170350-323350453-1000Core.job
    - c:\users\Oscar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-11 03:10]
    .
    2012-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3223265864-3949170350-323350453-1000UA.job
    - c:\users\Oscar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-11 03:10]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Oscar\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Oscar\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Oscar\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Oscar\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-27 309248]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyServer = 10.226.5.161:80
    uInternet Settings,ProxyOverride = 10.226.5.161:80;hxxp://10.226.4.155;<local>
    mSearchAssistant = hxxp://start.facemoods.com/?a=allp&s={searchTerms}&f=4
    IE: &Enviar a OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
    IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
    LSP: %SystemRoot%\system32\nutafun4.dll
    LSP: d:\programfiles\VMWare\vsocklib.dll
    Trusted Zone: mssalesdemos.com
    Trusted Zone: engdis.com
    Trusted Zone: engdis.com\ed201us3sena
    TCP: DhcpNameServer = 200.118.2.91 190.157.2.140
    DPF: {0B12C2CF-6DE8-4388-99D7-B4FC1935D8CE} - hxxp://ed201us3sena.engdis.com/Runtime/Programmers/Objects/UrlFLoad.cab
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
    FF - ProfilePath - c:\users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\6p79mgsc.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=18790&q=
    FF - prefs.js: network.proxy.ftp - 10.226.5.161
    FF - prefs.js: network.proxy.ftp_port - 80
    FF - prefs.js: network.proxy.http - 10.226.5.161
    FF - prefs.js: network.proxy.http_port - 80
    FF - prefs.js: network.proxy.socks - 10.226.5.161
    FF - prefs.js: network.proxy.socks_port - 80
    FF - prefs.js: network.proxy.ssl - 10.226.5.161
    FF - prefs.js: network.proxy.ssl_port - 80
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
    AddRemove-ibm_websphere_information_server540762011 - d:\ibm\InformationServer\_uninst\suite\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3223265864-3949170350-323350453-1000\Software\NCR\TeradataManager\12.00.00.00\Monitor*]
    @Allowed: (Read) (RestrictedCode)
    "Top"=dword:0000002d
    "Left"=dword:00000000
    "Width"=dword:00003615
    "Height"=dword:00002c2e
    .
    [HKEY_USERS\S-1-5-21-3223265864-3949170350-323350453-1000\Software\Teradata\TeradataManager\13.00.00.00\Monitor*]
    "Top"=dword:00000000
    "Left"=dword:000003e8
    "Width"=dword:00004218
    "Height"=dword:00002d00
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Datafocus]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Mortice Kern Systems]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\DRIVERS\o2flash.exe
    c:\program files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWlan.exe
    c:\program files (x86)\Retrospect\Retrospect Express HD 2.5\retrorun.exe
    c:\windows\SysWOW64\rpcnet.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\SysWOW64\vmnat.exe
    d:\programfiles\VMWare\vmware-authd.exe
    c:\windows\SysWOW64\vmnetdhcp.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-10 19:54:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-11 00:53
    .
    Pre-Run: 4.620.750.848 bytes free
    Post-Run: 5.091.663.872 bytes free
    .
    - - End Of File - - 52E9564BDC192A3F75BACF0974DE2137
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good :)

    How is computer doing?

    ==================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. OscarZ

    OscarZ TS Rookie Topic Starter Posts: 48

    Hi,

    Everything is getting better, the issue is finally over... here the last log

    OTL logfile created on: 11/10/2012 20:33:31 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oscar\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000240A | Country: Colombia | Language: ESO | Date Format: dd/MM/yyyy

    3,96 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,76% Memory free
    7,92 Gb Paging File | 6,42 Gb Available in Paging File | 81,03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 50,00 Gb Total Space | 4,47 Gb Free Space | 8,93% Space Free | Partition Type: NTFS
    Drive D: | 182,79 Gb Total Space | 42,73 Gb Free Space | 23,38% Space Free | Partition Type: NTFS

    Computer Name: DELL_1320 | User Name: Oscar | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2012/10/11 20:12:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Downloads\OTL.exe
    PRC - [2012/10/11 20:06:05 | 000,013,160 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\Upgrd.exe
    PRC - [2012/10/11 20:05:57 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
    PRC - [2012/07/24 21:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\Oscar\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/05/16 15:44:58 | 001,084,840 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
    PRC - [2012/04/22 13:51:04 | 000,720,936 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    PRC - [2012/04/22 13:50:32 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
    PRC - [2012/01/19 06:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- D:\ProgramFiles\Version7\TeamViewer_Service.exe
    PRC - [2011/01/19 08:07:52 | 000,154,776 | ---- | M] (Citrix Systems, Inc) -- C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
    PRC - [2010/01/08 14:15:24 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
    PRC - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
    PRC - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
    PRC - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- D:\ProgramFiles\VMWare\vmware-authd.exe
    PRC - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
    PRC - [2009/10/22 04:59:24 | 000,129,584 | ---- | M] (VMware, Inc.) -- D:\ProgramFiles\VMWare\vmware-tray.exe
    PRC - [2008/10/23 12:29:44 | 000,069,632 | ---- | M] (IBM Corporation) -- D:\IBM\InformationServer\MCM\ClientSwitcherService.exe
    PRC - [2008/07/16 12:43:00 | 000,107,800 | ---- | M] (EMC Corporation) -- C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.5\retrorun.exe
    PRC - [2007/07/25 12:07:30 | 000,094,168 | ---- | M] (Mortice Kern Systems Inc.) -- C:\Windows\SysWOW64\mksauth.exe
    PRC - [2000/06/08 18:15:24 | 000,050,176 | ---- | M] () -- C:\Windows\LogWatNT.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/16 15:45:56 | 000,276,392 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
    MOD - [2012/05/16 15:45:40 | 002,652,584 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
    MOD - [2012/05/16 15:45:40 | 000,363,944 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
    MOD - [2012/05/16 15:45:38 | 011,166,120 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
    MOD - [2012/05/16 15:45:36 | 001,346,472 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
    MOD - [2012/05/16 15:45:36 | 000,205,736 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
    MOD - [2012/05/16 15:45:34 | 001,013,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
    MOD - [2012/05/16 15:45:34 | 000,720,296 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
    MOD - [2012/05/16 15:45:32 | 008,506,280 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
    MOD - [2012/05/16 15:45:32 | 000,520,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
    MOD - [2012/05/16 15:45:30 | 002,480,552 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
    MOD - [2012/05/16 15:45:30 | 002,353,576 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
    MOD - [2012/05/16 15:45:28 | 000,445,864 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
    MOD - [2012/05/16 15:45:22 | 000,206,760 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
    MOD - [2012/05/16 15:45:22 | 000,035,240 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qico4.dll
    MOD - [2012/05/16 15:45:20 | 000,032,680 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qgif4.dll
    MOD - [2012/05/16 15:44:54 | 000,437,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
    MOD - [2012/05/16 15:44:16 | 000,604,072 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
    MOD - [2012/05/16 13:46:28 | 000,391,056 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
    MOD - [2012/05/16 13:46:28 | 000,059,280 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
    MOD - [2012/05/16 13:45:30 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/01/19 08:07:52 | 000,154,776 | ---- | M] (Citrix Systems, Inc) [Auto | Running] -- C:\Program Files\Citrix\Secure Access Client\nsverctl.exe -- (nsverctl)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2007/07/20 15:34:38 | 000,423,896 | ---- | M] (MKS Software Inc.) [Auto | Running] -- C:\Windows\SysNative\nutsrv4.exe -- (NuTCRACKERService)
    SRV:64bit: - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
    SRV - [2012/10/11 20:05:57 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet)
    SRV - [2012/10/08 20:09:55 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/07 18:14:05 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/04/22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2012/04/18 19:28:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2012/01/19 06:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- D:\ProgramFiles\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe -- (Realtek87B)
    SRV - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
    SRV - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- D:\ProgramFiles\VMWare\vmware-authd.exe -- (VMAuthdService)
    SRV - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
    SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
    SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- D:\ProgramFiles\VMWare\vmware-ufad.exe -- (ufad-ws60)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/10/23 12:29:44 | 000,069,632 | ---- | M] (IBM Corporation) [Auto | Running] -- D:\IBM\InformationServer\MCM\ClientSwitcherService.exe -- (ASCLCSSrv)
    SRV - [2008/07/16 12:43:02 | 000,128,280 | ---- | M] (EMC Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.5\rthlpsvc.exe -- (RetroExp Helper)
    SRV - [2008/07/16 12:43:00 | 000,107,800 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.5\retrorun.exe -- (RetroExpLauncher)
    SRV - [2007/07/25 12:07:30 | 000,094,168 | ---- | M] (Mortice Kern Systems Inc.) [Auto | Running] -- C:\Windows\SysWOW64\mksauth.exe -- (MKSAUTH)
    SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
    SRV - [2000/06/08 18:15:24 | 000,050,176 | ---- | M] () [Auto | Running] -- C:\Windows\LogWatNT.exe -- (LogWatch)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/04/22 13:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
    DRV:64bit: - [2012/01/09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
    DRV:64bit: - [2012/01/09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
    DRV:64bit: - [2012/01/09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
    DRV:64bit: - [2011/06/15 03:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
    DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
    DRV:64bit: - [2011/05/13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
    DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
    DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
    DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/01/19 08:08:10 | 000,045,720 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctxva51.sys -- (ctxva51)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 05:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
    DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/08/04 14:31:44 | 000,096,384 | ---- | M] (Citrix Systems, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys -- (cag)
    DRV:64bit: - [2010/03/11 14:31:23 | 000,294,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
    DRV:64bit: - [2010/01/18 05:48:12 | 000,032,768 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewdcsc.sys -- (Huawei)
    DRV:64bit: - [2010/01/06 22:20:22 | 000,448,512 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8187.sys -- (RTL8187)
    DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
    DRV:64bit: - [2009/12/17 17:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2009/12/07 06:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV:64bit: - [2009/12/07 06:36:48 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
    DRV:64bit: - [2009/10/22 05:01:10 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
    DRV:64bit: - [2009/10/22 05:01:04 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
    DRV:64bit: - [2009/10/22 05:00:58 | 000,068,144 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
    DRV:64bit: - [2009/10/22 05:00:56 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV:64bit: - [2009/10/22 03:47:50 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
    DRV:64bit: - [2009/10/22 00:13:28 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV:64bit: - [2009/10/22 00:13:28 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV:64bit: - [2009/10/20 13:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
    DRV:64bit: - [2009/10/12 02:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
    DRV:64bit: - [2009/08/09 16:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:09:10 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\loop.sys -- (msloop)
    DRV:64bit: - [2009/07/08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/30 09:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/22 17:18:20 | 000,069,152 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
    DRV:64bit: - [2009/05/07 17:47:44 | 000,048,800 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdgx64.sys -- (O2SDGRDR)
    DRV:64bit: - [2009/03/25 01:28:56 | 000,230,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
    DRV:64bit: - [2008/06/16 05:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2008/05/28 17:01:00 | 000,267,296 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM13Vid.sys -- (OEM13Vid)
    DRV:64bit: - [2008/02/05 01:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
    DRV:64bit: - [2007/07/23 15:05:24 | 000,009,968 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLADResE.SYS -- (DLADResE)
    DRV:64bit: - [2007/07/23 15:05:12 | 000,135,152 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAUDFAE.SYS -- (DLAUDFAE)
    DRV:64bit: - [2007/07/23 15:05:12 | 000,046,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLABMFSE.SYS -- (DLABMFSE)
    DRV:64bit: - [2007/07/23 15:05:10 | 000,144,112 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAUDF_E.SYS -- (DLAUDF_E)
    DRV:64bit: - [2007/07/23 15:05:08 | 000,035,056 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAOPIOE.SYS -- (DLAOPIOE)
    DRV:64bit: - [2007/07/23 15:05:06 | 000,042,352 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLABOIOE.SYS -- (DLABOIOE)
    DRV:64bit: - [2007/07/23 15:05:06 | 000,019,824 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAPoolE.SYS -- (DLAPoolE)
    DRV:64bit: - [2007/07/23 15:05:04 | 000,146,672 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAIFS_E.SYS -- (DLAIFS_E)
    DRV:64bit: - [2007/07/23 14:55:46 | 000,124,112 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DRVECDB.SYS -- (DRVECDB)
    DRV:64bit: - [2007/07/23 14:49:50 | 000,041,072 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLARTL_E.SYS -- (DLARTL_E)
    DRV:64bit: - [2007/07/23 14:49:50 | 000,017,776 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DLACDBHE.SYS -- (DLACDBHE)
    DRV:64bit: - [2007/07/23 14:43:46 | 000,063,984 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DRVEDDM.SYS -- (DRVEDDM)
    DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2007/04/24 09:33:30 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125obex.sys -- (s125obex)
    DRV:64bit: - [2007/04/24 09:33:28 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125mgmt.sys -- (s125mgmt)
    DRV:64bit: - [2007/04/24 09:33:26 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125mdm.sys -- (s125mdm)
    DRV:64bit: - [2007/04/24 09:33:24 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125mdfl.sys -- (s125mdfl)
    DRV:64bit: - [2007/04/24 09:33:14 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125bus.sys -- (s125bus)
    DRV:64bit: - [2007/03/05 10:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM13Vfx.sys -- (OEM13Vfx)
    DRV - [2009/10/12 14:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- D:\ProgramFiles\VMWare\vstor2-ws60.sys -- (vstor2-ws60)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=allp&s={searchTerms}&f=4
    IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-cr
    IE - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 01 2F 33 77 C1 CA 01 [binary data]
    IE - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\..\SearchScopes,DefaultScope = {6952EF4D-8AAE-4EAE-8573-038481622FA1}
    IE - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
    IE - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=allp&s={searchTerms}&f=4
    IE - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18790
    IE - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=F72280EC-CD5F-4E32-94E9-9BC5D9F0DBAA
    IE - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\..\SearchScopes\{6952EF4D-8AAE-4EAE-8573-038481622FA1}: "URL" = http://www.google.com/search?hl=es&q={searchTerms}&lr=
    IE - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
    IE - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.226.5.161:80;http://10.226.4.155;<local>
    IE - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.226.5.161:80

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4
    FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=18790&q="
    FF - prefs.js..network.proxy.backup.ftp: "10.226.5.161"
    FF - prefs.js..network.proxy.backup.ftp_port: 80
    FF - prefs.js..network.proxy.backup.socks: "10.226.5.161"
    FF - prefs.js..network.proxy.backup.socks_port: 80
    FF - prefs.js..network.proxy.backup.ssl: "10.226.5.161"
    FF - prefs.js..network.proxy.backup.ssl_port: 80
    FF - prefs.js..network.proxy.ftp: "10.226.5.161"
    FF - prefs.js..network.proxy.ftp_port: 80
    FF - prefs.js..network.proxy.http: "10.226.5.161"
    FF - prefs.js..network.proxy.http_port: 80
    FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1,10.226.4.155"
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "10.226.5.161"
    FF - prefs.js..network.proxy.socks_port: 80
    FF - prefs.js..network.proxy.ssl: "10.226.5.161"
    FF - prefs.js..network.proxy.ssl_port: 80
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Citrix.com/npagee64,version=9.2.50.4: C:\Program Files\Citrix\Secure Access Client\npagee64.dll (Citrix Systems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.2.50.4: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
    FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Oscar\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Oscar\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/29 13:38:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 18:14:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\

    [2011/04/15 16:47:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions
    [2012/10/11 20:11:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\6p79mgsc.default\extensions
    [2012/09/17 15:17:44 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\6p79mgsc.default\extensions\info@djzig.com
    [2012/06/25 18:45:29 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\6p79mgsc.default\extensions\adblockpopups@jessehakanen.net.xpi
    [2012/10/07 16:28:18 | 000,318,404 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\6p79mgsc.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
    [2012/08/04 20:46:46 | 002,966,066 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\6p79mgsc.default\extensions\{c7b3cf78-9cbc-47b9-ba47-bb84a56069dd}.xpi
    [2012/10/11 20:11:59 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\6p79mgsc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
    [2012/09/29 13:38:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/07 18:14:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/08/30 21:51:25 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2010/10/04 10:26:16 | 000,002,036 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchallp.xml
    [2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/10/10 19:34:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (no name) - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
    O3 - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [vmware-tray] D:\ProgramFiles\VMWare\vmware-tray.exe (VMware, Inc.)
    O4 - HKU\S-1-5-21-3223265864-3949170350-323350453-1000..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
    O4 - Startup: C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Oscar\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
    O9 - Extra 'Tools' menuitem : Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - Reg Error: Key error. File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\nutafun4.dll (MKS Software Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\nutafun4.dll (MKS Software Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\nutafun4.dll (MKS Software Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\nutafun4.dll (MKS Software Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\ProgramFiles\VMWare\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - D:\ProgramFiles\VMWare\vsocklib.dll (VMware, Inc.)
    O13 - gopher Prefix: missing
    O15 - HKLM\..Trusted Domains: engdis.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: engdis.com ([ed201us3sena] http in Trusted sites)
    O15 - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\..Trusted Domains: mssalesdemos.com ([]http in Trusted sites)
    O16 - DPF: {0B12C2CF-6DE8-4388-99D7-B4FC1935D8CE} http://ed201us3sena.engdis.com/Runtime/Programmers/Objects/UrlFLoad.cab (DLoadManager Class)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} https://a248.e.akamai.net/f/248/147...ager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.118.2.91 190.157.2.140
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{728D335C-3729-4DEB-995B-22229DDD44F6}: DhcpNameServer = 200.75.51.132 200.75.51.133
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B189E3EE-EA2B-4F8C-A800-3A3BB0DC945A}: DhcpNameServer = 200.118.2.91 190.157.2.140
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D64AE7E0-4891-40FA-9E2F-993942DCC88B}: Domain = tmoviles.inet
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1C3BBBE-406A-402B-88E3-52A6CA535547}: DhcpNameServer = 200.48.225.130 200.48.225.146
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/10 19:54:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/10 19:34:53 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/10/10 19:17:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/10 19:17:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/10 19:17:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/10 19:14:27 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/10 19:14:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/10 11:28:27 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{25C2FAB4-A2BD-4E7A-9DA1-36CBBFE5231A}
    [2012/10/08 19:02:17 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Malwarebytes
    [2012/10/08 19:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/08 19:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/08 19:01:58 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/10/08 19:01:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
     
  15. OscarZ

    OscarZ TS Rookie Topic Starter Posts: 48

    [2012/10/08 18:50:06 | 000,000,000 | ---D | C] -- D:\Oscar\Desktop\RK_Quarantine
    [2012/10/08 18:49:41 | 000,000,000 | ---D | C] -- D:\Oscar\Desktop\aaaaa
    [2012/10/08 18:41:19 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{6C9C0B9D-B1F0-4545-BA2C-EAB3864873AC}
    [2012/10/07 23:42:40 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/10/07 14:13:54 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Rational
    [2012/10/07 14:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM Installation Manager
    [2012/10/07 13:42:17 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{70A8234C-ECD8-43BD-ACCD-EFDAE1D67234}
    [2012/10/07 13:35:31 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{09551C6C-DEC1-41B1-83C1-33EB53E78DB4}
    [2012/10/07 12:39:11 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\javasharedresources
    [2012/10/07 12:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM InfoSphere
    [2012/10/07 12:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\IBM
    [2012/10/07 12:28:05 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\IBM
    [2012/10/07 12:24:31 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{9DFA4BAE-95DC-4DEC-96EC-13BAF28BC294}
    [2012/10/06 11:09:45 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{0465A75F-5699-4213-A3EF-D711A56261D4}
    [2012/10/05 17:05:30 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{D4768795-1147-4A55-96BC-084691A115CB}
    [2012/10/04 15:27:51 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{12A3830E-E764-4E85-ACDF-CCD8BEF3674A}
    [2012/10/03 17:04:43 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{3A13BFC4-95D8-469C-B780-B567E825371A}
    [2012/10/02 16:01:46 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{A05A0ECA-8C7C-4AFE-9A65-589BF46EE8C7}
    [2012/10/01 18:17:02 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{899BF719-8DE7-4845-8A29-81BE3534B388}
    [2012/10/01 16:10:09 | 000,038,912 | ---- | C] (Absolute Software Corporation) -- C:\Windows\SysWow64\identprv.dll
    [2012/09/30 09:23:21 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{7845DACA-8CB2-40BA-86F6-D841F67CCC46}
    [2012/09/29 07:04:54 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{0D6ACF0F-A93D-43E3-910F-A683DBAC7690}
    [2012/09/27 15:09:45 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{83C1E754-AF8D-418E-9DF8-08E00B671C20}
    [2012/09/26 18:37:35 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{E680FD49-273E-47D2-B24D-2FEFBB59C8A6}
    [2012/09/25 19:09:14 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{A3CD9CC7-4912-419E-81C3-81AA16D60B44}
    [2012/09/24 17:21:51 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{3BD60750-A904-4FFA-A8C7-85D450363123}
    [2012/09/23 20:38:29 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{F098413E-E56C-4E3B-B384-DFE2F9CFC646}
    [2012/09/22 19:06:20 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{F34C45D1-AC7B-457C-A53D-14DAE1669BC2}
    [2012/09/21 17:45:19 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{52F8F118-0E7C-44C3-96C8-A5FDBA5FF281}
    [2012/09/20 16:33:30 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{774E50B8-99C4-4694-9A93-E4124D9F85E0}
    [2012/09/19 16:43:34 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{22E0198D-E899-4329-A9E6-EC5C0B3FD851}
    [2012/09/18 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{E41BC32C-DB30-4CDB-9414-537F7050271D}
    [2012/09/17 15:13:30 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{FF7BDED2-30D5-479E-BEC0-93B69BB821A7}
    [2012/09/16 18:17:04 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{6FA8EE90-94FF-4A83-B8F1-AE6094663A00}
    [2012/09/15 09:38:08 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{EDE2D357-DFE7-4167-885F-2CC4891AA4FC}
    [2012/09/14 19:05:14 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{FC7D132C-2B7A-4B40-BE9B-48343F30948F}
    [2012/09/13 15:13:05 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{2AC906E7-952F-471E-BB65-FDBE77E71ACB}
    [2012/09/12 16:01:54 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{9F614F6F-8A70-4E74-BD0A-7F4193FAC31A}

    ========== Files - Modified Within 30 Days ==========

    [2012/10/11 20:32:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/11 20:24:08 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3223265864-3949170350-323350453-1000UA.job
    [2012/10/11 20:11:10 | 000,015,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/11 20:11:10 | 000,015,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/11 20:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/11 20:07:50 | 000,933,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/11 20:07:50 | 000,760,430 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/11 20:07:50 | 000,163,944 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/11 20:06:34 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
    [2012/10/11 20:06:26 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
    [2012/10/11 20:06:05 | 000,013,160 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\Upgrd.exe
    [2012/10/11 20:05:57 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
    [2012/10/11 20:03:53 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/11 20:03:02 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
    [2012/10/11 20:02:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/11 20:01:55 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
    [2012/10/10 21:09:13 | 004,965,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/10/10 19:34:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/10 19:14:37 | 000,001,302 | ---- | M] () -- C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla y Selector de OneNote 2010.lnk
    [2012/10/10 15:38:09 | 000,000,994 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3223265864-3949170350-323350453-1000Core.job
    [2012/10/08 18:39:16 | 002,193,278 | ---- | M] () -- D:\Oscar\Desktop\tdsskiller.zip
    [2012/10/07 19:12:23 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/10/07 14:17:29 | 000,000,105 | ---- | M] () -- C:\ProgramData\.sdplic
    [2012/10/07 12:36:15 | 000,007,620 | ---- | M] () -- C:\Users\Oscar\AppData\Local\resmon.resmoncfg
    [2012/09/29 13:38:33 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

    ========== Files Created - No Company Name ==========

    [2012/10/10 19:17:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/10 19:17:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/10 19:17:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/10 19:17:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/10 19:17:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/08 18:47:01 | 002,193,278 | ---- | C] () -- D:\Oscar\Desktop\tdsskiller.zip
    [2012/10/07 14:07:31 | 000,000,105 | ---- | C] () -- C:\ProgramData\.sdplic
    [2012/06/10 09:23:52 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
    [2012/04/25 19:31:49 | 000,000,042 | ---- | C] () -- C:\Users\Oscar\dlmgr_.pro
    [2011/10/08 11:19:55 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
    [2011/09/27 12:16:55 | 000,000,000 | ---- | C] () -- C:\Windows\TSWiz.INI
    [2011/09/15 12:24:33 | 000,000,650 | ---- | C] () -- C:\Windows\LWBRWS32.INI
    [2011/09/14 18:13:09 | 000,795,479 | ---- | C] () -- C:\Users\Oscar\ARCLOG110914_181113_3008.RLG
    [2011/09/14 18:09:42 | 000,795,479 | ---- | C] () -- C:\Users\Oscar\ARCLOG110914_180936_5952.RLG
    [2011/09/14 18:01:31 | 000,795,479 | ---- | C] () -- C:\Users\Oscar\ARCLOG110914_180115_7104.RLG
    [2011/08/13 16:26:19 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
    [2011/07/13 08:50:42 | 000,000,000 | ---- | C] () -- C:\Users\Oscar\AppData\Local\{5920A7BF-924A-412F-A772-AFB7DA2B4E57}
    [2011/06/18 15:16:47 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2011/06/18 15:16:43 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2011/06/18 15:16:43 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011/06/18 15:16:43 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011/05/11 09:53:09 | 000,000,000 | ---- | C] () -- C:\Users\Oscar\AppData\Local\{4146A280-0AD0-4B5C-9EFC-6DCD28897845}
    [2011/05/11 09:51:16 | 000,000,000 | ---- | C] () -- C:\Users\Oscar\AppData\Local\{77444AED-118B-4931-8269-D3C2DBE9C361}
    [2011/05/03 20:07:00 | 000,000,000 | ---- | C] () -- C:\Users\Oscar\AppData\Local\{DC2F5DC8-5F24-41B0-AFE0-1FEF39593B6B}
    [2011/04/15 16:47:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/12/17 16:04:28 | 000,000,268 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2010/11/27 22:57:38 | 000,000,218 | ---- | C] () -- C:\Users\Oscar\.recently-used.xbel
    [2010/08/17 12:38:07 | 000,000,600 | ---- | C] () -- C:\Users\Oscar\AppData\Local\PUTTY.RND
    [2010/08/17 10:59:03 | 000,000,093 | ---- | C] () -- C:\Users\Oscar\AppData\Local\fusioncache.dat
    [2010/08/17 10:28:34 | 000,000,600 | ---- | C] () -- C:\Users\Oscar\AppData\Roaming\winscp.rnd
    [2010/04/13 11:36:27 | 000,000,000 | ---- | C] () -- C:\Users\Oscar\bcdedit
    [2010/04/01 19:25:45 | 000,006,144 | ---- | C] () -- C:\Users\Oscar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/03/10 09:42:19 | 000,007,620 | ---- | C] () -- C:\Users\Oscar\AppData\Local\resmon.resmoncfg
    [2010/03/09 15:21:42 | 000,041,571 | ---- | C] () -- C:\Users\Oscar\AppData\Local\Perfmon.PerfmonCfg

    ========== ZeroAccess Check ==========

    [2009/07/14 00:00:09 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "ThreadingModel" = Both
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/08/07 19:13:27 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\adma
    [2010/08/17 12:31:49 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Ascential Software
    [2012/08/04 21:23:16 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\BitTorrent
    [2011/05/21 22:11:40 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\BSplayer
    [2010/10/29 21:57:38 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\BSplayer Pro
    [2011/09/09 22:00:36 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\calibre
    [2011/10/08 11:34:42 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Canneverbe Limited
    [2011/06/24 21:22:57 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2011/07/10 14:03:00 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\CompleteFCE
    [2011/10/23 20:26:19 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Crayon Physics Deluxe
    [2010/04/15 17:53:43 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\DemoMate
    [2012/10/11 20:04:06 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Dropbox
    [2011/12/20 18:13:13 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\GHISLER
    [2012/08/04 21:29:29 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\GrabPro
    [2010/11/27 22:56:15 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\gtk-2.0
    [2012/10/07 12:28:05 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\IBM
    [2010/08/17 11:13:53 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\IBM Corporation
    [2010/04/09 11:01:20 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\IsolatedStorage
    [2011/08/11 18:26:04 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\NCR
    [2010/04/01 19:38:54 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Nokia
    [2012/07/06 22:01:51 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Nokia Ovi Suite
    [2012/07/06 22:23:51 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Nokia Suite
    [2011/08/15 18:36:29 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Notepad++
    [2011/08/25 22:19:49 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\OpenCandy
    [2012/09/02 21:56:17 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\PC Suite
    [2010/03/29 11:18:02 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Quest Software
    [2012/10/07 14:13:54 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Rational
    [2011/04/09 20:04:07 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Rovio
    [2010/03/29 11:17:40 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Software
    [2010/11/27 22:56:44 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Subversion
    [2012/02/08 21:48:45 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\TeamViewer
    [2010/08/25 20:44:36 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Telefónica Móviles
    [2010/09/19 10:45:46 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\vghd
    [2011/10/07 20:49:32 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\VoipRaider
    [2011/04/06 12:10:55 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B3DC73B7

    < End of report >
     
  16. OscarZ

    OscarZ TS Rookie Topic Starter Posts: 48

    OTL Extras logfile created on: 11/10/2012 20:33:31 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oscar\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000240A | Country: Colombia | Language: ESO | Date Format: dd/MM/yyyy

    3,96 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,76% Memory free
    7,92 Gb Paging File | 6,42 Gb Available in Paging File | 81,03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 50,00 Gb Total Space | 4,47 Gb Free Space | 8,93% Space Free | Partition Type: NTFS
    Drive D: | 182,79 Gb Total Space | 42,73 Gb Free Space | 23,38% Space Free | Partition Type: NTFS

    Computer Name: DELL_1320 | User Name: Oscar | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3223265864-3949170350-323350453-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .ini [@ = UltraEdit.ini] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
    .txt [@ = UltraEdit.txt] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 61 01 DA 5A 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallDisableNotify" = 0
    "FirewallOverride" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{09A255DB-1109-405D-AEA6-3538174398C3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{0CAE36C7-5830-47F2-B056-29CC0D9EE3F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{564E42D6-2AD0-4A53-8C62-EE2964DC02CF}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{773DE390-D85D-4E67-81D5-C3C08B05D248}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A8B848EC-8580-4EE4-BF90-AE1C363A9C0E}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B49CF6E0-4ED1-47C5-AD76-D880572E0B26}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{B8CADB0A-F483-45B1-B429-101DD0AC1736}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F3621DE5-5B08-46FC-A070-4AA57AB70CF8}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{99D29E74-24A1-42DE-BC11-502B130DC93B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DBB2A9D5-7227-41D1-8AFB-9B0A87BBFB8A}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{DFC19B66-8B17-4EAC-8A86-680B69A219CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{30275939-0100-0901-9ABB-000BDB5CF35D}" = MKS Platform Components 9.x
    "{378265EA-9F43-412C-B5FC-600786F9A337}" = Citrix Access Gateway Plug-in
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
    "{4DD94157-4884-41CD-A37B-B5D08ADDDE7C}" = O2Micro Flash Memory Card Windows Driver
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
    "{5773DF0D-D161-4EE4-B5A7-50954FFAD15A}" = Teradata GSS Client nt-x8664
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
    "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
    "{7D481DFF-88C5-4685-B0EA-D167F0B46CF1}" = Microsoft Antimalware Service ES-ES Language Pack
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{7FDEE02F-41FF-49B1-BA4E-3F80805EF0BD}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2010
    "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{AAE78E39-FAAF-4C19-A63E-BDED7428FDE1}" = Roxio Drag-to-Disc
    "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
    "{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{D23530E5-B0D1-48E4-884B-2E542A809CB8}" = Teradata CLIv2 nt-x8664 13.0.0.1
    "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client ES-ES Language Pack
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FE6858CC-F495-4ABB-9607-04F61DDFAAA9}" = Shared ICU Libraries for Teradata nt-x8664 13.0.0.1
    "Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
    "EPSON NX100 Series" = EPSON NX100 Series Printer Uninstall
    "EPSON TX105 Series" = Desinstalador de impresoras EPSON TX105 Series
    "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
    "{0428932D-FEAE-4FA2-953B-0437ABE9ADF3}_is1" = Movie Subtitles Searcher 1.0
    "{0517CC15-921A-4FC1-BDB6-7B1FA42B02A6}" = Teradata CLIv2
    "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
    "{0887FEE5-B433-4F8F-94F4-470B83B7C391}" = UltraEdit 16.00
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
    "{0DF70CB6-553A-4C57-8E6D-87635EECFB78}" = REALTEK Wireless LAN Driver and Utility
    "{0DF8B969-B0F6-4675-848A-ABED5CD2418D}" = Teradata CLIv2 13.0.0.1
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{11EF223E-CCCB-4BCC-918D-EA4E59FD05EF}" = UltraCompare v8.10
    "{130747D0-0547-4D6D-B6AA-E8CFE2E641CA}" = Teradata Parallel Transporter API
    "{13A449C3-D9FF-4930-9F76-23E396F3D938}" = Shared ICU Libraries for Teradata 13.10.0.2
    "{1660F270-4E4C-4A14-BCA3-0C8664D19B51}" = Teradata Index Wizard
    "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
    "{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
    "{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007
    "{27035F95-A5F6-49AC-88BD-530C2E0E34AD}" = Teradata Parallel Transporter Export Operator
    "{27DBD88D-E2CF-4FEB-B2BD-255321F20BB7}" = PAL v1.3.4.3
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2BBE1C8D-9775-4DA6-8498-92CFA129ED23}" = Teradata GSS Client nt-i386
    "{3027C936-1E82-43A8-87A2-B2E7F8FCD6E5}" = Spotlight on SQL Server
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{36AB0011-DCC1-43BE-A0F6-F4DCC93C5183}" = Teradata Parallel Transporter Stream Operator
    "{3A7CCC8B-F674-4577-9128-2A5B1AA53584}" = Teradata Administrator 13.0.0.2
    "{3CB70B01-4BC8-4C0F-B28F-7C6E33F913CC}" = Gtk# for .Net 2.12.9
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AC23178-EEBC-4BAF-8CC0-AB15C8897AC9}" = Log Parser 2.2
    "{4CA5E49B-D0FF-456A-A730-28F8876334EE}" = Teradata Performance Monitor
    "{4E955EA9-5D58-4AB2-91D0-995636F967DD}" = Speech Module
    "{4EB40A7E-3D36-4723-9DE3-A2C6427E00DE}" = GACRegSetup
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57114D23-8C46-40C3-A215-AAF2216D015B}" = meta<browser/>
    "{574C9B79-3BBB-4050-94DC-7E3DD780F658}" = Teradata Data Connector
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
    "{5EB50458-4EFF-4EBF-B9C7-C306B6501833}" = Teradata Workload Analyzer
    "{5F2C2C07-3313-42D9-8059-CA08AB596909}" = Teradata MultiLoad
    "{5F8C62AC-E8BE-489F-B17B-92C7EE392D3D}" = Teradata GSS Client nt-i386
    "{60627AF4-D06A-4CD0-9A48-8011C5FE6644}" = Teradata ARC
    "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{6255A607-8881-4B02-9859-B4F3C798F7F9}" = Teradata SQL Assistant 12.0.0.11
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{67BAAA26-AA7D-40B7-8EFF-17D720391A33}" = .NET Data Provider for Teradata
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6CBC76C8-7B90-4A89-8472-E7E3A8A7731A}" = Teradata Parallel Transporter Update Operator
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{70EE223B-BDC9-4BC2-8B2B-D212D800694E}" = Teradata Dynamic Workload Manager
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7288F593-AF9E-4A78-BB7D-B39779925406}" = Teradata C PP2
    "{73797DDB-5F24-458E-9AE9-2F1C762D4610}" = Teradata OLE DB Access Module
    "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
    "{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
    "{873241FB-8FC9-4B94-905D-ECB30980F74E}" = Teradata TPump
    "{89A48D6A-19C9-4127-AE37-8E11CA08E893}_is1" = Rummi version 7.0.3
    "{89B4078C-085C-4C05-B2F5-DE34BB1B2981}" = Teradata Manager
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8AFBC2EB-BB17-43C8-8AE0-5B7961A4A217}" = Shared ICU Libraries for Teradata
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EEA1427-5C0D-469F-9FC6-A622A99D98EB}" = Trixie
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
    "{90120000-001F-0403-0000-0000000FF1CE}_PRJPRO_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0403-0000-0000000FF1CE}_VISPRO_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
    "{90120000-001F-0416-0000-0000000FF1CE}_PRJPRO_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0416-0000-0000000FF1CE}_VISPRO_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
    "{90120000-001F-042D-0000-0000000FF1CE}_PRJPRO_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-042D-0000-0000000FF1CE}_VISPRO_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
    "{90120000-001F-0456-0000-0000000FF1CE}_PRJPRO_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0456-0000-0000000FF1CE}_VISPRO_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0C0A-1000-0000000FF1CE}_PRJPRO_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0C0A-1000-0000000FF1CE}_VISPRO_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
    "{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
    "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
    "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{90120000-0054-0C0A-0000-0000000FF1CE}" = Microsoft Office Visio MUI (Spanish) 2007
    "{90120000-0054-0C0A-0000-0000000FF1CE}_VISPRO_{C2517308-0210-4C8F-B379-92DB24ED9EFA}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
    "{90120000-006E-0C0A-0000-0000000FF1CE}_PRJPRO_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0C0A-0000-0000000FF1CE}_VISPRO_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
    "{90120000-00B4-0C0A-0000-0000000FF1CE}" = Microsoft Office Project MUI (Spanish) 2007
    "{90120000-00B4-0C0A-0000-0000000FF1CE}_PRJPRO_{D9517C24-C049-42D6-8BE6-5C888032D1E1}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2010
    "{90140000-0015-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2010
    "{90140000-0016-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2010
    "{90140000-0018-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2010
    "{90140000-0019-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2010
    "{90140000-001A-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2010
    "{90140000-001B-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
    "{90140000-001F-0403-0000-0000000FF1CE}_Office14.PROPLUS_{F030E098-C2CC-4056-971E-4D3AB0F55517}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
    "{90140000-001F-0416-0000-0000000FF1CE}_Office14.PROPLUS_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
    "{90140000-001F-042D-0000-0000000FF1CE}_Office14.PROPLUS_{C6E07E58-897F-4686-A498-764B9D404F09}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
    "{90140000-001F-0456-0000-0000000FF1CE}_Office14.PROPLUS_{6CA060C9-FAFB-4A51-B533-A6AEE1A325BE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{ED7E1546-A5BC-407C-8321-94D6DAF9B5A7}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2010
    "{90140000-002C-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DBE2E9A2-A47F-42A9-A1CF-3B6665A9714A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2010
    "{90140000-0044-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2010
    "{90140000-006E-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{7FF53332-4A24-4F40-946E-C58B6326063C}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2010
    "{90140000-00A1-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2010
    "{90140000-00BA-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{9027F2E8-9F71-40F0-8737-C37A36C3EF5E}" = Teradata Administrator 12.0
    "{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}" = Windows Live Sync
    "{917AEC1A-3E68-4C4D-8948-40243D7236F1}" = Subsync
    "{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{93A78C72-983D-422B-8989-06839D5062DA}" = Teradata Parallel Transporter Load Operator
    "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    "{95140000-007F-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{97C65880-5B22-4165-946B-928AA7AFE1FD}" = WebSphere Access Module for Teradata
    "{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO
    "{9DB45B07-E5A1-49A0-A31A-E4971010C2CF}" = ODBC Driver for Teradata 13.10.0.5
    "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
    "{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A76690BB-90C3-4633-A4DA-CF2E56BABB67}" = Teradata Studio Express 14.00
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
    "{AC76BA86-7AD7-1034-7B44-A95000000001}" = Adobe Reader 9.5.2 - Español
    "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{B3F8B75D-9E1C-4927-BAAA-A57601FBD133}" = Teradata Access Module For JMS
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
    "{BAA4F196-E731-415B-A330-A046A8339C72}_is1" = Uninstall AdeptSQL Diff
    "{BCC57687-98A2-4C4C-B0F8-BC6B6F52D4E3}" = Retrospect Express HD 2.5
    "{BFC218D7-5BCA-41A1-B585-E75E1DCD56A6}" = Media Browser
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{C8C0931D-2F99-463A-A268-B86955DC5096}" = WinMVCInstaller
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFE8A4E5-8E8E-4B17-A8E9-1DBC7B05E691}" = Teradata Named Pipes Access Module
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D05F4A13-8EC6-4A6A-81BD-0EDB0B99391A}" = TPT Infrastructure
    "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
    "{D10B629F-9CD7-447C-8CD6-28A8FA24C71C}" = Teradata FastExport
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DA5873B5-6262-11D4-8ABC-00C04F5F14B8}" = AllFusion ERwin Data Modeler
    "{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
    "{DB76EB4F-A3B5-49BF-AEAA-4D51D61E9E5C}" = Teradata FastLoad
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
    "{E0649555-ACA7-4E2D-9490-0AEB158693EF}" = Visual CertExam Suite 1.9
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F07F0BCD-5C6D-4499-9F05-6ED747078A72}" = Windows Support Tools
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F1A133E9-B426-44C1-8A0D-9D7125466232}" = Teradata Visual Explain
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
    "ActiveScan 2.0" = Panda ActiveScan 2.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon Kindle" = Amazon Kindle
    "Aqua Data Studio 9.0 - 32bit" = Aqua Data Studio 9.0 - 32bit
    "BitTorrent" = BitTorrent
    "BS_Player Toolbar" = BS_Player Toolbar
    "BSPlayerf" = BS.Player FREE
    "CCleaner" = CCleaner
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
    "Digital Editions" = Adobe Digital Editions
    "EPSON Scanner" = EPSON Scan
    "Escritorio movistar Latam" = Movistar
    "FLV Player" = FLV Player 2.0 (build 25)
    "GoogleBooks" = Google Books Download
    "HUAWEI DataCard Driver" = HUAWEI DataCard Driver 3.10.02.00
    "IBM Installation Manager" = IBM Installation Manager
    "ibm_websphere_information_server540762011" = IBM Information Server
    "ImageX control_is1" = ImageX control version 3.7
    "IM-IBM InfoSphere" = IBM InfoSphere
    "InstallShield_{11EF223E-CCCB-4BCC-918D-EA4E59FD05EF}" = UltraCompare v8.10
    "InstallShield_{130747D0-0547-4D6D-B6AA-E8CFE2E641CA}" = Teradata Parallel Transporter API 13.0.0.2
    "InstallShield_{27035F95-A5F6-49AC-88BD-530C2E0E34AD}" = Teradata Parallel Transporter Export Operator 13.0
    "InstallShield_{36AB0011-DCC1-43BE-A0F6-F4DCC93C5183}" = Teradata Parallel Transporter Stream Operator 13.0.0.2
    "InstallShield_{4CA5E49B-D0FF-456A-A730-28F8876334EE}" = Teradata Performance Monitor 12.0
    "InstallShield_{4DD94157-4884-41CD-A37B-B5D08ADDDE7C}" = O2Micro Flash Memory Card Windows Driver
    "InstallShield_{574C9B79-3BBB-4050-94DC-7E3DD780F658}" = Teradata Data Connector 13.0.0.2
    "InstallShield_{5F2C2C07-3313-42D9-8059-CA08AB596909}" = Teradata MultiLoad 12.0.0.2
    "InstallShield_{60627AF4-D06A-4CD0-9A48-8011C5FE6644}" = Teradata ARC 12.0.0.4
    "InstallShield_{67BAAA26-AA7D-40B7-8EFF-17D720391A33}" = .NET Data Provider for Teradata 13.01
    "InstallShield_{6CBC76C8-7B90-4A89-8472-E7E3A8A7731A}" = Teradata Parallel Transporter Update Operator 13.0.0.2
    "InstallShield_{70EE223B-BDC9-4BC2-8B2B-D212D800694E}" = Teradata Dynamic Workload Manager 12.0.0.2
    "InstallShield_{7288F593-AF9E-4A78-BB7D-B39779925406}" = Teradata C PP2 12.0.0.1
    "InstallShield_{73797DDB-5F24-458E-9AE9-2F1C762D4610}" = Teradata OLE DB Access Module 12.0
    "InstallShield_{873241FB-8FC9-4B94-905D-ECB30980F74E}" = Teradata TPump 12.0.0.2
    "InstallShield_{89B4078C-085C-4C05-B2F5-DE34BB1B2981}" = Teradata Manager 12.0.0.3
    "InstallShield_{8AFBC2EB-BB17-43C8-8AE0-5B7961A4A217}" = Shared ICU Libraries for Teradata 12.0
    "InstallShield_{93A78C72-983D-422B-8989-06839D5062DA}" = Teradata parallel Transporter Load Operator 13.0.0.2
    "InstallShield_{97C65880-5B22-4165-946B-928AA7AFE1FD}" = WebSphere Access Module for Teradata 12.0
    "InstallShield_{B3F8B75D-9E1C-4927-BAAA-A57601FBD133}" = Teradata Access Module For JMS 12.0
    "InstallShield_{CFE8A4E5-8E8E-4B17-A8E9-1DBC7B05E691}" = Teradata Named Pipes Access Module 12.0.0.2
    "InstallShield_{D05F4A13-8EC6-4A6A-81BD-0EDB0B99391A}" = Teradata Parallel Transporter Infrastructure 13.0.0.2
    "InstallShield_{D10B629F-9CD7-447C-8CD6-28A8FA24C71C}" = Teradata FastExport 12.0.0.1
    "InstallShield_{DB76EB4F-A3B5-49BF-AEAA-4D51D61E9E5C}" = Teradata FastLoad 12.0.0.4
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.2.0 (Full)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Nokia Suite" = Nokia Suite
    "Notepad++" = Notepad++
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "PowerISO" = PowerISO
    "PRJPRO" = Microsoft Office Project Professional 2007
    "Quest Installer" = Quest Installer
    "TeamViewer 7" = TeamViewer 7
    "Telmex 1.5_is1" = Telmex 1.5.20.1
    "Teradata ARC" = Teradata ARC 12.0.0.4
    "Teradata C PP2" = Teradata C PP2 12.0.0.1
    "Teradata CLIv2" = Teradata CLIv2 12.0.0.2
    "Teradata Express Tools" = Teradata Express Tools 13.0
    "Teradata Index Wizard 12.0" = Teradata Index Wizard 12.0.0.4
    "Teradata OLE DB Access Module" = Teradata OLE DB Access Module 12.0
    "Teradata Visual Explain 12.0" = Teradata Visual Explain 12.0.0.3
    "Teradata Workload Analyzer 12.0" = Teradata Workload Analyzer 12.0.0.1
    "Totalcmd" = Total Commander (Remove or Repair)
    "URL Helper_is1" = URL Helper
    "VirtualCloneDrive" = VirtualCloneDrive
    "VISPRO" = Microsoft Office Visio Professional 2007
    "VLC media player" = VLC media player 1.1.9
    "VMware_Workstation" = VMware Workstation
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.1

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3223265864-3949170350-323350453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "f031ef6ac137efc5" = Dell Driver Download Manager
    "JoinMe" = join.me

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 07/10/2012 20:06:28 | Computer Name = Dell_1320 | Source = Microsoft Security Client Setup | ID = 100
    Description = HRESULT:0x8004FF36 Description:Cannot upgrade Microsoft Security Essentials..
    The language of this upgrade package is different than the language used in your
    original Security Essentials installation. Error code:0x8004FF36.

    Error - 07/10/2012 20:31:53 | Computer Name = Dell_1320 | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: The RPC server is unavailable. .

    Error - 07/10/2012 20:41:20 | Computer Name = Dell_1320 | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: The RPC server is unavailable. .

    Error - 07/10/2012 21:26:36 | Computer Name = Dell_1320 | Source = vmauthd | ID = 100
    Description = StartServiceCtrlDispatcher error = 1063

    Error - 08/10/2012 20:36:46 | Computer Name = Dell_1320 | Source = Application Error | ID = 1000
    Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
    0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
    0x12d8 Faulting application start time: 0x01cda5b4444482ac Faulting application path:
    F:\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 6744f9ce-11a9-11e2-8e42-a8e600b1ab8a

    Error - 08/10/2012 20:41:40 | Computer Name = Dell_1320 | Source = Application Error | ID = 1000
    Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
    0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
    0x7f4 Faulting application start time: 0x01cda5b63dcec559 Faulting application path:
    D:\Oscar\Desktop\aaaaa\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 166e4153-11aa-11e2-8e42-a8e600b1ab8a

    Error - 08/10/2012 21:03:55 | Computer Name = Dell_1320 | Source = Application Error | ID = 1000
    Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
    0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e41b Faulting process id:
    0xff8 Faulting application start time: 0x01cda5b714c7d369 Faulting application path:
    D:\Oscar\Desktop\aaaaa\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 32570f1f-11ad-11e2-8e42-a8e600b1ab8a

    Error - 08/10/2012 22:56:54 | Computer Name = Dell_1320 | Source = Application Error | ID = 1000
    Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
    0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
    0x61c Faulting application start time: 0x01cda5c9481cdec1 Faulting application path:
    D:\Oscar\Desktop\aaaaa\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: fa9ed3f4-11bc-11e2-94c8-979d7528c9bf

    Error - 08/10/2012 23:00:35 | Computer Name = Dell_1320 | Source = Application Error | ID = 1000
    Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
    0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
    0x7e8 Faulting application start time: 0x01cda5c9d8a0a9a4 Faulting application path:
    D:\Oscar\Desktop\aaaaa\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 7eaceae8-11bd-11e2-94c8-979d7528c9bf

    Error - 10/10/2012 13:46:17 | Computer Name = Dell_1320 | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: a30 Start
    Time: 01cda70f0d9ec768 Termination Time: 25 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    Error - 10/10/2012 20:10:39 | Computer Name = Dell_1320 | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: d54 Start
    Time: 01cda7447ed818f8 Termination Time: 75 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    [ Media Center Events ]
    Error - 28/02/2012 11:11:47 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 10:11:47 a.m. - Error connecting to the internet. 10:11:47 a.m. -
    Unable to contact server..

    Error - 28/02/2012 11:12:40 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 10:12:34 a.m. - Error connecting to the internet. 10:12:34 a.m. -
    Unable to contact server..

    Error - 28/02/2012 12:13:35 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 11:13:35 a.m. - Error connecting to the internet. 11:13:35 a.m. -
    Unable to contact server..

    Error - 28/02/2012 12:14:27 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 11:14:22 a.m. - Error connecting to the internet. 11:14:22 a.m. -
    Unable to contact server..

    Error - 28/02/2012 13:15:16 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 12:15:16 p.m. - Error connecting to the internet. 12:15:16 p.m. -
    Unable to contact server..

    Error - 28/02/2012 13:16:05 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 12:16:03 p.m. - Error connecting to the internet. 12:16:03 p.m. -
    Unable to contact server..

    Error - 28/02/2012 14:17:03 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 01:17:03 p.m. - Error connecting to the internet. 01:17:03 p.m. -
    Unable to contact server..

    Error - 28/02/2012 14:17:52 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 01:17:50 p.m. - Error connecting to the internet. 01:17:50 p.m. -
    Unable to contact server..

    Error - 29/02/2012 11:44:13 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 10:44:13 a.m. - Error connecting to the internet. 10:44:13 a.m. -
    Unable to contact server..

    Error - 29/02/2012 11:45:06 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 10:45:00 a.m. - Error connecting to the internet. 10:45:00 a.m. -
    Unable to contact server..

    [ System Events ]
    Error - 10/10/2012 22:10:56 | Computer Name = Dell_1320 | Source = Service Control Manager | ID = 7000
    Description = The VMware USB Arbitration Service service failed to start due to
    the following error: %%1053

    Error - 10/10/2012 22:15:15 | Computer Name = Dell_1320 | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 09:12:49 p.m. on ?10/?10/?2012 was
    unexpected.

    Error - 10/10/2012 22:17:31 | Computer Name = Dell_1320 | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the VMware
    USB Arbitration Service service to connect.

    Error - 10/10/2012 22:17:31 | Computer Name = Dell_1320 | Source = Service Control Manager | ID = 7000
    Description = The VMware USB Arbitration Service service failed to start due to
    the following error: %%1053

    Error - 11/10/2012 10:44:50 | Computer Name = Dell_1320 | Source = Service Control Manager | ID = 7011
     
  17. OscarZ

    OscarZ TS Rookie Topic Starter Posts: 48

    OTL Extras logfile created on: 11/10/2012 20:33:31 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oscar\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000240A | Country: Colombia | Language: ESO | Date Format: dd/MM/yyyy

    3,96 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,76% Memory free
    7,92 Gb Paging File | 6,42 Gb Available in Paging File | 81,03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 50,00 Gb Total Space | 4,47 Gb Free Space | 8,93% Space Free | Partition Type: NTFS
    Drive D: | 182,79 Gb Total Space | 42,73 Gb Free Space | 23,38% Space Free | Partition Type: NTFS

    Computer Name: DELL_1320 | User Name: Oscar | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3223265864-3949170350-323350453-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .ini [@ = UltraEdit.ini] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
    .txt [@ = UltraEdit.txt] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 61 01 DA 5A 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallDisableNotify" = 0
    "FirewallOverride" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{09A255DB-1109-405D-AEA6-3538174398C3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{0CAE36C7-5830-47F2-B056-29CC0D9EE3F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{564E42D6-2AD0-4A53-8C62-EE2964DC02CF}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{773DE390-D85D-4E67-81D5-C3C08B05D248}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A8B848EC-8580-4EE4-BF90-AE1C363A9C0E}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B49CF6E0-4ED1-47C5-AD76-D880572E0B26}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{B8CADB0A-F483-45B1-B429-101DD0AC1736}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F3621DE5-5B08-46FC-A070-4AA57AB70CF8}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{99D29E74-24A1-42DE-BC11-502B130DC93B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DBB2A9D5-7227-41D1-8AFB-9B0A87BBFB8A}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{DFC19B66-8B17-4EAC-8A86-680B69A219CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{30275939-0100-0901-9ABB-000BDB5CF35D}" = MKS Platform Components 9.x
    "{378265EA-9F43-412C-B5FC-600786F9A337}" = Citrix Access Gateway Plug-in
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
    "{4DD94157-4884-41CD-A37B-B5D08ADDDE7C}" = O2Micro Flash Memory Card Windows Driver
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
    "{5773DF0D-D161-4EE4-B5A7-50954FFAD15A}" = Teradata GSS Client nt-x8664
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
    "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
    "{7D481DFF-88C5-4685-B0EA-D167F0B46CF1}" = Microsoft Antimalware Service ES-ES Language Pack
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{7FDEE02F-41FF-49B1-BA4E-3F80805EF0BD}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2010
    "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{AAE78E39-FAAF-4C19-A63E-BDED7428FDE1}" = Roxio Drag-to-Disc
    "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
    "{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{D23530E5-B0D1-48E4-884B-2E542A809CB8}" = Teradata CLIv2 nt-x8664 13.0.0.1
    "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client ES-ES Language Pack
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FE6858CC-F495-4ABB-9607-04F61DDFAAA9}" = Shared ICU Libraries for Teradata nt-x8664 13.0.0.1
    "Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
    "EPSON NX100 Series" = EPSON NX100 Series Printer Uninstall
    "EPSON TX105 Series" = Desinstalador de impresoras EPSON TX105 Series
    "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
    "{0428932D-FEAE-4FA2-953B-0437ABE9ADF3}_is1" = Movie Subtitles Searcher 1.0
    "{0517CC15-921A-4FC1-BDB6-7B1FA42B02A6}" = Teradata CLIv2
    "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
    "{0887FEE5-B433-4F8F-94F4-470B83B7C391}" = UltraEdit 16.00
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
    "{0DF70CB6-553A-4C57-8E6D-87635EECFB78}" = REALTEK Wireless LAN Driver and Utility
    "{0DF8B969-B0F6-4675-848A-ABED5CD2418D}" = Teradata CLIv2 13.0.0.1
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{11EF223E-CCCB-4BCC-918D-EA4E59FD05EF}" = UltraCompare v8.10
    "{130747D0-0547-4D6D-B6AA-E8CFE2E641CA}" = Teradata Parallel Transporter API
    "{13A449C3-D9FF-4930-9F76-23E396F3D938}" = Shared ICU Libraries for Teradata 13.10.0.2
    "{1660F270-4E4C-4A14-BCA3-0C8664D19B51}" = Teradata Index Wizard
    "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
    "{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
    "{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007
    "{27035F95-A5F6-49AC-88BD-530C2E0E34AD}" = Teradata Parallel Transporter Export Operator
    "{27DBD88D-E2CF-4FEB-B2BD-255321F20BB7}" = PAL v1.3.4.3
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2BBE1C8D-9775-4DA6-8498-92CFA129ED23}" = Teradata GSS Client nt-i386
    "{3027C936-1E82-43A8-87A2-B2E7F8FCD6E5}" = Spotlight on SQL Server
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{36AB0011-DCC1-43BE-A0F6-F4DCC93C5183}" = Teradata Parallel Transporter Stream Operator
    "{3A7CCC8B-F674-4577-9128-2A5B1AA53584}" = Teradata Administrator 13.0.0.2
    "{3CB70B01-4BC8-4C0F-B28F-7C6E33F913CC}" = Gtk# for .Net 2.12.9
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AC23178-EEBC-4BAF-8CC0-AB15C8897AC9}" = Log Parser 2.2
    "{4CA5E49B-D0FF-456A-A730-28F8876334EE}" = Teradata Performance Monitor
    "{4E955EA9-5D58-4AB2-91D0-995636F967DD}" = Speech Module
    "{4EB40A7E-3D36-4723-9DE3-A2C6427E00DE}" = GACRegSetup
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57114D23-8C46-40C3-A215-AAF2216D015B}" = meta<browser/>
    "{574C9B79-3BBB-4050-94DC-7E3DD780F658}" = Teradata Data Connector
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
    "{5EB50458-4EFF-4EBF-B9C7-C306B6501833}" = Teradata Workload Analyzer
    "{5F2C2C07-3313-42D9-8059-CA08AB596909}" = Teradata MultiLoad
    "{5F8C62AC-E8BE-489F-B17B-92C7EE392D3D}" = Teradata GSS Client nt-i386
    "{60627AF4-D06A-4CD0-9A48-8011C5FE6644}" = Teradata ARC
    "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{6255A607-8881-4B02-9859-B4F3C798F7F9}" = Teradata SQL Assistant 12.0.0.11
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{67BAAA26-AA7D-40B7-8EFF-17D720391A33}" = .NET Data Provider for Teradata
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6CBC76C8-7B90-4A89-8472-E7E3A8A7731A}" = Teradata Parallel Transporter Update Operator
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{70EE223B-BDC9-4BC2-8B2B-D212D800694E}" = Teradata Dynamic Workload Manager
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7288F593-AF9E-4A78-BB7D-B39779925406}" = Teradata C PP2
    "{73797DDB-5F24-458E-9AE9-2F1C762D4610}" = Teradata OLE DB Access Module
    "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
    "{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
    "{873241FB-8FC9-4B94-905D-ECB30980F74E}" = Teradata TPump
    "{89A48D6A-19C9-4127-AE37-8E11CA08E893}_is1" = Rummi version 7.0.3
    "{89B4078C-085C-4C05-B2F5-DE34BB1B2981}" = Teradata Manager
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8AFBC2EB-BB17-43C8-8AE0-5B7961A4A217}" = Shared ICU Libraries for Teradata
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EEA1427-5C0D-469F-9FC6-A622A99D98EB}" = Trixie
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
    "{90120000-001F-0403-0000-0000000FF1CE}_PRJPRO_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0403-0000-0000000FF1CE}_VISPRO_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
    "{90120000-001F-0416-0000-0000000FF1CE}_PRJPRO_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0416-0000-0000000FF1CE}_VISPRO_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
    "{90120000-001F-042D-0000-0000000FF1CE}_PRJPRO_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-042D-0000-0000000FF1CE}_VISPRO_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
    "{90120000-001F-0456-0000-0000000FF1CE}_PRJPRO_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0456-0000-0000000FF1CE}_VISPRO_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0C0A-1000-0000000FF1CE}_PRJPRO_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0C0A-1000-0000000FF1CE}_VISPRO_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
    "{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
    "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
    "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{90120000-0054-0C0A-0000-0000000FF1CE}" = Microsoft Office Visio MUI (Spanish) 2007
    "{90120000-0054-0C0A-0000-0000000FF1CE}_VISPRO_{C2517308-0210-4C8F-B379-92DB24ED9EFA}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
    "{90120000-006E-0C0A-0000-0000000FF1CE}_PRJPRO_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0C0A-0000-0000000FF1CE}_VISPRO_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
    "{90120000-00B4-0C0A-0000-0000000FF1CE}" = Microsoft Office Project MUI (Spanish) 2007
    "{90120000-00B4-0C0A-0000-0000000FF1CE}_PRJPRO_{D9517C24-C049-42D6-8BE6-5C888032D1E1}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2010
    "{90140000-0015-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2010
    "{90140000-0016-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2010
    "{90140000-0018-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2010
    "{90140000-0019-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2010
    "{90140000-001A-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2010
    "{90140000-001B-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
    "{90140000-001F-0403-0000-0000000FF1CE}_Office14.PROPLUS_{F030E098-C2CC-4056-971E-4D3AB0F55517}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
    "{90140000-001F-0416-0000-0000000FF1CE}_Office14.PROPLUS_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
    "{90140000-001F-042D-0000-0000000FF1CE}_Office14.PROPLUS_{C6E07E58-897F-4686-A498-764B9D404F09}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
    "{90140000-001F-0456-0000-0000000FF1CE}_Office14.PROPLUS_{6CA060C9-FAFB-4A51-B533-A6AEE1A325BE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{ED7E1546-A5BC-407C-8321-94D6DAF9B5A7}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2010
    "{90140000-002C-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DBE2E9A2-A47F-42A9-A1CF-3B6665A9714A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2010
    "{90140000-0044-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2010
    "{90140000-006E-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{7FF53332-4A24-4F40-946E-C58B6326063C}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2010
    "{90140000-00A1-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2010
    "{90140000-00BA-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{9027F2E8-9F71-40F0-8737-C37A36C3EF5E}" = Teradata Administrator 12.0
    "{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}" = Windows Live Sync
    "{917AEC1A-3E68-4C4D-8948-40243D7236F1}" = Subsync
    "{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{93A78C72-983D-422B-8989-06839D5062DA}" = Teradata Parallel Transporter Load Operator
    "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    "{95140000-007F-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{97C65880-5B22-4165-946B-928AA7AFE1FD}" = WebSphere Access Module for Teradata
    "{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO
    "{9DB45B07-E5A1-49A0-A31A-E4971010C2CF}" = ODBC Driver for Teradata 13.10.0.5
    "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
    "{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A76690BB-90C3-4633-A4DA-CF2E56BABB67}" = Teradata Studio Express 14.00
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
    "{AC76BA86-7AD7-1034-7B44-A95000000001}" = Adobe Reader 9.5.2 - Español
    "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{B3F8B75D-9E1C-4927-BAAA-A57601FBD133}" = Teradata Access Module For JMS
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
    "{BAA4F196-E731-415B-A330-A046A8339C72}_is1" = Uninstall AdeptSQL Diff
    "{BCC57687-98A2-4C4C-B0F8-BC6B6F52D4E3}" = Retrospect Express HD 2.5
    "{BFC218D7-5BCA-41A1-B585-E75E1DCD56A6}" = Media Browser
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{C8C0931D-2F99-463A-A268-B86955DC5096}" = WinMVCInstaller
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFE8A4E5-8E8E-4B17-A8E9-1DBC7B05E691}" = Teradata Named Pipes Access Module
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D05F4A13-8EC6-4A6A-81BD-0EDB0B99391A}" = TPT Infrastructure
    "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
    "{D10B629F-9CD7-447C-8CD6-28A8FA24C71C}" = Teradata FastExport
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DA5873B5-6262-11D4-8ABC-00C04F5F14B8}" = AllFusion ERwin Data Modeler
    "{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
    "{DB76EB4F-A3B5-49BF-AEAA-4D51D61E9E5C}" = Teradata FastLoad
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
    "{E0649555-ACA7-4E2D-9490-0AEB158693EF}" = Visual CertExam Suite 1.9
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F07F0BCD-5C6D-4499-9F05-6ED747078A72}" = Windows Support Tools
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F1A133E9-B426-44C1-8A0D-9D7125466232}" = Teradata Visual Explain
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
    "ActiveScan 2.0" = Panda ActiveScan 2.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon Kindle" = Amazon Kindle
    "Aqua Data Studio 9.0 - 32bit" = Aqua Data Studio 9.0 - 32bit
    "BitTorrent" = BitTorrent
    "BS_Player Toolbar" = BS_Player Toolbar
    "BSPlayerf" = BS.Player FREE
    "CCleaner" = CCleaner
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
    "Digital Editions" = Adobe Digital Editions
    "EPSON Scanner" = EPSON Scan
    "Escritorio movistar Latam" = Movistar
    "FLV Player" = FLV Player 2.0 (build 25)
    "GoogleBooks" = Google Books Download
    "HUAWEI DataCard Driver" = HUAWEI DataCard Driver 3.10.02.00
    "IBM Installation Manager" = IBM Installation Manager
    "ibm_websphere_information_server540762011" = IBM Information Server
    "ImageX control_is1" = ImageX control version 3.7
    "IM-IBM InfoSphere" = IBM InfoSphere
    "InstallShield_{11EF223E-CCCB-4BCC-918D-EA4E59FD05EF}" = UltraCompare v8.10
    "InstallShield_{130747D0-0547-4D6D-B6AA-E8CFE2E641CA}" = Teradata Parallel Transporter API 13.0.0.2
    "InstallShield_{27035F95-A5F6-49AC-88BD-530C2E0E34AD}" = Teradata Parallel Transporter Export Operator 13.0
    "InstallShield_{36AB0011-DCC1-43BE-A0F6-F4DCC93C5183}" = Teradata Parallel Transporter Stream Operator 13.0.0.2
    "InstallShield_{4CA5E49B-D0FF-456A-A730-28F8876334EE}" = Teradata Performance Monitor 12.0
    "InstallShield_{4DD94157-4884-41CD-A37B-B5D08ADDDE7C}" = O2Micro Flash Memory Card Windows Driver
    "InstallShield_{574C9B79-3BBB-4050-94DC-7E3DD780F658}" = Teradata Data Connector 13.0.0.2
    "InstallShield_{5F2C2C07-3313-42D9-8059-CA08AB596909}" = Teradata MultiLoad 12.0.0.2
    "InstallShield_{60627AF4-D06A-4CD0-9A48-8011C5FE6644}" = Teradata ARC 12.0.0.4
    "InstallShield_{67BAAA26-AA7D-40B7-8EFF-17D720391A33}" = .NET Data Provider for Teradata 13.01
    "InstallShield_{6CBC76C8-7B90-4A89-8472-E7E3A8A7731A}" = Teradata Parallel Transporter Update Operator 13.0.0.2
    "InstallShield_{70EE223B-BDC9-4BC2-8B2B-D212D800694E}" = Teradata Dynamic Workload Manager 12.0.0.2
    "InstallShield_{7288F593-AF9E-4A78-BB7D-B39779925406}" = Teradata C PP2 12.0.0.1
    "InstallShield_{73797DDB-5F24-458E-9AE9-2F1C762D4610}" = Teradata OLE DB Access Module 12.0
    "InstallShield_{873241FB-8FC9-4B94-905D-ECB30980F74E}" = Teradata TPump 12.0.0.2
    "InstallShield_{89B4078C-085C-4C05-B2F5-DE34BB1B2981}" = Teradata Manager 12.0.0.3
    "InstallShield_{8AFBC2EB-BB17-43C8-8AE0-5B7961A4A217}" = Shared ICU Libraries for Teradata 12.0
    "InstallShield_{93A78C72-983D-422B-8989-06839D5062DA}" = Teradata parallel Transporter Load Operator 13.0.0.2
    "InstallShield_{97C65880-5B22-4165-946B-928AA7AFE1FD}" = WebSphere Access Module for Teradata 12.0
    "InstallShield_{B3F8B75D-9E1C-4927-BAAA-A57601FBD133}" = Teradata Access Module For JMS 12.0
    "InstallShield_{CFE8A4E5-8E8E-4B17-A8E9-1DBC7B05E691}" = Teradata Named Pipes Access Module 12.0.0.2
    "InstallShield_{D05F4A13-8EC6-4A6A-81BD-0EDB0B99391A}" = Teradata Parallel Transporter Infrastructure 13.0.0.2
    "InstallShield_{D10B629F-9CD7-447C-8CD6-28A8FA24C71C}" = Teradata FastExport 12.0.0.1
    "InstallShield_{DB76EB4F-A3B5-49BF-AEAA-4D51D61E9E5C}" = Teradata FastLoad 12.0.0.4
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.2.0 (Full)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Nokia Suite" = Nokia Suite
    "Notepad++" = Notepad++
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "PowerISO" = PowerISO
    "PRJPRO" = Microsoft Office Project Professional 2007
    "Quest Installer" = Quest Installer
    "TeamViewer 7" = TeamViewer 7
    "Telmex 1.5_is1" = Telmex 1.5.20.1
    "Teradata ARC" = Teradata ARC 12.0.0.4
    "Teradata C PP2" = Teradata C PP2 12.0.0.1
    "Teradata CLIv2" = Teradata CLIv2 12.0.0.2
    "Teradata Express Tools" = Teradata Express Tools 13.0
    "Teradata Index Wizard 12.0" = Teradata Index Wizard 12.0.0.4
    "Teradata OLE DB Access Module" = Teradata OLE DB Access Module 12.0
    "Teradata Visual Explain 12.0" = Teradata Visual Explain 12.0.0.3
    "Teradata Workload Analyzer 12.0" = Teradata Workload Analyzer 12.0.0.1
    "Totalcmd" = Total Commander (Remove or Repair)
    "URL Helper_is1" = URL Helper
    "VirtualCloneDrive" = VirtualCloneDrive
    "VISPRO" = Microsoft Office Visio Professional 2007
    "VLC media player" = VLC media player 1.1.9
    "VMware_Workstation" = VMware Workstation
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.1

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3223265864-3949170350-323350453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "f031ef6ac137efc5" = Dell Driver Download Manager
    "JoinMe" = join.me

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 07/10/2012 20:06:28 | Computer Name = Dell_1320 | Source = Microsoft Security Client Setup | ID = 100
    Description = HRESULT:0x8004FF36 Description:Cannot upgrade Microsoft Security Essentials..
    The language of this upgrade package is different than the language used in your
    original Security Essentials installation. Error code:0x8004FF36.

    Error - 07/10/2012 20:31:53 | Computer Name = Dell_1320 | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: The RPC server is unavailable. .

    Error - 07/10/2012 20:41:20 | Computer Name = Dell_1320 | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: The RPC server is unavailable. .

    Error - 07/10/2012 21:26:36 | Computer Name = Dell_1320 | Source = vmauthd | ID = 100
    Description = StartServiceCtrlDispatcher error = 1063

    Error - 08/10/2012 20:36:46 | Computer Name = Dell_1320 | Source = Application Error | ID = 1000
    Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
    0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
    0x12d8 Faulting application start time: 0x01cda5b4444482ac Faulting application path:
    F:\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 6744f9ce-11a9-11e2-8e42-a8e600b1ab8a

    Error - 08/10/2012 20:41:40 | Computer Name = Dell_1320 | Source = Application Error | ID = 1000
    Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
    0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
    0x7f4 Faulting application start time: 0x01cda5b63dcec559 Faulting application path:
    D:\Oscar\Desktop\aaaaa\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 166e4153-11aa-11e2-8e42-a8e600b1ab8a

    Error - 08/10/2012 21:03:55 | Computer Name = Dell_1320 | Source = Application Error | ID = 1000
    Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
    0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e41b Faulting process id:
    0xff8 Faulting application start time: 0x01cda5b714c7d369 Faulting application path:
    D:\Oscar\Desktop\aaaaa\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 32570f1f-11ad-11e2-8e42-a8e600b1ab8a

    Error - 08/10/2012 22:56:54 | Computer Name = Dell_1320 | Source = Application Error | ID = 1000
    Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
    0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
    0x61c Faulting application start time: 0x01cda5c9481cdec1 Faulting application path:
    D:\Oscar\Desktop\aaaaa\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: fa9ed3f4-11bc-11e2-94c8-979d7528c9bf

    Error - 08/10/2012 23:00:35 | Computer Name = Dell_1320 | Source = Application Error | ID = 1000
    Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
    0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
    0x7e8 Faulting application start time: 0x01cda5c9d8a0a9a4 Faulting application path:
    D:\Oscar\Desktop\aaaaa\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 7eaceae8-11bd-11e2-94c8-979d7528c9bf

    Error - 10/10/2012 13:46:17 | Computer Name = Dell_1320 | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: a30 Start
    Time: 01cda70f0d9ec768 Termination Time: 25 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    Error - 10/10/2012 20:10:39 | Computer Name = Dell_1320 | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: d54 Start
    Time: 01cda7447ed818f8 Termination Time: 75 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    [ Media Center Events ]
    Error - 28/02/2012 11:11:47 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 10:11:47 a.m. - Error connecting to the internet. 10:11:47 a.m. -
    Unable to contact server..

    Error - 28/02/2012 11:12:40 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 10:12:34 a.m. - Error connecting to the internet. 10:12:34 a.m. -
    Unable to contact server..

    Error - 28/02/2012 12:13:35 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 11:13:35 a.m. - Error connecting to the internet. 11:13:35 a.m. -
    Unable to contact server..

    Error - 28/02/2012 12:14:27 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 11:14:22 a.m. - Error connecting to the internet. 11:14:22 a.m. -
    Unable to contact server..

    Error - 28/02/2012 13:15:16 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 12:15:16 p.m. - Error connecting to the internet. 12:15:16 p.m. -
    Unable to contact server..

    Error - 28/02/2012 13:16:05 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 12:16:03 p.m. - Error connecting to the internet. 12:16:03 p.m. -
    Unable to contact server..

    Error - 28/02/2012 14:17:03 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 01:17:03 p.m. - Error connecting to the internet. 01:17:03 p.m. -
    Unable to contact server..

    Error - 28/02/2012 14:17:52 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 01:17:50 p.m. - Error connecting to the internet. 01:17:50 p.m. -
    Unable to contact server..

    Error - 29/02/2012 11:44:13 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 10:44:13 a.m. - Error connecting to the internet. 10:44:13 a.m. -
    Unable to contact server..

    Error - 29/02/2012 11:45:06 | Computer Name = Dell_1320 | Source = MCUpdate | ID = 0
    Description = 10:45:00 a.m. - Error connecting to the internet. 10:45:00 a.m. -
    Unable to contact server..

    [ System Events ]
    Error - 10/10/2012 22:10:56 | Computer Name = Dell_1320 | Source = Service Control Manager | ID = 7000
    Description = The VMware USB Arbitration Service service failed to start due to
    the following error: %%1053

    Error - 10/10/2012 22:15:15 | Computer Name = Dell_1320 | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 09:12:49 p.m. on ?10/?10/?2012 was
    unexpected.

    Error - 10/10/2012 22:17:31 | Computer Name = Dell_1320 | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the VMware
    USB Arbitration Service service to connect.

    Error - 10/10/2012 22:17:31 | Computer Name = Dell_1320 | Source = Service Control Manager | ID = 7000
    Description = The VMware USB Arbitration Service service failed to start due to
    the following error: %%1053

    Error - 11/10/2012 10:44:50 | Computer Name = Dell_1320 | Source = Service Control Manager | ID = 7011
     
  18. OscarZ

    OscarZ TS Rookie Topic Starter Posts: 48

    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the Realtek87B service.

    Error - 11/10/2012 10:45:30 | Computer Name = Dell_1320 | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the VMware
    USB Arbitration Service service to connect.

    Error - 11/10/2012 10:45:30 | Computer Name = Dell_1320 | Source = Service Control Manager | ID = 7000
    Description = The VMware USB Arbitration Service service failed to start due to
    the following error: %%1053

    Error - 11/10/2012 21:03:36 | Computer Name = Dell_1320 | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the VMware
    USB Arbitration Service service to connect.

    Error - 11/10/2012 21:03:36 | Computer Name = Dell_1320 | Source = Service Control Manager | ID = 7000
    Description = The VMware USB Arbitration Service service failed to start due to
    the following error: %%1053

    Error - 11/10/2012 21:03:46 | Computer Name = Dell_1320 | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the Realtek87B service.


    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.226.5.161:80;http://10.226.4.155;<local>
      IE - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.226.5.161:80
      O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
      O2 - BHO: (no name) - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - No CLSID value found.
      O3 - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
      O3 - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
      O9 - Extra 'Tools' menuitem : Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - Reg Error: Key error. File not found
      O15 - HKLM\..Trusted Domains: engdis.com ([]http in Trusted sites)
      O15 - HKLM\..Trusted Domains: engdis.com ([ed201us3sena] http in Trusted sites)
      O15 - HKU\S-1-5-21-3223265864-3949170350-323350453-1000\..Trusted Domains: mssalesdemos.com ([]http in Trusted sites)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2012/10/07 23:42:40 | 000,000,000 | ---D | C] -- C:\FRST
      [2009/07/14 00:00:09 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "ThreadingModel" = Both
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B3DC73B7
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  20. OscarZ

    OscarZ TS Rookie Topic Starter Posts: 48

    I did the whole process, and here you are the logs... although I stupidly lost the AdwCleaner log, if I find it I will publish it

    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-3223265864-3949170350-323350453-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-21-3223265864-3949170350-323350453-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0744341-96E0-4341-9ED2-8BC36CE0CCD0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0744341-96E0-4341-9ED2-8BC36CE0CCD0}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{B0744341-96E0-4341-9ED2-8BC36CE0CCD0}\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3223265864-3949170350-323350453-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3223265864-3949170350-323350453-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3223265864-3949170350-323350453-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportar a Microsoft Excel\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportar a Microsoft Excel\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\engdis.com\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\engdis.com\ed201us3sena\ not found.
    Registry key HKEY_USERS\S-1-5-21-3223265864-3949170350-323350453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mssalesdemos.com\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\FRST\Quarantine\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\U folder moved successfully.
    C:\FRST\Quarantine\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\L folder moved successfully.
    C:\FRST\Quarantine\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\{4a97ea77-0bb0-3f60-6279-0682757e39c6} folder moved successfully.
    C:\FRST\Quarantine\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\U folder moved successfully.
    C:\FRST\Quarantine\{4a97ea77-0bb0-3f60-6279-0682757e39c6}\L folder moved successfully.
    C:\FRST\Quarantine\{4a97ea77-0bb0-3f60-6279-0682757e39c6} folder moved successfully.
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    C:\Windows\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ADS C:\ProgramData\TEMP:B3DC73B7 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 622845 bytes
    ->Flash cache emptied: 3187 bytes

    User: All Users

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56468 bytes

    User: Oscar
    ->Temp folder emptied: 73064356 bytes
    ->Temporary Internet Files folder emptied: 475751890 bytes
    ->Java cache emptied: 15964114 bytes
    ->FireFox cache emptied: 502049784 bytes
    ->Flash cache emptied: 181343 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 53384 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 40704933 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1.057,00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: AppData

    User: Default

    User: Default User

    User: DefaultAppPool

    User: Oscar
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: AppData

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool
    ->Flash cache emptied: 0 bytes

    User: Oscar
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10142012_084127

    Files\Folders moved on Reboot...
    C:\Users\Oscar\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Oscar\AppData\Local\Temp\~DF3225E11AF2E0FCF2.TMP not found!
    File\Folder C:\Users\Oscar\AppData\Local\Temp\~DF5B192FBB814F25C4.TMP not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...





    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    CCleaner
    Panda Cloud Cleaner
    Java(TM) 6 Update 30
    Java(TM) 7 Update 2
    Java version out of Date!
    Adobe Flash Player 11.4.402.287
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox (15.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:
    ````````````````````End of Log``````````````````````





    Farbar Service Scanner Version: 07-10-2012
    Ran by Oscar (administrator) on 14-10-2012 at 09:02:41
    Running from "C:\Users\Oscar\Downloads"
    Microsoft Windows 7 Professional N Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll
    [2012-10-10 20:30] - [2012-06-02 00:41] - 0184320 ____A (Microsoft Corporation) 9C01375BE382E834CC26D1B7EAF2C4FE

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****









    C:\Users\Oscar\Downloads\PlayFLV.exe Win32/TrojanDownloader.Adload.NIQ trojan cleaned by deleting - quarantined
    D:\Oscar\Documents\Install\SubtitularPelis\SoftonicDownloader55534.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
    D:\Oscar\Downloads\DescargasTorrent\Hachiko A Dog's Story[2009]\SoftonicDownloader_para_subtitle-workshop.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===============================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    13. Please, let me know, how your computer is doing.
     
  22. OscarZ

    OscarZ TS Rookie Topic Starter Posts: 48

    Hi Broni... finally my computer is doing very well...I'm going to read those interesting reading you have recommended me, to avoid it happens again. Thank you very much Broni, you're the man!


    I'm posting the OTL log:



    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Oscar
    ->Temp folder emptied: 1882369 bytes
    ->Temporary Internet Files folder emptied: 2024098 bytes
    ->Java cache emptied: 1878 bytes
    ->FireFox cache emptied: 70403362 bytes
    ->Flash cache emptied: 492 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 21372 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 71,00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: AppData

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool
    ->Flash cache emptied: 0 bytes

    User: Oscar
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: AppData

    User: Default

    User: Default User

    User: DefaultAppPool

    User: Oscar
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0,00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 10152012_092648

    Files\Folders moved on Reboot...
    C:\Users\Oscar\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
    OscarZ likes this.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...