Solved Laptop infected

J

Jimmy99

Posts: 38   +0
Hi Broni: you helped me before when the kids infected my PC at home. Now it's my laptop - it just turned on the camera, told me I'd violated FBI laws (!), that I was being filed and recorded, and asked for cash. Lovely.

Where do I start?

Many thanks.

Jimmy (Can't blame the kids for this one!)

PS I am travelling till Monday night: bear with me on replying. I'll do exactly as you tell me - but it will take till then. Thanks.
 
Hmmm....you should know the drill...

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Cheers Broni: here we go. And sure enough I've got some trouble....

This is MBAM. I'll get onto GMER now - but I'm away now tilL Monday night. Bear with me - and thanks for the help.

2012/09/28 02:08:03 +0100 SWITH-MARS SMason MESSAGE Starting protection
2012/09/28 02:08:03 +0100 SWITH-MARS SMason MESSAGE Protection started successfully
2012/09/28 02:08:03 +0100 SWITH-MARS SMason MESSAGE Starting IP protection
2012/09/28 02:08:05 +0100 SWITH-MARS SMason MESSAGE IP Protection started successfully
2012/09/28 02:08:15 +0100 SWITH-MARS SMason MESSAGE Starting database refresh
2012/09/28 02:08:15 +0100 SWITH-MARS SMason MESSAGE Stopping IP protection
2012/09/28 02:08:16 +0100 SWITH-MARS SMason MESSAGE IP Protection stopped successfully
2012/09/28 02:08:22 +0100 SWITH-MARS SMason MESSAGE Database refreshed successfully
2012/09/28 02:08:22 +0100 SWITH-MARS SMason MESSAGE Starting IP protection
2012/09/28 02:08:25 +0100 SWITH-MARS SMason MESSAGE IP Protection started successfully
2012/09/28 07:20:09 +0100 SWITH-MARS SMason DETECTION C:\ProgramData\lsass.exe Trojan.Delf QUARANTINE
2012/09/28 07:20:09 +0100 SWITH-MARS SMason ERROR Quarantine failed: DeleteFile failed with error code 5
2012/09/28 07:20:15 +0100 SWITH-MARS SMason DETECTION C:\Users\smason\AppData\Local\Temp\wgsdgsdgdsgsd.exe Spyware.Passwords QUARANTINE
2012/09/28 07:20:15 +0100 SWITH-MARS SMason ERROR Quarantine failed: DeleteFile failed with error code 5
2012/09/28 07:25:29 +0100 SWITH-MARS SMason MESSAGE Starting protection
2012/09/28 07:25:30 +0100 SWITH-MARS SMason MESSAGE Protection started successfully
2012/09/28 07:25:30 +0100 SWITH-MARS SMason MESSAGE Starting IP protection
2012/09/28 07:25:34 +0100 SWITH-MARS SMason MESSAGE IP Protection started successfully
2012/09/28 07:30:36 +0100 SWITH-MARS SMason MESSAGE Starting database refresh
2012/09/28 07:30:36 +0100 SWITH-MARS SMason MESSAGE Stopping IP protection
2012/09/28 07:30:36 +0100 SWITH-MARS SMason MESSAGE IP Protection stopped successfully
2012/09/28 07:30:41 +0100 SWITH-MARS SMason MESSAGE Database refreshed successfully
2012/09/28 07:30:42 +0100 SWITH-MARS SMason MESSAGE Starting IP protection
2012/09/28 07:30:45 +0100 SWITH-MARS SMason MESSAGE IP Protection started successfully
 
Nothing logged for GMER Broni

Here is DDS.txt (Attach.txt below)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Swith at 7:52:28 on 2012-09-28
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3959.1886 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\WebDrive\wdService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\InternetEverywhere\WTGService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Protector Suite\upeksvr.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\smason\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
C:\Program Files\Protector Suite\psqltray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
C:\Program Files (x86)\Microsoft Lync\communicator.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BA2SXS3R\9gy71gxo[1].exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.bbc.co.uk/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe"
uRun: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe /trayicon
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [openvpn-gui] C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
StartupFolder: C:\Users\Swith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoWebServices = 1 (0x1)
mPolicies-explorer: NoPublishingWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 3 (0x3)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: FilterAdministratorToken = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - C:\Users\smason\AppData\Local\Temp\f5tmp\urxvpn.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - C:\Users\smason\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\Users\Swith\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://connect.rbs.com/vdesk/terminal/f5InspectionHost.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8DE0DD41-EC3C-4680-964B-D75BDAACAA2B} - hxxps://connect.rbs.com/policy/download_binary.php/win32/f5syschk.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://connect.rbs.com/vdesk/terminal/urxshost.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - C:\Users\smason\AppData\Local\Temp\f5tmp\urxhost.cab
TCP: Interfaces\{037E4D68-ED76-42EF-A319-26567CFDC4BD} : NameServer = 172.31.139.17 172.30.139.17
TCP: Interfaces\{0E37588F-0867-4D56-8CF9-459548D4F801} : DhcpNameServer = 192.168.28.1
TCP: Interfaces\{3301F999-6DD0-4576-80E4-44E76286F43C} : DhcpNameServer = 192.168.28.1
TCP: Interfaces\{79FD073A-0267-465F-9A40-25D7BEF2BDF3} : DhcpNameServer = 192.168.28.1
TCP: Interfaces\{9B5A6B87-D9E5-4C7F-9458-D035AEE95CF0} : NameServer = 172.30.139.17 172.31.139.17
TCP: Interfaces\{F3E7BCBC-09AF-49F8-A1BA-BD1C77BB7D5A} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F3E7BCBC-09AF-49F8-A1BA-BD1C77BB7D5A}\24C45554029435C414E44435 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F3E7BCBC-09AF-49F8-A1BA-BD1C77BB7D5A}\5616374736F6163747D277966696D2C6F657E67656 : DhcpNameServer = 10.0.13.1
TCP: Interfaces\{F3E7BCBC-09AF-49F8-A1BA-BD1C77BB7D5A}\77962756C6563737D27657563747 : DhcpNameServer = 207.126.96.248
TCP: Interfaces\{F3E7BCBC-09AF-49F8-A1BA-BD1C77BB7D5A}\847475966496 : DhcpNameServer = 192.168.3.20
TCP: Interfaces\{F3E7BCBC-09AF-49F8-A1BA-BD1C77BB7D5A}\A43435 : DhcpNameServer = 192.168.28.1
TCP: Interfaces\{F3E7BCBC-09AF-49F8-A1BA-BD1C77BB7D5A}\C4F66796E63707F6F6E66657C6 : DhcpNameServer = 192.168.2.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO-X64: Lync add-on BHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [openvpn-gui] C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R0 shpf;Sony HDD Protection Filter Driver;C:\Windows\system32\DRIVERS\shpf.sys --> C:\Windows\system32\DRIVERS\shpf.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-19 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-7 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-7 61712]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2012-1-23 1740696]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-26 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-28 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-28 676936]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-9-28 2078112]
R2 NMSAccess64;NMSAccess64;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-7-19 82872]
R2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-3 330488]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-12-22 259192]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-16 2673064]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-26 2314240]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-8-16 822784]
R2 WebDriveFSD;WebDrive Filesystem Driver;C:\Program Files\WebDrive\wdfsd.sys [2010-9-22 118872]
R2 WTGService;WTGService;C:\Program Files (x86)\InternetEverywhere\WTGService.exe [2010-1-19 308688]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);C:\Windows\system32\DRIVERS\qcfilterSny2k.sys --> C:\Windows\system32\DRIVERS\qcfilterSny2k.sys [?]
R3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);C:\Windows\system32\DRIVERS\qcusbnetsny2k.sys --> C:\Windows\system32\DRIVERS\qcusbnetsny2k.sys [?]
R3 qcusbsersny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);C:\Windows\system32\DRIVERS\qcusbserSny2k.sys --> C:\Windows\system32\DRIVERS\qcusbserSny2k.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows\system32\DRIVERS\covpnv64.sys --> C:\Windows\system32\DRIVERS\covpnv64.sys [?]
R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-1-19 571248]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-12-22 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-19 133104]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250288]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys --> C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\system32\DRIVERS\ewusbwwan.sys --> C:\Windows\system32\DRIVERS\ewusbwwan.sys [?]
S3 f5ipfw;F5 Networks StoneWall Filter;\??\C:\Windows\system32\drivers\urfltv64.sys --> C:\Windows\system32\drivers\urfltv64.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-19 133104]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\system32\drivers\NMgamingms.sys --> C:\Windows\system32\drivers\NMgamingms.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-09-28 06:50:11 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6DBE39B-1473-4644-977D-E2D0C0464592}\mpengine.dll
2012-09-28 06:30:13 -------- d-----w- C:\Users\Swith\AppData\Roaming\Malwarebytes
2012-09-28 05:06:54 -------- d-----w- C:\Windows\TempD00508E5-342A-F301-3942-50148A96F1C1-Signatures
2012-09-28 01:07:30 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-28 01:07:28 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-28 01:07:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-26 19:55:42 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-26 19:53:55 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-12 06:46:33 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 06:46:33 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 06:46:31 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 06:46:31 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 06:46:28 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 06:46:27 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 06:46:27 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-02 18:28:33 253440 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp02t.dll
2012-09-02 17:56:48 138752 ----a-w- C:\Windows\System32\hpf3l02t.dll
2012-09-02 17:39:56 644456 ----a-w- C:\Windows\System32\hpzids40.dll
2012-09-02 17:39:55 906240 ----a-w- C:\Windows\System32\hpwwiax5.dll
2012-09-02 17:39:54 1422848 ----a-w- C:\Windows\System32\hpwtiop4.dll
2012-09-02 17:39:51 553472 ----a-w- C:\Windows\System32\hppldcoi.dll
.
==================== Find3M ====================
.
2012-09-20 22:28:37 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-20 22:28:37 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-24 18:05:06 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 16:57:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 15:59:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 15:20:39 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
.
============= FINISH: 7:54:08.91 ===============

And Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 16/07/2010 08:15:26
System Uptime: 28/09/2012 07:22:21 (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz | N/A | 1320/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 458 GiB total, 352.693 GiB free.
D: is Removable
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: hp LaserJet 2420
Device ID: ROOT\MULTIFUNCTION\0016
Manufacturer:
Name: hp LaserJet 2420
PNP Device ID: ROOT\MULTIFUNCTION\0016
Service:
.
Class GUID:
Description: Officejet 6500 E709n
Device ID: ROOT\MULTIFUNCTION\0018
Manufacturer:
Name: Officejet 6500 E709n
PNP Device ID: ROOT\MULTIFUNCTION\0018
Service:
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: R5C822
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#_??_RISD#DISK&VEN_RICOH&PROD_SD#MMCSTORAGE&REV_2.00#0001#
Manufacturer: Microsoft
Name: E:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#_??_RISD#DISK&VEN_RICOH&PROD_SD#MMCSTORAGE&REV_2.00#0001#
Service: WUDFRd
.
Class GUID:
Description: hp LaserJet 2420
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer:
Name: hp LaserJet 2420
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description: Officejet 6500 E709n
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer:
Name: Officejet 6500 E709n
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID:
Description: AL-C9200
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer:
Name: AL-C9200
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID:
Description: Officejet 6500 E709n
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer:
Name: Officejet 6500 E709n
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E709n
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID:
Description: HP LaserJet 1022n
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer:
Name: HP LaserJet 1022n
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
Class GUID:
Description: Officejet 6500 E709n
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer:
Name: Officejet 6500 E709n
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet 2605dn
Device ID: ROOT\MULTIFUNCTION\0007
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 2605dn
PNP Device ID: ROOT\MULTIFUNCTION\0007
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 6500 E709n
Device ID: ROOT\IMAGE\0001
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\IMAGE\0001
Service: StillCam
.
Class GUID:
Description: HP Color LaserJet 2840
Device ID: ROOT\MULTIFUNCTION\0008
Manufacturer:
Name: HP Color LaserJet 2840
PNP Device ID: ROOT\MULTIFUNCTION\0008
Service:
.
Class GUID:
Description: Officejet 6500 E709n
Device ID: ROOT\MULTIFUNCTION\0009
Manufacturer:
Name: Officejet 6500 E709n
PNP Device ID: ROOT\MULTIFUNCTION\0009
Service:
.
Class GUID:
Description: HP LaserJet P2015 Series
Device ID: ROOT\MULTIFUNCTION\0010
Manufacturer:
Name: HP LaserJet P2015 Series
PNP Device ID: ROOT\MULTIFUNCTION\0010
Service:
.
Class GUID:
Description: HP Color LaserJet 3800
Device ID: ROOT\MULTIFUNCTION\0011
Manufacturer:
Name: HP Color LaserJet 3800
PNP Device ID: ROOT\MULTIFUNCTION\0011
Service:
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: R5C592
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#_??_RIMSPCI#DISK&VEN_RICOH&PROD_MEMORYSTICKSTORAGE&REV_1.00#MS0001#
Manufacturer: Microsoft
Name: D:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#_??_RIMSPCI#DISK&VEN_RICOH&PROD_MEMORYSTICKSTORAGE&REV_1.00#MS0001#
Service: WUDFRd
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E709n
Device ID: ROOT\MULTIFUNCTION\0012
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\MULTIFUNCTION\0012
Service:
.
Class GUID:
Description: Officejet Pro 8000 A809
Device ID: ROOT\MULTIFUNCTION\0014
Manufacturer:
Name: Officejet Pro 8000 A809
PNP Device ID: ROOT\MULTIFUNCTION\0014
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: TCP/IP Protocol Driver
Device ID: ROOT\LEGACY_TCPIP\0000
Manufacturer:
Name: TCP/IP Protocol Driver
PNP Device ID: ROOT\LEGACY_TCPIP\0000
Service: Tcpip
.
==== System Restore Points ===================
.
RP305: 19/08/2012 21:56:33 - Windows Update
RP306: 26/08/2012 07:55:34 - Windows Update
RP307: 29/08/2012 19:46:54 - Windows Update
RP308: 02/09/2012 17:28:15 - Windows Update
RP309: 04/09/2012 06:00:49 - Windows Update
RP310: 10/09/2012 21:09:09 - Windows Update
RP311: 13/09/2012 06:01:25 - Windows Update
RP312: 17/09/2012 08:23:23 - Windows Update
RP313: 22/09/2012 19:27:08 - Windows Update
RP314: 24/09/2012 08:38:32 - Windows Update
RP315: 27/09/2012 06:00:15 - Windows Update
RP316: 28/09/2012 06:00:14 - Windows Update
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
3Connect
6500_E709_BasicWeb
6500_E709_Help_BasicWeb
7-Zip 9.20
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.9
Apple Application Support
Apple Software Update
ArcSoft WebCam Companion 3
Astaro SSL VPN Client 1.7
BBC iPlayer Desktop
bpd_scan
BPDSoftware_Ini
BufferChm
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DocMgr
DocProc
Fax
Google Chrome
Google Earth Plug-in
Google Update Helper
GPBaseService2
HP Update
HPProductAssistant
HPSSupply
Huawei modem
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
Internet Everywhere
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
Malwarebytes Anti-Malware version 1.65.0.1400
MarketResearch
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Home and Business 2010
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2007
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Qualcomm Gobi 2000 Package for Sony
QuickTime
Rapport
Realtek High Definition Audio Driver
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Setting Utility Series
Skype™ 5.0
SmartWebPrinting
SolutionCenter
Status
T-Mobile Internet Manager
TeamViewer 7
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Power Management
VAIO Premium Partners
VAIO screensaver
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VAIO Wallpaper Contents
VU5x86
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
28/09/2012 07:27:06, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
28/09/2012 07:25:19, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
28/09/2012 07:24:35, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {10DA4F3C-CC99-4190-BE4D-58330754E882} and APPID {7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
28/09/2012 07:24:33, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
28/09/2012 07:24:33, Error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
28/09/2012 07:24:00, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
28/09/2012 07:22:59, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.
28/09/2012 07:22:55, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain MCHJ due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
28/09/2012 07:22:52, Error: Service Control Manager [7000] - The Mobile IP Route Manager service failed to start due to the following error: This driver has been blocked from loading
28/09/2012 07:22:52, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\mdvrmng.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
28/09/2012 06:13:06, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Security Essentials Client Update Package - KB2754296.
28/09/2012 01:15:14, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.536.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
27/09/2012 18:32:00, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
21/09/2012 06:32:25, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.
21/09/2012 06:32:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
.
==== End Of File ===========================
 
MBAM log is incorrect.
Please redo.

Next....

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Broni: I've redone the quick scan as requested for MBAM. Here's the file (the other coming afterwards). Cheers.

(What did I get wrong first time by the way?)



Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.10.01.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Swith :: SWITH-MARS [administrator]
Protection: Enabled
01/10/2012 21:13:16
mbam-log-2012-10-01 (21-13-16).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 397816
Time elapsed: 15 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
TDSSKiller log (1/2)

21:34:56.0257 6344 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:34:56.0577 6344 ============================================================
21:34:56.0577 6344 Current date / time: 2012/10/01 21:34:56.0577
21:34:56.0577 6344 SystemInfo:
21:34:56.0577 6344
21:34:56.0577 6344 OS Version: 6.1.7601 ServicePack: 1.0
21:34:56.0577 6344 Product type: Workstation
21:34:56.0577 6344 ComputerName: SWITH-MARS
21:34:56.0578 6344 UserName: Swith
21:34:56.0578 6344 Windows directory: C:\Windows
21:34:56.0578 6344 System windows directory: C:\Windows
21:34:56.0578 6344 Running under WOW64
21:34:56.0578 6344 Processor architecture: Intel x64
21:34:56.0578 6344 Number of processors: 4
21:34:56.0578 6344 Page size: 0x1000
21:34:56.0578 6344 Boot type: Normal boot
21:34:56.0578 6344 ============================================================
21:34:58.0105 6344 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:34:58.0128 6344 ============================================================
21:34:58.0128 6344 \Device\Harddisk0\DR0:
21:34:58.0128 6344 MBR partitions:
21:34:58.0128 6344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF6C800, BlocksNum 0x32000
21:34:58.0128 6344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF9E800, BlocksNum 0x393E7830
21:34:58.0128 6344 ============================================================
21:34:58.0150 6344 C: <-> \Device\Harddisk0\DR0\Partition2
21:34:58.0151 6344 ============================================================
21:34:58.0151 6344 Initialize success
21:34:58.0151 6344 ============================================================
21:35:35.0109 7248 ============================================================
21:35:35.0109 7248 Scan started
21:35:35.0109 7248 Mode: Manual;
21:35:35.0109 7248 ============================================================
21:35:35.0318 7248 ================ Scan system memory ========================
21:35:35.0318 7248 System memory - ok
21:35:35.0319 7248 ================ Scan services =============================
21:35:35.0531 7248 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:35:35.0537 7248 1394ohci - ok
21:35:35.0645 7248 [ 769DB4F484957CC98153B3C1B5D1162F ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:35:35.0648 7248 ACDaemon - ok
21:35:35.0708 7248 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:35:35.0714 7248 ACPI - ok
21:35:35.0748 7248 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:35:35.0750 7248 AcpiPmi - ok
21:35:35.0896 7248 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:35:35.0899 7248 AdobeFlashPlayerUpdateSvc - ok
21:35:35.0966 7248 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:35:35.0977 7248 adp94xx - ok
21:35:36.0024 7248 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:35:36.0031 7248 adpahci - ok
21:35:36.0079 7248 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:35:36.0083 7248 adpu320 - ok
21:35:36.0109 7248 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:35:36.0111 7248 AeLookupSvc - ok
21:35:36.0157 7248 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:35:36.0165 7248 AFD - ok
21:35:36.0220 7248 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:35:36.0223 7248 agp440 - ok
21:35:36.0258 7248 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:35:36.0261 7248 ALG - ok
21:35:36.0306 7248 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:35:36.0308 7248 aliide - ok
21:35:36.0333 7248 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:35:36.0335 7248 amdide - ok
21:35:36.0364 7248 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:35:36.0367 7248 AmdK8 - ok
21:35:36.0414 7248 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:35:36.0417 7248 AmdPPM - ok
21:35:36.0470 7248 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:35:36.0473 7248 amdsata - ok
21:35:36.0523 7248 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:35:36.0527 7248 amdsbs - ok
21:35:36.0556 7248 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:35:36.0558 7248 amdxata - ok
21:35:36.0596 7248 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:35:36.0600 7248 AppID - ok
21:35:36.0635 7248 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:35:36.0637 7248 AppIDSvc - ok
21:35:36.0685 7248 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:35:36.0687 7248 Appinfo - ok
21:35:36.0767 7248 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:35:36.0771 7248 Apple Mobile Device - ok
21:35:36.0829 7248 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:35:36.0833 7248 AppMgmt - ok
21:35:36.0894 7248 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:35:36.0917 7248 arc - ok
21:35:36.0953 7248 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:35:36.0956 7248 arcsas - ok
21:35:36.0990 7248 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:35:36.0992 7248 AsyncMac - ok
21:35:37.0040 7248 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:35:37.0042 7248 atapi - ok
21:35:37.0117 7248 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
21:35:37.0140 7248 athr - ok
21:35:37.0196 7248 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:35:37.0207 7248 AudioEndpointBuilder - ok
21:35:37.0222 7248 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:35:37.0229 7248 AudioSrv - ok
21:35:37.0282 7248 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:35:37.0286 7248 AxInstSV - ok
21:35:37.0329 7248 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:35:37.0338 7248 b06bdrv - ok
21:35:37.0381 7248 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:35:37.0387 7248 b57nd60a - ok
21:35:37.0418 7248 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:35:37.0422 7248 BDESVC - ok
21:35:37.0551 7248 [ 68BF3520FE759C91FD9182F36E585374 ] BecHelperService C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
21:35:37.0577 7248 BecHelperService - ok
21:35:37.0619 7248 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:35:37.0622 7248 Beep - ok
21:35:37.0692 7248 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:35:37.0703 7248 BFE - ok
21:35:37.0735 7248 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:35:37.0781 7248 BITS - ok
21:35:37.0812 7248 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:35:37.0815 7248 blbdrive - ok
21:35:37.0889 7248 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:35:37.0896 7248 Bonjour Service - ok
21:35:37.0933 7248 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:35:37.0935 7248 bowser - ok
21:35:37.0981 7248 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:35:37.0982 7248 BrFiltLo - ok
21:35:38.0013 7248 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:35:38.0015 7248 BrFiltUp - ok
21:35:38.0120 7248 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:35:38.0123 7248 Browser - ok
21:35:38.0159 7248 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:35:38.0165 7248 Brserid - ok
21:35:38.0198 7248 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:35:38.0200 7248 BrSerWdm - ok
21:35:38.0226 7248 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:35:38.0228 7248 BrUsbMdm - ok
21:35:38.0253 7248 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:35:38.0255 7248 BrUsbSer - ok
21:35:38.0289 7248 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
21:35:38.0292 7248 BthEnum - ok
21:35:38.0326 7248 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:35:38.0329 7248 BTHMODEM - ok
21:35:38.0369 7248 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:35:38.0373 7248 BthPan - ok
21:35:38.0423 7248 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
21:35:38.0433 7248 BTHPORT - ok
21:35:38.0484 7248 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:35:38.0487 7248 bthserv - ok
21:35:38.0517 7248 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
21:35:38.0526 7248 BTHUSB - ok
21:35:38.0570 7248 [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
21:35:38.0572 7248 btusbflt - ok
21:35:38.0632 7248 [ 4BDBDB86ABBA924E029FB2683BE7C505 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
21:35:38.0635 7248 btwaudio - ok
21:35:38.0677 7248 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
21:35:38.0680 7248 btwavdt - ok
21:35:38.0789 7248 [ 31DA517946FFE416442E864592548F8A ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:35:38.0802 7248 btwdins - ok
21:35:38.0834 7248 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
21:35:38.0836 7248 btwl2cap - ok
21:35:38.0874 7248 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
21:35:38.0877 7248 btwrchid - ok
21:35:39.0083 7248 [ ED3C668AC393224C6D3D0CB1AD100D34 ] Canon Driver Information Assist Service C:\Program Files\Canon\DIAS\CnxDIAS.exe
21:35:39.0222 7248 Canon Driver Information Assist Service - ok
21:35:39.0272 7248 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:35:39.0415 7248 cdfs - ok
21:35:39.0475 7248 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:35:39.0489 7248 cdrom - ok
21:35:39.0530 7248 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:35:39.0533 7248 CertPropSvc - ok
21:35:39.0567 7248 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:35:39.0570 7248 circlass - ok
21:35:39.0607 7248 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:35:39.0614 7248 CLFS - ok
21:35:39.0673 7248 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:35:39.0676 7248 clr_optimization_v2.0.50727_32 - ok
21:35:39.0702 7248 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:35:39.0705 7248 clr_optimization_v2.0.50727_64 - ok
21:35:39.0778 7248 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:35:39.0781 7248 clr_optimization_v4.0.30319_32 - ok
21:35:39.0855 7248 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:35:39.0858 7248 clr_optimization_v4.0.30319_64 - ok
21:35:39.0883 7248 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
21:35:39.0885 7248 CmBatt - ok
21:35:39.0925 7248 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:35:39.0927 7248 cmdide - ok
21:35:39.0966 7248 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:35:39.0974 7248 CNG - ok
21:35:40.0029 7248 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:35:40.0032 7248 Compbatt - ok
21:35:40.0071 7248 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:35:40.0073 7248 CompositeBus - ok
21:35:40.0094 7248 COMSysApp - ok
21:35:40.0120 7248 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:35:40.0123 7248 crcdisk - ok
21:35:40.0167 7248 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:35:40.0171 7248 CryptSvc - ok
21:35:40.0210 7248 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:35:40.0219 7248 CSC - ok
21:35:40.0266 7248 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:35:40.0277 7248 CscService - ok
21:35:40.0338 7248 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
21:35:40.0341 7248 ctxusbm - ok
21:35:40.0410 7248 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:35:40.0421 7248 DcomLaunch - ok
21:35:40.0450 7248 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:35:40.0457 7248 defragsvc - ok
21:35:40.0487 7248 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:35:40.0490 7248 DfsC - ok
21:35:40.0551 7248 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:35:40.0558 7248 Dhcp - ok
21:35:40.0585 7248 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:35:40.0588 7248 discache - ok
21:35:40.0632 7248 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:35:40.0635 7248 Disk - ok
21:35:40.0668 7248 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:35:40.0672 7248 Dnscache - ok
21:35:40.0708 7248 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:35:40.0714 7248 dot3svc - ok
21:35:40.0786 7248 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
21:35:40.0790 7248 Dot4 - ok
21:35:40.0816 7248 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:35:40.0818 7248 Dot4Print - ok
21:35:40.0861 7248 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
21:35:40.0864 7248 dot4usb - ok
21:35:40.0906 7248 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:35:40.0910 7248 DPS - ok
21:35:40.0942 7248 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:35:40.0944 7248 drmkaud - ok
21:35:40.0995 7248 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:35:41.0011 7248 DXGKrnl - ok
21:35:41.0043 7248 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:35:41.0047 7248 EapHost - ok
21:35:41.0183 7248 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:35:41.0294 7248 ebdrv - ok
21:35:41.0330 7248 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:35:41.0333 7248 EFS - ok
21:35:41.0402 7248 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:35:41.0414 7248 ehRecvr - ok
21:35:41.0446 7248 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:35:41.0449 7248 ehSched - ok
21:35:41.0490 7248 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:35:41.0499 7248 elxstor - ok
21:35:41.0511 7248 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:35:41.0513 7248 ErrDev - ok
21:35:41.0563 7248 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:35:41.0570 7248 EventSystem - ok
21:35:41.0656 7248 [ 51643EE2712D9212E1E53CA7E8D8EB4A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:35:41.0677 7248 EvtEng - ok
21:35:41.0733 7248 [ 334C907536E815E56CD13108A6D5FB9D ] ewusbmbb C:\Windows\system32\DRIVERS\ewusbwwan.sys
21:35:41.0741 7248 ewusbmbb - ok
21:35:41.0762 7248 ewusbnet - ok
21:35:41.0798 7248 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
21:35:41.0801 7248 ew_hwusbdev - ok
21:35:41.0829 7248 [ 55E0EDA185869F7EA67EA97FD0655B39 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
21:35:41.0831 7248 ew_usbenumfilter - ok
21:35:41.0859 7248 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:35:41.0864 7248 exfat - ok
21:35:41.0932 7248 [ F0948686F6EF9256E0AC0BEF470EFD2A ] f5ipfw C:\Windows\system32\drivers\urfltv64.sys
21:35:41.0944 7248 f5ipfw - ok
21:35:41.0977 7248 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:35:41.0981 7248 fastfat - ok
21:35:42.0048 7248 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:35:42.0061 7248 Fax - ok
21:35:42.0090 7248 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:35:42.0092 7248 fdc - ok
21:35:42.0121 7248 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:35:42.0124 7248 fdPHost - ok
21:35:42.0139 7248 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:35:42.0141 7248 FDResPub - ok
21:35:42.0165 7248 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:35:42.0168 7248 FileInfo - ok
21:35:42.0187 7248 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:35:42.0189 7248 Filetrace - ok
21:35:42.0208 7248 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:35:42.0210 7248 flpydisk - ok
21:35:42.0259 7248 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:35:42.0265 7248 FltMgr - ok
21:35:42.0330 7248 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:35:42.0348 7248 FontCache - ok
21:35:42.0409 7248 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:35:42.0411 7248 FontCache3.0.0.0 - ok
21:35:42.0438 7248 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:35:42.0440 7248 FsDepends - ok
21:35:42.0475 7248 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
21:35:42.0477 7248 fssfltr - ok
21:35:42.0581 7248 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:35:42.0605 7248 fsssvc - ok
21:35:42.0673 7248 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:35:42.0675 7248 Fs_Rec - ok
21:35:42.0720 7248 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:35:42.0724 7248 fvevol - ok
21:35:42.0755 7248 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:35:42.0758 7248 gagp30kx - ok
21:35:42.0808 7248 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:35:42.0810 7248 GEARAspiWDM - ok
21:35:42.0867 7248 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:35:42.0880 7248 gpsvc - ok
21:35:42.0966 7248 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:35:42.0969 7248 gupdate - ok
21:35:43.0010 7248 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:35:43.0012 7248 gupdatem - ok
21:35:43.0057 7248 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:35:43.0059 7248 hcw85cir - ok
21:35:43.0111 7248 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:35:43.0118 7248 HdAudAddService - ok
21:35:43.0153 7248 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:35:43.0157 7248 HDAudBus - ok
21:35:43.0217 7248 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\drivers\HECIx64.sys
21:35:43.0219 7248 HECIx64 - ok
21:35:43.0247 7248 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:35:43.0249 7248 HidBatt - ok
21:35:43.0280 7248 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:35:43.0283 7248 HidBth - ok
21:35:43.0337 7248 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:35:43.0340 7248 HidIr - ok
21:35:43.0365 7248 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:35:43.0367 7248 hidserv - ok
21:35:43.0420 7248 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:35:43.0423 7248 HidUsb - ok
21:35:43.0463 7248 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:35:43.0467 7248 hkmsvc - ok
21:35:43.0509 7248 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:35:43.0515 7248 HomeGroupListener - ok
21:35:43.0570 7248 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:35:43.0576 7248 HomeGroupProvider - ok
21:35:43.0705 7248 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:35:43.0710 7248 hpqcxs08 - ok
21:35:43.0741 7248 [ 75CC8C5146A3FB76221A7606628778D5 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:35:43.0744 7248 hpqddsvc - ok
21:35:43.0788 7248 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:35:43.0791 7248 HpSAMD - ok
21:35:43.0856 7248 [ 1BE48B0542C91487BB8A94BF2278F55D ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:35:43.0872 7248 HPSLPSVC - ok
21:35:43.0925 7248 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:35:43.0939 7248 HTTP - ok
21:35:43.0991 7248 [ 1642C62F1FD5E1FF44608283994A7BB8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
21:35:43.0994 7248 huawei_enumerator - ok
21:35:44.0047 7248 [ 04D1DE1E8ACE40CA396502C90524E945 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:35:44.0053 7248 hwdatacard - ok
21:35:44.0091 7248 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:35:44.0093 7248 hwpolicy - ok
21:35:44.0111 7248 hwusbdev - ok
21:35:44.0154 7248 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:35:44.0157 7248 i8042prt - ok
21:35:44.0209 7248 [ 631FA8935163B01FC0C02966CB3ADB92 ] iaStor C:\Windows\system32\drivers\iaStor.sys
21:35:44.0215 7248 iaStor - ok
21:35:44.0277 7248 [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:35:44.0279 7248 IAStorDataMgrSvc - ok
21:35:44.0329 7248 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:35:44.0337 7248 iaStorV - ok
21:35:44.0414 7248 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:35:44.0428 7248 idsvc - ok
21:35:44.0667 7248 [ B36E6868CF289040795C1FA0D0FEB399 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:35:45.0211 7248 igfx - ok
21:35:45.0253 7248 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:35:45.0256 7248 iirsp - ok
21:35:45.0306 7248 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:35:45.0320 7248 IKEEXT - ok
21:35:45.0381 7248 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\drivers\Impcd.sys
21:35:45.0384 7248 Impcd - ok
21:35:45.0457 7248 [ 0F144E5F46CB9043004B5E84AA4BCA6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:35:45.0492 7248 IntcAzAudAddService - ok
21:35:45.0547 7248 [ 408B401CD7CDB075C7470B0FF7BA8D0B ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:35:45.0593 7248 IntcDAud - ok
21:35:45.0616 7248 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:35:45.0618 7248 intelide - ok
21:35:45.0655 7248 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
21:35:45.0658 7248 intelppm - ok
21:35:45.0709 7248 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:35:45.0713 7248 IPBusEnum - ok
21:35:45.0752 7248 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:35:45.0755 7248 IpFilterDriver - ok
21:35:45.0786 7248 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:35:45.0796 7248 iphlpsvc - ok
21:35:45.0828 7248 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:35:45.0832 7248 IPMIDRV - ok
21:35:45.0849 7248 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:35:45.0852 7248 IPNAT - ok
21:35:45.0948 7248 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:35:45.0960 7248 iPod Service - ok
21:35:46.0008 7248 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:35:46.0010 7248 IRENUM - ok
21:35:46.0041 7248 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:35:46.0043 7248 isapnp - ok
21:35:46.0086 7248 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:35:46.0091 7248 iScsiPrt - ok
21:35:46.0153 7248 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:35:46.0198 7248 kbdclass - ok
21:35:46.0244 7248 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:35:46.0246 7248 kbdhid - ok
21:35:46.0263 7248 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:35:46.0266 7248 KeyIso - ok
21:35:46.0297 7248 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:35:46.0301 7248 KSecDD - ok
21:35:46.0322 7248 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:35:46.0326 7248 KSecPkg - ok
21:35:46.0364 7248 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:35:46.0366 7248 ksthunk - ok
21:35:46.0410 7248 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:35:46.0420 7248 KtmRm - ok
21:35:46.0456 7248 [ B4A3A05B0F9C81D098B96AB6AA915042 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
21:35:46.0459 7248 L1C - ok
21:35:46.0510 7248 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:35:46.0517 7248 LanmanServer - ok
21:35:46.0555 7248 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:35:46.0575 7248 LanmanWorkstation - ok
21:35:46.0648 7248 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:35:46.0650 7248 lltdio - ok
21:35:46.0694 7248 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:35:46.0702 7248 lltdsvc - ok
21:35:46.0734 7248 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:35:46.0738 7248 lmhosts - ok
21:35:46.0749 7248 lmimirr - ok
21:35:46.0805 7248 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:35:46.0810 7248 LMS - ok
21:35:46.0842 7248 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:35:46.0845 7248 LSI_FC - ok
21:35:46.0877 7248 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:35:46.0880 7248 LSI_SAS - ok
21:35:46.0910 7248 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:35:46.0913 7248 LSI_SAS2 - ok
21:35:46.0954 7248 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:35:46.0957 7248 LSI_SCSI - ok
21:35:46.0985 7248 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:35:46.0989 7248 luafv - ok
21:35:47.0056 7248 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:35:47.0058 7248 MBAMProtector - ok
21:35:47.0144 7248 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:35:47.0151 7248 MBAMScheduler - ok
21:35:47.0215 7248 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:35:47.0226 7248 MBAMService - ok
21:35:47.0239 7248 McAfee SiteAdvisor Service - ok
21:35:47.0274 7248 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:35:47.0278 7248 Mcx2Svc - ok
21:35:47.0355 7248 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
21:35:47.0361 7248 MDM - ok
21:35:47.0397 7248 mdvrmng - ok
21:35:47.0425 7248 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:35:47.0428 7248 megasas - ok
21:35:47.0460 7248 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:35:47.0466 7248 MegaSR - ok
21:35:47.0508 7248 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:35:47.0512 7248 MMCSS - ok
21:35:47.0545 7248 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:35:47.0547 7248 Modem - ok
21:35:47.0589 7248 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:35:47.0591 7248 monitor - ok
21:35:47.0634 7248 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:35:47.0637 7248 mouclass - ok
21:35:47.0681 7248 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:35:47.0683 7248 mouhid - ok
21:35:47.0723 7248 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:35:47.0726 7248 mountmgr - ok
21:35:47.0791 7248 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:35:47.0795 7248 MpFilter - ok
21:35:47.0820 7248 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:35:47.0824 7248 mpio - ok
21:35:47.0855 7248 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:35:47.0858 7248 mpsdrv - ok
21:35:47.0908 7248 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:35:47.0923 7248 MpsSvc - ok
21:35:47.0959 7248 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:35:47.0963 7248 MRxDAV - ok
21:35:48.0007 7248 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:35:48.0012 7248 mrxsmb - ok
21:35:48.0056 7248 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:35:48.0062 7248 mrxsmb10 - ok
21:35:48.0104 7248 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:35:48.0108 7248 mrxsmb20 - ok
21:35:48.0140 7248 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:35:48.0142 7248 msahci - ok
21:35:48.0181 7248 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:35:48.0185 7248 msdsm - ok
21:35:48.0204 7248 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:35:48.0209 7248 MSDTC - ok
21:35:48.0239 7248 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:35:48.0241 7248 Msfs - ok
21:35:48.0273 7248 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:35:48.0275 7248 mshidkmdf - ok
21:35:48.0308 7248 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:35:48.0310 7248 msisadrv - ok
21:35:48.0351 7248 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:35:48.0356 7248 MSiSCSI - ok
21:35:48.0362 7248 msiserver - ok
21:35:48.0403 7248 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:35:48.0405 7248 MSKSSRV - ok
21:35:48.0489 7248 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:35:48.0490 7248 MsMpSvc - ok
21:35:48.0604 7248 [ 3D9DF5C79ABE835E58DF426B14600A33 ] msoidsvc C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
21:35:48.0637 7248 msoidsvc - ok
21:35:48.0673 7248 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:35:48.0674 7248 MSPCLOCK - ok
21:35:48.0700 7248 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:35:48.0702 7248 MSPQM - ok
21:35:48.0756 7248 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:35:48.0762 7248 MsRPC - ok
21:35:48.0797 7248 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:35:48.0799 7248 mssmbios - ok
21:35:48.0888 7248 MSSQL$MSSMLBIZ - ok
21:35:48.0953 7248 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:35:48.0955 7248 MSSQLServerADHelper - ok
21:35:48.0996 7248 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:35:48.0998 7248 MSTEE - ok
21:35:49.0032 7248 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:35:49.0034 7248 MTConfig - ok
21:35:49.0057 7248 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:35:49.0059 7248 Mup - ok
21:35:49.0101 7248 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:35:49.0111 7248 napagent - ok
21:35:49.0150 7248 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:35:49.0157 7248 NativeWifiP - ok
21:35:49.0216 7248 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:35:49.0230 7248 NDIS - ok
21:35:49.0263 7248 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:35:49.0266 7248 NdisCap - ok
21:35:49.0290 7248 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:35:49.0292 7248 NdisTapi - ok
21:35:49.0332 7248 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:35:49.0334 7248 Ndisuio - ok
21:35:49.0373 7248 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:35:49.0377 7248 NdisWan - ok
21:35:49.0419 7248 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:35:49.0421 7248 NDProxy - ok
21:35:49.0451 7248 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:35:49.0454 7248 Net Driver HPZ12 - ok
21:35:49.0493 7248 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:35:49.0495 7248 NetBIOS - ok
21:35:49.0538 7248 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:35:49.0543 7248 NetBT - ok
21:35:49.0564 7248 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:35:49.0567 7248 Netlogon - ok
21:35:49.0617 7248 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:35:49.0625 7248 Netman - ok
21:35:49.0658 7248 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:35:49.0667 7248 netprofm - ok
21:35:49.0704 7248 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:35:49.0707 7248 NetTcpPortSharing - ok
21:35:49.0908 7248 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
21:35:50.0077 7248 NETw5s64 - ok
21:35:50.0138 7248 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:35:50.0141 7248 nfrd960 - ok
21:35:50.0187 7248 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:35:50.0190 7248 NisDrv - ok
21:35:50.0225 7248 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:35:50.0230 7248 NisSrv - ok
21:35:50.0281 7248 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:35:50.0288 7248 NlaSvc - ok
21:35:50.0305 7248 [ FBCA3FD51604147770EB4FB53D6144A8 ] NMgamingmsFltr C:\Windows\system32\drivers\NMgamingms.sys
21:35:50.0307 7248 NMgamingmsFltr - ok
21:35:50.0369 7248 [ 8ACF8E802087880B821EC985FEACCD72 ] NMSAccess64 C:\Program Files\CDBurnerXP\NMSAccessU.exe
21:35:50.0372 7248 NMSAccess64 - ok
21:35:50.0411 7248 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:35:50.0414 7248 Npfs - ok
21:35:50.0437 7248 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:35:50.0441 7248 nsi - ok
 
TDSSKiller log (2/2)

21:35:50.0463 7248 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:35:50.0465 7248 nsiproxy - ok
21:35:50.0539 7248 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:35:50.0564 7248 Ntfs - ok
21:35:50.0601 7248 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:35:50.0604 7248 Null - ok
21:35:50.0639 7248 [ AD37248BD442D41C9A896E53EB8A85EE ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
21:35:50.0642 7248 NVHDA - ok
21:35:50.0968 7248 [ CA8447574E9DAE22250C723819D3EF96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:35:51.0238 7248 nvlddmkm - ok
21:35:51.0280 7248 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:35:51.0284 7248 nvraid - ok
21:35:51.0323 7248 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:35:51.0327 7248 nvstor - ok
21:35:51.0380 7248 [ AD1E49BCEB5D446A271C43BFA8FD71D2 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:35:51.0387 7248 nvsvc - ok
21:35:51.0423 7248 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:35:51.0426 7248 nv_agp - ok
21:35:51.0487 7248 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:35:51.0494 7248 odserv - ok
21:35:51.0534 7248 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:35:51.0538 7248 ohci1394 - ok
21:35:51.0593 7248 [ 5952C16DCC36907FE09F0F39311277A1 ] OpenVPNService C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe
21:35:51.0595 7248 OpenVPNService - ok
21:35:51.0663 7248 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:35:51.0666 7248 ose - ok
21:35:51.0861 7248 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:35:51.0986 7248 osppsvc - ok
21:35:52.0047 7248 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:35:52.0078 7248 p2pimsvc - ok
21:35:52.0108 7248 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:35:52.0124 7248 p2psvc - ok
21:35:52.0160 7248 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:35:52.0172 7248 Parport - ok
21:35:52.0213 7248 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:35:52.0216 7248 partmgr - ok
21:35:52.0263 7248 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:35:52.0268 7248 PcaSvc - ok
21:35:52.0302 7248 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:35:52.0306 7248 pci - ok
21:35:52.0340 7248 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:35:52.0353 7248 pciide - ok
21:35:52.0390 7248 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:35:52.0395 7248 pcmcia - ok
21:35:52.0409 7248 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:35:52.0411 7248 pcw - ok
21:35:52.0443 7248 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:35:52.0454 7248 PEAUTH - ok
21:35:52.0511 7248 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:35:52.0534 7248 PeerDistSvc - ok
21:35:52.0635 7248 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:35:52.0638 7248 PerfHost - ok
21:35:52.0718 7248 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:35:52.0741 7248 pla - ok
21:35:52.0796 7248 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:35:52.0805 7248 PlugPlay - ok
21:35:52.0852 7248 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:35:52.0855 7248 Pml Driver HPZ12 - ok
21:35:52.0881 7248 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:35:52.0885 7248 PNRPAutoReg - ok
21:35:52.0914 7248 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:35:52.0920 7248 PNRPsvc - ok
21:35:52.0976 7248 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:35:52.0986 7248 PolicyAgent - ok
21:35:53.0022 7248 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:35:53.0028 7248 Power - ok
21:35:53.0083 7248 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:35:53.0087 7248 PptpMiniport - ok
21:35:53.0128 7248 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:35:53.0131 7248 Processor - ok
21:35:53.0174 7248 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:35:53.0180 7248 ProfSvc - ok
21:35:53.0197 7248 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:35:53.0200 7248 ProtectedStorage - ok
21:35:53.0234 7248 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:35:53.0237 7248 Psched - ok
21:35:53.0264 7248 [ FD79ACB284B6BB288C8826FFF72778E9 ] qcfilterSny2k C:\Windows\system32\DRIVERS\qcfilterSny2k.sys
21:35:53.0266 7248 qcfilterSny2k - ok
21:35:53.0311 7248 [ D4168D8BEBCF573B8FFB2A0C09094DA3 ] qcusbnetsny2k C:\Windows\system32\DRIVERS\qcusbnetsny2k.sys
21:35:53.0317 7248 qcusbnetsny2k - ok
21:35:53.0365 7248 [ 3A5625922508A972345F096CB163D55B ] qcusbsersny2k C:\Windows\system32\DRIVERS\qcusbserSny2k.sys
21:35:53.0369 7248 qcusbsersny2k - ok
21:35:53.0412 7248 [ 4EF14082BF62F3B23C4E35453775FE68 ] QDLService2kSony C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe
21:35:53.0418 7248 QDLService2kSony - ok
21:35:53.0487 7248 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:35:53.0510 7248 ql2300 - ok
21:35:53.0553 7248 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:35:53.0557 7248 ql40xx - ok
21:35:53.0582 7248 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:35:53.0588 7248 QWAVE - ok
21:35:53.0627 7248 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:35:53.0630 7248 QWAVEdrv - ok
21:35:53.0793 7248 [ 5E0459ED0A8F540D2F7B6E52DA12C9D4 ] RapportCerberus_34302 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
21:35:53.0800 7248 RapportCerberus_34302 - ok
21:35:53.0925 7248 [ C3C5F9517AAC5848FFB7F66040780C3C ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
21:35:53.0927 7248 RapportEI64 - ok
21:35:53.0963 7248 [ F6CD072AF2E424CD4FF82194E36A6F3C ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
21:35:53.0966 7248 RapportKE64 - ok
21:35:54.0037 7248 [ C7D3492630472DC0546715DD4157B6C2 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
21:35:54.0052 7248 RapportMgmtService - ok
21:35:54.0096 7248 [ 819E5A7E3729273C252AE35F9E5E0BC8 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
21:35:54.0098 7248 RapportPG64 - ok
21:35:54.0126 7248 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:35:54.0128 7248 RasAcd - ok
21:35:54.0172 7248 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:35:54.0175 7248 RasAgileVpn - ok
21:35:54.0246 7248 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:35:54.0251 7248 RasAuto - ok
21:35:54.0303 7248 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:35:54.0307 7248 Rasl2tp - ok
21:35:54.0371 7248 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:35:54.0379 7248 RasMan - ok
21:35:54.0414 7248 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:35:54.0417 7248 RasPppoe - ok
21:35:54.0433 7248 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:35:54.0436 7248 RasSstp - ok
21:35:54.0470 7248 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:35:54.0476 7248 rdbss - ok
21:35:54.0497 7248 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
21:35:54.0499 7248 rdpbus - ok
21:35:54.0522 7248 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:35:54.0524 7248 RDPCDD - ok
21:35:54.0579 7248 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:35:54.0583 7248 RDPDR - ok
21:35:54.0618 7248 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:35:54.0620 7248 RDPENCDD - ok
21:35:54.0641 7248 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:35:54.0643 7248 RDPREFMP - ok
21:35:54.0684 7248 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:35:54.0689 7248 RDPWD - ok
21:35:54.0748 7248 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:35:54.0755 7248 rdyboost - ok
21:35:54.0835 7248 [ 3B71B5B91E7DCA93585D5A86C897ADC4 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:35:54.0849 7248 RegSrvc - ok
21:35:54.0879 7248 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:35:54.0883 7248 RemoteAccess - ok
21:35:54.0923 7248 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:35:54.0929 7248 RemoteRegistry - ok
21:35:55.0036 7248 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:35:55.0099 7248 RFCOMM - ok
21:35:55.0152 7248 [ 5CA4ABD888B602551B59BAA26941C167 ] rimspci C:\Windows\system32\drivers\rimssne64.sys
21:35:55.0155 7248 rimspci - ok
21:35:55.0177 7248 [ AA7B4AC7CB1281349CD61DE067F00D5D ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys
21:35:55.0179 7248 risdsnpe - ok
21:35:55.0219 7248 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:35:55.0223 7248 RpcEptMapper - ok
21:35:55.0246 7248 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:35:55.0249 7248 RpcLocator - ok
21:35:55.0300 7248 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:35:55.0309 7248 RpcSs - ok
21:35:55.0350 7248 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:35:55.0353 7248 rspndr - ok
21:35:55.0395 7248 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:35:55.0401 7248 s3cap - ok
21:35:55.0454 7248 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:35:55.0457 7248 SamSs - ok
21:35:55.0489 7248 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:35:55.0492 7248 sbp2port - ok
21:35:55.0518 7248 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:35:55.0525 7248 SCardSvr - ok
21:35:55.0562 7248 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:35:55.0565 7248 scfilter - ok
21:35:55.0622 7248 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:35:55.0641 7248 Schedule - ok
21:35:55.0677 7248 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:35:55.0679 7248 SCPolicySvc - ok
21:35:55.0722 7248 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
21:35:55.0726 7248 sdbus - ok
21:35:55.0761 7248 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:35:55.0768 7248 SDRSVC - ok
21:35:55.0797 7248 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:35:55.0799 7248 secdrv - ok
21:35:55.0837 7248 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:35:55.0842 7248 seclogon - ok
21:35:55.0872 7248 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:35:55.0877 7248 SENS - ok
21:35:55.0904 7248 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:35:55.0909 7248 SensrSvc - ok
21:35:55.0932 7248 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:35:55.0934 7248 Serenum - ok
21:35:55.0957 7248 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
21:35:55.0962 7248 Serial - ok
21:35:56.0009 7248 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:35:56.0011 7248 sermouse - ok
21:35:56.0058 7248 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:35:56.0063 7248 SessionEnv - ok
21:35:56.0099 7248 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\drivers\SFEP.sys
21:35:56.0102 7248 SFEP - ok
21:35:56.0140 7248 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:35:56.0144 7248 sffdisk - ok
21:35:56.0190 7248 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:35:56.0192 7248 sffp_mmc - ok
21:35:56.0233 7248 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:35:56.0235 7248 sffp_sd - ok
21:35:56.0276 7248 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:35:56.0280 7248 sfloppy - ok
21:35:56.0349 7248 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:35:56.0357 7248 SharedAccess - ok
21:35:56.0405 7248 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:35:56.0413 7248 ShellHWDetection - ok
21:35:56.0458 7248 [ C06CCD29F5C15B610237E86F82085E77 ] shpf C:\Windows\system32\DRIVERS\shpf.sys
21:35:56.0482 7248 shpf - ok
21:35:56.0531 7248 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:35:56.0534 7248 SiSRaid2 - ok
21:35:56.0570 7248 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:35:56.0573 7248 SiSRaid4 - ok
21:35:56.0613 7248 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:35:56.0617 7248 Smb - ok
21:35:56.0673 7248 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:35:56.0677 7248 SNMPTRAP - ok
21:35:56.0682 7248 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:35:56.0685 7248 spldr - ok
21:35:56.0727 7248 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:35:56.0739 7248 Spooler - ok
21:35:56.0857 7248 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:35:56.0931 7248 sppsvc - ok
21:35:56.0968 7248 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:35:56.0972 7248 sppuinotify - ok
21:35:57.0041 7248 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:35:57.0046 7248 SQLBrowser - ok
21:35:57.0109 7248 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:35:57.0113 7248 SQLWriter - ok
21:35:57.0146 7248 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:35:57.0154 7248 srv - ok

21:35:57.0194 7248 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:35:57.0201 7248 srv2 - ok
21:35:57.0242 7248 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:35:57.0247 7248 srvnet - ok
21:35:57.0286 7248 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:35:57.0293 7248 SSDPSRV - ok
21:35:57.0312 7248 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:35:57.0317 7248 SstpSvc - ok
21:35:57.0354 7248 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
21:35:57.0356 7248 StarOpen - ok
21:35:57.0376 7248 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:35:57.0378 7248 stexstor - ok
21:35:57.0421 7248 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
21:35:57.0423 7248 StillCam - ok
21:35:57.0468 7248 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:35:57.0481 7248 stisvc - ok
21:35:57.0520 7248 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:35:57.0523 7248 storflt - ok
21:35:57.0558 7248 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
21:35:57.0563 7248 StorSvc - ok
21:35:57.0583 7248 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:35:57.0597 7248 storvsc - ok
21:35:57.0614 7248 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:35:57.0616 7248 swenum - ok
21:35:57.0650 7248 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:35:57.0661 7248 swprv - ok
21:35:57.0713 7248 [ 2F827BB08CC7F1A17DF2EAD7B424D731 ] SynTP C:\Windows\system32\drivers\SynTP.sys
21:35:57.0719 7248 SynTP - ok
21:35:57.0813 7248 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:35:57.0840 7248 SysMain - ok
21:35:57.0875 7248 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:35:57.0880 7248 TabletInputService - ok
21:35:57.0935 7248 [ 8E918597ABB10DCF96810B3AFAD2E9D8 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
21:35:57.0956 7248 tap0901 - ok
21:35:57.0993 7248 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:35:58.0001 7248 TapiSrv - ok
21:35:58.0032 7248 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:35:58.0036 7248 TBS - ok
21:35:58.0119 7248 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:35:58.0172 7248 Tcpip - ok
21:35:58.0248 7248 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:35:58.0265 7248 TCPIP6 - ok
21:35:58.0308 7248 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:35:58.0310 7248 tcpipreg - ok
21:35:58.0336 7248 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:35:58.0339 7248 TDPIPE - ok
21:35:58.0374 7248 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:35:58.0376 7248 TDTCP - ok
21:35:58.0422 7248 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:35:58.0425 7248 tdx - ok
21:35:58.0564 7248 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
21:35:58.0618 7248 TeamViewer7 - ok
21:35:58.0659 7248 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:35:58.0662 7248 TermDD - ok
21:35:58.0715 7248 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:35:58.0727 7248 TermService - ok
21:35:58.0754 7248 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:35:58.0758 7248 Themes - ok
21:35:58.0787 7248 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:35:58.0791 7248 THREADORDER - ok
21:35:58.0828 7248 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:35:58.0833 7248 TrkWks - ok
21:35:58.0889 7248 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:35:58.0893 7248 TrustedInstaller - ok
21:35:58.0935 7248 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:35:58.0938 7248 tssecsrv - ok
21:35:58.0992 7248 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:35:58.0995 7248 TsUsbFlt - ok
21:35:59.0035 7248 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:35:59.0039 7248 tunnel - ok
21:35:59.0060 7248 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:35:59.0063 7248 uagp35 - ok
21:35:59.0100 7248 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:35:59.0107 7248 udfs - ok
21:35:59.0143 7248 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:35:59.0147 7248 UI0Detect - ok
21:35:59.0190 7248 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:35:59.0193 7248 uliagpkx - ok
21:35:59.0242 7248 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:35:59.0245 7248 umbus - ok
21:35:59.0283 7248 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:35:59.0285 7248 UmPass - ok
21:35:59.0337 7248 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
21:35:59.0343 7248 UmRdpService - ok
21:35:59.0443 7248 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:35:59.0478 7248 UNS - ok
21:35:59.0516 7248 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:35:59.0526 7248 upnphost - ok
21:35:59.0575 7248 [ 24BF32234F83DF598FE3F3E114964724 ] urvpndrv C:\Windows\system32\DRIVERS\covpnv64.sys
21:35:59.0578 7248 urvpndrv - ok
21:35:59.0630 7248 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:35:59.0633 7248 USBAAPL64 - ok
21:35:59.0664 7248 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:35:59.0668 7248 usbaudio - ok
21:35:59.0698 7248 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:35:59.0702 7248 usbccgp - ok
21:35:59.0726 7248 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:35:59.0730 7248 usbcir - ok
21:35:59.0745 7248 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:35:59.0766 7248 usbehci - ok
21:35:59.0805 7248 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:35:59.0812 7248 usbhub - ok
21:35:59.0826 7248 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:35:59.0842 7248 usbohci - ok
21:35:59.0874 7248 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:35:59.0876 7248 usbprint - ok
21:35:59.0911 7248 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:35:59.0914 7248 usbscan - ok
21:35:59.0949 7248 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:35:59.0953 7248 USBSTOR - ok
21:35:59.0967 7248 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:35:59.0970 7248 usbuhci - ok
21:36:00.0037 7248 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:36:00.0041 7248 usbvideo - ok
21:36:00.0082 7248 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:36:00.0086 7248 UxSms - ok
21:36:00.0175 7248 [ 6B31C9CB94927DBEEB62E15275F4CC54 ] VAIO Event Service C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
21:36:00.0180 7248 VAIO Event Service - ok
21:36:00.0277 7248 [ B8C9A7010AFD5CBBE194CB9EF7C4FD14 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
21:36:00.0287 7248 VAIO Power Management - ok
21:36:00.0310 7248 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:36:00.0312 7248 VaultSvc - ok
21:36:00.0371 7248 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
21:36:00.0373 7248 VCService - ok
21:36:00.0397 7248 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:36:00.0400 7248 vdrvroot - ok
21:36:00.0440 7248 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:36:00.0452 7248 vds - ok
21:36:00.0479 7248 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:36:00.0482 7248 vga - ok
21:36:00.0495 7248 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:36:00.0497 7248 VgaSave - ok
21:36:00.0539 7248 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:36:00.0545 7248 vhdmp - ok
21:36:00.0559 7248 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:36:00.0562 7248 viaide - ok
21:36:00.0614 7248 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:36:00.0619 7248 vmbus - ok
21:36:00.0647 7248 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:36:00.0664 7248 VMBusHID - ok
21:36:00.0697 7248 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:36:00.0700 7248 volmgr - ok
21:36:00.0745 7248 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:36:00.0752 7248 volmgrx - ok
21:36:00.0779 7248 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:36:00.0785 7248 volsnap - ok
21:36:00.0823 7248 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:36:00.0828 7248 vsmraid - ok
21:36:00.0900 7248 [ 0C6486B4DD55D137DEADF27295C10818 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
21:36:00.0913 7248 VSNService - ok
21:36:00.0982 7248 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:36:01.0010 7248 VSS - ok
21:36:01.0109 7248 [ FB4A1695D2D74F9C92CA5E84795CDBE1 ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
21:36:01.0128 7248 VUAgent - ok
21:36:01.0163 7248 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:36:01.0166 7248 vwifibus - ok
21:36:01.0178 7248 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:36:01.0181 7248 vwififlt - ok
21:36:01.0211 7248 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:36:01.0213 7248 vwifimp - ok
21:36:01.0256 7248 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:36:01.0265 7248 W32Time - ok
21:36:01.0299 7248 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:36:01.0302 7248 WacomPen - ok
21:36:01.0354 7248 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:36:01.0357 7248 WANARP - ok
21:36:01.0365 7248 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:36:01.0367 7248 Wanarpv6 - ok
21:36:01.0450 7248 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:36:01.0474 7248 WatAdminSvc - ok
21:36:01.0540 7248 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:36:01.0566 7248 wbengine - ok
21:36:01.0607 7248 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:36:01.0614 7248 WbioSrvc - ok
21:36:01.0658 7248 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:36:01.0666 7248 wcncsvc - ok
21:36:01.0719 7248 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:36:01.0741 7248 WcsPlugInService - ok
21:36:01.0767 7248 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:36:01.0784 7248 Wd - ok
21:36:01.0833 7248 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:36:01.0844 7248 Wdf01000 - ok
21:36:01.0858 7248 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:36:01.0863 7248 WdiServiceHost - ok
21:36:01.0870 7248 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:36:01.0874 7248 WdiSystemHost - ok
21:36:01.0925 7248 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:36:01.0932 7248 WebClient - ok
21:36:02.0001 7248 [ 36D802DBB03E01DADD3FC7D81AA72413 ] WebDriveFSD C:\Program Files\WebDrive\wdfsd.sys
21:36:02.0004 7248 WebDriveFSD - ok
21:36:02.0086 7248 [ B5264F95E6A039ED0EE4A98A5FCECF15 ] WebDriveService C:\Program Files\WebDrive\wdService.exe
21:36:02.0117 7248 WebDriveService - ok
21:36:02.0148 7248 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:36:02.0197 7248 Wecsvc - ok
21:36:02.0218 7248 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:36:02.0223 7248 wercplsupport - ok
21:36:02.0258 7248 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:36:02.0263 7248 WerSvc - ok
21:36:02.0332 7248 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:36:02.0334 7248 WfpLwf - ok
21:36:02.0354 7248 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:36:02.0356 7248 WIMMount - ok
21:36:02.0375 7248 WinDefend - ok
21:36:02.0384 7248 WinHttpAutoProxySvc - ok
21:36:02.0463 7248 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:36:02.0468 7248 Winmgmt - ok
21:36:02.0575 7248 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:36:02.0608 7248 WinRM - ok
21:36:02.0674 7248 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
21:36:02.0676 7248 WinUsb - ok
21:36:02.0719 7248 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:36:02.0736 7248 Wlansvc - ok
21:36:02.0861 7248 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:36:02.0896 7248 wlidsvc - ok
21:36:02.0943 7248 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:36:02.0945 7248 WmiAcpi - ok
21:36:02.0984 7248 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:36:02.0989 7248 wmiApSrv - ok
21:36:03.0013 7248 WMPNetworkSvc - ok
21:36:03.0033 7248 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:36:03.0037 7248 WPCSvc - ok
21:36:03.0080 7248 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:36:03.0085 7248 WPDBusEnum - ok
21:36:03.0112 7248 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:36:03.0114 7248 ws2ifsl - ok
21:36:03.0145 7248 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:36:03.0151 7248 wscsvc - ok
21:36:03.0193 7248 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:36:03.0196 7248 WSDPrintDevice - ok
21:36:03.0201 7248 WSearch - ok
21:36:03.0280 7248 [ EF260B05EA540A0D8834C19A46904FF2 ] WTGService C:\Program Files (x86)\InternetEverywhere\WTGService.exe
21:36:03.0286 7248 WTGService - ok
21:36:03.0372 7248 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:36:03.0414 7248 wuauserv - ok
21:36:03.0458 7248 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:36:03.0464 7248 WudfPf - ok
21:36:03.0490 7248 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:36:03.0494 7248 WUDFRd - ok
21:36:03.0524 7248 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:36:03.0529 7248 wudfsvc - ok
21:36:03.0563 7248 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:36:03.0570 7248 WwanSvc - ok
21:36:03.0663 7248 ================ Scan global ===============================
21:36:03.0689 7248 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:36:03.0727 7248 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:36:03.0743 7248 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:36:03.0781 7248 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:36:03.0807 7248 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:36:03.0815 7248 [Global] - ok
21:36:03.0820 7248 ================ Scan MBR ==================================
21:36:03.0834 7248 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:36:04.0011 7248 \Device\Harddisk0\DR0 - ok
21:36:04.0012 7248 ================ Scan VBR ==================================
21:36:04.0028 7248 [ 186CC73C8241311CBBD01B87FBEC87DB ] \Device\Harddisk0\DR0\Partition1
21:36:04.0030 7248 \Device\Harddisk0\DR0\Partition1 - ok
21:36:04.0046 7248 [ 6C9EA7056F25EC83819E7249F773D30E ] \Device\Harddisk0\DR0\Partition2
21:36:04.0048 7248 \Device\Harddisk0\DR0\Partition2 - ok
21:36:04.0053 7248 ============================================================
21:36:04.0053 7248 Scan finished
21:36:04.0053 7248 ============================================================
21:36:04.0081 7204 Detected object count: 0
21:36:04.0081 7204 Actual detected object count: 0
 
Broni: apologies - and please bear with me! I'm working 15+ hours this week. But I know I've got two more at least to do...I'll get there. Cheers, Jimmy
 
Sorry Broni - yes. Been on the road. Here's RogueKiller

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : SMason [Admin rights]
Mode : Remove -- Date : 10/09/2012 20:31:10
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ouc.exe -- C:\Users\smason\AppData\Roaming\T-Mobile Internet Manager\ouc.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 8 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{037E4D68-ED76-42EF-A319-26567CFDC4BD} : NameServer (172.31.139.17 172.30.139.17) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{9B5A6B87-D9E5-4C7F-9458-D035AEE95CF0} : NameServer (172.30.139.17 172.31.139.17) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{037E4D68-ED76-42EF-A319-26567CFDC4BD} : NameServer (172.31.139.17 172.30.139.17) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{9B5A6B87-D9E5-4C7F-9458-D035AEE95CF0} : NameServer (172.30.139.17 172.31.139.17) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++
--- User ---
[MBR] e42cdc99dcea2057066b32f6e147f398
[BSP] 789bd6ac891cc901d2dfe87a568ed825 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 7895 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16173056 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16377856 | Size: 468943 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
 
And the final one (I think?) for now.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-09 20:35:01
-----------------------------
20:35:01.592 OS Version: Windows x64 6.1.7601 Service Pack 1
20:35:01.593 Number of processors: 4 586 0x2502
20:35:01.594 ComputerName: SWITH-MARS UserName: SMason
20:35:02.993 Initialize success
20:44:36.189 AVAST engine defs: 12100900
20:44:47.736 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:44:47.739 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 476940MB BusType: 3
20:44:47.743 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000008a
20:44:47.747 Disk 1 Vendor: RICOH 02 Size: 476940MB BusType: 0
20:44:47.755 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000008b
20:44:47.759 Disk 2 Vendor: RICOH 02 Size: 476940MB BusType: 0
20:44:47.782 Disk 0 MBR read successfully
20:44:47.787 Disk 0 MBR scan
20:44:47.801 Disk 0 Windows 7 default MBR code
20:44:47.824 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 7895 MB offset 2048
20:44:47.896 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 16173056
20:44:47.974 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 468943 MB offset 16377856
20:44:48.153 Disk 0 scanning C:\Windows\system32\drivers
20:45:16.399 Service scanning
20:46:44.450 Modules scanning
20:46:44.460 Disk 0 trace - called modules:
20:46:44.469
20:46:47.437 AVAST engine scan C:\Windows
20:46:52.771 AVAST engine scan C:\Windows\system32
20:54:29.737 AVAST engine scan C:\Windows\system32\drivers
20:54:59.545 AVAST engine scan C:\Users\smason
21:07:19.544 AVAST engine scan C:\ProgramData
21:11:43.029 Scan finished successfully
21:12:05.464 Disk 0 MBR has been saved successfully to "C:\Users\smason\Desktop\MBR.dat"
21:12:05.618 The log file has been saved successfully to "C:\Users\smason\Desktop\aswMBR.txt"
 
Good :)

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

===============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If restarting doesn't help use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Last one Broni?

ComboFix 12-10-09.01 - Swith 09/10/2012 23:02:55.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3959.1854 [GMT 1:00]
Running from: c:\users\smason\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\CBrennan\Desktop\Internet Explorer.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\Swith\AppData\Local\temp
2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\marsadmin\AppData\Local\temp
2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\vbreese\AppData\Local\temp
2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\tempadmin\AppData\Local\temp
2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\lkimpton\AppData\Local\temp
2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\gtrehiou\AppData\Local\temp
2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\grenault\AppData\Local\temp
2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\focusedit\AppData\Local\temp
2012-10-09 22:17 . 2012-10-09 22:17 -------- d-----w- c:\users\CBrennan\AppData\Local\temp
2012-10-09 19:31 . 2012-10-03 06:02 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D83ABDA-4AE8-45EB-8593-24F4855813DB}\gapaengine.dll
2012-10-09 19:30 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0507D588-CEEF-44DD-A0FA-82CDAD44FCF7}\mpengine.dll
2012-10-04 11:59 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-28 06:30 . 2012-09-28 06:30 -------- d-----w- c:\users\Swith\AppData\Roaming\Malwarebytes
2012-09-28 05:06 . 2012-09-28 05:06 -------- d-----w- c:\windows\TempD00508E5-342A-F301-3942-50148A96F1C1-Signatures
2012-09-28 01:07 . 2012-09-28 01:07 -------- d-----w- c:\users\smason\AppData\Roaming\Malwarebytes
2012-09-28 01:07 . 2012-09-28 01:07 -------- d-----w- c:\programdata\Malwarebytes
2012-09-28 01:07 . 2012-09-07 16:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 01:07 . 2012-09-28 01:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-26 19:53 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-17 18:30 . 2012-09-24 10:30 -------- d-----w- c:\users\smason\Citrix
2012-09-12 06:46 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 06:46 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 06:46 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 06:46 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 06:46 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 06:46 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 06:46 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 19:17 . 2012-04-01 07:55 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 19:17 . 2012-01-26 22:55 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-03 06:02 . 2012-02-11 09:49 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-13 05:03 . 2010-07-26 15:15 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-30 21:03 . 2012-08-30 21:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 21:03 . 2011-04-27 15:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-07-18 18:15 . 2012-08-15 19:45 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-12-31 110592]
"WebDriveTray"="c:\program files\WebDrive\webdrive.exe" [2010-09-22 2488408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 16862600]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DataCardMonitor"="c:\program files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2010-08-14 253952]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"openvpn-gui"="c:\program files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe" [2010-08-11 265216]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-06-11 12099672]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 16862600]
.
c:\users\smason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2012-7-10 142336]
.
c:\users\Swith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2012-7-10 142336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWebServices"= 1 (0x1)
"NoPublishingWizard"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-11-30 19:20 98304 ------w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-19 133104]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-03-23 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-03-23 13952]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2011-03-23 421376]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltv64.sys [2010-12-15 18512]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-19 133104]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-24 244736]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 11264]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-26 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2011-11-07 63760]
S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2009-05-28 25120]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 87600]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-19 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-07 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-07 61712]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-03-23 1740696]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-09-28 2078112]
S2 NMSAccess64;NMSAccess64;c:\program files\CDBurnerXP\NMSAccessU.exe [2009-01-12 82872]
S2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-03 330488]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-10-29 93696]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-10-29 76800]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-01-29 822784]
S2 WebDriveFSD;WebDrive Filesystem Driver;c:\program files\WebDrive\wdfsd.sys [2010-09-22 118872]
S2 WTGService;WTGService;c:\program files (x86)\InternetEverywhere\WTGService.exe [2009-11-26 308688]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-03-23 86016]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-11-11 151936]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-10-08 62464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-11-09 84512]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);c:\windows\system32\DRIVERS\qcfilterSny2k.sys [2009-12-03 6400]
S3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);c:\windows\system32\DRIVERS\qcusbnetsny2k.sys [2009-12-03 240640]
S3 qcusbsersny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);c:\windows\system32\DRIVERS\qcusbserSny2k.sys [2009-12-03 121216]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnv64.sys [2010-12-15 41424]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:17]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-19 11:28]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-19 11:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2009-07-20 14:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2009-07-20 14:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WebDrive]
@="{37D70BD3-073C-4180-ADD9-C032EA5A7204}"
[HKEY_CLASSES_ROOT\CLSID\{37D70BD3-073C-4180-ADD9-C032EA5A7204}]
2010-09-22 14:31 1879552 ----a-w- c:\windows\System32\wdShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-07 9636896]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-07-20 84744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-19 171520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 16397416]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://news.bbc.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{037E4D68-ED76-42EF-A319-26567CFDC4BD}: NameServer = 172.31.139.17 172.30.139.17
TCP: Interfaces\{9B5A6B87-D9E5-4C7F-9458-D035AEE95CF0}: NameServer = 172.30.139.17 172.31.139.17
DPF: {8DE0DD41-EC3C-4680-964B-D75BDAACAA2B} - hxxps://connect.rbs.com/policy/download_binary.php/win32/f5syschk.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-09 23:23:01
ComboFix-quarantined-files.txt 2012-10-09 22:23
.
Pre-Run: 379,676,319,744 bytes free
Post-Run: 381,489,385,472 bytes free
.
- - End Of File - - 768D3D27F2878AA6B3F86B4CFB814BDF
 
Looks good :)

Any current issues?

======================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Got it Broni:

OTL logfile created on: 10/11/2012 7:41:31 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\smason\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.87 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 45.98% Memory free
7.73 Gb Paging File | 5.12 Gb Available in Paging File | 66.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.95 Gb Total Space | 356.24 Gb Free Space | 77.79% Space Free | Partition Type: NTFS

Computer Name: SWITH-MARS | User Name: Swith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/11 07:40:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\smason\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/27 21:40:12 | 012,100,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe
PRC - [2012/07/16 15:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/07/16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/07/16 15:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/07/10 23:01:28 | 000,142,336 | ---- | M] () -- c:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2012/03/24 19:42:16 | 000,647,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
PRC - [2011/11/07 22:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 22:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/03/23 17:32:20 | 001,740,696 | ---- | M] () -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2011/02/14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011/01/29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010/08/14 15:51:14 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
PRC - [2010/08/11 15:23:54 | 000,265,216 | ---- | M] () -- C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
PRC - [2010/05/28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
PRC - [2010/03/11 01:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/03/11 01:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009/12/31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\smason\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
PRC - [2009/12/03 10:27:28 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe
PRC - [2009/11/30 20:20:00 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
PRC - [2009/11/26 17:44:50 | 000,308,688 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\WTGService.exe
PRC - [2009/11/20 09:58:20 | 002,557,296 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\Setting Utility Series\WBCBatteryCare.exe
PRC - [2009/10/02 22:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 22:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/09/04 22:35:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/08/26 20:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/10 23:01:28 | 000,142,336 | ---- | M] () -- c:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
MOD - [2012/06/14 11:03:29 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 11:03:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 06:04:13 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/28 21:37:43 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2012/05/10 06:57:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 06:56:05 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/10 06:55:55 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 06:55:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 06:55:47 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 06:55:35 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/30 21:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2010/08/11 15:23:54 | 000,265,216 | ---- | M] () -- C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/01/13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011/02/14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011/01/29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010/09/22 15:32:18 | 002,183,768 | ---- | M] (South River Technologies, LLC) [Auto | Running] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
SRV:64bit: - [2010/03/04 17:40:22 | 006,066,600 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Program Files\Canon\DIAS\CnxDIAS.exe -- (Canon Driver Information Assist Service)
SRV:64bit: - [2010/01/29 10:30:34 | 000,822,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2009/11/30 20:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009/09/21 17:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2009/09/21 17:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/09/04 22:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/01/12 09:15:52 | 000,082,872 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess64)
SRV - [2012/10/09 20:17:19 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/11/07 22:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/03/23 17:32:20 | 001,740,696 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2010/08/11 15:23:54 | 000,039,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/05/28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/05/28 03:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/03 10:27:28 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe -- (QDLService2kSony)
SRV - [2009/11/26 17:44:50 | 000,308,688 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\InternetEverywhere\WTGService.exe -- (WTGService)
SRV - [2009/10/02 22:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/10/01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/06 18:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/07 22:28:40 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2011/03/23 16:15:44 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2011/03/23 16:15:44 | 000,221,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011/03/23 16:15:44 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2011/03/23 16:15:44 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2011/03/23 16:15:44 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/15 12:02:14 | 000,041,424 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv)
DRV:64bit: - [2010/12/15 12:02:08 | 000,018,512 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/22 15:32:14 | 000,118,872 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV:64bit: - [2010/08/11 15:23:52 | 000,038,480 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/12/03 09:47:44 | 000,240,640 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbnetsny2k.sys -- (qcusbnetsny2k)
DRV:64bit: - [2009/12/03 09:47:44 | 000,121,216 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbserSny2k.sys -- (qcusbsersny2k)
DRV:64bit: - [2009/12/03 09:47:44 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcfilterSny2k.sys -- (qcfilterSny2k)
DRV:64bit: - [2009/11/24 21:25:07 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/11/24 21:24:10 | 007,773,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/18 21:04:10 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/11/18 21:04:09 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/11/18 21:04:09 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/11/18 21:04:08 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/11/18 21:03:38 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009/11/11 03:05:01 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/09 21:05:19 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/09 21:04:24 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/11/02 02:47:16 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/29 21:09:32 | 000,076,800 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009/10/29 21:09:23 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009/10/08 21:10:52 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/10/05 11:08:44 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/10/02 21:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/15 13:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/08/19 21:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/07/24 08:55:10 | 000,011,264 | ---- | M] (Primax Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NMgamingms.sys -- (NMgamingmsFltr)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 21:03:08 | 000,025,120 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\shpf.sys -- (shpf)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/12/19 10:45:03 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2011/11/07 22:28:40 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/11/07 22:28:40 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/03/23 17:17:48 | 000,010,240 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2009/11/26 16:52:54 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..\SearchScopes,DefaultScope = {0A364059-F301-477C-8651-35A342E648E9}
IE - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..\SearchScopes\{0A364059-F301-477C-8651-35A342E648E9}: "URL" = http://www.google.com/search?q={sea...ng?}&oe={outputEncoding?}&rlz=1I7ADFA_enGB468
IE - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
2/2

IE - HKU\S-1-5-21-819168926-2306700828-1092731191-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-819168926-2306700828-1092731191-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - HKU\S-1-5-21-819168926-2306700828-1092731191-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-819168926-2306700828-1092731191-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-819168926-2306700828-1092731191-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/12 22:08:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/12 22:08:57 | 000,000,000 | ---D | M]

[2012/07/27 21:37:30 | 000,031,848 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

O1 HOSTS File: ([2012/10/09 23:18:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O3 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-819168926-2306700828-1092731191-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [openvpn-gui] C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe ()
O4 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKU\S-1-5-21-819168926-2306700828-1092731191-1004..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKU\S-1-5-21-819168926-2306700828-1092731191-1004..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-819168926-2306700828-1092731191-1004..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe (South River Technologies, LLC)
O4 - Startup: C:\Users\smason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Users\Swith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-819168926-2306700828-1092731191-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-819168926-2306700828-1092731191-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..Trusted Domains: rbs.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..Trusted Domains: rbs.com ([connect] https in Trusted sites)
O15 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..Trusted Domains: rbsgrp.net ([]https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} C:\Users\smason\AppData\Local\Temp\f5tmp\urxvpn.cab (F5 Networks VPN Manager)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\smason\AppData\Local\Temp\f5tmp\f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\Swith\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://connect.rbs.com/vdesk/terminal/f5InspectionHost.cab (F5 Networks Policy Agent Host Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8DE0DD41-EC3C-4680-964B-D75BDAACAA2B} https://connect.rbs.com/policy/download_binary.php/win32/f5syschk.cab (F5 Networks File Policy Agent)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://connect.rbs.com/vdesk/terminal/urxshost.cab (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\smason\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mchj.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{037E4D68-ED76-42EF-A319-26567CFDC4BD}: NameServer = 172.31.139.17 172.30.139.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E37588F-0867-4D56-8CF9-459548D4F801}: DhcpNameServer = 192.168.28.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3301F999-6DD0-4576-80E4-44E76286F43C}: DhcpNameServer = 192.168.28.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79FD073A-0267-465F-9A40-25D7BEF2BDF3}: DhcpNameServer = 192.168.28.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B5A6B87-D9E5-4C7F-9458-D035AEE95CF0}: NameServer = 172.30.139.17 172.31.139.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3E7BCBC-09AF-49F8-A1BA-BD1C77BB7D5A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/11 07:21:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/11 06:25:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/09 22:57:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/09 22:57:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/09 22:57:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/09 22:56:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/09 22:56:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/28 07:30:13 | 000,000,000 | ---D | C] -- C:\Users\Swith\AppData\Roaming\Malwarebytes
[2012/09/28 06:06:54 | 000,000,000 | ---D | C] -- C:\Windows\TempD00508E5-342A-F301-3942-50148A96F1C1-Signatures
[2012/09/28 02:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/28 02:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/28 02:07:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/28 02:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/11 07:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/11 07:24:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/11 07:22:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/11 06:52:26 | 000,013,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/11 06:52:26 | 000,013,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/11 06:47:54 | 000,796,332 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/11 06:47:54 | 000,678,552 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/11 06:47:54 | 000,129,458 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/11 06:42:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/11 06:42:02 | 3113,398,272 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/09 23:18:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/09 21:29:49 | 652,308,224 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/02 06:03:34 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/28 02:07:40 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/17 15:41:12 | 000,113,914 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/09 22:57:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/09 22:57:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/09 22:57:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/09 22:57:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/09 22:57:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/28 02:07:40 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/02 18:53:11 | 000,231,375 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2012/09/02 18:53:11 | 000,001,501 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2012/01/23 20:19:48 | 000,067,156 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2012/01/23 20:19:44 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\mdvrmng.sys
[2011/01/07 10:31:06 | 000,113,914 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/04 19:39:02 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/07/20 19:56:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/07/28 10:58:53 | 000,000,000 | ---D | M] -- C:\Users\CBrennan\AppData\Roaming\Protector Suite
[2011/04/28 03:24:34 | 000,000,000 | ---D | M] -- C:\Users\CBrennan\AppData\Roaming\Trusteer
[2011/09/27 10:01:48 | 000,000,000 | ---D | M] -- C:\Users\CBrennan\AppData\Roaming\webex
[2010/11/01 11:39:45 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2010/11/01 11:39:45 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2011/01/07 10:32:36 | 000,000,000 | ---D | M] -- C:\Users\focusedit\AppData\Roaming\Protector Suite
[2010/11/01 11:39:45 | 000,000,000 | ---D | M] -- C:\Users\focusedit\AppData\Roaming\Trusteer
[2011/11/08 17:24:20 | 000,000,000 | ---D | M] -- C:\Users\grenault\AppData\Roaming\Protector Suite
[2011/09/27 10:01:22 | 000,000,000 | ---D | M] -- C:\Users\grenault\AppData\Roaming\webex
[2011/05/04 14:50:13 | 000,000,000 | ---D | M] -- C:\Users\gtrehiou\AppData\Roaming\Protector Suite
[2011/05/04 14:49:51 | 000,000,000 | ---D | M] -- C:\Users\gtrehiou\AppData\Roaming\Trusteer
[2011/06/03 15:32:09 | 000,000,000 | ---D | M] -- C:\Users\lkimpton\AppData\Roaming\FileZilla
[2011/06/29 10:30:42 | 000,000,000 | ---D | M] -- C:\Users\lkimpton\AppData\Roaming\Protector Suite
[2011/06/29 10:30:12 | 000,000,000 | ---D | M] -- C:\Users\lkimpton\AppData\Roaming\Trusteer
[2012/01/23 20:20:55 | 000,000,000 | ---D | M] -- C:\Users\marsadmin\AppData\Roaming\Birdstep Technology
[2011/12/22 10:18:25 | 000,000,000 | ---D | M] -- C:\Users\marsadmin\AppData\Roaming\Protector Suite
[2012/01/11 12:20:44 | 000,000,000 | ---D | M] -- C:\Users\marsadmin\AppData\Roaming\TeamViewer
[2010/11/01 11:39:45 | 000,000,000 | ---D | M] -- C:\Users\marsadmin\AppData\Roaming\Trusteer
[2011/02/03 12:15:22 | 000,000,000 | ---D | M] -- C:\Users\smason\AppData\Roaming\Auslogics
[2012/04/17 20:55:17 | 000,000,000 | ---D | M] -- C:\Users\smason\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/01/30 22:51:27 | 000,000,000 | ---D | M] -- C:\Users\smason\AppData\Roaming\Birdstep Technology
[2012/03/03 17:45:23 | 000,000,000 | ---D | M] -- C:\Users\smason\AppData\Roaming\ICAClient
[2011/01/07 10:37:45 | 000,000,000 | ---D | M] -- C:\Users\smason\AppData\Roaming\Protector Suite
[2011/03/07 12:48:47 | 000,000,000 | ---D | M] -- C:\Users\smason\AppData\Roaming\T-Mobile Internet Manager
[2012/01/15 14:47:27 | 000,000,000 | ---D | M] -- C:\Users\smason\AppData\Roaming\TeamViewer
[2011/01/07 10:37:21 | 000,000,000 | ---D | M] -- C:\Users\smason\AppData\Roaming\Trusteer
[2011/03/30 16:22:26 | 000,000,000 | ---D | M] -- C:\Users\smason\AppData\Roaming\webex
[2010/11/06 12:28:53 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\Amazon
[2010/08/16 07:06:54 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\Auslogics
[2010/07/18 21:36:06 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/07/23 19:00:26 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\InternetEverywhere
[2010/07/16 08:19:43 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\Protector Suite
[2010/07/19 07:47:09 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\SoftGrid Client
[2010/08/14 15:51:12 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\T-Mobile
[2010/08/14 16:22:08 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\T-Mobile Internet Manager
[2010/07/16 08:37:48 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\TP
[2010/09/13 08:42:36 | 000,000,000 | ---D | M] -- C:\Users\Swith\AppData\Roaming\Trusteer
[2011/07/05 10:52:25 | 000,000,000 | ---D | M] -- C:\Users\tempadmin\AppData\Roaming\Protector Suite
[2010/11/01 11:39:45 | 000,000,000 | ---D | M] -- C:\Users\tempadmin\AppData\Roaming\Trusteer
[2011/12/19 10:36:17 | 000,000,000 | ---D | M] -- C:\Users\vbreese\AppData\Roaming\Protector Suite

========== Purity Check ==========


< End of report >
 
And Extras.txt

OTL Extras logfile created on: 10/11/2012 7:41:31 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\smason\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.87 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 45.98% Memory free
7.73 Gb Paging File | 5.12 Gb Available in Paging File | 66.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.95 Gb Total Space | 356.24 Gb Free Space | 77.79% Space Free | Partition Type: NTFS

Computer Name: SWITH-MARS | User Name: Swith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"AllowLocalPolicyMerge" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"AllowLocalIPsecPolicyMerge" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = localsubnet

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = localsubnet

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"FPS-LLMNR-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28548|Desc=@FirewallAPI.dll,-28549|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP6-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP4-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-SpoolSvc-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Datagram-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Name-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-SMB-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Session-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|
"CoreNet-IPv6-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-IPHTTPS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|Name=@FirewallAPI.dll,-25426|Desc=@FirewallAPI.dll,-25428|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-Teredo-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-DHCPV6-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25304|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-DHCP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-IGMP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP4-DUFRAG-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LD-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LR2-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LR-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-RS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|Name=@FirewallAPI.dll,-25009|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-RA-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-NDA-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-NDS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-PP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-TE-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-PTB-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-DU-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"NETDIS-FDRESPUB-WSD-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-LLMNR-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-FDPHOST-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-SSDPSrv-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-WSDEVNT-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5357|App=System|Name=@FirewallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-WSDEVNTS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5358|App=System|Name=@FirewallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-NB_Datagram-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=138|App=System|Name=@FirewallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-NB_Name-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=137|App=System|Name=@FirewallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-UPnPHost-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|App=System|Name=@FirewallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|
"RemoteAdmin-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29765|Desc=@FirewallAPI.dll,-29768|EmbedCtxt=@FirewallAPI.dll,-29752|
"RemoteAdmin-NP-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=445|App=System|Name=@FirewallAPI.dll,-29757|Desc=@FirewallAPI.dll,-29760|EmbedCtxt=@FirewallAPI.dll,-29752|
"RemoteAdmin-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=*|Name=@FirewallAPI.dll,-29753|Desc=@FirewallAPI.dll,-29756|EmbedCtxt=@FirewallAPI.dll,-29752|
"RemoteDesktop-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|
"WMI-ASYNC-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|
"WMI-WINMGMT-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|
"WMI-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|
"CoreNet-GP-LSASS-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-DNS-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-GP-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-GP-NP-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-IPv6-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-IPHTTPS-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25427|Desc=@FirewallAPI.dll,-25429|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-Teredo-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-DHCPV6-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25305|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-DHCP-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-IGMP-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LD-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LR2-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LR-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LQ-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-RS-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA4=LocalSubnet|RA6=LocalSubnet|RA6=ff02::2|RA6=fe80::/64|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-RA-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA4=LocalSubnet|RA6=LocalSubnet|RA6=ff02::1|RA6=fe80::/64|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-NDA-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-NDS-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-PP-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-TE-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-PTB-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|
"FPS-LLMNR-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28550|Desc=@FirewallAPI.dll,-28551|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP6-ERQ-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP4-ERQ-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Datagram-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Name-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-SMB-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Session-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|
"NETDIS-FDRESPUB-WSD-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-LLMNR-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-FDPHOST-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-UPnP-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-SSDPSrv-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-WSDEVNT-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=5357|App=System|Name=@FirewallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-WSDEVNTS-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=5358|App=System|Name=@FirewallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-NB_Datagram-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=138|App=System|Name=@FirewallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-NB_Name-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=137|App=System|Name=@FirewallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-UPnPHost-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@FirewallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|
"{A460EF61-54C5-438A-A01A-D9DC938C4F34}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=Remote Assistance (DCOM-In)|Desc=Inbound rule for Remote Assistance to allow offers for assistance via DCOM. [TCP 135]|
"{0AABDA7B-C8BC-4ABA-A528-8F2F35C76C16}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=Remote Assistance (PNRP-In)|Desc=Inbound rule for Remote Assistance to allow use Peer Name Resolution Protocol. [UDP 3540]|
"{1A843BC2-4DC5-49C7-B090-BF81F7F1F3E8}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\raserver.exe|Name=Remote Assistance (RA Server TCP-In)|Desc=Inbound rule for Remote Assistance to allow offers for assistance. [TCP]|
"{76DC1A5A-7DE1-47AB-8E17-520B2F994443}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP TCP-In)|Desc=Inbound rule for Remote Assistance to allow use of Universal Plug and Play. [TCP 2869]|
"{813F24CF-3A72-4A6A-9422-8BF0CF924051}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP UDP-In)|Desc=Inbound rule for Remote Assistance to allow use of the Simple Service Discovery Protocol. [UDP 1900]|
"{A6A79CA3-246D-430D-AFFB-3CDB31D7E158}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=Remote Assistance (TCP-In)|Desc=Inbound rule for Remote Assistance traffic. [TCP]|
"{5CE5A3AE-910C-492F-96AB-F86D53EC6373}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=Remote Assistance (PNRP-Out)|Desc=Outbound rule for Remote Assistance to allow use of Peer Name Resolution Protocol. [UDP]|
"{CBB9EC46-06AE-4F2E-B50C-16392DD8E4FF}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\raserver.exe|Name=Remote Assistance (RA Server TCP-Out)|Desc=Outbound rule for Remote Assistance to allow offers for assistance. [TCP]|
"{0D07F8B9-6FD3-42C8-A8B3-6F758A412F63}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP TCP-Out)|Desc=Outbound rule for Remote Assistance to allow use of Universal Plug and Play. [TCP]|
"{FA5BD56E-BCA7-48C3-8975-F2434F460BC8}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP UDP-Out)|Desc=Outbound rule for Remote Assistance to allow use of the Simple Service Discovery Protocol. [UDP 1900]|
"{7D43157C-6142-47B8-B5E3-AB80A8304278}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=Remote Assistance (TCP-Out)|Desc=Outbound rule for Remote Assistance traffic. [TCP]|

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DisableUnicastResponsesToMulticastBroadcast" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"AllowLocalPolicyMerge" = 1
"DefaultOutboundAction" = 0
"AllowLocalIPsecPolicyMerge" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 1
"DisableNotifications" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"AllowLocalPolicyMerge" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"AllowLocalIPsecPolicyMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = localsubnet

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = localsubnet

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"FPS-LLMNR-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28548|Desc=@FirewallAPI.dll,-28549|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP6-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP4-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-SpoolSvc-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Datagram-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Name-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-SMB-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Session-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|
"CoreNet-IPv6-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-IPHTTPS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|Name=@FirewallAPI.dll,-25426|Desc=@FirewallAPI.dll,-25428|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-Teredo-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-DHCPV6-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25304|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-DHCP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-IGMP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP4-DUFRAG-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LD-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LR2-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LR-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-RS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|Name=@FirewallAPI.dll,-25009|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-RA-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-NDA-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-NDS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-PP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-TE-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-PTB-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-DU-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"NETDIS-FDRESPUB-WSD-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-LLMNR-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-FDPHOST-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-SSDPSrv-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-WSDEVNT-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5357|App=System|Name=@FirewallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-WSDEVNTS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5358|App=System|Name=@FirewallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-NB_Datagram-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=138|App=System|Name=@FirewallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-NB_Name-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=137|App=System|Name=@FirewallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-UPnPHost-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|App=System|Name=@FirewallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|
"RemoteAdmin-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29765|Desc=@FirewallAPI.dll,-29768|EmbedCtxt=@FirewallAPI.dll,-29752|
"RemoteAdmin-NP-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=445|App=System|Name=@FirewallAPI.dll,-29757|Desc=@FirewallAPI.dll,-29760|EmbedCtxt=@FirewallAPI.dll,-29752|
"RemoteAdmin-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=*|Name=@FirewallAPI.dll,-29753|Desc=@FirewallAPI.dll,-29756|EmbedCtxt=@FirewallAPI.dll,-29752|
"RemoteDesktop-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|
"WMI-ASYNC-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|
"WMI-WINMGMT-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|
"WMI-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|
"CoreNet-GP-LSASS-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-DNS-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-GP-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-GP-NP-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-IPv6-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-IPHTTPS-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25427|Desc=@FirewallAPI.dll,-25429|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-Teredo-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-DHCPV6-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25305|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-DHCP-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-IGMP-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LD-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LR2-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LR-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LQ-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-RS-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA4=LocalSubnet|RA6=LocalSubnet|RA6=ff02::2|RA6=fe80::/64|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-RA-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA4=LocalSubnet|RA6=LocalSubnet|RA6=ff02::1|RA6=fe80::/64|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-NDA-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-NDS-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-PP-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-TE-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-PTB-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|
"FPS-LLMNR-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28550|Desc=@FirewallAPI.dll,-28551|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP6-ERQ-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP4-ERQ-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Datagram-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Name-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-SMB-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Session-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|
"NETDIS-FDRESPUB-WSD-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-LLMNR-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-FDPHOST-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-UPnP-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-SSDPSrv-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-WSDEVNT-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=5357|App=System|Name=@FirewallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-WSDEVNTS-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=5358|App=System|Name=@FirewallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-NB_Datagram-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=138|App=System|Name=@FirewallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-NB_Name-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=137|App=System|Name=@FirewallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|
"NETDIS-UPnPHost-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@FirewallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|
"{A460EF61-54C5-438A-A01A-D9DC938C4F34}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=Remote Assistance (DCOM-In)|Desc=Inbound rule for Remote Assistance to allow offers for assistance via DCOM. [TCP 135]|
"{0AABDA7B-C8BC-4ABA-A528-8F2F35C76C16}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=Remote Assistance (PNRP-In)|Desc=Inbound rule for Remote Assistance to allow use Peer Name Resolution Protocol. [UDP 3540]|
"{1A843BC2-4DC5-49C7-B090-BF81F7F1F3E8}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\raserver.exe|Name=Remote Assistance (RA Server TCP-In)|Desc=Inbound rule for Remote Assistance to allow offers for assistance. [TCP]|
"{76DC1A5A-7DE1-47AB-8E17-520B2F994443}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP TCP-In)|Desc=Inbound rule for Remote Assistance to allow use of Universal Plug and Play. [TCP 2869]|
"{813F24CF-3A72-4A6A-9422-8BF0CF924051}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP UDP-In)|Desc=Inbound rule for Remote Assistance to allow use of the Simple Service Discovery Protocol. [UDP 1900]|
"{A6A79CA3-246D-430D-AFFB-3CDB31D7E158}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=Remote Assistance (TCP-In)|Desc=Inbound rule for Remote Assistance traffic. [TCP]|
"{5CE5A3AE-910C-492F-96AB-F86D53EC6373}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=Remote Assistance (PNRP-Out)|Desc=Outbound rule for Remote Assistance to allow use of Peer Name Resolution Protocol. [UDP]|
"{CBB9EC46-06AE-4F2E-B50C-16392DD8E4FF}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\raserver.exe|Name=Remote Assistance (RA Server TCP-Out)|Desc=Outbound rule for Remote Assistance to allow offers for assistance. [TCP]|
"{0D07F8B9-6FD3-42C8-A8B3-6F758A412F63}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP TCP-Out)|Desc=Outbound rule for Remote Assistance to allow use of Universal Plug and Play. [TCP]|
"{FA5BD56E-BCA7-48C3-8975-F2434F460BC8}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP UDP-Out)|Desc=Outbound rule for Remote Assistance to allow use of the Simple Service Discovery Protocol. [UDP 1900]|
"{7D43157C-6142-47B8-B5E3-AB80A8304278}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=Remote Assistance (TCP-Out)|Desc=Outbound rule for Remote Assistance traffic. [TCP]|
 
2/2

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DisableUnicastResponsesToMulticastBroadcast" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"AllowLocalPolicyMerge" = 1
"DefaultOutboundAction" = 0
"AllowLocalIPsecPolicyMerge" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 1
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FCED8F-C481-4ABD-AAEA-0F854B984CE6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11344E73-A038-4906-995A-0F6C225215CB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{11C9B6A3-1286-4DB8-8C0A-D98CE3DCDF43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1E4100E8-1807-484D-8BCD-B101FA23CE3E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{289C6482-81B6-4EB3-B3BD-0AF6A067E56E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F968841-7117-4A45-ACE9-3870C0105A57}" = rport=10243 | protocol=6 | dir=out | app=system |
"{43770286-6A9B-49D4-869D-5850D1D359F7}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{46E20E18-A1CB-4C01-BF74-BBD667B251BA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4D6784BC-2931-4834-B384-4F1006DD9D9E}" = lport=137 | protocol=17 | dir=in | app=system |
"{4DB33342-52F0-4B52-ACA0-F39C751409CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4DDD1ED0-22A9-43F5-A05F-7A3694561A1C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5457F245-B5FE-4B84-BAF3-DBA2C9D258D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{675E11E2-C3CC-4D5D-AE23-B52CF64A59BB}" = lport=139 | protocol=6 | dir=in | app=system |
"{6E9CB73F-46E9-4DAF-BDD7-1C68A91039CE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{70149DE7-8399-484A-96E0-8742D89CF826}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{778FFFDA-A8E0-4DDC-AC30-75FCEBD8ADAE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{79AF9ACD-374E-43DD-AAA8-83E9A45FF5B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{866F81F1-B258-494F-8A04-5F677F19F110}" = lport=445 | protocol=6 | dir=in | app=system |
"{86A91E50-E64E-4F56-8671-C0FC07700AF9}" = rport=445 | protocol=6 | dir=out | app=system |
"{8CDE3B5C-2BB4-460E-AD0A-2E429CE7A2E0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D1DCC77-5E6D-4DF9-9723-D887868F538A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FF87BD2-604D-4529-8AE9-4A345905B8C1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{91BF951E-57F0-4CE8-AA7A-41BE76FE02B1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{96212DB8-1360-4B84-9D2B-7C31475F65D8}" = rport=138 | protocol=17 | dir=out | app=system |
"{9A6F5B8D-1891-4F2B-93B7-5875B81113CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F24E329-B8FB-41FC-9BDD-0FA0BD410B0F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{AA700B8B-3A12-4FFD-9E20-BB1C1D4D070A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AE59F478-2837-4154-92AA-88F562B67A09}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B1CEB7C3-BC23-447B-840B-3CC935EBBFE2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BBF94CBB-57D7-475B-8D20-80651E8D1A1C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C0C71C5F-16C6-4FB9-B03D-2D943B3A252E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1FA1824-BD4C-4998-8B80-FE6F2A7F1F30}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D854CFAC-A1E7-41E8-96EB-0AF6C289458E}" = rport=137 | protocol=17 | dir=out | app=system |
"{DBD8292F-4B88-4781-B685-183FD55B91BF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DF21B017-B4FE-4633-9C15-DDE7A25BC022}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EBB64CA8-E0C2-409D-A72F-F49DB141565A}" = rport=139 | protocol=6 | dir=out | app=system |
"{F05B71D7-9912-442E-A17A-F3D5B5CEDD16}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0511F8D3-6C6E-46D7-AE6E-C434A9FF0930}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{08ECB300-A76A-4275-B97E-977F4DDBC761}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{097A95E8-6C70-4B41-B2DC-6CF938D1A943}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{0A6E1BFA-6582-485E-B8A8-D8036CFE772E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{1AF224DE-2B09-405C-8DED-CED48688C5BD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1B432DE7-5215-4C29-AEC4-059DCDB5524E}" = dir=in | app=c:\program files (x86)\microsoft lync\ucmapi.exe |
"{33524F3A-2C7B-49B5-A4F6-8018551598AB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{34075982-D024-4703-BC07-9BFAE87F61D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{35669107-5F8B-4C2E-BE76-F7E3E5C72259}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{360E1357-DD2F-4076-95A1-26E8C9338F6C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3993EEF2-A11F-4937-81F7-9CB33E4169EA}" = protocol=17 | dir=in | app=c:\program files (x86)\gladinet\gladinet cloud desktop\gladinetclient.exe |
"{3A63129C-6096-4EA9-8A76-4C20C5B5B6F1}" = protocol=6 | dir=out | app=system |
"{3B35BFC7-F635-4F3B-A06A-D4C4E86E0EA9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{3B7DEAA0-52BC-4D57-AD1C-3F2C049305EC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3C9A0379-7DBC-4F41-9C03-3C0A1F4FA716}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E6B85AE-86E3-45FC-8221-44A2B58ABF57}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{43873C8A-F144-4CB3-9497-43444B4D54C0}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{44F73347-DDA4-4197-AF27-A995AC6E2FE1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{48314776-6298-4257-9DAF-B620D29CE753}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{497807C7-7B70-4DCD-9C90-51FDEB56B262}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4E850815-7529-4DDF-913D-7E49C86F87C3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6270AACF-2538-4785-98F8-B6FB187BD525}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68DFBC91-A323-4BD3-93C5-EA3CFADBCF16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{71CE4CC9-CAA2-4E72-AB4E-42AB9773818B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{7539FF0C-9C0C-4F6F-8726-E81EBA080192}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D3D8540-3B8F-4B9B-89F5-4ACD3DE66CBB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{82FDBF81-A8E1-4754-A404-1BEFAF47B902}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{869B53FC-8576-426D-973C-5C972866BD6F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{8A5E1D6E-8C66-44E5-8F75-C335243F1EA0}" = dir=in | app=f:\setup\hpznui40.exe |
"{8F50BE14-29A1-4572-B508-2B70CAE21CB9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{923379BB-DE9A-4126-8546-23162344FE74}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{96B06765-243A-4988-BCBC-6361ADD5C030}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{986F40BC-E350-4F4F-AE8C-D81D330334A3}" = dir=in | app=c:\program files\canon\dias\cnxdias.exe |
"{99528586-B5FA-4C5E-BDB7-CF69EA1F61FF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{A788AEFA-4F51-4CF3-9258-0B797DAFCAEC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{B3F1A08C-0026-424B-A350-437A385CB70C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BF49A4F5-99E7-40FA-8A52-F3916BB30793}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C104A27A-4A95-445F-817E-E0F4DF4D4D63}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{C168B648-EAE8-4F31-AA3C-9811AA013FE3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{C2939E60-C769-42CD-B64C-F9520D046661}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{CD1D85DC-975C-4AD4-B2F4-4E80A636BB9A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{D78A8396-D34A-46A5-ACA2-C29DD5FF990B}" = dir=in | app=c:\program files\microsoft lync\ucmapi64.exe |
"{D839E557-8ABE-41B0-A6D5-F2D692C09F7A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{D913BB3E-3CD6-4B1E-B31E-972047C613D4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{DD5FB1B9-9B71-4768-8DE5-856BDF587E41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA1F4EEC-80FE-4C4C-9CCC-2B5D42FE7834}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ED3B283B-FF31-4021-B392-F0A8FA809773}" = protocol=6 | dir=in | app=c:\program files (x86)\gladinet\gladinet cloud desktop\gladinetclient.exe |
"{F468C8E1-BEA9-4C3F-A0A9-7889291B496F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{6F83D407-1073-4AF3-84F1-DCBFC2871837}C:\program files (x86)\microsoft lync\communicator.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe |
"UDP Query User{987CFBF8-77A1-4C5B-BBAB-F28CB688D74C}C:\program files (x86)\microsoft lync\communicator.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C8C6D37-CA3C-4EF6-A1E5-0D188E7B6021}" = HP Officejet 6500 E709 Series
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81BE0B17-563B-45D4-B198-5721E6C665CD}" = Microsoft Lync 2010
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CB974C3D-D101-4411-8F54-DCDC58DED815}" = Protector Suite 2009
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E20B2752-0909-4B28-B8A9-A9BE519CA1A1}" = Microsoft Online Services Sign-in Assistant
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{F08E87FD-F62B-4BAC-A2D6-A94755653F30}" = WebDrive
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v3.7.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{11968F04-71FB-4C8C-B4D8-14FA4171EE36}" = 6500_E709_Help_BasicWeb
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 30
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix online plug-in (USB)
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ED89AE0-5832-4ED3-B29A-099F65295E82}" = Qualcomm Gobi 2000 Package for Sony
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Power Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{86196C81-759C-4F74-8DFF-36F9F50FEEAC}" = 6500_E709_BasicWeb
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPROR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PRJPROR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPROR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPROR_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PRJPROR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C538746-C2DC-40FC-B1FB-D4EA7966ABEB}" = Skype™ 5.0
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6A0DD73-6EF2-9A8D-6F60-4F338F922B37}" = BBC iPlayer Desktop
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECCA150B-31A5-412E-B8D0-4CB5DDA900D3}" = Adobe Shockwave Player 11.5
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAD96046-769E-4A4B-949B-8D29D885EFD6}" = BPDSoftware_Ini
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Astaro SSL VPN Client" = Astaro SSL VPN Client 1.7
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Google Chrome" = Google Chrome
"Huawei Modems" = Huawei modem
"InternetEverywhere" = Internet Everywhere
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PROPLUS" = Microsoft Office Professional Plus 2007
"Rapport_msi" = Rapport
"TeamViewer 7" = TeamViewer 7
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"VAIO Help and Support" =
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"VISPROR" = Microsoft Office Visio Professional 2007
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3000817141-1124392607-3766751980-1122\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = WebEx

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/19/2012 11:42:29 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5210

Error - 9/19/2012 11:42:31 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/19/2012 11:42:31 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6302

Error - 9/19/2012 11:42:31 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6302

Error - 9/19/2012 11:42:32 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/19/2012 11:42:32 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7301

Error - 9/19/2012 11:42:32 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7301

Error - 9/19/2012 11:42:33 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/19/2012 11:42:33 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8377

Error - 9/19/2012 11:42:33 PM | Computer Name = Swith-MARS.mchj.local | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8377

[ OSession Events ]
Error - 3/9/2011 11:16:28 AM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 98599
seconds with 20460 seconds of active time. This session ended with a crash.

Error - 3/15/2011 10:55:37 AM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 341887
seconds with 15600 seconds of active time. This session ended with a crash.

Error - 3/23/2011 11:21:08 AM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 785524
seconds with 16560 seconds of active time. This session ended with a crash.

Error - 4/26/2011 7:04:08 AM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 531572
seconds with 5820 seconds of active time. This session ended with a crash.

Error - 1/15/2012 12:37:06 PM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8801
seconds with 5820 seconds of active time. This session ended with a crash.

Error - 1/15/2012 12:44:29 PM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 434
seconds with 240 seconds of active time. This session ended with a crash.

Error - 6/7/2012 5:37:17 PM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 579270
seconds with 8880 seconds of active time. This session ended with a crash.

Error - 6/22/2012 4:15:03 AM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1674
seconds with 480 seconds of active time. This session ended with a crash.

Error - 6/22/2012 4:26:36 AM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 671
seconds with 540 seconds of active time. This session ended with a crash.

Error - 6/22/2012 5:16:38 AM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2988
seconds with 1800 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/11/2012 1:43:05 AM | Computer Name = Swith-MARS.mchj.local | Source = Service Control Manager | ID = 7000
Description = The Mobile IP Route Manager service failed to start due to the following
error: %%1275

Error - 10/11/2012 1:43:08 AM | Computer Name = Swith-MARS.mchj.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain MCHJ due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 10/11/2012 1:43:13 AM | Computer Name = Swith-MARS.mchj.local | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%2

Error - 10/11/2012 1:44:12 AM | Computer Name = Swith-MARS.mchj.local | Source = DCOM | ID = 10016
Description =

Error - 10/11/2012 1:44:58 AM | Computer Name = Swith-MARS.mchj.local | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 10/11/2012 1:44:58 AM | Computer Name = Swith-MARS.mchj.local | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 10/11/2012 1:44:59 AM | Computer Name = Swith-MARS.mchj.local | Source = DCOM | ID = 10016
Description =

Error - 10/11/2012 1:45:09 AM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 10/11/2012 1:47:31 AM | Computer Name = Swith-MARS.mchj.local | Source = TermService | ID = 1067
Description =

Error - 10/11/2012 2:21:57 AM | Computer Name = Swith-MARS.mchj.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.


< End of report >
 
Cool :)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O3 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-819168926-2306700828-1092731191-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O15 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..Trusted Domains: rbs.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..Trusted Domains: rbs.com ([connect] https in Trusted sites)
O15 - HKU\S-1-5-21-3000817141-1124392607-3766751980-1122\..Trusted Domains: rbsgrp.net ([]https in Trusted sites)
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

==================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL...

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3000817141-1124392607-3766751980-1122\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-819168926-2306700828-1092731191-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3000817141-1124392607-3766751980-1122\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Registry key HKEY_USERS\S-1-5-21-3000817141-1124392607-3766751980-1122\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rbs.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3000817141-1124392607-3766751980-1122\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rbs.com\connect\ not found.
Registry key HKEY_USERS\S-1-5-21-3000817141-1124392607-3766751980-1122\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rbsgrp.net\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\sacore\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}\ deleted successfully.
File {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found not found.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: CBrennan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8420012 bytes
->Flash cache emptied: 80595 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: focusedit
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 7140 bytes
->Flash cache emptied: 56502 bytes

User: grenault
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 28333875 bytes
->Flash cache emptied: 20698 bytes

User: gtrehiou
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57896609 bytes
->Java cache emptied: 488 bytes
->Flash cache emptied: 9111 bytes

User: lkimpton
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 26049982 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 13794 bytes

User: marsadmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 53102654 bytes
->Java cache emptied: 2023 bytes
->Flash cache emptied: 57316 bytes

User: Public
->Temp folder emptied: 0 bytes

User: smason
->Temp folder emptied: 4734332 bytes
->Temporary Internet Files folder emptied: 404683209 bytes
->Java cache emptied: 1289121 bytes
->Flash cache emptied: 83662 bytes

User: Swith
->Temporary Internet Files folder emptied: 483673952 bytes
->Java cache emptied: 10928876 bytes
->Flash cache emptied: 82890 bytes

User: tempadmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2702403 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 57266 bytes

User: vbreese
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Flash cache emptied: 26248 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1526784 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 98863 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66876 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,034.00 mb


[EMPTYJAVA]

User: All Users

User: CBrennan

User: Default

User: Default User

User: focusedit
->Java cache emptied: 0 bytes

User: grenault

User: gtrehiou
->Java cache emptied: 0 bytes

User: lkimpton
->Java cache emptied: 0 bytes

User: marsadmin
->Java cache emptied: 0 bytes

User: Public

User: smason
->Java cache emptied: 0 bytes

User: Swith
->Java cache emptied: 0 bytes

User: tempadmin
->Java cache emptied: 0 bytes

User: vbreese

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: CBrennan
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: focusedit
->Flash cache emptied: 0 bytes

User: grenault
->Flash cache emptied: 0 bytes

User: gtrehiou
->Flash cache emptied: 0 bytes

User: lkimpton
->Flash cache emptied: 0 bytes

User: marsadmin
->Flash cache emptied: 0 bytes

User: Public

User: smason
->Flash cache emptied: 0 bytes

User: Swith
->Flash cache emptied: 0 bytes

User: tempadmin
->Flash cache emptied: 0 bytes

User: vbreese
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10152012_192259
Files\Folders moved on Reboot...
File\Folder C:\Users\smason\AppData\Local\Temp\hsperfdata_SMason\8596 not found!
C:\Users\smason\AppData\Local\Temp\ExchangePerflog_8484fa31b9f56a3ab6f4d04e.dat moved successfully.
C:\Users\smason\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XUXEZQ5M\optn=64[3].htm moved successfully.
C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTMT06TX\google_co_uk[1].htm moved successfully.
C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTMT06TX\page-2[1].htm moved successfully.
C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTMT06TX\partner[5].htm moved successfully.
C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTMT06TX\partner[6].htm moved successfully.
C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTMT06TX\partner[7].htm moved successfully.
C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6W3F4IJ\4773[1].htm moved successfully.
C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6W3F4IJ\pixel[7].htm moved successfully.
C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IN2J55GD\my.logon[2].htm moved successfully.
C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IN2J55GD\timing[2].txt moved successfully.
C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IN2J55GD\um[1].htm moved successfully.
C:\Users\smason\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

Matthew DeCarlo
Weekend tech reading: Build your own Altair 8800, 46% of last year's ICOs have failed...
Replies
2
Views
1K
QuantumPhysics
QuantumPhysics
N
Solved Infected by rootkit zeroaccess
3 4 5
Replies
110
Views
32K
Broni
Broni
I
  • Locked
Inactive Has my computer been infected?
Replies
10
Views
5K
Broni
Broni

Latest posts

Back