Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

The site's security certificate is not trusted! I've tried

Started by pyaarawala , Dec 17 2012 09:25 AM

  • Please log in to reply

#16
pyaarawala
Posted 19 December 2012 - 03:44 AM

pyaarawala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Final OTL Scan: OTL.txt

OTL logfile created on: 12/19/2012 4:59:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pyaarawala\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 51.22% Memory free
8.16 Gb Paging File | 6.16 Gb Available in Paging File | 75.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.09 Gb Total Space | 57.58 Gb Free Space | 19.99% Space Free | Partition Type: NTFS

Computer Name: PYAARAWALA-PC | User Name: pyaarawala | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/18 07:43:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pyaarawala\Desktop\OTL.exe
PRC - [2012/12/11 10:58:44 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe
PRC - [2012/11/29 16:27:34 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/31 06:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/31 06:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/31 13:07:41 | 001,191,768 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012/05/23 16:15:58 | 002,152,720 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/11/10 18:16:42 | 031,095,432 | ---- | M] (Dmailer S.A.) -- C:\Users\pyaarawala\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2009/07/27 08:57:10 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\pyaarawala\AppData\Roaming\Mobile Card\ouc.exe
PRC - [2009/01/27 03:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/30 05:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/07/13 07:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/13 07:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/05 05:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/29 16:27:37 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/11 01:15:34 | 012,690,568 | ---- | M] () -- C:\Users\pyaarawala\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
MOD - [2010/11/11 01:15:34 | 010,674,312 | ---- | M] () -- C:\Users\pyaarawala\AppData\Roaming\SanDisk\My Vaults\dmEngineAPP.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/31 06:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2008/06/12 02:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/21 10:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 11:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2012/11/29 16:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/26 12:41:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/03 04:31:22 | 000,037,888 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2012/05/23 16:15:58 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/19 01:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/19 01:47:56 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/03/30 12:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/05 15:20:07 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/30 05:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/30 01:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/09/13 06:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/07/13 07:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/01/05 05:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/31 06:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/31 06:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/31 06:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/31 06:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/31 06:51:55 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2012/10/31 06:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 21:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/25 02:50:36 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/11/03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/12/07 19:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/10/12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/10/01 08:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/04 05:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/05/19 01:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 13:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2008/10/05 05:28:02 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008/04/17 02:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/02/29 14:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/01 17:53:08 | 007,172,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/09/28 12:13:32 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2007/09/07 10:26:06 | 000,392,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/07/13 07:35:44 | 000,381,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/06/29 06:59:44 | 000,058,128 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2007/06/21 07:57:36 | 000,029,184 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2007/05/24 08:47:28 | 000,020,784 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/04/30 21:50:24 | 003,146,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64)
DRV:64bit: - [2007/04/26 17:38:44 | 000,305,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/02/16 15:18:36 | 000,088,064 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV - [2012/08/01 08:34:21 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/01/01 16:35:44 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2008/06/12 02:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...ys=PTB&M=M-6880
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=PTB&M=M-6880
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=PTB&M=M-6880
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=TB50TRie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.taobao.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {61D83087-A854-464C-B9E8-B040B1F02BDB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=TB50TRie7
IE - HKCU\..\SearchScopes\{61D83087-A854-464C-B9E8-B040B1F02BDB}: "URL" = http://www.google.co...1I7GWYE_enUS294
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://thefreevpn.com/home.php"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@alipay.com/npaliedit: C:\Windows\system32\aliedit\2.5.0.3\npaliedit.dll (Alipay.com co.,ltd)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\pyaarawala\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\pyaarawala\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\pyaarawala\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\pyaarawala\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\pyaarawala\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/02/14 13:26:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/12/18 19:03:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/17 22:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/18 19:20:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/07/14 00:03:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\pyaarawala\AppData\Roaming\Move Networks [2009/07/28 10:45:10 | 000,000,000 | ---D | M]

[2009/09/12 15:58:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pyaarawala\AppData\Roaming\Mozilla\Extensions
[2012/12/17 21:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pyaarawala\AppData\Roaming\Mozilla\Firefox\Profiles\aztmlfqm.default\extensions
[2012/12/17 21:45:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pyaarawala\AppData\Roaming\Mozilla\Firefox\Profiles\aztmlfqm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/22 01:01:52 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\pyaarawala\AppData\Roaming\Mozilla\Firefox\Profiles\aztmlfqm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/12 15:58:28 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\pyaarawala\AppData\Roaming\Mozilla\Firefox\Profiles\aztmlfqm.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2012/12/18 19:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/18 19:03:33 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/11/29 16:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007/04/17 01:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2012/11/29 16:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/29 16:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.taobao.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.taobao.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\pyaarawala\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\pyaarawala\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\pyaarawala\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files (x86)\DNA\plugins\npbtdna.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: VeohTV Plugin (Enabled) = C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\pyaarawala\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Alipay security control (Enabled) = C:\Windows\system32\aliedit\2.5.0.3\npaliedit.dll
CHR - Extension: Google Drive = C:\Users\pyaarawala\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\pyaarawala\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\pyaarawala\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\pyaarawala\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Skype Click to Call = C:\Users\pyaarawala\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\pyaarawala\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/12/19 11:28:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7725.1624\swg64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_Mobile Card] C:\Program Files\Mobile Card\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\pyaarawala\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Dmailer S.A.)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\pyaarawala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: taobao.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 255.148 ([202.96] http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: gmail.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: hotmail.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: icbc.com.cn ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: icbc.com.cn ([*] https in Trusted sites)
O15 - HKCU\..Trusted Domains: online.unionpay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: unionpaysecure.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} https://mybank.icbc....certInStall.dll (InfosecCertInstall Class)
O16 - DPF: {36C9539B-49D2-01C7-9C6D-10DACDFEA59C} https://b2c.icbc.com...k/icbcclean.cab (Axcleanctrl Class)
O16 - DPF: {3B3FE354-548D-4DA2-BEC2-52960C31F8E7} https://mybank.icbc....bc_mwusbkey.cab (Icbc_mwusbkey Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} https://b2c.icbc.com...afeControls.cab (AxSubmitControl Class)
O16 - DPF: {AE460AD7-D678-43BB-B4DF-394B2D0C4E52} https://unionpaysecu...pe/UPEditor.cab (UpSecEditor Class)
O16 - DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} https://mybank.icbc....CBC_NetSign.dll (InfoSecICBCNetSign Class)
O16 - DPF: {E6C2DD02-CD38-41A1-9B69-3D7E3B64AF9A} https://mybank.icbc....c/icbc_mwdv.cab (icbc_mwdvctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{485ACF0D-030B-4597-9CB7-78D0A467A8D4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B726837-C379-42BB-B428-9B7126D80456}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B726837-C379-42BB-B428-9B7126D80456}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D3B4E13-B532-4414-A391-4B15CA6CF109}: DhcpNameServer = 8.8.8.8 208.67.222.222 208.67.220.220 8.8.4.4
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\SysNative\vrlogon.dll (UPEK Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\pyaarawala\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\pyaarawala\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk - C:\Program Files\BigFix\bigfix.exe - (BigFix Inc.)
MsConfig:64bit - StartUpReg: Camera Assistant Software - hkey= - key= - C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/12/19 16:33:35 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe
[2012/12/19 12:21:25 | 000,000,000 | ---D | C] -- C:\Users\pyaarawala\AppData\Roaming\Malwarebytes
[2012/12/19 12:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/19 12:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/19 12:21:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/19 12:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/19 12:02:07 | 000,000,000 | ---D | C] -- C:\Users\pyaarawala\AppData\Local\temp
[2012/12/19 11:28:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/19 11:24:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/19 11:08:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/19 11:08:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/19 11:08:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/19 11:08:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/19 11:07:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/19 11:05:16 | 005,012,571 | R--- | C] (Swearware) -- C:\Users\pyaarawala\Desktop\ComboFix.exe
[2012/12/18 19:20:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/18 19:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/12/18 19:04:53 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/12/18 19:04:53 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/12/18 19:04:43 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/12/18 19:04:43 | 000,044,272 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/12/18 19:04:41 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/12/18 19:04:40 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/12/18 19:04:40 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/12/18 19:03:19 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/12/18 19:03:18 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/12/18 19:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/12/18 19:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/12/18 18:54:27 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\pyaarawala\Desktop\mbam-setup-1.65.1.1000.exe
[2012/12/18 18:03:52 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\pyaarawala\Desktop\tdsskiller.exe
[2012/12/18 18:02:53 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\pyaarawala\Desktop\aswMBR.exe
[2012/12/18 13:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\½»ĐĐÍø̉ø°²È«ÊäÈëÈí¼₫
[2012/12/18 07:43:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\pyaarawala\Desktop\OTL.exe
[2012/12/17 23:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/17 22:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/12/17 21:46:25 | 000,763,440 | ---- | C] (Google Inc.) -- C:\Users\pyaarawala\Desktop\ChromeSetup(2).exe
[2012/12/17 21:46:02 | 019,381,840 | ---- | C] (Mozilla) -- C:\Users\pyaarawala\Desktop\Firefox Setup 17.0.1.exe
[2012/12/17 21:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2012/12/16 13:22:18 | 000,000,000 | ---D | C] -- C:\Users\pyaarawala\AppData\Local\Macromedia
[2012/12/16 13:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/12/14 19:50:01 | 000,000,000 | ---D | C] -- C:\Users\pyaarawala\AppData\Local\{25F18292-FCAE-491D-8FEA-9E5600B4B85F}
[2012/12/13 00:28:27 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/12/13 00:28:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/12/13 00:28:24 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winusb.dll
[2012/12/13 00:28:23 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/12/13 00:28:23 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/12/13 00:28:23 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/12/13 00:28:23 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/12/12 17:22:05 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/12 17:22:02 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/12 17:22:00 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/12 17:22:00 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/12 17:21:59 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/12 17:21:41 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/12 17:21:37 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/12 17:21:36 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/12/12 17:21:35 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/12 17:21:35 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/12/12 17:21:35 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/12 17:21:35 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/12 17:21:35 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/12/12 17:21:35 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/12/12 17:21:34 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 17:21:34 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/12/12 17:21:34 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/12 17:21:34 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/12/12 17:21:33 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/12/12 17:21:32 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/12 17:21:32 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/12/12 17:21:31 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/12/12 17:21:31 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/12/12 17:21:31 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/12 17:21:31 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 17:21:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/12/12 17:21:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/12/12 17:21:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/12 17:21:31 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/12/12 17:21:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/12/12 17:21:30 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/12/12 17:21:30 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/12/12 17:21:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/12/12 17:21:30 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/12/12 17:20:34 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 17:20:33 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
[2012/12/12 17:20:33 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
[2012/12/12 17:20:32 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/12 17:20:32 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2012/12/11 10:55:03 | 000,763,440 | ---- | C] (Google Inc.) -- C:\Users\pyaarawala\Desktop\ChromeSetup.exe
[2012/12/11 10:53:52 | 000,373,424 | ---- | C] (Softonic) -- C:\Users\pyaarawala\Desktop\SoftonicDownloader_for_google-chrome.exe
[2012/12/05 18:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/05 18:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/23 20:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012/11/23 20:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/19 17:03:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/19 16:55:06 | 000,720,994 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/19 16:55:06 | 000,616,424 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/19 16:55:06 | 000,109,290 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/19 16:53:21 | 000,061,440 | ---- | M] ( ) -- C:\Users\pyaarawala\Desktop\VEW.exe
[2012/12/19 16:47:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2012/12/19 16:47:17 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/12/19 16:47:06 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/19 16:47:04 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/19 16:47:03 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/19 16:46:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/19 16:46:06 | 4284,932,096 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/19 16:44:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/12/19 16:13:40 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/12/19 16:13:40 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/12/19 12:21:10 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/19 12:08:59 | 000,149,504 | ---- | M] () -- C:\Users\pyaarawala\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/19 11:28:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/19 11:23:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/12/19 11:06:16 | 005,012,571 | R--- | M] (Swearware) -- C:\Users\pyaarawala\Desktop\ComboFix.exe
[2012/12/19 11:02:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3947582213-1791406327-2745404233-1000Core.job
[2012/12/18 20:16:26 | 636,474,123 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/12/18 19:04:54 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/12/18 19:04:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/12/18 18:41:42 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\pyaarawala\Desktop\mbam-setup-1.65.1.1000.exe
[2012/12/18 18:41:28 | 097,495,576 | ---- | M] () -- C:\Users\pyaarawala\Desktop\avast_free_antivirus_setup.exe
[2012/12/18 18:04:03 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\pyaarawala\Desktop\tdsskiller.exe
[2012/12/18 18:03:35 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\pyaarawala\Desktop\aswMBR.exe
[2012/12/18 12:40:03 | 000,436,308 | ---- | M] () -- C:\Users\pyaarawala\Desktop\Norton_Removal_Tool.exe
[2012/12/18 07:43:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pyaarawala\Desktop\OTL.exe
[2012/12/17 23:14:30 | 000,000,902 | ---- | M] () -- C:\Users\pyaarawala\Desktop\gmail.cer
[2012/12/17 23:13:21 | 000,056,535 | ---- | M] () -- C:\Users\pyaarawala\Desktop\renal diuretics.jpg
[2012/12/17 23:02:56 | 000,002,027 | ---- | M] () -- C:\Users\pyaarawala\Desktop\Google Chrome.lnk
[2012/12/17 23:02:56 | 000,002,011 | ---- | M] () -- C:\Users\pyaarawala\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/17 22:13:44 | 000,000,972 | ---- | M] () -- C:\Users\pyaarawala\Desktop\fbok.cer
[2012/12/17 22:06:04 | 000,000,914 | ---- | M] () -- C:\Users\pyaarawala\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/12/17 22:06:04 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/12/17 21:46:32 | 019,381,840 | ---- | M] (Mozilla) -- C:\Users\pyaarawala\Desktop\Firefox Setup 17.0.1.exe
[2012/12/17 21:46:25 | 000,763,440 | ---- | M] (Google Inc.) -- C:\Users\pyaarawala\Desktop\ChromeSetup(2).exe
[2012/12/17 19:27:55 | 000,002,446 | ---- | M] () -- C:\Users\pyaarawala\Desktop\google.p7b
[2012/12/17 19:24:07 | 000,001,298 | ---- | M] () -- C:\Users\pyaarawala\Desktop\mail.google.com.cer
[2012/12/17 13:37:47 | 004,849,588 | ---- | M] () -- C:\Users\pyaarawala\Desktop\Drowning Pool - Bodies.mp3
[2012/12/17 12:14:20 | 000,045,647 | ---- | M] () -- C:\Users\pyaarawala\Desktop\HD1560_Non_SlipL.jpg
[2012/12/16 11:19:24 | 005,781,735 | ---- | M] () -- C:\Users\pyaarawala\Desktop\goagent-goagent-v2.1.9-19-g91cd5e4.zip
[2012/12/14 18:02:19 | 105,603,488 | ---- | M] () -- C:\Users\pyaarawala\Desktop\avira_free_antivirus_en.exe
[2012/12/13 08:31:11 | 000,394,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/12 18:02:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3947582213-1791406327-2745404233-1000UA.job
[2012/12/11 10:56:34 | 000,763,440 | ---- | M] (Google Inc.) -- C:\Users\pyaarawala\Desktop\ChromeSetup.exe
[2012/12/11 10:54:09 | 000,373,424 | ---- | M] (Softonic) -- C:\Users\pyaarawala\Desktop\SoftonicDownloader_for_google-chrome.exe
[2012/12/10 18:21:37 | 000,004,910 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2012/12/10 16:31:39 | 000,001,550 | ---- | M] () -- C:\Users\pyaarawala\Desktop\hotmail certificate.cer
[2012/12/10 11:59:25 | 000,000,898 | ---- | M] () -- C:\Users\pyaarawala\Desktop\google certificate.cer
[2012/11/29 00:38:22 | 000,080,546 | ---- | M] () -- C:\Users\pyaarawala\Desktop\Norms Tribute.wlmp
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/19 16:53:18 | 000,061,440 | ---- | C] ( ) -- C:\Users\pyaarawala\Desktop\VEW.exe
[2012/12/19 12:21:10 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/19 11:08:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/19 11:08:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/19 11:08:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/19 11:08:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/19 11:08:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/18 19:04:54 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/12/18 19:04:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/12/18 18:54:31 | 097,495,576 | ---- | C] () -- C:\Users\pyaarawala\Desktop\avast_free_antivirus_setup.exe
[2012/12/18 12:37:36 | 000,436,308 | ---- | C] () -- C:\Users\pyaarawala\Desktop\Norton_Removal_Tool.exe
[2012/12/17 23:14:27 | 000,000,902 | ---- | C] () -- C:\Users\pyaarawala\Desktop\gmail.cer
[2012/12/17 23:13:20 | 000,056,535 | ---- | C] () -- C:\Users\pyaarawala\Desktop\renal diuretics.jpg
[2012/12/17 23:02:56 | 000,002,027 | ---- | C] () -- C:\Users\pyaarawala\Desktop\Google Chrome.lnk
[2012/12/17 23:02:56 | 000,002,011 | ---- | C] () -- C:\Users\pyaarawala\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/17 22:13:42 | 000,000,972 | ---- | C] () -- C:\Users\pyaarawala\Desktop\fbok.cer
[2012/12/17 22:06:04 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/12/17 21:43:29 | 000,000,914 | ---- | C] () -- C:\Users\pyaarawala\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/12/17 21:43:29 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/12/17 19:27:47 | 000,002,446 | ---- | C] () -- C:\Users\pyaarawala\Desktop\google.p7b
[2012/12/17 19:24:07 | 000,001,298 | ---- | C] () -- C:\Users\pyaarawala\Desktop\mail.google.com.cer
[2012/12/17 13:36:08 | 004,849,588 | ---- | C] () -- C:\Users\pyaarawala\Desktop\Drowning Pool - Bodies.mp3
[2012/12/17 12:14:17 | 000,045,647 | ---- | C] () -- C:\Users\pyaarawala\Desktop\HD1560_Non_SlipL.jpg
[2012/12/16 11:19:09 | 005,781,735 | ---- | C] () -- C:\Users\pyaarawala\Desktop\goagent-goagent-v2.1.9-19-g91cd5e4.zip
[2012/12/14 19:49:33 | 000,080,546 | ---- | C] () -- C:\Users\pyaarawala\Desktop\Norms Tribute.wlmp
[2012/12/14 19:13:09 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2012/12/14 17:36:20 | 105,603,488 | ---- | C] () -- C:\Users\pyaarawala\Desktop\avira_free_antivirus_en.exe
[2012/12/13 00:28:29 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/13 00:28:29 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/10 18:21:36 | 000,004,910 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2012/12/10 16:31:37 | 000,001,550 | ---- | C] () -- C:\Users\pyaarawala\Desktop\hotmail certificate.cer
[2012/12/10 11:59:21 | 000,000,898 | ---- | C] () -- C:\Users\pyaarawala\Desktop\google certificate.cer
[2012/09/26 09:28:37 | 000,137,732 | ---- | C] () -- C:\Windows\hpoins44.dat
[2012/09/26 09:28:37 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2012/01/04 16:18:13 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/04 16:18:13 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/10/15 19:19:53 | 000,052,550 | ---- | C] () -- C:\Windows\SysWow64\uninst.exe
[2011/09/26 21:19:00 | 000,274,848 | ---- | C] () -- C:\Windows\SysWow64\SubmitControl.dll
[2011/09/26 21:19:00 | 000,251,808 | ---- | C] () -- C:\Windows\SysWow64\ClientBinding.dll
[2011/09/26 21:19:00 | 000,112,032 | ---- | C] () -- C:\Windows\SysWow64\InputControl.dll
[2011/09/26 21:19:00 | 000,112,032 | ---- | C] () -- C:\Windows\SysWow64\EditControl.dll
[2011/09/26 21:19:00 | 000,107,936 | ---- | C] () -- C:\Windows\SysWow64\ICBCQPK_HH.dll
[2011/09/26 21:19:00 | 000,091,552 | ---- | C] () -- C:\Windows\SysWow64\icbc_bhdc2vdv.dll
[2011/09/26 21:19:00 | 000,091,552 | ---- | C] () -- C:\Windows\SysWow64\icbc_bhdc1vdv.dll
[2011/09/26 21:19:00 | 000,079,264 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2011/09/26 21:19:00 | 000,071,072 | ---- | C] () -- C:\Windows\SysWow64\UploadControl.dll
[2011/09/26 21:19:00 | 000,066,976 | ---- | C] () -- C:\Windows\SysWow64\GDReadPub.dll
[2011/09/26 21:19:00 | 000,054,688 | ---- | C] () -- C:\Windows\SysWow64\icbc_gdgetdv.dll
[2011/09/26 21:18:59 | 000,103,840 | ---- | C] () -- C:\Windows\SysWow64\certInStall.dll
[2011/08/19 17:17:15 | 000,000,911 | ---- | C] () -- C:\Users\pyaarawala\AppData\Roaming\coreavc.ini
[2011/06/06 02:06:53 | 000,000,272 | ---- | C] () -- C:\Users\pyaarawala\AppData\Roaming\.backup.dm
[2011/05/13 20:58:34 | 000,000,000 | ---- | C] () -- C:\Users\pyaarawala\AppData\Local\{C177168F-5524-4A01-B212-418F29032748}
[2011/04/29 20:38:48 | 000,000,000 | ---- | C] () -- C:\Users\pyaarawala\AppData\Local\{DA2600EE-6980-4AA6-A3E6-85919EAF4FD0}
[2011/03/21 21:24:15 | 000,006,669 | ---- | C] () -- C:\Users\pyaarawala\Untitledkhush.jpg
[2011/03/15 13:53:16 | 000,033,176 | ---- | C] () -- C:\Windows\scunin.dat
[2011/03/04 21:54:09 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2010/03/07 08:37:59 | 000,022,196 | ---- | C] () -- C:\Users\pyaarawala\AppData\Roaming\UserTile.png
[2009/04/22 12:38:31 | 000,007,148 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/03/25 12:00:34 | 000,000,680 | ---- | C] () -- C:\Users\pyaarawala\AppData\Local\d3d9caps.dat
[2009/02/21 03:36:30 | 000,000,732 | ---- | C] () -- C:\Users\pyaarawala\AppData\Local\d3d9caps64.dat
[2008/10/04 13:06:48 | 000,149,504 | ---- | C] () -- C:\Users\pyaarawala\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 23:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 15:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 14:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 10:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD3200BEVT-22ZCT0
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- Multi-Card USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 288.00GB
Starting Offset: 10738466816
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2008/10/19 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\acccore
[2011/04/06 11:46:11 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Adobe
[2009/02/13 19:23:51 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Anvil Studio
[2011/12/25 17:47:59 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Apple Computer
[2012/10/07 23:36:31 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\BitTorrent
[2009/04/22 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\DAEMON Tools
[2009/04/22 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\DAEMON Tools Lite
[2009/04/22 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\DAEMON Tools Pro
[2012/03/22 17:47:29 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\dvdcss
[2012/05/08 13:23:42 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\DVDVideoSoft
[2012/05/01 10:29:25 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\eBookPro6
[2009/05/30 18:54:09 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Fuzzy Games
[2009/05/21 13:18:13 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Gamelab
[2008/10/27 18:22:17 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Google
[2012/03/02 19:23:33 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Home Sweet Home 2
[2008/09/28 08:57:53 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Identities
[2009/01/06 10:59:37 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\InstallShield
[2009/05/30 17:18:09 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\ITTNord
[2008/11/06 22:40:10 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\iWin
[2008/11/02 00:35:57 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\iWinArcade
[2008/09/28 14:24:04 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Macromedia
[2012/12/19 12:21:25 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Malwarebytes
[2006/11/02 23:07:25 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Media Center Programs
[2012/12/16 13:22:18 | 000,000,000 | --SD | M] -- C:\Users\pyaarawala\AppData\Roaming\Microsoft
[2012/12/17 19:33:54 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Mobile Card
[2009/07/28 10:45:10 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Move Networks
[2012/11/13 21:04:26 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Mozilla
[2012/08/03 04:14:02 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Outlook
[2010/03/07 08:37:58 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\PeerNetworking
[2012/11/25 16:02:02 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Real
[2012/12/19 08:36:17 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\SanDisk
[2011/10/26 09:58:42 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\SE_logs
[2012/12/19 11:06:40 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Skype
[2011/10/26 10:05:38 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\SogouExtension
[2008/09/28 12:21:10 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Symantec
[2009/02/06 11:00:30 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Syntrillium
[2011/03/04 22:19:54 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Tencent
[2009/08/23 13:49:15 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Trillian
[2012/12/19 16:21:56 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\vlc
[2008/10/05 04:18:19 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\WinRAR
[2012/01/01 21:22:09 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Wise Disk Cleaner
[2012/01/01 21:36:45 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Wise Registry Cleaner
[2009/07/08 17:22:17 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Yahoo!
[2012/11/13 16:23:22 | 000,000,000 | ---D | M] -- C:\Users\pyaarawala\AppData\Roaming\Youtube Downloader HD

< MD5 for: ATAPI.SYS >
[2008/01/21 10:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 15:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/11 15:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/01/21 10:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\SysNative\csrss.exe
[2008/01/21 10:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_b5027f5b9c731f82\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 14:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 14:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/30 11:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 15:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 15:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/28 10:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 14:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 13:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/28 10:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/21 10:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/21 10:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/01/21 10:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/11 14:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SysWOW64\mswsock.dll
[2009/04/11 14:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/21 10:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/11 15:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SysNative\mswsock.dll
[2009/04/11 15:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/21 10:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\SysNative\NapiNSP.dll
[2008/01/21 10:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_083bdc4c478e57f6\NapiNSP.dll
[2008/01/21 10:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\SysWOW64\NapiNSP.dll
[2008/01/21 10:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/21 10:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\SysNative\nlaapi.dll
[2008/01/21 10:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_c3a4914ac347b69b\nlaapi.dll
[2008/01/21 10:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\SysWOW64\nlaapi.dll
[2008/01/21 10:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_cdf93b9cf7a87896\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/21 10:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2008/01/21 10:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_d7f25b890f32c83a\pnrpnsp.dll
[2008/01/21 10:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\SysNative\pnrpnsp.dll
[2008/01/21 10:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_cd9db136dad2063f\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/21 10:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 15:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe
[2009/04/11 15:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/21 10:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 10:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/21 10:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/21 10:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/21 10:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 10:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/21 10:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/21 10:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/21 10:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 15:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 15:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/21 10:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 14:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 14:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 10:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2008/01/21 10:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\SysNative\winrnr.dll
[2008/01/21 10:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_b56cee730873a8a0\winrnr.dll
[2008/01/21 10:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_b758677f059573ec\winrnr.dll
[2009/04/11 14:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\SysWOW64\winrnr.dll
[2009/04/11 14:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 17:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_594e52ef5016376a\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 17:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\SysWOW64\wshelper.dll
[2006/11/02 17:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_6af84843e4192e9a\wshelper.dll
[2006/11/02 19:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\SysNative\wshelper.dll
[2006/11/02 19:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/11/29 16:27:51 | 000,890,048 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/11/29 16:27:51 | 000,890,048 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/11/29 16:27:51 | 000,890,048 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/11/29 16:27:34 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/11/29 16:27:34 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/11/29 16:27:34 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/12/05 09:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/12/05 09:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/12/05 09:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/12/05 09:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2012/11/09 15:13:43 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2012/11/09 15:13:43 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2012/11/09 15:13:43 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/11/09 18:44:47 | 000,638,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/11/09 18:44:47 | 000,638,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/12/05 09:15:17 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/11/09 17:08:51 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/11/09 17:08:51 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/11/09 17:08:51 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/11/09 18:44:47 | 000,638,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/11/09 18:44:47 | 000,638,040 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Files - Unicode (All) ==========
[2011/12/31 13:04:07 | 000,030,720 | ---- | M] ()(C:\Users\pyaarawala\Documents\2012???.doc) -- C:\Users\pyaarawala\Documents\2012课程表.doc
[2011/12/27 12:34:29 | 000,030,720 | ---- | C] ()(C:\Users\pyaarawala\Documents\2012???.doc) -- C:\Users\pyaarawala\Documents\2012课程表.doc
[2010/09/14 13:30:32 | 000,026,112 | ---- | M] ()(C:\Users\pyaarawala\Documents\??.doc) -- C:\Users\pyaarawala\Documents\哈桑.doc
[2010/09/14 13:30:31 | 000,026,112 | ---- | C] ()(C:\Users\pyaarawala\Documents\??.doc) -- C:\Users\pyaarawala\Documents\哈桑.doc
[2010/09/14 13:30:18 | 000,010,214 | ---- | M] ()(C:\Users\pyaarawala\Documents\??.docx) -- C:\Users\pyaarawala\Documents\哈桑.docx
[2010/09/14 13:30:17 | 000,010,214 | ---- | C] ()(C:\Users\pyaarawala\Documents\??.docx) -- C:\Users\pyaarawala\Documents\哈桑.docx
[2010/07/08 18:07:55 | 000,000,740 | ---- | M] ()(C:\Users\pyaarawala\Documents\?????.lnk) -- C:\Users\pyaarawala\Documents\无线上网卡.lnk
[2010/07/08 18:07:55 | 000,000,740 | ---- | C] ()(C:\Users\pyaarawala\Documents\?????.lnk) -- C:\Users\pyaarawala\Documents\无线上网卡.lnk
[2009/06/17 21:07:10 | 000,017,973 | ---- | M] ()(C:\Users\pyaarawala\Documents\??????2009-6-9.xlsx) -- C:\Users\pyaarawala\Documents\期末考试通知2009-6-9.xlsx
[2009/06/17 21:07:10 | 000,017,973 | ---- | C] ()(C:\Users\pyaarawala\Documents\??????2009-6-9.xlsx) -- C:\Users\pyaarawala\Documents\期末考试通知2009-6-9.xlsx
[2009/04/19 16:37:56 | 000,012,935 | ---- | M] ()(C:\Users\pyaarawala\Documents\Ri Bu Luo ???.docx) -- C:\Users\pyaarawala\Documents\Ri Bu Luo 日不落.docx
[2009/04/19 15:41:20 | 000,012,935 | ---- | C] ()(C:\Users\pyaarawala\Documents\Ri Bu Luo ???.docx) -- C:\Users\pyaarawala\Documents\Ri Bu Luo 日不落.docx
(C:\Users\pyaarawala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???????) -- C:\Users\pyaarawala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\搜狗高速浏览器
(C:\Users\pyaarawala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\pyaarawala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗高速浏览器

< End of report >
  • 0

Advertisements

#17
pyaarawala
Posted 19 December 2012 - 03:45 AM

pyaarawala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I believe I've finished all of the requested scans. Thank you very much for the help, and I look forward to your response. Thanks again!
  • 0

#18
RKinner
Posted 19 December 2012 - 11:35 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 35
Java 7 Update 9
Java™ 6 Update 5
Java™ 6 Update 7

Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

Also you need to uninstall:

Adobe Reader 9.5.2 - get the latest version of Reader from adobe.com. Do not let them install the Ask toolbar or McAfee Security Scan or other foistware.

I have no idea what this is: ½»ĐĐÍø̉ø°²È«ÊäÈëÈí¼₫ 3.0 Do you? If not can you uninstall it?

Copy the text in the code box by highlighting and Ctrl + c


:OTL
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=TB50TRie7
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=TB50TRie7
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
(C:\Users\pyaarawala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???????) -- C:\Users\pyaarawala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\搜狗高速浏览器
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗高速浏览器


:files
C:\Program Files (x86)\Common Files\Symantec Shared
C:\Program Files (x86)\Symantec
sc config LiveUpdate start= disabled /c
regsvr32 Softpub.dll /c
regsvr32 Wintrust.dll /c
regsvr32 Initpki.dll /c
regsvr32 Mssip32.dll /c
regsvr64 Softpub.dll /c
regsvr64 Wintrust.dll /c
regsvr64 Initpki.dll /c
regsvr64 Mssip32.dll /c
sc start Schedule /c
sc start CryptSvc /c
sc start int15 /c

:Commands
[EMPTYTEMP]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\12192012-some number.log so if you don't see it look there.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down a bit. (It will never stop but by waiting a minute we will get past any disturbance caused by starting Process Explorer)

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.




If you are still having the certificate problem then turn on logging per Step 1 of http://www.petenetli...cle/0000304.htm, Reboot and go back to the same log and look for Red marked errors. Open them and copy the error to a reply. If you don't see an error then try to log into Hotmail or do something else that give you the error and look again.

Ron
  • 0

#19
pyaarawala
Posted 20 December 2012 - 07:26 AM

pyaarawala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I've already uninstalled all the Java things you mentioned, and every time I try to reinstall Java I get this error that says:

"Downloaded file, C:\Users\pyaarawala\AppData\Locallow\Sun\Java\jre1.7.0_10\java_sp.dll is corrupt."

I keep getting this error about 5-10 minutes into the installation, while it's saying Downloading Installer. I ran the program as administrator, so I don't know what's wrong. Should I try to download the Java Installer again? I can't skip this step cuz I need Java, right?
  • 0

#20
pyaarawala
Posted 20 December 2012 - 07:50 AM

pyaarawala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Never mind, I redownloaded the file and it worked. Working on Adobe right now. My internet downloads these files so slowly because I'm in China and I can't run VPN due to this certificate issue.
  • 0

#21
pyaarawala
Posted 20 December 2012 - 09:07 AM

pyaarawala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
After the OTL scan:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Symantec PIF AlertEng deleted successfully.
C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ deleted successfully.
File {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found not found.
========== FILES ==========
C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls folder moved successfully.
C:\Program Files (x86)\Common Files\Symantec Shared\SPManifests folder moved successfully.
C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\09\01 folder moved successfully.
C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\09 folder moved successfully.
C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages folder moved successfully.
C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08} folder moved successfully.
C:\Program Files (x86)\Common Files\Symantec Shared\PIF folder moved successfully.
C:\Program Files (x86)\Common Files\Symantec Shared\NHelp folder moved successfully.
C:\Program Files (x86)\Common Files\Symantec Shared\IDS folder moved successfully.
C:\Program Files (x86)\Common Files\Symantec Shared\Help folder moved successfully.
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE folder moved successfully.
C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC folder moved successfully.
C:\Program Files (x86)\Common Files\Symantec Shared folder moved successfully.
C:\Program Files (x86)\Symantec\LiveUpdate folder moved successfully.
C:\Program Files (x86)\Symantec folder moved successfully.
< sc config LiveUpdate start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\pyaarawala\Desktop\cmd.bat deleted successfully.
C:\Users\pyaarawala\Desktop\cmd.txt deleted successfully.
< regsvr32 Softpub.dll /c >
C:\Users\pyaarawala\Desktop\cmd.bat deleted successfully.
C:\Users\pyaarawala\Desktop\cmd.txt deleted successfully.
< regsvr32 Wintrust.dll /c >
C:\Users\pyaarawala\Desktop\cmd.bat deleted successfully.
C:\Users\pyaarawala\Desktop\cmd.txt deleted successfully.
< regsvr32 Initpki.dll /c >
C:\Users\pyaarawala\Desktop\cmd.bat deleted successfully.
C:\Users\pyaarawala\Desktop\cmd.txt deleted successfully.
< regsvr32 Mssip32.dll /c >
C:\Users\pyaarawala\Desktop\cmd.bat deleted successfully.
C:\Users\pyaarawala\Desktop\cmd.txt deleted successfully.
< regsvr64 Softpub.dll /c >
C:\Users\pyaarawala\Desktop\cmd.bat deleted successfully.
C:\Users\pyaarawala\Desktop\cmd.txt deleted successfully.
< regsvr64 Wintrust.dll /c >
C:\Users\pyaarawala\Desktop\cmd.bat deleted successfully.
C:\Users\pyaarawala\Desktop\cmd.txt deleted successfully.
< regsvr64 Initpki.dll /c >
C:\Users\pyaarawala\Desktop\cmd.bat deleted successfully.
C:\Users\pyaarawala\Desktop\cmd.txt deleted successfully.
< regsvr64 Mssip32.dll /c >
C:\Users\pyaarawala\Desktop\cmd.bat deleted successfully.
C:\Users\pyaarawala\Desktop\cmd.txt deleted successfully.
< sc start Schedule /c >
[SC] StartService FAILED 1056:
An instance of the service is already running.
C:\Users\pyaarawala\Desktop\cmd.bat deleted successfully.
C:\Users\pyaarawala\Desktop\cmd.txt deleted successfully.
< sc start CryptSvc /c >
[SC] StartService FAILED 1056:
An instance of the service is already running.
C:\Users\pyaarawala\Desktop\cmd.bat deleted successfully.
C:\Users\pyaarawala\Desktop\cmd.txt deleted successfully.
< sc start int15 /c >
[SC] StartService FAILED 31:
A device attached to the system is not functioning.
C:\Users\pyaarawala\Desktop\cmd.bat deleted successfully.
C:\Users\pyaarawala\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User

User: Public
->Temp folder emptied: 0 bytes

User: pyaarawala
->Temp folder emptied: 802189 bytes
->Temporary Internet Files folder emptied: 24190389 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 91015456 bytes
->Google Chrome cache emptied: 119116092 bytes
->Flash cache emptied: 2055 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8693460 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 49618631 bytes

Total Files Cleaned = 280.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12202012_225144

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#22
pyaarawala
Posted 20 December 2012 - 09:16 AM

pyaarawala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
After VEW.exe by selecting System:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 20/12/2012 11:16:04 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/12/2012 3:11:55 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep eeCtrl

Log: 'System' Date/Time: 20/12/2012 3:11:55 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The int15 service failed to start due to the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 20/12/2012 3:10:27 PM
Type: Error Category: 403
Event: 412 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. User Action: restart task scheduler service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/12/2012 3:09:14 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
  • 0

#23
pyaarawala
Posted 20 December 2012 - 09:17 AM

pyaarawala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
After VEW.exe after selecting Application:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 20/12/2012 11:16:56 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/12/2012 3:14:08 PM
Type: Error Category: 0
Event: 5 Source: Microsoft-Windows-CAPI2
Failed auto update retrieval of third-party root certificate from: <http://ctldl.windows...FE20A8B419.crt> with error: This operation returned because the timeout period expired. .

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/12/2012 3:14:33 PM
Type: Warning Category: 0
Event: 6 Source: Microsoft-Windows-CAPI2
Reached crypt32 threshold of 50 events and will suspend logging for 60 minutes.
  • 0

#24
pyaarawala
Posted 20 December 2012 - 09:21 AM

pyaarawala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
After Process Explorer:

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
TrustedInstaller.exe 4880 50.00 40,420 K 45,336 K Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 0 43.85 0 K 24 K
procexp64.exe 4752 2.31 48,240 K 63,796 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Unable to verify) Sysinternals - www.sysinternals.com
AvastSvc.exe 1748 2.31 63,776 K 36,216 K avast! Service AVAST Software (Unable to verify) AVAST Software
SearchProtocolHost.exe 4872 0.77 10,720 K 20,568 K Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 5448 0.77 10,392 K 17,456 K Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
firefox.exe 2564 < 0.01 96,772 K 113,028 K Firefox Mozilla Corporation (Unable to verify) Mozilla Corporation
SearchIndexer.exe 1320 < 0.01 113,716 K 42,952 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
System 4 < 0.01 0 K 5,100 K
explorer.exe 1356 < 0.01 32,132 K 49,576 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 688 < 0.01 13,184 K 11,068 K Client Server Runtime Process Microsoft Corporation (Unable to verify) Microsoft Corporation
igfxsrvc.exe 2092 < 0.01 3,264 K 7,540 K igfxsrvc Module Intel Corporation (Unable to verify) Intel Corporation
svchost.exe 596 < 0.01 397,612 K 400,372 K Host Process for Windows Services Microsoft Corporation (Unable to verify) Microsoft Corporation
AvastUI.exe 3192 < 0.01 8,156 K 6,072 K avast! Antivirus AVAST Software (Unable to verify) AVAST Software
psqltray.exe 3808 < 0.01 7,828 K 16,828 K Fingerprint Tray Application UPEK Inc. (Unable to verify) UPEK Inc.
lsass.exe 740 < 0.01 4,792 K 11,288 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1012 < 0.01 5,060 K 9,060 K Host Process for Windows Services Microsoft Corporation (Unable to verify) Microsoft Corporation
SanDiskSecureAccess_Manager.exe 2432 < 0.01 37,948 K 18,224 K RunSanDiskSecureAccess_Win Dmailer S.A. (Unable to verify) Dmailer S.A.
hkcmd.exe 1588 < 0.01 2,928 K 7,108 K hkcmd Module Intel Corporation (Unable to verify) Intel Corporation
upeksvr.exe 1260 < 0.01 6,928 K 13,244 K Fingerprint Server Process for Vista UPEK Inc. (Unable to verify) UPEK Inc.
sttray64.exe 2924 < 0.01 5,856 K 13,268 K Sigmatel Audio system tray application IDT, Inc. (Unable to verify) IDT, Inc.
iPodService.exe 3784 < 0.01 4,472 K 8,060 K iPodService Module (64-bit) Apple Inc. (Unable to verify) Apple Inc.
AAWService.exe 1788 < 0.01 61,648 K 49,084 K Ad-Aware Service Application Lavasoft Limited (Unable to verify) Lavasoft Limited
AppleMobileDeviceService.exe 2664 < 0.01 4,696 K 10,420 K MobileDeviceService Apple Inc. (Unable to verify) Apple Inc.
csrss.exe 632 < 0.01 2,904 K 8,144 K Client Server Runtime Process Microsoft Corporation (Unable to verify) Microsoft Corporation
iTunesHelper.exe 240 < 0.01 5,276 K 12,668 K iTunesHelper Apple Inc. (Unable to verify) Apple Inc.
GoogleToolbarNotifier.exe 2556 < 0.01 4,232 K 2,572 K GoogleToolbarNotifier Google Inc. (Unable to verify) Google Inc.
ETService.exe 2792 < 0.01 31,336 K 21,216 K Acer Empowering Technology Framework Service (Unable to verify) (null)
svchost.exe 584 < 0.01 148,004 K 156,308 K Host Process for Windows Services Microsoft Corporation (Unable to verify) Microsoft Corporation
taskeng.exe 1564 < 0.01 10,668 K 13,776 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 1984 < 0.01 8,092 K 13,728 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
YahooAUService.exe 3112 3,764 K 7,924 K AutoUpater Service Module Yahoo! Inc. (Unable to verify) Yahoo! Inc.
WUDFHost.exe 3092 3,824 K 6,952 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
wuauclt.exe 4248 3,892 K 7,548 K Windows Update Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3940 4,624 K 9,408 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 3272 2,112 K 4,380 K Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Unable to verify) Microsoft Corp.
WLIDSVC.EXE 2220 10,400 K 17,736 K Microsoft® Windows Live ID Service Microsoft Corp. (Unable to verify) Microsoft Corp.
winlogon.exe 836 2,912 K 7,568 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 668 1,768 K 5,128 K Windows Start-Up Application Microsoft Corporation (Unable to verify) Microsoft Corporation
ViewpointService.exe 2208 2,108 K 5,800 K ViewMgr Viewpoint Corporation (Unable to verify) Viewpoint Corporation
unsecapp.exe 3860 3,228 K 5,888 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 2012 2,740 K 7,848 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1144 13,512 K 20,756 K Host Process for Windows Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 328 18,788 K 17,872 K Host Process for Windows Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 1484 19,688 K 21,700 K Host Process for Windows Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 1216 19,628 K 25,868 K Host Process for Windows Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 940 3,844 K 7,848 K Host Process for Windows Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 1076 2,648 K 6,148 K Host Process for Windows Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 1224 1,604 K 3,492 K Host Process for Windows Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 2704 3,216 K 5,096 K Host Process for Windows Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 2916 1,904 K 4,596 K Host Process for Windows Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 2960 1,856 K 4,284 K Host Process for Windows Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 2988 3,600 K 7,836 K Host Process for Windows Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 1900 6,092 K 9,324 K Host Process for Windows Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 3488 2,928 K 18,648 K Host Process for Windows Services Microsoft Corporation (Unable to verify) Microsoft Corporation
smss.exe 512 472 K 992 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SLsvc.exe 1096 8,796 K 13,748 K Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
services.exe 724 3,244 K 8,376 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
SeaPort.exe 3020 5,440 K 10,060 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation (Verified) Microsoft Corporation
SDWinSec.exe 3216 5,876 K 9,888 K Spybot-S&D Security Center integration Safer Networking Ltd. (Unable to verify) Safer Networking Ltd.
procexp.exe 5024 3,196 K 8,396 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
ouc.exe 4264 884 K 2,836 K Online Update Clinet Huawei Technologies Co., Ltd. (Unable to verify) Huawei Technologies Co., Ltd.
ONENOTEM.EXE 3648 1,624 K 1,064 K Microsoft Office OneNote Quick Launcher Microsoft Corporation (Unable to verify) Microsoft Corporation
mobsync.exe 3796 5,148 K 10,312 K Microsoft Sync Center Microsoft Corporation (Unable to verify) Microsoft Corporation
mDNSResponder.exe 2680 2,744 K 6,180 K Bonjour Service Apple Inc. (Unable to verify) Apple Inc.
lsm.exe 748 3,072 K 5,324 K Local Session Manager Service Microsoft Corporation (Unable to verify) Microsoft Corporation
jusched.exe 1120 6,028 K 14,036 K Java™ Update Scheduler Sun Microsystems, Inc. (Unable to verify) Sun Microsystems, Inc.
igfxpers.exe 3144 2,396 K 6,304 K persistence Module Intel Corporation (Unable to verify) Intel Corporation
IAANTmon.exe 2848 3,604 K 7,540 K RAID Monitor Intel Corporation (Unable to verify) Intel Corporation
IAAnotif.exe 2172 3,456 K 7,732 K Event Monitor User Notification Tool Intel Corporation (Unable to verify) Intel Corporation
GoogleCrashHandler64.exe 2064 3,060 K 1,068 K Google Crash Handler Google Inc. (Unable to verify) Google Inc.
GoogleCrashHandler.exe 1440 2,828 K 1,224 K Google Crash Handler Google Inc. (Unable to verify) Google Inc.
ehtray.exe 256 2,852 K 2,104 K Media Center Tray Applet Microsoft Corporation (Unable to verify) Microsoft Corporation
ehmsas.exe 4132 2,268 K 6,068 K Media Center Media Status Aggregator Service Microsoft Corporation (Unable to verify) Microsoft Corporation
dwm.exe 2028 1,720 K 4,720 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe 1040 11,672 K 15,272 K Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 2544 2,692 K 5,196 K Adobe Acrobat Update Service Adobe Systems Incorporated (Unable to verify) Adobe Systems Incorporated
agr64svc.exe 2652 1,776 K 3,732 K Agere Soft Modem Call Progress Service Agere Systems (Unable to verify) Agere Systems
AAWTray.exe 2196 3,128 K 1,948 K Ad-Aware Tray Application Lavasoft Limited (Unable to verify) Lavasoft Limited
  • 0

#25
pyaarawala
Posted 20 December 2012 - 09:40 AM

pyaarawala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Still getting certificate errors, so here are the Red Exclamation Errors I'm getting after following step 1 in that guide, and after rebooting. There are many errors so I'll list them all:

First Error:

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:32:32 PM
Event ID: 81
Task Category: Verify Trust
Level: Error
Keywords: Trust Verification
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>81</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>80</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000040</Keywords>
<TimeCreated SystemTime="2012-12-20T15:32:32.557Z" />
<EventRecordID>5080</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<WinVerifyTrust>
<ActionID>{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}</ActionID>
<UIChoice value="2">WTD_UI_NONE</UIChoice>
<RevocationCheck value="0" />
<StateAction value="0">WTD_STATEACTION_IGNORE</StateAction>
<Flags value="80000000" CPD_USE_NT5_CHAIN_FLAG="true" />
<FileInfo filePath="c:\program files (x86)\common files\apple\apple application support\objc.dll" hasFileHandle="true" />
<RegPolicySetting value="23C00" WTPF_OFFLINEOK_IND="true" WTPF_OFFLINEOK_COM="true" WTPF_OFFLINEOKNBU_IND="true" WTPF_OFFLINEOKNBU_COM="true" WTPF_IGNOREREVOCATIONONTS="true" />
<CertificateChain chainRef="{4C790806-BE88-49DA-88B9-62B27F10B7CA}" />
<TimestampChain chainRef="{C74376B1-C04A-4E9A-98C8-4497BC45BEB0}" />
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{CFC5E6E0-2C68-426D-BBF3-99D0EE35A0F8}" SeqNumber="12" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</WinVerifyTrust>
</UserData>
</Event>

2nd Error:

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:32:32 PM
Event ID: 30
Task Category: Verify Chain Policy
Level: Error
Keywords: Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>30</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>30</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000001</Keywords>
<TimeCreated SystemTime="2012-12-20T15:32:32.557Z" />
<EventRecordID>5078</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertVerifyCertificateChainPolicy>
<Policy type="CERT_CHAIN_POLICY_AUTHENTICODE" constant="2" />
<Certificate fileRef="6B572A0382FB60DEF846E902FB959E85AA8A1D35.cer" subjectName="Apple Inc." />
<CertificateChain chainRef="{4C790806-BE88-49DA-88B9-62B27F10B7CA}" />
<Flags value="0" />
<AuthenticodeAdditionalPolicyInfo>
<RegPolicySetting value="23C00" WTPF_OFFLINEOK_IND="true" WTPF_OFFLINEOK_COM="true" WTPF_OFFLINEOKNBU_IND="true" WTPF_OFFLINEOKNBU_COM="true" WTPF_IGNOREREVOCATIONONTS="true" />
</AuthenticodeAdditionalPolicyInfo>
<Status chainIndex="0" elementIndex="2" />
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{CFC5E6E0-2C68-426D-BBF3-99D0EE35A0F8}" SeqNumber="10" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertVerifyCertificateChainPolicy>
</UserData>
</Event>

3rd Error:

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:56 PM
Event ID: 81
Task Category: Verify Trust
Level: Error
Keywords: Trust Verification
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>81</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>80</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000040</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:56.292Z" />
<EventRecordID>6425</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<WinVerifyTrust>
<ActionID>{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}</ActionID>
<UIChoice value="2">WTD_UI_NONE</UIChoice>
<RevocationCheck value="0" />
<StateAction value="0">WTD_STATEACTION_IGNORE</StateAction>
<Flags value="80000000" CPD_USE_NT5_CHAIN_FLAG="true" />
<FileInfo filePath="c:\program files\avast software\avast\snxhk.dll" hasFileHandle="true" />
<RegPolicySetting value="23C00" WTPF_OFFLINEOK_IND="true" WTPF_OFFLINEOK_COM="true" WTPF_OFFLINEOKNBU_IND="true" WTPF_OFFLINEOKNBU_COM="true" WTPF_IGNOREREVOCATIONONTS="true" />
<CertificateChain chainRef="{7241ADA6-1EC4-40D7-8750-7127CCB62022}" />
<TimestampChain chainRef="{AAE630F8-5725-4381-80FC-A43F09B91780}" />
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{819C4B09-F839-4C0E-8A8E-F1F592220F8A}" SeqNumber="16" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</WinVerifyTrust>
</UserData>
</Event>

4th Error:
Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:56 PM
Event ID: 11
Task Category: Build Chain
Level: Error
Keywords: Path Discovery,Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>11</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000003</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:56.276Z" />
<EventRecordID>6423</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertGetCertificateChain>
<Certificate fileRef="8FD99D63FB3AFBD534A4F6E31DACD27F59504021.cer" subjectName="Symantec Time Stamping Services Signer - G3" />
<ValidationTime>2012-10-30T22:50:52Z</ValidationTime>
<AdditionalStore>
<Certificate fileRef="495847A93187CFB8C71F840CB7B41497AD95C64F.cer" subjectName="VeriSign Class 3 Code Signing 2010 CA" />
<Certificate fileRef="DAEE6B6845246502630C11081368A1237988688E.cer" subjectName="AVAST Software" />
<Certificate fileRef="58455389CF1D0CD6A08E3CE216F65ADFF7A86408.cer" subjectName="Class 3 Public Primary Certification Authority" />
<Certificate fileRef="32F30882622B87CF8856C63DB873DF0853B4DD27.cer" subjectName="VeriSign Class 3 Public Primary Certification Authority - G5" />
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<Certificate fileRef="8FD99D63FB3AFBD534A4F6E31DACD27F59504021.cer" subjectName="Symantec Time Stamping Services Signer - G3" />
</AdditionalStore>
<ExtendedKeyUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ExtendedKeyUsage>
<Flags value="1" CERT_CHAIN_CACHE_END_CERT="true" />
<ChainEngineInfo context="user" />
<AdditionalInfo>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
</AdditionalInfo>
<CertificateChain chainRef="{AAE630F8-5725-4381-80FC-A43F09B91780}">
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="100" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ChainElement>
<Certificate fileRef="8FD99D63FB3AFBD534A4F6E31DACD27F59504021.cer" subjectName="Symantec Time Stamping Services Signer - G3" />
<TrustStatus>
<ErrorStatus value="0" />
<InfoStatus value="104" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage />
</ChainElement>
<ChainElement>
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<TrustStatus>
<ErrorStatus value="0" />
<InfoStatus value="104" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage />
</ChainElement>
<ChainElement>
<Certificate fileRef="BE36A4562FB2EE05DBB3D32323ADF445084ED656.cer" subjectName="Thawte Timestamping CA" />
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="10C" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_IS_SELF_SIGNED="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage any="true" />
</ChainElement>
</CertificateChain>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{819C4B09-F839-4C0E-8A8E-F1F592220F8A}" SeqNumber="13" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertGetCertificateChain>
</UserData>
</Event>
5th Error:
Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:56 PM
Event ID: 11
Task Category: Build Chain
Level: Error
Keywords: Path Discovery,Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>11</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000003</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:56.276Z" />
<EventRecordID>6421</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertGetCertificateChain>
<Certificate fileRef="DAEE6B6845246502630C11081368A1237988688E.cer" subjectName="AVAST Software" />
<ValidationTime>2012-10-30T22:50:52Z</ValidationTime>
<AdditionalStore>
<Certificate fileRef="495847A93187CFB8C71F840CB7B41497AD95C64F.cer" subjectName="VeriSign Class 3 Code Signing 2010 CA" />
<Certificate fileRef="DAEE6B6845246502630C11081368A1237988688E.cer" subjectName="AVAST Software" />
<Certificate fileRef="58455389CF1D0CD6A08E3CE216F65ADFF7A86408.cer" subjectName="Class 3 Public Primary Certification Authority" />
<Certificate fileRef="32F30882622B87CF8856C63DB873DF0853B4DD27.cer" subjectName="VeriSign Class 3 Public Primary Certification Authority - G5" />
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<Certificate fileRef="8FD99D63FB3AFBD534A4F6E31DACD27F59504021.cer" subjectName="Symantec Time Stamping Services Signer - G3" />
</AdditionalStore>
<ExtendedKeyUsage>
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ExtendedKeyUsage>
<Flags value="40000001" CERT_CHAIN_CACHE_END_CERT="true" CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT="true" />
<ChainEngineInfo context="user" />
<AdditionalInfo>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
</AdditionalInfo>
<CertificateChain chainRef="{7241ADA6-1EC4-40D7-8750-7127CCB62022}">
<TrustStatus>
<ErrorStatus value="1000060" CERT_TRUST_IS_UNTRUSTED_ROOT="true" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="100" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ChainElement>
<Certificate fileRef="DAEE6B6845246502630C11081368A1237988688E.cer" subjectName="AVAST Software" />
<TrustStatus>
<ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ApplicationUsage>
<IssuanceUsage>
<Usage oid="2.16.840.1.113733.1.7.23.3" />
</IssuanceUsage>
<RevocationInfo>
<RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult>
</RevocationInfo>
</ChainElement>
<ChainElement>
<Certificate fileRef="495847A93187CFB8C71F840CB7B41497AD95C64F.cer" subjectName="VeriSign Class 3 Code Signing 2010 CA" />
<TrustStatus>
<ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.2" name="Client Authentication" />
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ApplicationUsage>
<IssuanceUsage>
<Usage oid="2.16.840.1.113733.1.7.23.3" />
</IssuanceUsage>
<RevocationInfo>
<RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult>
</RevocationInfo>
</ChainElement>
<ChainElement>
<Certificate fileRef="32F30882622B87CF8856C63DB873DF0853B4DD27.cer" subjectName="VeriSign Class 3 Public Primary Certification Authority - G5" />
<TrustStatus>
<ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="104" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.1" name="Server Authentication" />
<Usage oid="1.3.6.1.5.5.7.3.2" name="Client Authentication" />
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
<Usage oid="2.16.840.1.113730.4.1" />
<Usage oid="2.16.840.1.113733.1.8.1" />
</ApplicationUsage>
<IssuanceUsage any="true" />
<RevocationInfo>
<RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult>
</RevocationInfo>
</ChainElement>
<ChainElement>
<Certificate fileRef="A1DB6393916F17E4185509400415C70240B0AE6B.cer" subjectName="Class 3 Public Primary Certification Authority" />
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="10C" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_IS_SELF_SIGNED="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage any="true" />
<IssuanceUsage any="true" />
</ChainElement>
</CertificateChain>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{819C4B09-F839-4C0E-8A8E-F1F592220F8A}" SeqNumber="11" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertGetCertificateChain>
</UserData>
</Event>
6th Error:
Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:56 PM
Event ID: 20
Task Category: Retrieve Third-Party Root Certificate from Network
Level: Error
Keywords: Automatic Root Update,Retrieval,Path Discovery
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>20</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>20</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000032</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:56.276Z" />
<EventRecordID>6420</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertAutoRootUrlRetrievalWire>
<SubjectCertificate fileRef="495847A93187CFB8C71F840CB7B41497AD95C64F.cer" subjectName="VeriSign Class 3 Code Signing 2010 CA" />
<URL scheme="http">http://ctldl.windows...4A5E5.crt</URL>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{819C4B09-F839-4C0E-8A8E-F1F592220F8A}" SeqNumber="10" />
<Result value="3A">The specified server cannot perform the requested operation.</Result>
</CertAutoRootUrlRetrievalWire>
</UserData>
</Event>
7th Error:
Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:56 PM
Event ID: 53
Task Category: Retrieve Object from Network
Level: Error
Keywords: Automatic Root Update,Retrieval,Revocation,Path Discovery
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>53</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>53</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000036</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:56.276Z" />
<EventRecordID>6419</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CryptRetrieveObjectByUrlWire>
<URL scheme="http">http://ctldl.windows...4A5E5.crt</URL>
<Object type="CONTEXT_OID_CERTIFICATE" constant="1" />
<Timeout>PT15S</Timeout>
<Flags value="420600D" CRYPT_RETRIEVE_MULTIPLE_OBJECTS="true" CRYPT_WIRE_ONLY_RETRIEVAL="true" CRYPT_DONT_CACHE_RESULT="true" CRYPT_LDAP_SCOPE_BASE_ONLY_RETRIEVAL="true" CRYPT_OFFLINE_CHECK_RETRIEVAL="true" CRYPT_PROXY_CACHE_RETRIEVAL="true" CRYPT_RANDOM_QUERY_STRING_RETRIEVAL="true" />
<AdditionalInfo>
<Action name="IsPendingNetworkRetrieval">
<Error value="3A">The specified server cannot perform the requested operation.</Error>
</Action>
</AdditionalInfo>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{819C4B09-F839-4C0E-8A8E-F1F592220F8A}" SeqNumber="9" />
<Result value="3A">The specified server cannot perform the requested operation.</Result>
</CryptRetrieveObjectByUrlWire>
</UserData>
</Event>
8th Error:
Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:56 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:56.276Z" />
<EventRecordID>6417</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{DC2E2413-8C1F-4956-A040-96506F87FA26}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>
9th Error:
Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:56 PM
Event ID: 30
Task Category: Verify Chain Policy
Level: Error
Keywords: Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>30</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>30</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000001</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:56.276Z" />
<EventRecordID>6415</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertVerifyCertificateChainPolicy>
<Policy type="CERT_CHAIN_POLICY_AUTHENTICODE" constant="2" />
<Certificate fileRef="DAEE6B6845246502630C11081368A1237988688E.cer" subjectName="AVAST Software" />
<CertificateChain chainRef="{7241ADA6-1EC4-40D7-8750-7127CCB62022}" />
<Flags value="0" />
<AuthenticodeAdditionalPolicyInfo>
<RegPolicySetting value="23C00" WTPF_OFFLINEOK_IND="true" WTPF_OFFLINEOK_COM="true" WTPF_OFFLINEOKNBU_IND="true" WTPF_OFFLINEOKNBU_COM="true" WTPF_IGNOREREVOCATIONONTS="true" />
</AuthenticodeAdditionalPolicyInfo>
<Status chainIndex="0" elementIndex="3" />
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{819C4B09-F839-4C0E-8A8E-F1F592220F8A}" SeqNumber="14" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertVerifyCertificateChainPolicy>
</UserData>
</Event>
10th Error:
Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:56 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:56.261Z" />
<EventRecordID>6414</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{4752F658-CB87-43A3-8BFC-1C106E08B224}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>
11th Error:
Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:56 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:56.261Z" />
<EventRecordID>6413</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{3C033751-138F-4976-9F40-68EB3BAB4C2B}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>
12th Error:
Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:56 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:56.261Z" />
<EventRecordID>6412</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{F8E6F788-ADAE-498D-B6B6-B2D1E7B206C0}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>
13th Error:
Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:56 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:56.261Z" />
<EventRecordID>6411</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{7E4B4A60-3324-4CAC-9ACB-5C2CC14B6756}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>
14th Error:
Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:56 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:56.261Z" />
<EventRecordID>6410</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{E0533A3F-2CEE-42A4-88A9-44CC71D8B81F}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>
15th Error:
Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:56 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:56.261Z" />
<EventRecordID>6409</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{8AEFF052-3C55-439F-98DF-CA89F21435FA}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>
  • 0

Advertisements

#26
pyaarawala
Posted 20 December 2012 - 09:50 AM

pyaarawala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
There are so many more errors so I'll just divide them by lines now so it's easier:

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:53 PM
Event ID: 30
Task Category: Verify Chain Policy
Level: Error
Keywords: Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>30</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>30</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000001</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:53.747Z" />
<EventRecordID>6389</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertVerifyCertificateChainPolicy>
<Policy type="CERT_CHAIN_POLICY_AUTHENTICODE" constant="2" />
<Certificate fileRef="6B572A0382FB60DEF846E902FB959E85AA8A1D35.cer" subjectName="Apple Inc." />
<CertificateChain chainRef="{AC274E99-4B08-40E6-A6DE-C0BF55B4FBE4}" />
<Flags value="0" />
<AuthenticodeAdditionalPolicyInfo>
<RegPolicySetting value="23C00" WTPF_OFFLINEOK_IND="true" WTPF_OFFLINEOK_COM="true" WTPF_OFFLINEOKNBU_IND="true" WTPF_OFFLINEOKNBU_COM="true" WTPF_IGNOREREVOCATIONONTS="true" />
</AuthenticodeAdditionalPolicyInfo>
<Status chainIndex="0" elementIndex="-1" />
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{CE7A2765-63D2-45B6-ADA2-874B4CC45538}" SeqNumber="10" />
<Result value="800B010A">A certificate chain could not be built to a trusted root authority.</Result>
</CertVerifyCertificateChainPolicy>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:53 PM
Event ID: 11
Task Category: Build Chain
Level: Error
Keywords: Path Discovery,Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>11</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000003</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:53.747Z" />
<EventRecordID>6388</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertGetCertificateChain>
<Certificate fileRef="ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE.cer" subjectName="VeriSign Time Stamping Services Signer - G2" />
<ValidationTime>2011-08-31T05:45:33Z</ValidationTime>
<AdditionalStore>
<Certificate fileRef="495847A93187CFB8C71F840CB7B41497AD95C64F.cer" subjectName="VeriSign Class 3 Code Signing 2010 CA" />
<Certificate fileRef="6B572A0382FB60DEF846E902FB959E85AA8A1D35.cer" subjectName="Apple Inc." />
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<Certificate fileRef="ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE.cer" subjectName="VeriSign Time Stamping Services Signer - G2" />
</AdditionalStore>
<ExtendedKeyUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ExtendedKeyUsage>
<Flags value="1" CERT_CHAIN_CACHE_END_CERT="true" />
<ChainEngineInfo context="user" />
<AdditionalInfo>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
</AdditionalInfo>
<CertificateChain chainRef="{D096BDB6-425C-48BD-87B3-C2823E7A015C}">
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="100" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ChainElement>
<Certificate fileRef="ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE.cer" subjectName="VeriSign Time Stamping Services Signer - G2" />
<TrustStatus>
<ErrorStatus value="0" />
<InfoStatus value="104" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage />
</ChainElement>
<ChainElement>
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<TrustStatus>
<ErrorStatus value="0" />
<InfoStatus value="104" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage />
</ChainElement>
<ChainElement>
<Certificate fileRef="BE36A4562FB2EE05DBB3D32323ADF445084ED656.cer" subjectName="Thawte Timestamping CA" />
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="10C" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_IS_SELF_SIGNED="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage any="true" />
</ChainElement>
</CertificateChain>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{CE7A2765-63D2-45B6-ADA2-874B4CC45538}" SeqNumber="9" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertGetCertificateChain>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:53 PM
Event ID: 81
Task Category: Verify Trust
Level: Error
Keywords: Trust Verification
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>81</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>80</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000040</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:53.747Z" />
<EventRecordID>6387</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<WinVerifyTrust>
<ActionID>{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}</ActionID>
<UIChoice value="2">WTD_UI_NONE</UIChoice>
<RevocationCheck value="0" />
<StateAction value="0">WTD_STATEACTION_IGNORE</StateAction>
<Flags value="80000000" CPD_USE_NT5_CHAIN_FLAG="true" />
<FileInfo filePath="c:\program files (x86)\bonjour\mdnsnsp.dll" hasFileHandle="true" />
<RegPolicySetting value="23C00" WTPF_OFFLINEOK_IND="true" WTPF_OFFLINEOK_COM="true" WTPF_OFFLINEOKNBU_IND="true" WTPF_OFFLINEOKNBU_COM="true" WTPF_IGNOREREVOCATIONONTS="true" />
<CertificateChain chainRef="{AC274E99-4B08-40E6-A6DE-C0BF55B4FBE4}" />
<TimestampChain chainRef="{D096BDB6-425C-48BD-87B3-C2823E7A015C}" />
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{CE7A2765-63D2-45B6-ADA2-874B4CC45538}" SeqNumber="12" />
<Result value="800B010A">A certificate chain could not be built to a trusted root authority.</Result>
</WinVerifyTrust>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:53 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:53.747Z" />
<EventRecordID>6385</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{2C510885-4C3A-4D78-B15B-58BFCCF70CAA}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:53 PM
Event ID: 11
Task Category: Build Chain
Level: Error
Keywords: Path Discovery,Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>11</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000003</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:53.731Z" />
<EventRecordID>6383</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertGetCertificateChain>
<Certificate fileRef="6B572A0382FB60DEF846E902FB959E85AA8A1D35.cer" subjectName="Apple Inc." />
<ValidationTime>2011-08-31T05:45:33Z</ValidationTime>
<AdditionalStore>
<Certificate fileRef="495847A93187CFB8C71F840CB7B41497AD95C64F.cer" subjectName="VeriSign Class 3 Code Signing 2010 CA" />
<Certificate fileRef="6B572A0382FB60DEF846E902FB959E85AA8A1D35.cer" subjectName="Apple Inc." />
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<Certificate fileRef="ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE.cer" subjectName="VeriSign Time Stamping Services Signer - G2" />
</AdditionalStore>
<ExtendedKeyUsage>
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ExtendedKeyUsage>
<Flags value="40000001" CERT_CHAIN_CACHE_END_CERT="true" CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT="true" />
<ChainEngineInfo context="user" />
<CertificateChain chainRef="{AC274E99-4B08-40E6-A6DE-C0BF55B4FBE4}">
<TrustStatus>
<ErrorStatus value="1010040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" CERT_TRUST_IS_PARTIAL_CHAIN="true" />
<InfoStatus value="0" />
</TrustStatus>
<ChainElement>
<Certificate fileRef="6B572A0382FB60DEF846E902FB959E85AA8A1D35.cer" subjectName="Apple Inc." />
<TrustStatus>
<ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ApplicationUsage>
<IssuanceUsage>
<Usage oid="2.16.840.1.113733.1.7.23.3" />
</IssuanceUsage>
<RevocationInfo>
<RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult>
</RevocationInfo>
</ChainElement>
<ChainElement>
<Certificate fileRef="495847A93187CFB8C71F840CB7B41497AD95C64F.cer" subjectName="VeriSign Class 3 Code Signing 2010 CA" />
<TrustStatus>
<ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="2" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.2" name="Client Authentication" />
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ApplicationUsage>
<IssuanceUsage>
<Usage oid="2.16.840.1.113733.1.7.23.3" />
</IssuanceUsage>
<RevocationInfo>
<RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult>
</RevocationInfo>
</ChainElement>
</CertificateChain>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{CE7A2765-63D2-45B6-ADA2-874B4CC45538}" SeqNumber="7" />
<Result value="800B010A">A certificate chain could not be built to a trusted root authority.</Result>
</CertGetCertificateChain>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:53 PM
Event ID: 20
Task Category: Retrieve Third-Party Root Certificate from Network
Level: Error
Keywords: Automatic Root Update,Retrieval,Path Discovery
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>20</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>20</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000032</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:53.731Z" />
<EventRecordID>6382</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertAutoRootUrlRetrievalWire>
<SubjectCertificate fileRef="495847A93187CFB8C71F840CB7B41497AD95C64F.cer" subjectName="VeriSign Class 3 Code Signing 2010 CA" />
<URL scheme="http">http://ctldl.windows...4A5E5.crt</URL>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{CE7A2765-63D2-45B6-ADA2-874B4CC45538}" SeqNumber="6" />
<Result value="3A">The specified server cannot perform the requested operation.</Result>
</CertAutoRootUrlRetrievalWire>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:53 PM
Event ID: 53
Task Category: Retrieve Object from Network
Level: Error
Keywords: Automatic Root Update,Retrieval,Revocation,Path Discovery
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>53</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>53</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000036</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:53.731Z" />
<EventRecordID>6381</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CryptRetrieveObjectByUrlWire>
<URL scheme="http">http://ctldl.windows...4A5E5.crt</URL>
<Object type="CONTEXT_OID_CERTIFICATE" constant="1" />
<Timeout>PT15S</Timeout>
<Flags value="420600D" CRYPT_RETRIEVE_MULTIPLE_OBJECTS="true" CRYPT_WIRE_ONLY_RETRIEVAL="true" CRYPT_DONT_CACHE_RESULT="true" CRYPT_LDAP_SCOPE_BASE_ONLY_RETRIEVAL="true" CRYPT_OFFLINE_CHECK_RETRIEVAL="true" CRYPT_PROXY_CACHE_RETRIEVAL="true" CRYPT_RANDOM_QUERY_STRING_RETRIEVAL="true" />
<AdditionalInfo>
<Action name="IsPendingNetworkRetrieval">
<Error value="3A">The specified server cannot perform the requested operation.</Error>
</Action>
</AdditionalInfo>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{CE7A2765-63D2-45B6-ADA2-874B4CC45538}" SeqNumber="5" />
<Result value="3A">The specified server cannot perform the requested operation.</Result>
</CryptRetrieveObjectByUrlWire>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:53 PM
Event ID: 81
Task Category: Verify Trust
Level: Error
Keywords: Trust Verification
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>81</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>80</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000040</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:53.091Z" />
<EventRecordID>6363</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<WinVerifyTrust>
<ActionID>{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}</ActionID>
<UIChoice value="2">WTD_UI_NONE</UIChoice>
<RevocationCheck value="0" />
<StateAction value="0">WTD_STATEACTION_IGNORE</StateAction>
<Flags value="80000000" CPD_USE_NT5_CHAIN_FLAG="true" />
<FileInfo filePath="c:\program files\avast software\avast\snxhk.dll" hasFileHandle="true" />
<RegPolicySetting value="23C00" WTPF_OFFLINEOK_IND="true" WTPF_OFFLINEOK_COM="true" WTPF_OFFLINEOKNBU_IND="true" WTPF_OFFLINEOKNBU_COM="true" WTPF_IGNOREREVOCATIONONTS="true" />
<CertificateChain chainRef="{EF983978-69E5-45E2-B094-B56D0DB4F510}" />
<TimestampChain chainRef="{1BAD671F-1007-457A-98FB-5826BAF0AD60}" />
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{C84E4F69-9366-4569-A096-345C62A434BB}" SeqNumber="16" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</WinVerifyTrust>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:53 PM
Event ID: 30
Task Category: Verify Chain Policy
Level: Error
Keywords: Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>30</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>30</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000001</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:53.075Z" />
<EventRecordID>6361</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertVerifyCertificateChainPolicy>
<Policy type="CERT_CHAIN_POLICY_AUTHENTICODE" constant="2" />
<Certificate fileRef="DAEE6B6845246502630C11081368A1237988688E.cer" subjectName="AVAST Software" />
<CertificateChain chainRef="{EF983978-69E5-45E2-B094-B56D0DB4F510}" />
<Flags value="0" />
<AuthenticodeAdditionalPolicyInfo>
<RegPolicySetting value="23C00" WTPF_OFFLINEOK_IND="true" WTPF_OFFLINEOK_COM="true" WTPF_OFFLINEOKNBU_IND="true" WTPF_OFFLINEOKNBU_COM="true" WTPF_IGNOREREVOCATIONONTS="true" />
</AuthenticodeAdditionalPolicyInfo>
<Status chainIndex="0" elementIndex="3" />
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{C84E4F69-9366-4569-A096-345C62A434BB}" SeqNumber="14" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertVerifyCertificateChainPolicy>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:53 PM
Event ID: 11
Task Category: Build Chain
Level: Error
Keywords: Path Discovery,Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>11</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000003</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:53.075Z" />
<EventRecordID>6360</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertGetCertificateChain>
<Certificate fileRef="8FD99D63FB3AFBD534A4F6E31DACD27F59504021.cer" subjectName="Symantec Time Stamping Services Signer - G3" />
<ValidationTime>2012-10-30T22:50:52Z</ValidationTime>
<AdditionalStore>
<Certificate fileRef="495847A93187CFB8C71F840CB7B41497AD95C64F.cer" subjectName="VeriSign Class 3 Code Signing 2010 CA" />
<Certificate fileRef="DAEE6B6845246502630C11081368A1237988688E.cer" subjectName="AVAST Software" />
<Certificate fileRef="58455389CF1D0CD6A08E3CE216F65ADFF7A86408.cer" subjectName="Class 3 Public Primary Certification Authority" />
<Certificate fileRef="32F30882622B87CF8856C63DB873DF0853B4DD27.cer" subjectName="VeriSign Class 3 Public Primary Certification Authority - G5" />
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<Certificate fileRef="8FD99D63FB3AFBD534A4F6E31DACD27F59504021.cer" subjectName="Symantec Time Stamping Services Signer - G3" />
</AdditionalStore>
<ExtendedKeyUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ExtendedKeyUsage>
<Flags value="1" CERT_CHAIN_CACHE_END_CERT="true" />
<ChainEngineInfo context="user" />
<AdditionalInfo>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
</AdditionalInfo>
<CertificateChain chainRef="{1BAD671F-1007-457A-98FB-5826BAF0AD60}">
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="100" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ChainElement>
<Certificate fileRef="8FD99D63FB3AFBD534A4F6E31DACD27F59504021.cer" subjectName="Symantec Time Stamping Services Signer - G3" />
<TrustStatus>
<ErrorStatus value="0" />
<InfoStatus value="104" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage />
</ChainElement>
<ChainElement>
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<TrustStatus>
<ErrorStatus value="0" />
<InfoStatus value="104" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage />
</ChainElement>
<ChainElement>
<Certificate fileRef="BE36A4562FB2EE05DBB3D32323ADF445084ED656.cer" subjectName="Thawte Timestamping CA" />
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="10C" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_IS_SELF_SIGNED="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage any="true" />
</ChainElement>
</CertificateChain>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{C84E4F69-9366-4569-A096-345C62A434BB}" SeqNumber="13" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertGetCertificateChain>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:53 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:53.075Z" />
<EventRecordID>6358</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{FCC1AD69-2003-49F3-AA94-5566C6FEEAAA}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:53 PM
Event ID: 11
Task Category: Build Chain
Level: Error
Keywords: Path Discovery,Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>11</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000003</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:53.075Z" />
<EventRecordID>6357</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertGetCertificateChain>
<Certificate fileRef="DAEE6B6845246502630C11081368A1237988688E.cer" subjectName="AVAST Software" />
<ValidationTime>2012-10-30T22:50:52Z</ValidationTime>
<AdditionalStore>
<Certificate fileRef="495847A93187CFB8C71F840CB7B41497AD95C64F.cer" subjectName="VeriSign Class 3 Code Signing 2010 CA" />
<Certificate fileRef="DAEE6B6845246502630C11081368A1237988688E.cer" subjectName="AVAST Software" />
<Certificate fileRef="58455389CF1D0CD6A08E3CE216F65ADFF7A86408.cer" subjectName="Class 3 Public Primary Certification Authority" />
<Certificate fileRef="32F30882622B87CF8856C63DB873DF0853B4DD27.cer" subjectName="VeriSign Class 3 Public Primary Certification Authority - G5" />
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<Certificate fileRef="8FD99D63FB3AFBD534A4F6E31DACD27F59504021.cer" subjectName="Symantec Time Stamping Services Signer - G3" />
</AdditionalStore>
<ExtendedKeyUsage>
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ExtendedKeyUsage>
<Flags value="40000001" CERT_CHAIN_CACHE_END_CERT="true" CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT="true" />
<ChainEngineInfo context="user" />
<AdditionalInfo>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
</AdditionalInfo>
<CertificateChain chainRef="{EF983978-69E5-45E2-B094-B56D0DB4F510}">
<TrustStatus>
<ErrorStatus value="1000060" CERT_TRUST_IS_UNTRUSTED_ROOT="true" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="100" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ChainElement>
<Certificate fileRef="DAEE6B6845246502630C11081368A1237988688E.cer" subjectName="AVAST Software" />
<TrustStatus>
<ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ApplicationUsage>
<IssuanceUsage>
<Usage oid="2.16.840.1.113733.1.7.23.3" />
</IssuanceUsage>
<RevocationInfo>
<RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult>
</RevocationInfo>
</ChainElement>
<ChainElement>
<Certificate fileRef="495847A93187CFB8C71F840CB7B41497AD95C64F.cer" subjectName="VeriSign Class 3 Code Signing 2010 CA" />
<TrustStatus>
<ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.2" name="Client Authentication" />
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ApplicationUsage>
<IssuanceUsage>
<Usage oid="2.16.840.1.113733.1.7.23.3" />
</IssuanceUsage>
<RevocationInfo>
<RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult>
</RevocationInfo>
</ChainElement>
<ChainElement>
<Certificate fileRef="32F30882622B87CF8856C63DB873DF0853B4DD27.cer" subjectName="VeriSign Class 3 Public Primary Certification Authority - G5" />
<TrustStatus>
<ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="104" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.1" name="Server Authentication" />
<Usage oid="1.3.6.1.5.5.7.3.2" name="Client Authentication" />
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
<Usage oid="2.16.840.1.113730.4.1" />
<Usage oid="2.16.840.1.113733.1.8.1" />
</ApplicationUsage>
<IssuanceUsage any="true" />
<RevocationInfo>
<RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult>
</RevocationInfo>
</ChainElement>
<ChainElement>
<Certificate fileRef="A1DB6393916F17E4185509400415C70240B0AE6B.cer" subjectName="Class 3 Public Primary Certification Authority" />
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="10C" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_IS_SELF_SIGNED="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage any="true" />
<IssuanceUsage any="true" />
</ChainElement>
</CertificateChain>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{C84E4F69-9366-4569-A096-345C62A434BB}" SeqNumber="11" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertGetCertificateChain>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:53 PM
Event ID: 20
Task Category: Retrieve Third-Party Root Certificate from Network
Level: Error
Keywords: Automatic Root Update,Retrieval,Path Discovery
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>20</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>20</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000032</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:53.075Z" />
<EventRecordID>6356</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertAutoRootUrlRetrievalWire>
<SubjectCertificate fileRef="495847A93187CFB8C71F840CB7B41497AD95C64F.cer" subjectName="VeriSign Class 3 Code Signing 2010 CA" />
<URL scheme="http">http://ctldl.windows...4A5E5.crt</URL>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{C84E4F69-9366-4569-A096-345C62A434BB}" SeqNumber="10" />
<Result value="5B4">This operation returned because the timeout period expired.</Result>
</CertAutoRootUrlRetrievalWire>
</UserData>
</Event>


-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:53 PM
Event ID: 53
Task Category: Retrieve Object from Network
Level: Error
Keywords: Automatic Root Update,Retrieval,Revocation,Path Discovery
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>53</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>53</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000036</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:53.075Z" />
<EventRecordID>6355</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CryptRetrieveObjectByUrlWire>
<URL scheme="http">http://ctldl.windows...4A5E5.crt</URL>
<Object type="CONTEXT_OID_CERTIFICATE" constant="1" />
<Timeout>PT15S</Timeout>
<Flags value="420600D" CRYPT_RETRIEVE_MULTIPLE_OBJECTS="true" CRYPT_WIRE_ONLY_RETRIEVAL="true" CRYPT_DONT_CACHE_RESULT="true" CRYPT_LDAP_SCOPE_BASE_ONLY_RETRIEVAL="true" CRYPT_OFFLINE_CHECK_RETRIEVAL="true" CRYPT_PROXY_CACHE_RETRIEVAL="true" CRYPT_RANDOM_QUERY_STRING_RETRIEVAL="true" />
<AdditionalInfo>
<Action name="NetworkRetrievalTimeout">
<Error value="5B4">This operation returned because the timeout period expired.</Error>
</Action>
</AdditionalInfo>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{C84E4F69-9366-4569-A096-345C62A434BB}" SeqNumber="9" />
<Result value="5B4">This operation returned because the timeout period expired.</Result>
</CryptRetrieveObjectByUrlWire>
</UserData>
</Event>


-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:38 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:38.064Z" />
<EventRecordID>6332</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{EC773656-7E0F-46E0-8DCB-E257602CFCF0}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>


-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:38 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:38.048Z" />
<EventRecordID>6331</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{75484345-F2D7-4754-ADC3-64FA48405987}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>


-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:38 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:38.048Z" />
<EventRecordID>6330</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{849DCAE3-3FAB-48AC-8162-CA68AB3323BF}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>


-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:38 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:38.048Z" />
<EventRecordID>6329</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{81CEEC52-2F90-4B37-8EBC-0841E1F75336}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>


-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:38 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:38.048Z" />
<EventRecordID>6327</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{1044B54F-98FA-438A-9BB2-45D753C8C4DA}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>


-------------------------------------------------------------------------------


Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:38 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:38.048Z" />
<EventRecordID>6325</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{5B988A69-3443-460A-AE0D-92C431D07A1A}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:33 PM
Event ID: 81
Task Category: Verify Trust
Level: Error
Keywords: Trust Verification
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>81</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>80</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000040</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:33.008Z" />
<EventRecordID>6287</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<WinVerifyTrust>
<ActionID>{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}</ActionID>
<UIChoice value="2">WTD_UI_NONE</UIChoice>
<RevocationCheck value="0" />
<StateAction value="0">WTD_STATEACTION_IGNORE</StateAction>
<Flags value="80000000" CPD_USE_NT5_CHAIN_FLAG="true" />
<FileInfo filePath="c:\users\pyaarawala\appdata\roaming\sandisk\my vaults\dmengineapp.dll" hasFileHandle="true" />
<RegPolicySetting value="23C00" WTPF_OFFLINEOK_IND="true" WTPF_OFFLINEOK_COM="true" WTPF_OFFLINEOKNBU_IND="true" WTPF_OFFLINEOKNBU_COM="true" WTPF_IGNOREREVOCATIONONTS="true" />
<CertificateChain chainRef="{D5D4783D-203A-43EA-916B-29D756ECED17}" />
<TimestampChain chainRef="{F6BCD128-98C1-4CD2-87EC-36DD3C5EE087}" />
<StepError stepID="32" stepName="TRUSTERROR_STEP_FINAL_OBJPROV">
<Result value="80096010">The digital signature of the object did not verify.</Result>
</StepError>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{AF2FADB8-755A-4C6A-B3DE-D8A05D9B1C1E}" SeqNumber="11" />
<Result value="80096010">The digital signature of the object did not verify.</Result>
</WinVerifyTrust>
</UserData>
</Event>


-------------------------------------------------------------------------------


Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:33 PM
Event ID: 11
Task Category: Build Chain
Level: Error
Keywords: Path Discovery,Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>11</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000003</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:33.008Z" />
<EventRecordID>6285</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertGetCertificateChain>
<Certificate fileRef="ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE.cer" subjectName="VeriSign Time Stamping Services Signer - G2" />
<ValidationTime>2010-11-10T17:15:32Z</ValidationTime>
<AdditionalStore>
<Certificate fileRef="808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7.cer" subjectName="Thawte Code Signing CA - G2" />
<Certificate fileRef="B1FFCCE8CB4A91E62DDD503BAF39048308A9139A.cer" subjectName="DMAILER" />
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<Certificate fileRef="ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE.cer" subjectName="VeriSign Time Stamping Services Signer - G2" />
</AdditionalStore>
<ExtendedKeyUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ExtendedKeyUsage>
<Flags value="1" CERT_CHAIN_CACHE_END_CERT="true" />
<ChainEngineInfo context="user" />
<AdditionalInfo>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
</AdditionalInfo>
<CertificateChain chainRef="{F6BCD128-98C1-4CD2-87EC-36DD3C5EE087}">
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="100" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ChainElement>
<Certificate fileRef="ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE.cer" subjectName="VeriSign Time Stamping Services Signer - G2" />
<TrustStatus>
<ErrorStatus value="0" />
<InfoStatus value="104" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage />
</ChainElement>
<ChainElement>
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<TrustStatus>
<ErrorStatus value="0" />
<InfoStatus value="104" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage />
</ChainElement>
<ChainElement>
<Certificate fileRef="BE36A4562FB2EE05DBB3D32323ADF445084ED656.cer" subjectName="Thawte Timestamping CA" />
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="10C" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_IS_SELF_SIGNED="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage any="true" />
</ChainElement>
</CertificateChain>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{AF2FADB8-755A-4C6A-B3DE-D8A05D9B1C1E}" SeqNumber="9" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertGetCertificateChain>
</UserData>
</Event>


-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:33 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:33.008Z" />
<EventRecordID>6283</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{357C0740-563A-402D-A414-9558DDF9AAD8}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:32 PM
Event ID: 11
Task Category: Build Chain
Level: Error
Keywords: Path Discovery,Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>11</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000003</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:32.992Z" />
<EventRecordID>6282</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertGetCertificateChain>
<Certificate fileRef="B1FFCCE8CB4A91E62DDD503BAF39048308A9139A.cer" subjectName="DMAILER" />
<ValidationTime>2010-11-10T17:15:32Z</ValidationTime>
<AdditionalStore>
<Certificate fileRef="808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7.cer" subjectName="Thawte Code Signing CA - G2" />
<Certificate fileRef="B1FFCCE8CB4A91E62DDD503BAF39048308A9139A.cer" subjectName="DMAILER" />
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<Certificate fileRef="ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE.cer" subjectName="VeriSign Time Stamping Services Signer - G2" />
</AdditionalStore>
<ExtendedKeyUsage>
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ExtendedKeyUsage>
<Flags value="40000001" CERT_CHAIN_CACHE_END_CERT="true" CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT="true" />
<ChainEngineInfo context="user" />
<AdditionalInfo>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
</AdditionalInfo>
<CertificateChain chainRef="{D5D4783D-203A-43EA-916B-29D756ECED17}">
<TrustStatus>
<ErrorStatus value="1000060" CERT_TRUST_IS_UNTRUSTED_ROOT="true" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="100" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ChainElement>
<Certificate fileRef="B1FFCCE8CB4A91E62DDD503BAF39048308A9139A.cer" subjectName="DMAILER" />
<TrustStatus>
<ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="104" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ApplicationUsage>
<IssuanceUsage />
<RevocationInfo>
<RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult>
</RevocationInfo>
</ChainElement>
<ChainElement>
<Certificate fileRef="808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7.cer" subjectName="Thawte Code Signing CA - G2" />
<TrustStatus>
<ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.2" name="Client Authentication" />
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ApplicationUsage>
<IssuanceUsage />
<RevocationInfo>
<RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult>
</RevocationInfo>
</ChainElement>
<ChainElement>
<Certificate fileRef="91C6D6EE3E8AC86384E548C299295C756C817B81.cer" subjectName="thawte Primary Root CA" />
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="10C" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_IS_SELF_SIGNED="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage any="true" />
<IssuanceUsage any="true" />
</ChainElement>
</CertificateChain>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{AF2FADB8-755A-4C6A-B3DE-D8A05D9B1C1E}" SeqNumber="7" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertGetCertificateChain>
</UserData>
</Event>


-------------------------------------------------------------------------------


Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:32 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:32.992Z" />
<EventRecordID>6281</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="4440" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{26C17ECF-F962-4C94-8583-F7D4F3FF8E9B}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:27 PM
Event ID: 81
Task Category: Verify Trust
Level: Error
Keywords: Trust Verification
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>81</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>80</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000040</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:27.980Z" />
<EventRecordID>6274</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<WinVerifyTrust>
<ActionID>{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}</ActionID>
<UIChoice value="2">WTD_UI_NONE</UIChoice>
<RevocationCheck value="0" />
<StateAction value="0">WTD_STATEACTION_IGNORE</StateAction>
<Flags value="80000000" CPD_USE_NT5_CHAIN_FLAG="true" />
<FileInfo filePath="c:\users\pyaarawala\appdata\roaming\sandisk\my vaults\dmbackup.dll" hasFileHandle="true" />
<RegPolicySetting value="23C00" WTPF_OFFLINEOK_IND="true" WTPF_OFFLINEOK_COM="true" WTPF_OFFLINEOKNBU_IND="true" WTPF_OFFLINEOKNBU_COM="true" WTPF_IGNOREREVOCATIONONTS="true" />
<CertificateChain chainRef="{DA60778E-194F-4268-B3E8-A36C8A2C3597}" />
<TimestampChain chainRef="{AC3FD3F4-EF6E-4A80-BB9B-0753312CB83D}" />
<StepError stepID="32" stepName="TRUSTERROR_STEP_FINAL_OBJPROV">
<Result value="80096010">The digital signature of the object did not verify.</Result>
</StepError>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{C22B79D6-D02D-4008-A266-F1AC4CD02265}" SeqNumber="11" />
<Result value="80096010">The digital signature of the object did not verify.</Result>
</WinVerifyTrust>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:27 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:27.980Z" />
<EventRecordID>6273</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{809167C8-551F-4332-912B-F00299E0DD8A}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>

-------------------------------------------------------------------------------


Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:27 PM
Event ID: 11
Task Category: Build Chain
Level: Error
Keywords: Path Discovery,Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>11</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000003</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:27.980Z" />
<EventRecordID>6271</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertGetCertificateChain>
<Certificate fileRef="B1FFCCE8CB4A91E62DDD503BAF39048308A9139A.cer" subjectName="DMAILER" />
<ValidationTime>2010-11-10T17:15:30Z</ValidationTime>
<AdditionalStore>
<Certificate fileRef="808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7.cer" subjectName="Thawte Code Signing CA - G2" />
<Certificate fileRef="B1FFCCE8CB4A91E62DDD503BAF39048308A9139A.cer" subjectName="DMAILER" />
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<Certificate fileRef="ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE.cer" subjectName="VeriSign Time Stamping Services Signer - G2" />
</AdditionalStore>
<ExtendedKeyUsage>
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ExtendedKeyUsage>
<Flags value="40000001" CERT_CHAIN_CACHE_END_CERT="true" CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT="true" />
<ChainEngineInfo context="user" />
<AdditionalInfo>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
</AdditionalInfo>
<CertificateChain chainRef="{DA60778E-194F-4268-B3E8-A36C8A2C3597}">
<TrustStatus>
<ErrorStatus value="1000060" CERT_TRUST_IS_UNTRUSTED_ROOT="true" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="100" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ChainElement>
<Certificate fileRef="B1FFCCE8CB4A91E62DDD503BAF39048308A9139A.cer" subjectName="DMAILER" />
<TrustStatus>
<ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="104" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ApplicationUsage>
<IssuanceUsage />
<RevocationInfo>
<RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult>
</RevocationInfo>
</ChainElement>
<ChainElement>
<Certificate fileRef="808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7.cer" subjectName="Thawte Code Signing CA - G2" />
<TrustStatus>
<ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.2" name="Client Authentication" />
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ApplicationUsage>
<IssuanceUsage />
<RevocationInfo>
<RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult>
</RevocationInfo>
</ChainElement>
<ChainElement>
<Certificate fileRef="91C6D6EE3E8AC86384E548C299295C756C817B81.cer" subjectName="thawte Primary Root CA" />
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="10C" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_IS_SELF_SIGNED="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage any="true" />
<IssuanceUsage any="true" />
</ChainElement>
</CertificateChain>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{C22B79D6-D02D-4008-A266-F1AC4CD02265}" SeqNumber="7" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertGetCertificateChain>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:27 PM
Event ID: 11
Task Category: Build Chain
Level: Error
Keywords: Path Discovery,Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>11</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000003</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:27.980Z" />
<EventRecordID>6270</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertGetCertificateChain>
<Certificate fileRef="ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE.cer" subjectName="VeriSign Time Stamping Services Signer - G2" />
<ValidationTime>2010-11-10T17:15:30Z</ValidationTime>
<AdditionalStore>
<Certificate fileRef="808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7.cer" subjectName="Thawte Code Signing CA - G2" />
<Certificate fileRef="B1FFCCE8CB4A91E62DDD503BAF39048308A9139A.cer" subjectName="DMAILER" />
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<Certificate fileRef="ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE.cer" subjectName="VeriSign Time Stamping Services Signer - G2" />
</AdditionalStore>
<ExtendedKeyUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ExtendedKeyUsage>
<Flags value="1" CERT_CHAIN_CACHE_END_CERT="true" />
<ChainEngineInfo context="user" />
<AdditionalInfo>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
</AdditionalInfo>
<CertificateChain chainRef="{AC3FD3F4-EF6E-4A80-BB9B-0753312CB83D}">
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="100" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ChainElement>
<Certificate fileRef="ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE.cer" subjectName="VeriSign Time Stamping Services Signer - G2" />
<TrustStatus>
<ErrorStatus value="0" />
<InfoStatus value="104" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage />
</ChainElement>
<ChainElement>
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<TrustStatus>
<ErrorStatus value="0" />
<InfoStatus value="104" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage />
</ChainElement>
<ChainElement>
<Certificate fileRef="BE36A4562FB2EE05DBB3D32323ADF445084ED656.cer" subjectName="Thawte Timestamping CA" />
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="10C" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_IS_SELF_SIGNED="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage any="true" />
</ChainElement>
</CertificateChain>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{C22B79D6-D02D-4008-A266-F1AC4CD02265}" SeqNumber="9" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertGetCertificateChain>
</UserData>
</Event>


-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:27 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:27.980Z" />
<EventRecordID>6269</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{9AA301F5-9505-4D0E-89E5-A259FFA654B0}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>


-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:27 PM
Event ID: 81
Task Category: Verify Trust
Level: Error
Keywords: Trust Verification
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>81</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>80</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000040</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:27.606Z" />
<EventRecordID>6261</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<WinVerifyTrust>
<ActionID>{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}</ActionID>
<UIChoice value="2">WTD_UI_NONE</UIChoice>
<RevocationCheck value="0" />
<StateAction value="0">WTD_STATEACTION_IGNORE</StateAction>
<Flags value="80000000" CPD_USE_NT5_CHAIN_FLAG="true" />
<FileInfo filePath="c:\program files\avast software\avast\snxhk.dll" hasFileHandle="true" />
<RegPolicySetting value="23C00" WTPF_OFFLINEOK_IND="true" WTPF_OFFLINEOK_COM="true" WTPF_OFFLINEOKNBU_IND="true" WTPF_OFFLINEOKNBU_COM="true" WTPF_IGNOREREVOCATIONONTS="true" />
<CertificateChain chainRef="{EC1DBB20-075C-4C77-8E26-B96E3DEB45F4}" />
<TimestampChain chainRef="{F3D3D099-52C2-4741-BC4D-131C2FA3BC43}" />
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{2B840028-7B6A-4E16-B4E6-252728B8E89C}" SeqNumber="16" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</WinVerifyTrust>
</UserData>
</Event>

-------------------------------------------------------------------------------


Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:27 PM
Event ID: 30
Task Category: Verify Chain Policy
Level: Error
Keywords: Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>30</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>30</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000001</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:27.606Z" />
<EventRecordID>6259</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertVerifyCertificateChainPolicy>
<Policy type="CERT_CHAIN_POLICY_AUTHENTICODE" constant="2" />
<Certificate fileRef="DAEE6B6845246502630C11081368A1237988688E.cer" subjectName="AVAST Software" />
<CertificateChain chainRef="{EC1DBB20-075C-4C77-8E26-B96E3DEB45F4}" />
<Flags value="0" />
<AuthenticodeAdditionalPolicyInfo>
<RegPolicySetting value="23C00" WTPF_OFFLINEOK_IND="true" WTPF_OFFLINEOK_COM="true" WTPF_OFFLINEOKNBU_IND="true" WTPF_OFFLINEOKNBU_COM="true" WTPF_IGNOREREVOCATIONONTS="true" />
</AuthenticodeAdditionalPolicyInfo>
<Status chainIndex="0" elementIndex="2" />
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{2B840028-7B6A-4E16-B4E6-252728B8E89C}" SeqNumber="14" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertVerifyCertificateChainPolicy>
</UserData>
</Event>

-------------------------------------------------------------------------------
Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:27 PM
Event ID: 11
Task Category: Build Chain
Level: Error
Keywords: Path Discovery,Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>11</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000003</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:27.606Z" />
<EventRecordID>6258</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertGetCertificateChain>
<Certificate fileRef="8FD99D63FB3AFBD534A4F6E31DACD27F59504021.cer" subjectName="Symantec Time Stamping Services Signer - G3" />
<ValidationTime>2012-10-30T22:50:52Z</ValidationTime>
<AdditionalStore>
<Certificate fileRef="495847A93187CFB8C71F840CB7B41497AD95C64F.cer" subjectName="VeriSign Class 3 Code Signing 2010 CA" />
<Certificate fileRef="DAEE6B6845246502630C11081368A1237988688E.cer" subjectName="AVAST Software" />
<Certificate fileRef="58455389CF1D0CD6A08E3CE216F65ADFF7A86408.cer" subjectName="Class 3 Public Primary Certification Authority" />
<Certificate fileRef="32F30882622B87CF8856C63DB873DF0853B4DD27.cer" subjectName="VeriSign Class 3 Public Primary Certification Authority - G5" />
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<Certificate fileRef="8FD99D63FB3AFBD534A4F6E31DACD27F59504021.cer" subjectName="Symantec Time Stamping Services Signer - G3" />
</AdditionalStore>
<ExtendedKeyUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ExtendedKeyUsage>
<Flags value="1" CERT_CHAIN_CACHE_END_CERT="true" />
<ChainEngineInfo context="user" />
<AdditionalInfo>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
</AdditionalInfo>
<CertificateChain chainRef="{F3D3D099-52C2-4741-BC4D-131C2FA3BC43}">
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="100" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ChainElement>
<Certificate fileRef="8FD99D63FB3AFBD534A4F6E31DACD27F59504021.cer" subjectName="Symantec Time Stamping Services Signer - G3" />
<TrustStatus>
<ErrorStatus value="0" />
<InfoStatus value="104" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage />
</ChainElement>
<ChainElement>
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<TrustStatus>
<ErrorStatus value="0" />
<InfoStatus value="104" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage />
</ChainElement>
<ChainElement>
<Certificate fileRef="BE36A4562FB2EE05DBB3D32323ADF445084ED656.cer" subjectName="Thawte Timestamping CA" />
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="10C" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_IS_SELF_SIGNED="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage any="true" />
</ChainElement>
</CertificateChain>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{2B840028-7B6A-4E16-B4E6-252728B8E89C}" SeqNumber="13" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertGetCertificateChain>
</UserData>
</Event>



-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:27 PM
Event ID: 11
Task Category: Build Chain
Level: Error
Keywords: Path Discovery,Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>11</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000003</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:27.606Z" />
<EventRecordID>6256</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertGetCertificateChain>
<Certificate fileRef="DAEE6B6845246502630C11081368A1237988688E.cer" subjectName="AVAST Software" />
<ValidationTime>2012-10-30T22:50:52Z</ValidationTime>
<AdditionalStore>
<Certificate fileRef="495847A93187CFB8C71F840CB7B41497AD95C64F.cer" subjectName="VeriSign Class 3 Code Signing 2010 CA" />
<Certificate fileRef="DAEE6B6845246502630C11081368A1237988688E.cer" subjectName="AVAST Software" />
<Certificate fileRef="58455389CF1D0CD6A08E3CE216F65ADFF7A86408.cer" subjectName="Class 3 Public Primary Certification Authority" />
<Certificate fileRef="32F30882622B87CF8856C63DB873DF0853B4DD27.cer" subjectName="VeriSign Class 3 Public Primary Certification Authority - G5" />
<Certificate fileRef="F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D.cer" subjectName="VeriSign Time Stamping Services CA" />
<Certificate fileRef="8FD99D63FB3AFBD534A4F6E31DACD27F59504021.cer" subjectName="Symantec Time Stamping Services Signer - G3" />
</AdditionalStore>
<ExtendedKeyUsage>
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ExtendedKeyUsage>
<Flags value="40000001" CERT_CHAIN_CACHE_END_CERT="true" CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT="true" />
<ChainEngineInfo context="user" />
<AdditionalInfo>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
</AdditionalInfo>
<CertificateChain chainRef="{EC1DBB20-075C-4C77-8E26-B96E3DEB45F4}">
<TrustStatus>
<ErrorStatus value="1000060" CERT_TRUST_IS_UNTRUSTED_ROOT="true" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="100" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ChainElement>
<Certificate fileRef="DAEE6B6845246502630C11081368A1237988688E.cer" subjectName="AVAST Software" />
<TrustStatus>
<ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ApplicationUsage>
<IssuanceUsage>
<Usage oid="2.16.840.1.113733.1.7.23.3" />
</IssuanceUsage>
<RevocationInfo>
<RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult>
</RevocationInfo>
</ChainElement>
<ChainElement>
<Certificate fileRef="495847A93187CFB8C71F840CB7B41497AD95C64F.cer" subjectName="VeriSign Class 3 Code Signing 2010 CA" />
<TrustStatus>
<ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.2" name="Client Authentication" />
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ApplicationUsage>
<IssuanceUsage>
<Usage oid="2.16.840.1.113733.1.7.23.3" />
</IssuanceUsage>
<RevocationInfo>
<RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult>
</RevocationInfo>
</ChainElement>
<ChainElement>
<Certificate fileRef="4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.cer" subjectName="VeriSign Class 3 Public Primary Certification Authority - G5" />
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="10C" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_IS_SELF_SIGNED="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage any="true" />
<IssuanceUsage any="true" />
</ChainElement>
</CertificateChain>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{2B840028-7B6A-4E16-B4E6-252728B8E89C}" SeqNumber="11" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertGetCertificateChain>
</UserData>
</Event>


-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:27 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:27.606Z" />
<EventRecordID>6255</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="4440" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{1592A152-0FB9-423A-BC60-BE22D4ED1E2F}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:27 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:27.606Z" />
<EventRecordID>6254</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{98450B11-A2B9-47B9-B388-79B6CD965020}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>


-------------------------------------------------------------------------------
Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:18 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:18.071Z" />
<EventRecordID>6249</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{0F9BD667-71D8-4137-9F37-2E7DDEED5956}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>



-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:18 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:18.071Z" />
<EventRecordID>6248</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="4440" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{6B8D4212-EDE8-4C53-9BAD-032424070B1F}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>


-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:18 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:18.071Z" />
<EventRecordID>6247</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{3AF13515-D29E-4579-9AB2-18F6B0176D2E}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:18 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:18.071Z" />
<EventRecordID>6246</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{D5F5D6EB-C218-494F-AADD-2CE3088D25BE}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>


-------------------------------------------------------------------------------


Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:18 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:18.071Z" />
<EventRecordID>6245</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="4440" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{F806D1EB-A8D3-4D22-AA84-D967449D2AB9}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:18 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:18.071Z" />
<EventRecordID>6244</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{D5FC8EF9-CF00-452D-9EBE-DC434DF79B5E}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>


-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:13 PM
Event ID: 81
Task Category: Verify Trust
Level: Error
Keywords: Trust Verification
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>81</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>80</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000040</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:13.625Z" />
<EventRecordID>6224</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<WinVerifyTrust>
<ActionID>{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}</ActionID>
<UIChoice value="2">WTD_UI_NONE</UIChoice>
<RevocationCheck value="0" />
<StateAction value="0">WTD_STATEACTION_IGNORE</StateAction>
<Flags value="80000000" CPD_USE_NT5_CHAIN_FLAG="true" />
<FileInfo filePath="c:\program files (x86)\microsoft office\office12\1033\onintl.dll" hasFileHandle="true" />
<RegPolicySetting value="23C00" WTPF_OFFLINEOK_IND="true" WTPF_OFFLINEOK_COM="true" WTPF_OFFLINEOKNBU_IND="true" WTPF_OFFLINEOKNBU_COM="true" WTPF_IGNOREREVOCATIONONTS="true" />
<CertificateChain chainRef="{8FCD8049-FB01-4CD3-B811-AD166301DDBF}" />
<TimestampChain chainRef="{E73AC68C-87B5-4EC9-AE69-498878725D40}" />
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{D526A18D-3FE9-480A-9977-4EC36CF1D867}" SeqNumber="16" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</WinVerifyTrust>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:13 PM
Event ID: 30
Task Category: Verify Chain Policy
Level: Error
Keywords: Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>30</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>30</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000001</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:13.625Z" />
<EventRecordID>6222</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertVerifyCertificateChainPolicy>
<Policy type="CERT_CHAIN_POLICY_AUTHENTICODE" constant="2" />
<Certificate fileRef="9E95C625D81B2BA9C72FD70275C3699613AF61E3.cer" subjectName="Microsoft Corporation" />
<CertificateChain chainRef="{8FCD8049-FB01-4CD3-B811-AD166301DDBF}" />
<Flags value="0" />
<AuthenticodeAdditionalPolicyInfo>
<RegPolicySetting value="23C00" WTPF_OFFLINEOK_IND="true" WTPF_OFFLINEOK_COM="true" WTPF_OFFLINEOKNBU_IND="true" WTPF_OFFLINEOKNBU_COM="true" WTPF_IGNOREREVOCATIONONTS="true" />
</AuthenticodeAdditionalPolicyInfo>
<Status chainIndex="0" elementIndex="2" />
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{D526A18D-3FE9-480A-9977-4EC36CF1D867}" SeqNumber="14" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertVerifyCertificateChainPolicy>
</UserData>
</Event>


-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:13 PM
Event ID: 11
Task Category: Build Chain
Level: Error
Keywords: Path Discovery,Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>11</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000003</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:13.625Z" />
<EventRecordID>6221</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertGetCertificateChain>
<Certificate fileRef="05FECB745F7F3B1A0E262A73435CCB7EAAED8B37.cer" subjectName="Microsoft Time-Stamp Service" />
<ValidationTime>2009-02-26T15:17:28Z</ValidationTime>
<AdditionalStore>
<Certificate fileRef="05FECB745F7F3B1A0E262A73435CCB7EAAED8B37.cer" subjectName="Microsoft Time-Stamp Service" />
<Certificate fileRef="3EA99A60058275E0ED83B892A909449F8C33B245.cer" subjectName="Microsoft Timestamping PCA" />
<Certificate fileRef="9E95C625D81B2BA9C72FD70275C3699613AF61E3.cer" subjectName="Microsoft Corporation" />
<Certificate fileRef="3036E3B25B88A55B86FC90E6E9EAAD5081445166.cer" subjectName="Microsoft Code Signing PCA" />
</AdditionalStore>
<ExtendedKeyUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ExtendedKeyUsage>
<Flags value="1" CERT_CHAIN_CACHE_END_CERT="true" />
<ChainEngineInfo context="user" />
<AdditionalInfo>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
</AdditionalInfo>
<CertificateChain chainRef="{E73AC68C-87B5-4EC9-AE69-498878725D40}">
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="100" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ChainElement>
<Certificate fileRef="05FECB745F7F3B1A0E262A73435CCB7EAAED8B37.cer" subjectName="Microsoft Time-Stamp Service" />
<TrustStatus>
<ErrorStatus value="0" />
<InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage />
</ChainElement>
<ChainElement>
<Certificate fileRef="3EA99A60058275E0ED83B892A909449F8C33B245.cer" subjectName="Microsoft Timestamping PCA" />
<TrustStatus>
<ErrorStatus value="0" />
<InfoStatus value="101" CERT_TRUST_HAS_EXACT_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage />
</ChainElement>
<ChainElement>
<Certificate fileRef="A43489159A520F0D93D032CCAF37E7FE20A8B419.cer" subjectName="Microsoft Root Authority" />
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="109" CERT_TRUST_HAS_EXACT_MATCH_ISSUER="true" CERT_TRUST_IS_SELF_SIGNED="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage any="true" />
<IssuanceUsage any="true" />
</ChainElement>
</CertificateChain>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{D526A18D-3FE9-480A-9977-4EC36CF1D867}" SeqNumber="13" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertGetCertificateChain>
</UserData>
</Event>


-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:13 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:13.625Z" />
<EventRecordID>6220</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="4440" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{1AA82A81-FA00-4776-8199-9E857FCDC24A}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>


-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:13 PM
Event ID: 11
Task Category: Build Chain
Level: Error
Keywords: Path Discovery,Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>11</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000003</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:13.423Z" />
<EventRecordID>6214</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertGetCertificateChain>
<Certificate fileRef="9E95C625D81B2BA9C72FD70275C3699613AF61E3.cer" subjectName="Microsoft Corporation" />
<ValidationTime>2009-02-26T15:17:28Z</ValidationTime>
<AdditionalStore>
<Certificate fileRef="05FECB745F7F3B1A0E262A73435CCB7EAAED8B37.cer" subjectName="Microsoft Time-Stamp Service" />
<Certificate fileRef="3EA99A60058275E0ED83B892A909449F8C33B245.cer" subjectName="Microsoft Timestamping PCA" />
<Certificate fileRef="9E95C625D81B2BA9C72FD70275C3699613AF61E3.cer" subjectName="Microsoft Corporation" />
<Certificate fileRef="3036E3B25B88A55B86FC90E6E9EAAD5081445166.cer" subjectName="Microsoft Code Signing PCA" />
</AdditionalStore>
<ExtendedKeyUsage>
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ExtendedKeyUsage>
<Flags value="40000001" CERT_CHAIN_CACHE_END_CERT="true" CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT="true" />
<ChainEngineInfo context="user" />
<AdditionalInfo>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
</AdditionalInfo>
<CertificateChain chainRef="{8FCD8049-FB01-4CD3-B811-AD166301DDBF}">
<TrustStatus>
<ErrorStatus value="1000060" CERT_TRUST_IS_UNTRUSTED_ROOT="true" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="100" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ChainElement>
<Certificate fileRef="9E95C625D81B2BA9C72FD70275C3699613AF61E3.cer" subjectName="Microsoft Corporation" />
<TrustStatus>
<ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ApplicationUsage>
<IssuanceUsage />
<RevocationInfo>
<RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult>
</RevocationInfo>
</ChainElement>
<ChainElement>
<Certificate fileRef="3036E3B25B88A55B86FC90E6E9EAAD5081445166.cer" subjectName="Microsoft Code Signing PCA" />
<TrustStatus>
<ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
<InfoStatus value="101" CERT_TRUST_HAS_EXACT_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
</ApplicationUsage>
<IssuanceUsage />
<RevocationInfo>
<RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult>
</RevocationInfo>
</ChainElement>
<ChainElement>
<Certificate fileRef="A43489159A520F0D93D032CCAF37E7FE20A8B419.cer" subjectName="Microsoft Root Authority" />
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="109" CERT_TRUST_HAS_EXACT_MATCH_ISSUER="true" CERT_TRUST_IS_SELF_SIGNED="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage any="true" />
<IssuanceUsage any="true" />
</ChainElement>
</CertificateChain>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{D526A18D-3FE9-480A-9977-4EC36CF1D867}" SeqNumber="7" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertGetCertificateChain>
</UserData>
</Event>

-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:13 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:13.423Z" />
<EventRecordID>6213</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{2116B79F-F7DD-4962-B33E-22CAFA244C61}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>


-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:12 PM
Event ID: 81
Task Category: Verify Trust
Level: Error
Keywords: Trust Verification
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>81</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>80</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000040</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:12.845Z" />
<EventRecordID>6206</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<WinVerifyTrust>
<ActionID>{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}</ActionID>
<UIChoice value="2">WTD_UI_NONE</UIChoice>
<RevocationCheck value="0" />
<StateAction value="0">WTD_STATEACTION_IGNORE</StateAction>
<Flags value="80000000" CPD_USE_NT5_CHAIN_FLAG="true" />
<FileInfo filePath="c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll" hasFileHandle="true" />
<RegPolicySetting value="23C00" WTPF_OFFLINEOK_IND="true" WTPF_OFFLINEOK_COM="true" WTPF_OFFLINEOKNBU_IND="true" WTPF_OFFLINEOKNBU_COM="true" WTPF_IGNOREREVOCATIONONTS="true" />
<CertificateChain chainRef="{4FEECF97-C1F0-446A-B0F9-F3E79EE578AA}" />
<TimestampChain chainRef="{89240A62-D338-4ACC-B342-CA07DA5A6694}" />
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{7DF12CBF-9F30-4A76-8D11-C80322226F1F}" SeqNumber="16" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</WinVerifyTrust>
</UserData>
</Event>


-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:12 PM
Event ID: 30
Task Category: Verify Chain Policy
Level: Error
Keywords: Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>30</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>30</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000001</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:12.845Z" />
<EventRecordID>6204</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertVerifyCertificateChainPolicy>
<Policy type="CERT_CHAIN_POLICY_AUTHENTICODE" constant="2" />
<Certificate fileRef="93859EBF98AFDEB488CCFA263899640E81BC49F1.cer" subjectName="Microsoft Corporation" />
<CertificateChain chainRef="{4FEECF97-C1F0-446A-B0F9-F3E79EE578AA}" />
<Flags value="0" />
<AuthenticodeAdditionalPolicyInfo>
<RegPolicySetting value="23C00" WTPF_OFFLINEOK_IND="true" WTPF_OFFLINEOK_COM="true" WTPF_OFFLINEOKNBU_IND="true" WTPF_OFFLINEOKNBU_COM="true" WTPF_IGNOREREVOCATIONONTS="true" />
</AuthenticodeAdditionalPolicyInfo>
<Status chainIndex="0" elementIndex="2" />
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{7DF12CBF-9F30-4A76-8D11-C80322226F1F}" SeqNumber="14" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertVerifyCertificateChainPolicy>
</UserData>
</Event>


-------------------------------------------------------------------------------
Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:12 PM
Event ID: 11
Task Category: Build Chain
Level: Error
Keywords: Path Discovery,Path Validation
User: SYSTEM
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>11</Task>
<Opcode>2</Opcode>
<Keywords>0x8000000000000003</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:12.845Z" />
<EventRecordID>6203</EventRecordID>
<Correlation />
<Execution ProcessID="1800" ThreadID="4084" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<CertGetCertificateChain>
<Certificate fileRef="05FECB745F7F3B1A0E262A73435CCB7EAAED8B37.cer" subjectName="Microsoft Time-Stamp Service" />
<ValidationTime>2011-05-14T08:19:00Z</ValidationTime>
<AdditionalStore>
<Certificate fileRef="05FECB745F7F3B1A0E262A73435CCB7EAAED8B37.cer" subjectName="Microsoft Time-Stamp Service" />
<Certificate fileRef="3EA99A60058275E0ED83B892A909449F8C33B245.cer" subjectName="Microsoft Timestamping PCA" />
<Certificate fileRef="93859EBF98AFDEB488CCFA263899640E81BC49F1.cer" subjectName="Microsoft Corporation" />
<Certificate fileRef="3036E3B25B88A55B86FC90E6E9EAAD5081445166.cer" subjectName="Microsoft Code Signing PCA" />
</AdditionalStore>
<ExtendedKeyUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ExtendedKeyUsage>
<Flags value="1" CERT_CHAIN_CACHE_END_CERT="true" />
<ChainEngineInfo context="user" />
<AdditionalInfo>
<Action name="Call_CryptSvc_ADD_THIRD_PARTY_ROOT">
<Error value="5">Access is denied.</Error>
</Action>
</AdditionalInfo>
<CertificateChain chainRef="{89240A62-D338-4ACC-B342-CA07DA5A6694}">
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="100" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ChainElement>
<Certificate fileRef="05FECB745F7F3B1A0E262A73435CCB7EAAED8B37.cer" subjectName="Microsoft Time-Stamp Service" />
<TrustStatus>
<ErrorStatus value="0" />
<InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage />
</ChainElement>
<ChainElement>
<Certificate fileRef="3EA99A60058275E0ED83B892A909449F8C33B245.cer" subjectName="Microsoft Timestamping PCA" />
<TrustStatus>
<ErrorStatus value="0" />
<InfoStatus value="101" CERT_TRUST_HAS_EXACT_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage>
<Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" />
</ApplicationUsage>
<IssuanceUsage />
</ChainElement>
<ChainElement>
<Certificate fileRef="A43489159A520F0D93D032CCAF37E7FE20A8B419.cer" subjectName="Microsoft Root Authority" />
<TrustStatus>
<ErrorStatus value="20" CERT_TRUST_IS_UNTRUSTED_ROOT="true" />
<InfoStatus value="109" CERT_TRUST_HAS_EXACT_MATCH_ISSUER="true" CERT_TRUST_IS_SELF_SIGNED="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
</TrustStatus>
<ApplicationUsage any="true" />
<IssuanceUsage any="true" />
</ChainElement>
</CertificateChain>
<EventAuxInfo ProcessName="AAWService.exe" />
<CorrelationAuxInfo TaskId="{7DF12CBF-9F30-4A76-8D11-C80322226F1F}" SeqNumber="13" />
<Result value="800B0109">A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.</Result>
</CertGetCertificateChain>
</UserData>
</Event>


-------------------------------------------------------------------------------

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:12 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:12.845Z" />
<EventRecordID>6198</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{FD42B816-59F5-4087-8654-73CDF0A230BF}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>


-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------



-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------



-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------



-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------



-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------



-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------



-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------



-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------



-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------



-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------



-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------



-------------------------------------------------------------------------------




-------------------------------------------------------------------------------




-------------------------------------------------------------------------------
  • 0

#27
pyaarawala
Posted 20 December 2012 - 09:52 AM

pyaarawala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Is there any way for me to just give you the Events .evtx file? I saved it on my desktop but I don't know how to put an attachment in this post. There are just WAYYY too many of those error events that it'll take forever for me to copy paste every single one, one by one. What I posted above was just half of them and it took me so long.
  • 0

#28
pyaarawala
Posted 20 December 2012 - 09:56 AM

pyaarawala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
This Event 60 was for some reason the only event on the side panel of the Event Viewer, and it mentions something about the Certificate Store, so I'll include that one here:

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:34:12 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:34:12.034Z" />
<EventRecordID>6190</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{4FE434D3-06EE-47A9-9062-E52E106A6C3F}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>

Posted Image
  • 0

#29
pyaarawala
Posted 20 December 2012 - 10:01 AM

pyaarawala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I logged into Gmail, got the security error and immediately refreshed and got this new Error in the Event Viewer:

Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/20/2012 11:59:23 PM
Event ID: 60
Task Category: Open Store
Level: Error
Keywords: Certificate Store
User: NETWORK SERVICE
Computer: pyaarawala-PC
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>60</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>60</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000100</Keywords>
<TimeCreated SystemTime="2012-12-20T15:59:23.018Z" />
<EventRecordID>7928</EventRecordID>
<Correlation />
<Execution ProcessID="1336" ThreadID="1560" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>pyaarawala-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<CertificateStore>
<Store type="CERT_STORE_PROV_SYSTEM_REGISTRY_W" constant="13" location="CERT_SYSTEM_STORE_LOCAL_MACHINE_ID">AuthRoot</Store>
<Flags value="20000" />
<EventAuxInfo ProcessName="svchost.exe" />
<CorrelationAuxInfo TaskId="{93EF456A-4066-4118-8C88-781DCACF7B1E}" SeqNumber="1" />
<Result value="5">Access is denied.</Result>
</CertificateStore>
</UserData>
</Event>

^^Those are the details. Below is the table:

Error 12/20/2012 11:59:23 PM CAPI2 60 Open Store
  • 0

#30
pyaarawala
Posted 20 December 2012 - 10:03 AM

pyaarawala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I figured out how to attach the events file, but it gives me an error:

Error You aren't permitted to upload this kind of file
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP