Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win64/Sirefef / ZeroAccess


  • Please log in to reply
7 replies to this topic

#1 Spec37

Spec37

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 28 July 2012 - 09:21 AM

Hi,

On approximately the 8th of July Microsoft Security Essentials alerted me to state that Win64/Sirefef had been found on my system and that the associated files had been quarantined. At the same time I was received a fake Flash update prompt which I would not stop appearing, when I looked in Task Manager a found a randomly named EXE file and closed this which closed the Flash prompt. I then cleared the quarantined files from MSE and manually removed the folders where the files had been located. I then did a full system scan with MSE and ESET Online Scanner which if I recall correctly did not find any infected files. However last week when helping a friend with a virus infection I ran some other tools on my system with makes me think MSE did not managed to stop the infection completely, below is an extract from a rogue killer scan I did which I believe indicates a potential ZeroAccess infection.

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: Jamie [Admin rights]
Mode: Scan -- Date: 07/22/2012 15:44:56

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Jamie\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\n.) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2320BH G2 ATA Device +++++
--- User ---
[MBR] 4bc21c629f9ad69fedc8c72ba86293eb
[BSP] cecc911cc29a5e71bbb5ef077274fe01 : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 292937 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 599937024 | Size: 12304 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: CCR-60 USB Device +++++
--- User ---
[MBR] 7fb9f4747c6b761ace1a6ebbe657a082
[BSP] cb1bd13cf61b1d7ca5e137b62f1ace77 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 45 | Size: 959 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

I've since run McAfee's Rootkit remover which found nothing, McAfee Stinger which found a potential infection with the HLDS.exe file in my Steam directory but I don't have a log with the name, I've also run TDSSKiller, Norton's FixZeroAccess, MalwareBytes Anti-Malware and Panda's Cloud Scanner none of which appeared to find anything.

I've attached the logs I hope will be useful and the output from DDS is below.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Jamie at 15:10:37 on 2012-07-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4092.1090 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Users\Jamie\Documents\Core Temp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jamie\Desktop\Malware Tools\stinger.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: microsoftelearning.com\itacademy
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxps://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{311BB5A6-E53A-4A98-BF54-EB5556AA627C} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7A545B96-3FDD-4D64-8AAC-8F8F153F55F1} : DhcpNameServer = 194.168.4.100 194.168.8.100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
IE-X64: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 pavboot;Panda Boot Driver;C:\Windows\system32\drivers\pavboot64.sys --> C:\Windows\system32\drivers\pavboot64.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2011/04/16 01:15:55];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2011-4-16 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe [?]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys --> C:\Windows\system32\drivers\npf.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-28 2253120]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2008-10-25 365952]
R2 vmci;VMware vmci;\??\C:\Windows\system32\drivers\vmci.sys --> C:\Windows\system32\drivers\vmci.sys [?]
R3 AVerAF15;HP DVB-T TV Tuner;C:\Windows\system32\Drivers\AVerAF15.sys --> C:\Windows\system32\Drivers\AVerAF15.sys [?]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys --> C:\Windows\system32\DRIVERS\seehcri.sys [?]
R3 vfs101a;vfs101a;C:\Windows\system32\drivers\vfs101a.sys --> C:\Windows\system32\drivers\vfs101a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 PSSDK42;PSSDK42;\??\C:\Windows\system32\Drivers\pssdk42.sys --> C:\Windows\system32\Drivers\pssdk42.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);C:\Windows\system32\DRIVERS\s0017bus.sys --> C:\Windows\system32\DRIVERS\s0017bus.sys [?]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0017mdfl.sys --> C:\Windows\system32\DRIVERS\s0017mdfl.sys [?]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0017mdm.sys --> C:\Windows\system32\DRIVERS\s0017mdm.sys [?]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0017mgmt.sys --> C:\Windows\system32\DRIVERS\s0017mgmt.sys [?]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);C:\Windows\system32\DRIVERS\s0017nd5.sys --> C:\Windows\system32\DRIVERS\s0017nd5.sys [?]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0017obex.sys --> C:\Windows\system32\DRIVERS\s0017obex.sys [?]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);C:\Windows\system32\DRIVERS\s0017unic.sys --> C:\Windows\system32\DRIVERS\s0017unic.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe [2012-7-21 68760]
S3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-7-10 369688]
S3 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-4-18 89920]
S4 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-10-25 193840]
S4 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
S4 LcAgent;LC Remote Agent;C:\Windows\Temp\lcagent.exe --> C:\Windows\Temp\lcagent.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]
S4 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-9-25 296320]
S4 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-9-25 116096]
S4 vfsFPService;Validity Fingerprint Service;C:\Windows\System32\vfsFPService.exe [2008-9-16 599344]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-27 20:27:59 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{28B999C1-F0C4-4795-A95C-4E3E8C9F0D08}\mpengine.dll
2012-07-26 20:20:48 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-25 01:16:22 -------- d-----w- C:\ProgramData\Sophos
2012-07-25 01:16:19 73728 ----a-r- C:\Users\Jamie\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-25 01:16:19 73728 ----a-r- C:\Users\Jamie\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-25 01:16:19 73728 ----a-r- C:\Users\Jamie\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-07-25 01:16:12 -------- d-----w- C:\Program Files (x86)\Sophos
2012-07-25 00:41:44 -------- d-----w- C:\Users\Jamie\AppData\Roaming\f-secure
2012-07-25 00:39:51 -------- d-----w- C:\ProgramData\F-Secure
2012-07-25 00:18:52 -------- d-----w- C:\Users\Jamie\AppData\Roaming\QuickScan
2012-07-23 02:40:43 -------- d-----w- C:\FRST
2012-07-22 18:44:50 -------- d-----w- C:\$RECYCLE.BIN
2012-07-22 18:31:38 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-22 18:31:38 256000 ----a-w- C:\Windows\PEV.exe
2012-07-22 18:31:38 208896 ----a-w- C:\Windows\MBR.exe
2012-07-22 18:31:37 98816 ----a-w- C:\Windows\sed.exe
2012-07-22 12:59:49 -------- d-----w- C:\Users\Jamie\AppData\Roaming\Malwarebytes
2012-07-22 12:59:27 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-22 12:59:25 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-22 12:59:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-21 22:12:34 16200 ----a-w- C:\Windows\stinger.sys
2012-07-21 22:12:06 -------- d-----w- C:\Program Files (x86)\stinger
2012-07-21 13:48:01 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2012-07-21 13:48:01 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2012-07-21 13:48:01 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2012-07-21 13:48:01 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2012-07-21 13:48:00 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2012-07-21 13:48:00 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll
2012-07-21 13:48:00 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-07-21 13:48:00 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll
2012-07-21 13:46:43 -------- d-----w- C:\Program Files\SiSoftware
2012-07-14 00:08:22 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-14 00:05:56 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-07-13 23:46:28 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 23:46:28 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-13 23:42:37 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-13 23:42:31 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-13 23:32:50 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-07-13 23:31:23 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-13 23:31:23 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-13 23:31:23 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-07-13 23:31:23 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-13 23:31:23 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-13 23:31:23 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-13 22:41:20 -------- d-----w- C:\Users\Jamie\AppData\Roaming\Defu
2012-07-07 21:59:22 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF815BAB-38EC-4006-BC1B-1396E7EB423B}\gapaengine.dll
.
==================== Find3M ====================
.
2012-07-13 23:42:13 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-25 15:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 14:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
============= FINISH: 15:10:53.89 ===============

Any assistance you could provide would be very much appreciated.

Thanks in advance.

Spec

Attached Files



BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:57 PM

Posted 01 August 2012 - 01:52 PM

Hello and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. :)


Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: Do not choose Cure or Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


----------Step 3----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

Edited by D-FRED-BROWN, 01 August 2012 - 01:59 PM.


#3 Spec37

Spec37
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 01 August 2012 - 05:12 PM

Hi D-FRED-BROWN,

Thanks for taking the time to assist me, it's very much appreciated. I've included or attached the logs you requested. My system appears to be running normally with no unusual activity or suspicious symptoms, I just want to make sure I'm not still infected and that my system is not compromised.

23:05:08.0030 3892 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
23:05:08.0170 3892 ============================================================
23:05:08.0170 3892 Current date / time: 2012/08/01 23:05:08.0170
23:05:08.0170 3892 SystemInfo:
23:05:08.0170 3892
23:05:08.0170 3892 OS Version: 6.0.6002 ServicePack: 2.0
23:05:08.0170 3892 Product type: Workstation
23:05:08.0170 3892 ComputerName: F117
23:05:08.0170 3892 UserName: Jamie
23:05:08.0170 3892 Windows directory: C:\Windows
23:05:08.0170 3892 System windows directory: C:\Windows
23:05:08.0170 3892 Running under WOW64
23:05:08.0170 3892 Processor architecture: Intel x64
23:05:08.0170 3892 Number of processors: 2
23:05:08.0170 3892 Page size: 0x1000
23:05:08.0170 3892 Boot type: Normal boot
23:05:08.0170 3892 ============================================================
23:05:10.0931 3892 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:05:10.0931 3892 ============================================================
23:05:10.0931 3892 \Device\Harddisk0\DR0:
23:05:10.0947 3892 MBR partitions:
23:05:10.0947 3892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23C24FC1
23:05:10.0947 3892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23C25000, BlocksNum 0x1808000
23:05:10.0947 3892 ============================================================
23:05:10.0947 3892 C: <-> \Device\Harddisk0\DR0\Partition0
23:05:10.0994 3892 D: <-> \Device\Harddisk0\DR0\Partition1
23:05:10.0994 3892 ============================================================
23:05:10.0994 3892 Initialize success
23:05:10.0994 3892 ============================================================
23:05:15.0003 1032 ============================================================
23:05:15.0003 1032 Scan started
23:05:15.0003 1032 Mode: Manual; SigCheck; TDLFS;
23:05:15.0003 1032 ============================================================
23:05:16.0032 1032 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
23:05:16.0110 1032 Accelerometer - ok
23:05:16.0157 1032 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
23:05:16.0173 1032 ACPI - ok
23:05:16.0266 1032 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
23:05:16.0282 1032 adp94xx - ok
23:05:16.0329 1032 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
23:05:16.0344 1032 adpahci - ok
23:05:16.0391 1032 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
23:05:16.0391 1032 adpu160m - ok
23:05:16.0422 1032 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
23:05:16.0438 1032 adpu320 - ok
23:05:16.0485 1032 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
23:05:16.0516 1032 AeLookupSvc - ok
23:05:16.0625 1032 AESTFilters (7f66523a27754afcfecae2f5eb643a4a) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe
23:05:16.0641 1032 AESTFilters - ok
23:05:16.0937 1032 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
23:05:17.0000 1032 AFD - ok
23:05:17.0046 1032 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
23:05:17.0046 1032 agp440 - ok
23:05:17.0109 1032 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
23:05:17.0124 1032 aic78xx - ok
23:05:17.0156 1032 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
23:05:17.0171 1032 ALG - ok
23:05:17.0202 1032 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
23:05:17.0218 1032 aliide - ok
23:05:17.0358 1032 ALSysIO - ok
23:05:17.0374 1032 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
23:05:17.0374 1032 amdide - ok
23:05:17.0421 1032 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
23:05:17.0452 1032 AmdK8 - ok
23:05:17.0499 1032 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
23:05:17.0514 1032 Appinfo - ok
23:05:17.0624 1032 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:05:17.0624 1032 Apple Mobile Device - ok
23:05:17.0686 1032 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
23:05:17.0702 1032 arc - ok
23:05:17.0702 1032 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
23:05:17.0717 1032 arcsas - ok
23:05:17.0811 1032 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:05:17.0826 1032 aspnet_state - ok
23:05:17.0889 1032 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
23:05:17.0904 1032 AsyncMac - ok
23:05:17.0936 1032 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
23:05:17.0951 1032 atapi - ok
23:05:18.0045 1032 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
23:05:18.0076 1032 AudioEndpointBuilder - ok
23:05:18.0076 1032 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
23:05:18.0107 1032 AudioSrv - ok
23:05:18.0154 1032 AVerAF15 (61f5963c686d6f6d5153d581e5e09e20) C:\Windows\system32\Drivers\AVerAF15.sys
23:05:18.0170 1032 AVerAF15 - ok
23:05:18.0201 1032 Beep - ok
23:05:18.0279 1032 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
23:05:18.0294 1032 BFE - ok
23:05:18.0419 1032 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
23:05:18.0450 1032 BITS - ok
23:05:18.0528 1032 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
23:05:18.0560 1032 blbdrive - ok
23:05:18.0700 1032 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:05:18.0716 1032 Bonjour Service - ok
23:05:18.0762 1032 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
23:05:18.0794 1032 bowser - ok
23:05:18.0840 1032 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
23:05:18.0856 1032 BrFiltLo - ok
23:05:18.0887 1032 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
23:05:18.0903 1032 BrFiltUp - ok
23:05:18.0965 1032 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
23:05:18.0996 1032 Browser - ok
23:05:19.0028 1032 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
23:05:19.0074 1032 Brserid - ok
23:05:19.0106 1032 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
23:05:19.0137 1032 BrSerWdm - ok
23:05:19.0184 1032 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
23:05:19.0230 1032 BrUsbMdm - ok
23:05:19.0262 1032 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
23:05:19.0308 1032 BrUsbSer - ok
23:05:19.0355 1032 BthEnum (471ff09330a53177bbe9fd6ddf8a8259) C:\Windows\system32\DRIVERS\BthEnum.sys
23:05:19.0386 1032 BthEnum - ok
23:05:19.0402 1032 BTHMODEM (72f70a38bb15252eb7c4da7ba3bd4ed1) C:\Windows\system32\DRIVERS\bthmodem.sys
23:05:19.0418 1032 BTHMODEM - ok
23:05:19.0449 1032 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
23:05:19.0480 1032 BthPan - ok
23:05:19.0574 1032 BTHPORT (7d104f22c04a76f0d2f96f789ac07fcb) C:\Windows\system32\Drivers\BTHport.sys
23:05:19.0605 1032 BTHPORT - ok
23:05:19.0683 1032 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
23:05:19.0698 1032 BthServ - ok
23:05:19.0698 1032 BTHUSB (d9324f0c142267961ce900bfc3798bb1) C:\Windows\system32\Drivers\BTHUSB.sys
23:05:19.0714 1032 BTHUSB - ok
23:05:19.0745 1032 btwaudio (0c5d9c8b412be72c4535ec67a24c01db) C:\Windows\system32\drivers\btwaudio.sys
23:05:19.0761 1032 btwaudio - ok
23:05:19.0823 1032 btwavdt (df18e4291c43bed05b1d0c2d5c0e96d6) C:\Windows\system32\drivers\btwavdt.sys
23:05:19.0823 1032 btwavdt - ok
23:05:19.0854 1032 btwrchid (637a44c54520a9958e2e5e3ee9e26c4a) C:\Windows\system32\DRIVERS\btwrchid.sys
23:05:19.0854 1032 btwrchid - ok
23:05:19.0854 1032 catchme - ok
23:05:19.0901 1032 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
23:05:19.0917 1032 cdfs - ok
23:05:19.0979 1032 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
23:05:19.0995 1032 cdrom - ok
23:05:20.0057 1032 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
23:05:20.0088 1032 CertPropSvc - ok
23:05:20.0104 1032 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
23:05:20.0135 1032 circlass - ok
23:05:20.0182 1032 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
23:05:20.0198 1032 CLFS - ok
23:05:20.0291 1032 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:05:20.0307 1032 clr_optimization_v2.0.50727_32 - ok
23:05:20.0354 1032 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:05:20.0369 1032 clr_optimization_v2.0.50727_64 - ok
23:05:20.0478 1032 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:05:20.0478 1032 clr_optimization_v4.0.30319_32 - ok
23:05:20.0525 1032 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:05:20.0525 1032 clr_optimization_v4.0.30319_64 - ok
23:05:20.0588 1032 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
23:05:20.0619 1032 CmBatt - ok
23:05:20.0634 1032 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
23:05:20.0634 1032 cmdide - ok
23:05:20.0744 1032 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
23:05:20.0759 1032 Com4QLBEx - ok
23:05:20.0775 1032 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
23:05:20.0790 1032 Compbatt - ok
23:05:20.0790 1032 COMSysApp - ok
23:05:20.0790 1032 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
23:05:20.0806 1032 crcdisk - ok
23:05:20.0868 1032 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
23:05:20.0884 1032 CryptSvc - ok
23:05:20.0946 1032 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
23:05:20.0978 1032 DcomLaunch - ok
23:05:21.0040 1032 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
23:05:21.0071 1032 DfsC - ok
23:05:21.0336 1032 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
23:05:21.0461 1032 DFSR - ok
23:05:21.0617 1032 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
23:05:21.0633 1032 Dhcp - ok
23:05:21.0664 1032 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
23:05:21.0680 1032 disk - ok
23:05:21.0726 1032 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
23:05:21.0742 1032 Dnscache - ok
23:05:21.0789 1032 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
23:05:21.0804 1032 dot3svc - ok
23:05:21.0867 1032 DpHost (59f3ac5c4f2a44333b27caae646b8ce1) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
23:05:21.0945 1032 DpHost ( UnsignedFile.Multi.Generic ) - warning
23:05:21.0945 1032 DpHost - detected UnsignedFile.Multi.Generic (1)
23:05:21.0992 1032 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
23:05:22.0023 1032 DPS - ok
23:05:22.0054 1032 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
23:05:22.0085 1032 drmkaud - ok
23:05:22.0194 1032 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
23:05:22.0226 1032 DXGKrnl - ok
23:05:22.0304 1032 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
23:05:22.0335 1032 E1G60 - ok
23:05:22.0366 1032 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
23:05:22.0397 1032 EapHost - ok
23:05:22.0444 1032 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
23:05:22.0460 1032 Ecache - ok
23:05:22.0538 1032 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
23:05:22.0553 1032 ehRecvr - ok
23:05:22.0600 1032 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
23:05:22.0616 1032 ehSched - ok
23:05:22.0647 1032 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
23:05:22.0662 1032 ehstart - ok
23:05:22.0694 1032 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
23:05:22.0709 1032 elxstor - ok
23:05:22.0772 1032 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
23:05:22.0787 1032 EMDMgmt - ok
23:05:22.0834 1032 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys
23:05:22.0865 1032 enecir - ok
23:05:22.0912 1032 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
23:05:22.0928 1032 ErrDev - ok
23:05:22.0974 1032 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
23:05:23.0006 1032 EventSystem - ok
23:05:23.0068 1032 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
23:05:23.0099 1032 exfat - ok
23:05:23.0115 1032 ezSharedSvc - ok
23:05:23.0177 1032 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
23:05:23.0208 1032 fastfat - ok
23:05:23.0224 1032 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
23:05:23.0255 1032 fdc - ok
23:05:23.0302 1032 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
23:05:23.0333 1032 fdPHost - ok
23:05:23.0349 1032 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
23:05:23.0380 1032 FDResPub - ok
23:05:23.0396 1032 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
23:05:23.0411 1032 FileInfo - ok
23:05:23.0427 1032 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
23:05:23.0458 1032 Filetrace - ok
23:05:23.0489 1032 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:05:23.0520 1032 flpydisk - ok
23:05:23.0567 1032 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
23:05:23.0583 1032 FltMgr - ok
23:05:23.0739 1032 FontCache (de67b1afab1ddb6ca0bba89a776f26fa) C:\Windows\system32\FntCache.dll
23:05:23.0770 1032 FontCache - ok
23:05:23.0832 1032 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:05:23.0848 1032 FontCache3.0.0.0 - ok
23:05:23.0895 1032 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
23:05:23.0926 1032 Fs_Rec - ok
23:05:23.0942 1032 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
23:05:23.0957 1032 gagp30kx - ok
23:05:24.0035 1032 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
23:05:24.0098 1032 GameConsoleService - ok
23:05:24.0129 1032 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:05:24.0144 1032 GEARAspiWDM - ok
23:05:24.0207 1032 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
23:05:24.0238 1032 gpsvc - ok
23:05:24.0316 1032 GPU-Z - ok
23:05:24.0378 1032 hcmon (09857a166b91cfece8cf48aea8c5cb0d) C:\Windows\system32\drivers\hcmon.sys
23:05:24.0394 1032 hcmon - ok
23:05:24.0456 1032 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
23:05:24.0503 1032 HdAudAddService - ok
23:05:24.0628 1032 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:05:24.0659 1032 HDAudBus - ok
23:05:24.0722 1032 HidBth (99d256cb6c8f7174b6adc3eb19e4eb29) C:\Windows\system32\DRIVERS\hidbth.sys
23:05:24.0737 1032 HidBth - ok
23:05:24.0768 1032 HidIr (1d4e03e5c5ba4c3679c38cb6b4c60d5f) C:\Windows\system32\DRIVERS\hidir.sys
23:05:24.0768 1032 HidIr - ok
23:05:24.0831 1032 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
23:05:24.0846 1032 hidserv - ok
23:05:24.0862 1032 HidUsb (59a7b5e13356c20d67983868242167c5) C:\Windows\system32\DRIVERS\hidusb.sys
23:05:24.0878 1032 HidUsb - ok
23:05:24.0893 1032 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
23:05:24.0924 1032 hkmsvc - ok
23:05:25.0002 1032 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
23:05:25.0002 1032 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
23:05:25.0002 1032 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
23:05:25.0065 1032 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
23:05:25.0080 1032 HpCISSs - ok
23:05:25.0096 1032 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
23:05:25.0096 1032 hpdskflt - ok
23:05:25.0112 1032 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
23:05:25.0143 1032 HpqKbFiltr - ok
23:05:25.0190 1032 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
23:05:25.0190 1032 hpqwmiex - ok
23:05:25.0221 1032 hpsrv (6bf024ea61d7894bf4af0b10a90b546e) C:\Windows\system32\Hpservice.exe
23:05:25.0236 1032 hpsrv - ok
23:05:25.0283 1032 HTCAND64 (894a75a3d6bfd97d73bf60d3022b567a) C:\Windows\system32\Drivers\ANDROIDUSB.sys
23:05:25.0299 1032 HTCAND64 - ok
23:05:25.0346 1032 htcnprot (4f6c3122817049997cd696d4a38bfacb) C:\Windows\system32\DRIVERS\htcnprot.sys
23:05:25.0361 1032 htcnprot - ok
23:05:25.0424 1032 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
23:05:25.0502 1032 HTTP - ok
23:05:25.0548 1032 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
23:05:25.0564 1032 i2omp - ok
23:05:25.0611 1032 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
23:05:25.0626 1032 i8042prt - ok
23:05:25.0658 1032 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
23:05:25.0673 1032 iaStorV - ok
23:05:25.0720 1032 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:05:25.0720 1032 IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:05:25.0720 1032 IDriverT - detected UnsignedFile.Multi.Generic (1)
23:05:25.0860 1032 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:05:25.0892 1032 idsvc - ok
23:05:25.0923 1032 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
23:05:25.0923 1032 iirsp - ok
23:05:26.0016 1032 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
23:05:26.0032 1032 IKEEXT - ok
23:05:26.0094 1032 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
23:05:26.0110 1032 intelide - ok
23:05:26.0126 1032 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
23:05:26.0157 1032 intelppm - ok
23:05:26.0188 1032 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
23:05:26.0204 1032 IPBusEnum - ok
23:05:26.0235 1032 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:05:26.0250 1032 IpFilterDriver - ok
23:05:26.0297 1032 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
23:05:26.0313 1032 iphlpsvc - ok
23:05:26.0313 1032 IpInIp - ok
23:05:26.0344 1032 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
23:05:26.0375 1032 IPMIDRV - ok
23:05:26.0406 1032 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
23:05:26.0438 1032 IPNAT - ok
23:05:26.0578 1032 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
23:05:26.0609 1032 iPod Service - ok
23:05:26.0640 1032 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
23:05:26.0672 1032 IRENUM - ok
23:05:26.0718 1032 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
23:05:26.0734 1032 isapnp - ok
23:05:26.0765 1032 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
23:05:26.0781 1032 iScsiPrt - ok
23:05:26.0796 1032 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
23:05:26.0812 1032 iteatapi - ok
23:05:26.0859 1032 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
23:05:26.0859 1032 iteraid - ok
23:05:26.0921 1032 JMCR (232daf11b2d1363bc8cabf1a0e33601b) C:\Windows\system32\DRIVERS\jmcr.sys
23:05:26.0952 1032 JMCR - ok
23:05:26.0968 1032 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
23:05:26.0984 1032 kbdclass - ok
23:05:26.0999 1032 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
23:05:27.0030 1032 kbdhid - ok
23:05:27.0062 1032 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:05:27.0077 1032 KeyIso - ok
23:05:27.0140 1032 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
23:05:27.0155 1032 KSecDD - ok
23:05:27.0186 1032 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
23:05:27.0218 1032 ksthunk - ok
23:05:27.0296 1032 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
23:05:27.0327 1032 KtmRm - ok
23:05:27.0374 1032 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
23:05:27.0389 1032 LanmanServer - ok
23:05:27.0436 1032 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
23:05:27.0452 1032 LanmanWorkstation - ok
23:05:27.0498 1032 LcAgent - ok
23:05:27.0592 1032 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
23:05:27.0608 1032 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
23:05:27.0608 1032 LightScribeService - detected UnsignedFile.Multi.Generic (1)
23:05:27.0623 1032 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
23:05:27.0654 1032 lltdio - ok
23:05:27.0686 1032 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
23:05:27.0717 1032 lltdsvc - ok
23:05:27.0732 1032 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
23:05:27.0764 1032 lmhosts - ok
23:05:27.0779 1032 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
23:05:27.0795 1032 LSI_FC - ok
23:05:27.0810 1032 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
23:05:27.0826 1032 LSI_SAS - ok
23:05:27.0842 1032 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
23:05:27.0857 1032 LSI_SCSI - ok
23:05:27.0873 1032 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
23:05:27.0904 1032 luafv - ok
23:05:27.0951 1032 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
23:05:27.0966 1032 Mcx2Svc - ok
23:05:28.0013 1032 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
23:05:28.0029 1032 megasas - ok
23:05:28.0060 1032 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
23:05:28.0076 1032 MegaSR - ok
23:05:28.0107 1032 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
23:05:28.0138 1032 MMCSS - ok
23:05:28.0154 1032 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
23:05:28.0185 1032 Modem - ok
23:05:28.0185 1032 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
23:05:28.0232 1032 monitor - ok
23:05:28.0247 1032 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
23:05:28.0263 1032 mouclass - ok
23:05:28.0294 1032 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
23:05:28.0325 1032 mouhid - ok
23:05:28.0356 1032 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
23:05:28.0372 1032 MountMgr - ok
23:05:28.0419 1032 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
23:05:28.0434 1032 MpFilter - ok
23:05:28.0450 1032 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
23:05:28.0466 1032 mpio - ok
23:05:28.0497 1032 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
23:05:28.0528 1032 mpsdrv - ok
23:05:28.0590 1032 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
23:05:28.0622 1032 MpsSvc - ok
23:05:28.0622 1032 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
23:05:28.0637 1032 Mraid35x - ok
23:05:28.0653 1032 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
23:05:28.0668 1032 MRxDAV - ok
23:05:28.0700 1032 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:05:28.0731 1032 mrxsmb - ok
23:05:28.0793 1032 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:05:28.0809 1032 mrxsmb10 - ok
23:05:28.0824 1032 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:05:28.0840 1032 mrxsmb20 - ok
23:05:28.0887 1032 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
23:05:28.0902 1032 msahci - ok
23:05:28.0934 1032 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
23:05:28.0949 1032 msdsm - ok
23:05:28.0965 1032 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
23:05:28.0996 1032 MSDTC - ok
23:05:29.0012 1032 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
23:05:29.0043 1032 Msfs - ok
23:05:29.0074 1032 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
23:05:29.0090 1032 msisadrv - ok
23:05:29.0136 1032 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
23:05:29.0168 1032 MSiSCSI - ok
23:05:29.0168 1032 msiserver - ok
23:05:29.0183 1032 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
23:05:29.0214 1032 MSKSSRV - ok
23:05:29.0308 1032 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
23:05:29.0308 1032 MsMpSvc - ok
23:05:29.0324 1032 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
23:05:29.0355 1032 MSPCLOCK - ok
23:05:29.0370 1032 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
23:05:29.0386 1032 MSPQM - ok
23:05:29.0433 1032 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
23:05:29.0448 1032 MsRPC - ok
23:05:29.0480 1032 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
23:05:29.0495 1032 mssmbios - ok
23:05:29.0542 1032 MSSQL$SQLEXPRESS - ok
23:05:29.0636 1032 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
23:05:29.0651 1032 MSSQLServerADHelper100 - ok
23:05:29.0667 1032 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
23:05:29.0682 1032 MSTEE - ok
23:05:30.0072 1032 msvsmon90 (cb4a082af58d1a0969f931816d5cfb05) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
23:05:30.0213 1032 msvsmon90 - ok
23:05:30.0338 1032 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
23:05:30.0338 1032 Mup - ok
23:05:30.0400 1032 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
23:05:30.0462 1032 napagent - ok
23:05:30.0509 1032 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
23:05:30.0540 1032 NativeWifiP - ok
23:05:30.0618 1032 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
23:05:30.0650 1032 NDIS - ok
23:05:30.0665 1032 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
23:05:30.0712 1032 NdisTapi - ok
23:05:30.0728 1032 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
23:05:30.0759 1032 Ndisuio - ok
23:05:30.0774 1032 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
23:05:30.0806 1032 NdisWan - ok
23:05:30.0806 1032 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
23:05:30.0837 1032 NDProxy - ok
23:05:30.0852 1032 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
23:05:30.0899 1032 NetBIOS - ok
23:05:30.0946 1032 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
23:05:30.0993 1032 netbt - ok
23:05:31.0040 1032 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:05:31.0055 1032 Netlogon - ok
23:05:31.0102 1032 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
23:05:31.0149 1032 Netman - ok
23:05:31.0289 1032 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:05:31.0305 1032 NetMsmqActivator - ok
23:05:31.0305 1032 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:05:31.0320 1032 NetPipeActivator - ok
23:05:31.0367 1032 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
23:05:31.0445 1032 netprofm - ok
23:05:31.0445 1032 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:05:31.0461 1032 NetTcpActivator - ok
23:05:31.0461 1032 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:05:31.0476 1032 NetTcpPortSharing - ok
23:05:31.0726 1032 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
23:05:31.0898 1032 NETw3v64 - ok
23:05:32.0366 1032 NETw5v64 (bfbd278f8c9bcec693345759ac278e14) C:\Windows\system32\DRIVERS\NETw5v64.sys
23:05:32.0600 1032 NETw5v64 - ok
23:05:32.0678 1032 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
23:05:32.0678 1032 nfrd960 - ok
23:05:32.0724 1032 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:05:32.0740 1032 NisDrv - ok
23:05:32.0834 1032 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
23:05:32.0834 1032 NisSrv - ok
23:05:32.0896 1032 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
23:05:32.0927 1032 NlaSvc - ok
23:05:32.0990 1032 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
23:05:33.0005 1032 NPF - ok
23:05:33.0036 1032 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
23:05:33.0052 1032 Npfs - ok
23:05:33.0068 1032 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
23:05:33.0099 1032 nsi - ok
23:05:33.0130 1032 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
23:05:33.0177 1032 nsiproxy - ok
23:05:33.0302 1032 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
23:05:33.0364 1032 Ntfs - ok
23:05:33.0458 1032 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
23:05:33.0504 1032 Null - ok
23:05:33.0567 1032 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
23:05:33.0567 1032 NVHDA - ok
23:05:34.0472 1032 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:05:34.0986 1032 nvlddmkm - ok
23:05:35.0080 1032 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
23:05:35.0096 1032 nvraid - ok
23:05:35.0111 1032 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
23:05:35.0127 1032 nvstor - ok
23:05:35.0283 1032 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
23:05:35.0345 1032 nvsvc - ok
23:05:35.0595 1032 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
23:05:35.0673 1032 nvUpdatusService - ok
23:05:35.0782 1032 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
23:05:35.0798 1032 nv_agp - ok
23:05:35.0798 1032 NwlnkFlt - ok
23:05:35.0798 1032 NwlnkFwd - ok
23:05:35.0860 1032 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
23:05:35.0876 1032 ohci1394 - ok
23:05:35.0969 1032 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:05:35.0969 1032 ose - ok
23:05:36.0328 1032 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:05:36.0484 1032 osppsvc - ok
23:05:36.0671 1032 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:05:36.0702 1032 p2pimsvc - ok
23:05:36.0718 1032 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:05:36.0765 1032 p2psvc - ok
23:05:36.0827 1032 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
23:05:36.0890 1032 Parport - ok
23:05:36.0921 1032 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
23:05:36.0936 1032 partmgr - ok
23:05:37.0030 1032 PassThru Service (afada8b97be3c9398dc6c770409c3544) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
23:05:37.0077 1032 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
23:05:37.0077 1032 PassThru Service - detected UnsignedFile.Multi.Generic (1)
23:05:37.0155 1032 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
23:05:37.0155 1032 pavboot - ok
23:05:37.0186 1032 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
23:05:37.0217 1032 PcaSvc - ok
23:05:37.0264 1032 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
23:05:37.0280 1032 pci - ok
23:05:37.0295 1032 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
23:05:37.0311 1032 pciide - ok
23:05:37.0342 1032 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
23:05:37.0342 1032 pcmcia - ok
23:05:37.0420 1032 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
23:05:37.0482 1032 PEAUTH - ok
23:05:37.0560 1032 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
23:05:37.0592 1032 PerfHost - ok
23:05:37.0701 1032 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
23:05:37.0779 1032 pla - ok
23:05:37.0826 1032 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
23:05:37.0857 1032 PlugPlay - ok
23:05:37.0872 1032 PnkBstrA - ok
23:05:37.0888 1032 PnkBstrB - ok
23:05:37.0982 1032 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:05:37.0997 1032 PNRPAutoReg - ok
23:05:38.0013 1032 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:05:38.0060 1032 PNRPsvc - ok
23:05:38.0138 1032 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
23:05:38.0153 1032 PolicyAgent - ok
23:05:38.0216 1032 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
23:05:38.0247 1032 PptpMiniport - ok
23:05:38.0278 1032 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
23:05:38.0325 1032 Processor - ok
23:05:38.0372 1032 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
23:05:38.0418 1032 ProfSvc - ok
23:05:38.0450 1032 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:05:38.0465 1032 ProtectedStorage - ok
23:05:38.0496 1032 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
23:05:38.0512 1032 PSched - ok
23:05:38.0590 1032 PSSDK42 (cd33cb6fecf65520466f95ab89cc4af5) C:\Windows\system32\Drivers\pssdk42.sys
23:05:38.0606 1032 PSSDK42 - ok
23:05:38.0715 1032 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
23:05:38.0746 1032 ql2300 - ok
23:05:38.0777 1032 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
23:05:38.0793 1032 ql40xx - ok
23:05:38.0886 1032 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
23:05:38.0902 1032 QWAVE - ok
23:05:38.0918 1032 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
23:05:38.0933 1032 QWAVEdrv - ok
23:05:38.0949 1032 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
23:05:38.0980 1032 RasAcd - ok
23:05:39.0027 1032 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
23:05:39.0058 1032 RasAuto - ok
23:05:39.0089 1032 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:05:39.0120 1032 Rasl2tp - ok
23:05:39.0152 1032 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
23:05:39.0183 1032 RasMan - ok
23:05:39.0214 1032 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
23:05:39.0230 1032 RasPppoe - ok
23:05:39.0261 1032 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
23:05:39.0292 1032 RasSstp - ok
23:05:39.0323 1032 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
23:05:39.0339 1032 rdbss - ok
23:05:39.0354 1032 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:05:39.0386 1032 RDPCDD - ok
23:05:39.0432 1032 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
23:05:39.0479 1032 rdpdr - ok
23:05:39.0479 1032 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
23:05:39.0510 1032 RDPENCDD - ok
23:05:39.0542 1032 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
23:05:39.0573 1032 RDPWD - ok
23:05:39.0666 1032 Recovery Service for Windows (0d362785bef9bdf5a6e1f4628d06716d) C:\Program Files (x86)\SMINST\BLService.exe
23:05:39.0682 1032 Recovery Service for Windows - ok
23:05:39.0744 1032 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
23:05:39.0776 1032 RemoteAccess - ok
23:05:39.0822 1032 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
23:05:39.0854 1032 RemoteRegistry - ok
23:05:39.0900 1032 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys
23:05:39.0916 1032 RFCOMM - ok
23:05:39.0994 1032 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
23:05:40.0010 1032 RichVideo ( UnsignedFile.Multi.Generic ) - warning
23:05:40.0010 1032 RichVideo - detected UnsignedFile.Multi.Generic (1)
23:05:40.0056 1032 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
23:05:40.0072 1032 rpcapd - ok
23:05:40.0088 1032 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
23:05:40.0103 1032 RpcLocator - ok
23:05:40.0166 1032 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
23:05:40.0197 1032 RpcSs - ok
23:05:40.0259 1032 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
23:05:40.0290 1032 rspndr - ok
23:05:40.0368 1032 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
23:05:40.0431 1032 RTL8169 - ok
23:05:40.0478 1032 s0017bus (032f537623a7b2fb81aaa184c30b70c3) C:\Windows\system32\DRIVERS\s0017bus.sys
23:05:40.0493 1032 s0017bus - ok
23:05:40.0540 1032 s0017mdfl (9964a28e569b4ff105b446ef8978fd5c) C:\Windows\system32\DRIVERS\s0017mdfl.sys
23:05:40.0540 1032 s0017mdfl - ok
23:05:40.0587 1032 s0017mdm (06347087d274c23dcfa8c4ab5c4314db) C:\Windows\system32\DRIVERS\s0017mdm.sys
23:05:40.0587 1032 s0017mdm - ok
23:05:40.0649 1032 s0017mgmt (f0f0747b3fa50272de6b1bf575fa4700) C:\Windows\system32\DRIVERS\s0017mgmt.sys
23:05:40.0649 1032 s0017mgmt - ok
23:05:40.0696 1032 s0017nd5 (7224412cea2ff2df7d4842c1b0e71045) C:\Windows\system32\DRIVERS\s0017nd5.sys
23:05:40.0712 1032 s0017nd5 - ok
23:05:40.0743 1032 s0017obex (3feadbc7f09b8b596cbfb82f12aba87f) C:\Windows\system32\DRIVERS\s0017obex.sys
23:05:40.0758 1032 s0017obex - ok
23:05:40.0805 1032 s0017unic (2b63bea31d939888b2a8f3f14d89b5c1) C:\Windows\system32\DRIVERS\s0017unic.sys
23:05:40.0805 1032 s0017unic - ok
23:05:40.0836 1032 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:05:40.0852 1032 SamSs - ok
23:05:40.0992 1032 SANDRA (5efbbfcc6adac121c8e2fe76641ed329) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x64\Sandra.sys
23:05:41.0008 1032 SANDRA - ok
23:05:41.0024 1032 SandraAgentSrv (6858620e6ef1df704366acd45a317ad2) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe
23:05:41.0070 1032 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
23:05:41.0070 1032 SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
23:05:41.0102 1032 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
23:05:41.0117 1032 sbp2port - ok
23:05:41.0148 1032 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
23:05:41.0164 1032 SCardSvr - ok
23:05:41.0242 1032 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
23:05:41.0273 1032 Schedule - ok
23:05:41.0320 1032 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
23:05:41.0351 1032 SCPolicySvc - ok
23:05:41.0382 1032 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
23:05:41.0429 1032 sdbus - ok
23:05:41.0460 1032 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
23:05:41.0476 1032 SDRSVC - ok
23:05:41.0492 1032 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:05:41.0538 1032 secdrv - ok
23:05:41.0538 1032 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
23:05:41.0570 1032 seclogon - ok
23:05:41.0616 1032 seehcri (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys
23:05:41.0648 1032 seehcri - ok
23:05:41.0679 1032 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
23:05:41.0710 1032 SENS - ok
23:05:41.0726 1032 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
23:05:41.0788 1032 Serenum - ok
23:05:41.0819 1032 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
23:05:41.0866 1032 Serial - ok
23:05:41.0882 1032 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
23:05:41.0928 1032 sermouse - ok
23:05:41.0960 1032 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
23:05:42.0006 1032 SessionEnv - ok
23:05:42.0022 1032 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
23:05:42.0053 1032 sffdisk - ok
23:05:42.0069 1032 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
23:05:42.0100 1032 sffp_mmc - ok
23:05:42.0131 1032 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
23:05:42.0162 1032 sffp_sd - ok
23:05:42.0178 1032 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
23:05:42.0240 1032 sfloppy - ok
23:05:42.0287 1032 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
23:05:42.0318 1032 SharedAccess - ok
23:05:42.0412 1032 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
23:05:42.0428 1032 ShellHWDetection - ok
23:05:42.0459 1032 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
23:05:42.0474 1032 SiSRaid2 - ok
23:05:42.0490 1032 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
23:05:42.0506 1032 SiSRaid4 - ok
23:05:42.0693 1032 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
23:05:42.0833 1032 slsvc - ok
23:05:42.0927 1032 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
23:05:42.0958 1032 SLUINotify - ok
23:05:42.0989 1032 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
23:05:43.0005 1032 Smb - ok
23:05:43.0067 1032 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
23:05:43.0067 1032 SNMPTRAP - ok
23:05:43.0098 1032 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
23:05:43.0114 1032 spldr - ok
23:05:43.0145 1032 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
23:05:43.0176 1032 Spooler - ok
23:05:43.0286 1032 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\system32\Drivers\sptd.sys
23:05:43.0286 1032 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51de15ca5c05bca46d8b110cd00a02fb
23:05:43.0286 1032 sptd ( LockedFile.Multi.Generic ) - warning
23:05:43.0286 1032 sptd - detected LockedFile.Multi.Generic (1)
23:05:43.0379 1032 SQLAgent$SQLEXPRESS (eb2fd937449b7aceb39372f875eb8e78) c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
23:05:43.0395 1032 SQLAgent$SQLEXPRESS - ok
23:05:43.0473 1032 SQLBrowser (99de6acfa5ca83fad6a765c81c6f129f) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
23:05:43.0488 1032 SQLBrowser - ok
23:05:43.0551 1032 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
23:05:43.0566 1032 SQLWriter - ok
23:05:43.0722 1032 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
23:05:43.0816 1032 srv - ok
23:05:43.0847 1032 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
23:05:43.0878 1032 srv2 - ok
23:05:43.0925 1032 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
23:05:43.0941 1032 srvnet - ok
23:05:43.0972 1032 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
23:05:44.0003 1032 SSDPSRV - ok
23:05:44.0081 1032 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
23:05:44.0097 1032 SstpSvc - ok
23:05:44.0222 1032 STacSV (067722983b1d6658e3e7fe2f6f2c70d7) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\STacSV64.exe
23:05:44.0237 1032 STacSV - ok
23:05:44.0346 1032 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
23:05:44.0393 1032 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
23:05:44.0393 1032 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
23:05:44.0424 1032 Steam Client Service - ok
23:05:44.0518 1032 STHDA (88f75081295a2411d8cb9339b092cc70) C:\Windows\system32\DRIVERS\stwrt64.sys
23:05:44.0549 1032 STHDA - ok
23:05:44.0612 1032 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
23:05:44.0658 1032 stisvc - ok
23:05:44.0705 1032 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
23:05:44.0705 1032 swenum - ok
23:05:44.0783 1032 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
23:05:44.0814 1032 swprv - ok
23:05:44.0830 1032 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
23:05:44.0846 1032 Symc8xx - ok
23:05:44.0861 1032 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
23:05:44.0861 1032 Sym_hi - ok
23:05:44.0877 1032 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
23:05:44.0892 1032 Sym_u3 - ok
23:05:44.0924 1032 SynTP (f1e453df1ccb8ac217b6efcc77466d65) C:\Windows\system32\DRIVERS\SynTP.sys
23:05:44.0939 1032 SynTP - ok
23:05:45.0017 1032 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
23:05:45.0048 1032 SysMain - ok
23:05:45.0080 1032 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
23:05:45.0095 1032 TabletInputService - ok
23:05:45.0126 1032 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
23:05:45.0158 1032 TapiSrv - ok
23:05:45.0173 1032 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
23:05:45.0204 1032 TBS - ok
23:05:45.0360 1032 Tcpip (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\drivers\tcpip.sys
23:05:45.0423 1032 Tcpip - ok
23:05:45.0594 1032 Tcpip6 (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\DRIVERS\tcpip.sys
23:05:45.0657 1032 Tcpip6 - ok
23:05:45.0719 1032 tcpipreg (fd8fde859e38e40a20085ebb0c22b416) C:\Windows\system32\drivers\tcpipreg.sys
23:05:45.0750 1032 tcpipreg - ok
23:05:45.0797 1032 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
23:05:45.0813 1032 TDPIPE - ok
23:05:45.0844 1032 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
23:05:45.0875 1032 TDTCP - ok
23:05:45.0891 1032 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
23:05:45.0922 1032 tdx - ok
23:05:46.0016 1032 Tenable Nessus (99ddfdbf86993241de07733f8d5cd865) C:\Program Files\Tenable\Nessus\nessus-service.exe
23:05:46.0031 1032 Tenable Nessus ( UnsignedFile.Multi.Generic ) - warning
23:05:46.0031 1032 Tenable Nessus - detected UnsignedFile.Multi.Generic (1)
23:05:46.0062 1032 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
23:05:46.0062 1032 TermDD - ok
23:05:46.0125 1032 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
23:05:46.0156 1032 TermService - ok
23:05:46.0218 1032 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
23:05:46.0234 1032 Themes - ok
23:05:46.0265 1032 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
23:05:46.0296 1032 THREADORDER - ok
23:05:46.0312 1032 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
23:05:46.0343 1032 TrkWks - ok
23:05:46.0390 1032 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
23:05:46.0421 1032 TrustedInstaller - ok
23:05:46.0437 1032 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:05:46.0468 1032 tssecsrv - ok
23:05:46.0530 1032 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
23:05:46.0530 1032 tunmp - ok
23:05:46.0562 1032 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
23:05:46.0577 1032 tunnel - ok
23:05:46.0686 1032 TVCapSvc (bb313ae85ec95b7cb87fc5ed53f3a22b) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
23:05:46.0702 1032 TVCapSvc - ok
23:05:46.0733 1032 TVSched (0c66e48654afd8a6bcfbce22e7fab251) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
23:05:46.0733 1032 TVSched - ok
23:05:46.0764 1032 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
23:05:46.0764 1032 uagp35 - ok
23:05:46.0811 1032 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
23:05:46.0842 1032 udfs - ok
23:05:46.0905 1032 ufad-ws60 (60217ba49d2796ea149ded4d030af728) C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
23:05:46.0905 1032 ufad-ws60 - ok
23:05:46.0952 1032 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
23:05:46.0983 1032 UI0Detect - ok
23:05:47.0014 1032 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
23:05:47.0014 1032 uliagpkx - ok
23:05:47.0061 1032 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
23:05:47.0076 1032 uliahci - ok
23:05:47.0092 1032 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
23:05:47.0108 1032 UlSata - ok
23:05:47.0123 1032 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
23:05:47.0139 1032 ulsata2 - ok
23:05:47.0154 1032 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
23:05:47.0186 1032 umbus - ok
23:05:47.0201 1032 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
23:05:47.0232 1032 UMPass - ok
23:05:47.0279 1032 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
23:05:47.0310 1032 upnphost - ok
23:05:47.0373 1032 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:05:47.0388 1032 USBAAPL64 - ok
23:05:47.0451 1032 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
23:05:47.0466 1032 usbccgp - ok
23:05:47.0498 1032 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
23:05:47.0529 1032 usbcir - ok
23:05:47.0576 1032 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
23:05:47.0591 1032 usbehci - ok
23:05:47.0622 1032 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
23:05:47.0654 1032 usbhub - ok
23:05:47.0685 1032 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
23:05:47.0732 1032 usbohci - ok
23:05:47.0747 1032 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
23:05:47.0794 1032 usbprint - ok
23:05:47.0810 1032 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:05:47.0825 1032 USBSTOR - ok
23:05:47.0856 1032 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
23:05:47.0888 1032 usbuhci - ok
23:05:47.0934 1032 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
23:05:47.0966 1032 usbvideo - ok
23:05:47.0997 1032 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
23:05:48.0012 1032 UxSms - ok
23:05:48.0059 1032 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
23:05:48.0090 1032 vds - ok
23:05:48.0153 1032 vfs101a (24899eff90e725d9c3ac10be870b4d1d) C:\Windows\system32\drivers\vfs101a.sys
23:05:48.0153 1032 vfs101a - ok
23:05:48.0215 1032 vfsFPService (6c8e81e1a555dc163d89e26ceb30fad2) C:\Windows\system32\vfsFPService.exe
23:05:48.0246 1032 vfsFPService - ok
23:05:48.0293 1032 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
23:05:48.0324 1032 vga - ok
23:05:48.0356 1032 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
23:05:48.0371 1032 VgaSave - ok
23:05:48.0387 1032 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
23:05:48.0402 1032 viaide - ok
23:05:48.0496 1032 VMAuthdService (54405be685c69db2f105dacd0979f02c) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
23:05:48.0496 1032 VMAuthdService - ok
23:05:48.0527 1032 vmci (a198cf174f18121937a516262891b973) C:\Windows\system32\drivers\vmci.sys
23:05:48.0543 1032 vmci - ok
23:05:48.0558 1032 vmkbd (0dd46b753f373a9b47a16dcdd59eab01) C:\Windows\system32\drivers\VMkbd.sys
23:05:48.0574 1032 vmkbd - ok
23:05:48.0590 1032 VMnetAdapter (3c37a81c995aee1802c9d8dd9ea0e835) C:\Windows\system32\DRIVERS\vmnetadapter.sys
23:05:48.0605 1032 VMnetAdapter - ok
23:05:48.0636 1032 VMnetBridge (d3b25ed3a6796fe3078475d8cfcd6024) C:\Windows\system32\DRIVERS\vmnetbridge.sys
23:05:48.0652 1032 VMnetBridge - ok
23:05:48.0683 1032 VMnetDHCP - ok
23:05:48.0714 1032 VMnetuserif (e3674d60af15a098e0e8e29eb6c38f68) C:\Windows\system32\drivers\vmnetuserif.sys
23:05:48.0714 1032 VMnetuserif - ok
23:05:48.0730 1032 VMware NAT Service - ok
23:05:48.0746 1032 vmx86 (097759e41744c33970f3c58e0d9c284e) C:\Windows\system32\drivers\vmx86.sys
23:05:48.0746 1032 vmx86 - ok
23:05:48.0761 1032 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
23:05:48.0777 1032 volmgr - ok
23:05:48.0824 1032 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
23:05:48.0855 1032 volmgrx - ok
23:05:48.0917 1032 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
23:05:48.0933 1032 volsnap - ok
23:05:48.0964 1032 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
23:05:48.0980 1032 vsmraid - ok
23:05:49.0089 1032 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
23:05:49.0182 1032 VSS - ok
23:05:49.0260 1032 vstor2-ws60 (4eeb681f3dee918742b39704649cc861) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
23:05:49.0276 1032 vstor2-ws60 - ok
23:05:49.0401 1032 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
23:05:49.0416 1032 W32Time - ok
23:05:49.0479 1032 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
23:05:49.0526 1032 WacomPen - ok
23:05:49.0572 1032 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:05:49.0604 1032 Wanarp - ok
23:05:49.0604 1032 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:05:49.0619 1032 Wanarpv6 - ok
23:05:49.0666 1032 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
23:05:49.0697 1032 wcncsvc - ok
23:05:49.0728 1032 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
23:05:49.0760 1032 WcsPlugInService - ok
23:05:49.0775 1032 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
23:05:49.0775 1032 Wd - ok
23:05:49.0853 1032 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
23:05:49.0884 1032 Wdf01000 - ok
23:05:49.0916 1032 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
23:05:49.0947 1032 WdiServiceHost - ok
23:05:49.0947 1032 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
23:05:49.0978 1032 WdiSystemHost - ok
23:05:50.0025 1032 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
23:05:50.0040 1032 WebClient - ok
23:05:50.0056 1032 Wecsvc (bd9a749f36710ffa02e0e530f7451936) C:\Windows\system32\wecsvc.dll
23:05:50.0087 1032 Wecsvc - ok
23:05:50.0103 1032 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
23:05:50.0134 1032 wercplsupport - ok
23:05:50.0165 1032 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
23:05:50.0181 1032 WerSvc - ok
23:05:50.0196 1032 WinDefend - ok
23:05:50.0212 1032 WinHttpAutoProxySvc - ok
23:05:50.0274 1032 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
23:05:50.0306 1032 Winmgmt - ok
23:05:50.0399 1032 WinRM (42717db2be3a075d0f0cd5c927c27a43) C:\Windows\system32\WsmSvc.dll
23:05:50.0446 1032 WinRM - ok
23:05:50.0555 1032 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
23:05:50.0633 1032 Wlansvc - ok
23:05:50.0727 1032 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:05:50.0758 1032 WmiAcpi - ok
23:05:50.0820 1032 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
23:05:50.0836 1032 wmiApSrv - ok
23:05:50.0867 1032 WMPNetworkSvc - ok
23:05:50.0898 1032 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
23:05:50.0914 1032 WPCSvc - ok
23:05:50.0930 1032 WPDBusEnum (a27c8f92d84e2ddc151978e4692c978e) C:\Windows\system32\wpdbusenum.dll
23:05:50.0961 1032 WPDBusEnum - ok
23:05:50.0976 1032 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
23:05:51.0008 1032 WpdUsb - ok
23:05:51.0195 1032 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:05:51.0226 1032 WPFFontCache_v0400 - ok
23:05:51.0273 1032 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
23:05:51.0304 1032 ws2ifsl - ok
23:05:51.0351 1032 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
23:05:51.0366 1032 wscsvc - ok
23:05:51.0382 1032 WSearch - ok
23:05:51.0585 1032 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:05:51.0678 1032 wuauserv - ok
23:05:51.0834 1032 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:05:51.0866 1032 WUDFRd - ok
23:05:51.0897 1032 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
23:05:51.0928 1032 wudfsvc - ok
23:05:51.0975 1032 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
23:05:52.0037 1032 yukonx64 - ok
23:05:52.0131 1032 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
23:05:52.0146 1032 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
23:05:52.0193 1032 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
23:05:52.0334 1032 \Device\Harddisk0\DR0 - ok
23:05:52.0349 1032 Boot (0x1200) (6be6c56bfa01ac2e22c74acd5b04cc28) \Device\Harddisk0\DR0\Partition0
23:05:52.0349 1032 \Device\Harddisk0\DR0\Partition0 - ok
23:05:52.0349 1032 Boot (0x1200) (7c6243dc85101442b4ea2e6103900848) \Device\Harddisk0\DR0\Partition1
23:05:52.0349 1032 \Device\Harddisk0\DR0\Partition1 - ok
23:05:52.0349 1032 ============================================================
23:05:52.0349 1032 Scan finished
23:05:52.0349 1032 ============================================================
23:05:52.0365 1184 Detected object count: 10
23:05:52.0365 1184 Actual detected object count: 10
23:06:12.0224 1184 DpHost ( UnsignedFile.Multi.Generic ) - skipped by user
23:06:12.0224 1184 DpHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:06:12.0224 1184 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:06:12.0224 1184 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:06:12.0224 1184 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:06:12.0224 1184 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:06:12.0239 1184 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
23:06:12.0239 1184 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:06:12.0239 1184 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:06:12.0239 1184 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:06:12.0239 1184 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
23:06:12.0239 1184 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:06:12.0239 1184 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:06:12.0239 1184 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:06:12.0239 1184 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:06:12.0239 1184 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
23:06:12.0239 1184 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
23:06:12.0239 1184 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:06:12.0239 1184 Tenable Nessus ( UnsignedFile.Multi.Generic ) - skipped by user
23:06:12.0239 1184 Tenable Nessus ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:06:16.0529 1760 Deinitialize success

Kind regards,

Spec

Attached Files



#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:57 PM

Posted 01 August 2012 - 08:42 PM

You're looking pretty good, but I'd like run this scan to take a deeper look.

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


#5 Spec37

Spec37
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 02 August 2012 - 06:45 PM

Hi D-FRED-BROWN,

Thanks again for taking the time to help me.


OTL logfile created on: 03/08/2012 00:25:11 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Jamie\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 57.08% Memory free
8.16 Gb Paging File | 6.44 Gb Available in Paging File | 78.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.07 Gb Total Space | 1.95 Gb Free Space | 0.68% Space Free | Partition Type: NTFS
Drive D: | 12.02 Gb Total Space | 1.93 Gb Free Space | 16.07% Space Free | Partition Type: NTFS

Computer Name: F117 | User Name: Jamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/03 00:23:06 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL (1).exe
PRC - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2009/03/26 23:05:22 | 000,096,816 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2009/03/26 23:04:42 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2009/03/26 23:04:22 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2009/03/26 23:04:16 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2008/10/06 17:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/10 05:09:00 | 000,438,296 | ---- | M] () -- C:\Users\Jamie\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/10 05:08:59 | 003,972,120 | ---- | M] () -- C:\Users\Jamie\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/10 05:07:39 | 000,554,520 | ---- | M] () -- C:\Users\Jamie\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/10 05:07:37 | 000,117,784 | ---- | M] () -- C:\Users\Jamie\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/10 05:07:22 | 000,140,328 | ---- | M] () -- C:\Users\Jamie\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/10 05:07:21 | 000,262,184 | ---- | M] () -- C:\Users\Jamie\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/10 05:07:19 | 002,386,984 | ---- | M] () -- C:\Users\Jamie\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/02/25 09:59:38 | 000,011,264 | ---- | M] (Tenable Network Security, Inc) [Disabled | Stopped] -- C:\Program Files\Tenable\Nessus\nessus-service.exe -- (Tenable Nessus)
SRV:64bit: - [2009/06/13 19:47:02 | 000,068,760 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2008/09/16 19:33:26 | 000,719,152 | ---- | M] (Validity Sensors, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService)
SRV:64bit: - [2008/08/05 18:12:22 | 000,251,904 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_86727c20\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2008/06/27 16:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/19 01:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/17 01:50:40 | 000,403,240 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/08/21 22:07:07 | 000,189,784 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/08/12 22:17:20 | 000,075,064 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/03/30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/26 23:04:42 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/03/26 23:04:22 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009/03/26 23:04:16 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2008/12/01 11:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/10/06 17:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/25 03:08:26 | 000,296,320 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2008/09/25 03:08:26 | 000,116,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008/09/16 19:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\vfsFPService.exe -- (vfsFPService)
SRV - [2008/07/15 04:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008/02/03 20:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/11 23:17:45 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pssdk42.sys -- (PSSDK42)
DRV:64bit: - [2011/07/08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/01 10:29:35 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/06/25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/25 16:08:56 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x64\sandra.sys -- (SANDRA)
DRV:64bit: - [2009/06/30 11:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/06/10 15:46:06 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/26 23:06:02 | 000,076,336 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2009/03/26 23:06:00 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2009/03/26 23:05:52 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2009/03/26 23:05:44 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2009/03/26 23:05:42 | 000,065,072 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2009/03/26 17:31:12 | 000,038,960 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2009/03/26 17:31:12 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2008/10/21 11:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017unic.sys -- (s0017unic)
DRV:64bit: - [2008/10/21 11:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008/10/21 11:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017nd5.sys -- (s0017nd5)
DRV:64bit: - [2008/10/21 11:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008/10/21 11:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mgmt.sys -- (s0017mgmt)
DRV:64bit: - [2008/10/21 11:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008/10/21 11:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017bus.sys -- (s0017bus)
DRV:64bit: - [2008/09/16 19:33:38 | 000,049,968 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vfs101a.sys -- (vfs101a)
DRV:64bit: - [2008/09/04 18:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/08/29 00:57:24 | 004,745,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/08/07 18:01:36 | 000,143,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/08/06 17:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/08/05 18:13:52 | 000,459,264 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/07/17 19:02:54 | 000,250,928 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/06/23 12:54:02 | 000,099,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/23 12:54:02 | 000,091,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/06/23 12:54:02 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/06/10 08:41:12 | 000,306,560 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AVerAF15.sys -- (AVerAF15)
DRV:64bit: - [2008/03/27 21:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 21:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/01/21 03:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/21 03:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/21 03:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/09 12:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\seehcri.sys -- (seehcri)
DRV:64bit: - [2007/06/19 01:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/04 02:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2010/02/26 17:11:26 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/04/16 01:15:55] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/12/01 11:46:58 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AD905828-5737-4E5D-9610-B5E10EE95EB7}
IE:64bit: - HKLM\..\SearchScopes\{282D0B3A-4F7A-4682-BA18-C646110F16C5}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
IE:64bit: - HKLM\..\SearchScopes\{7794DFFD-BC78-4C39-909A-6FCE5AE914A3}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{AD905828-5737-4E5D-9610-B5E10EE95EB7}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {AD905828-5737-4E5D-9610-B5E10EE95EB7}
IE - HKLM\..\SearchScopes\{282D0B3A-4F7A-4682-BA18-C646110F16C5}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
IE - HKLM\..\SearchScopes\{7794DFFD-BC78-4C39-909A-6FCE5AE914A3}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{AD905828-5737-4E5D-9610-B5E10EE95EB7}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-253482043-255223015-3859330548-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Jamie\Desktop
IE - HKU\S-1-5-21-253482043-255223015-3859330548-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-253482043-255223015-3859330548-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-253482043-255223015-3859330548-1000\..\SearchScopes,DefaultScope = {123E23A4-7B23-42C2-8D41-4EEB531F61D7}
IE - HKU\S-1-5-21-253482043-255223015-3859330548-1000\..\SearchScopes\{123E23A4-7B23-42C2-8D41-4EEB531F61D7}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKU\S-1-5-21-253482043-255223015-3859330548-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-253482043-255223015-3859330548-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-21-253482043-255223015-3859330548-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-253482043-255223015-3859330548-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.67837: C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jamie\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jamie\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2009/02/06 11:20:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2009/02/06 11:20:12 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jamie\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jamie\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jamie\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files (x86)\DNA\plugins\npbtdna.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: OnLive Games Service Detector for Firefox (Enabled) = C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jamie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

O1 HOSTS File: ([2012/07/22 19:44:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-253482043-255223015-3859330548-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-253482043-255223015-3859330548-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-253482043-255223015-3859330548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-253482043-255223015-3859330548-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-253482043-255223015-3859330548-1000\..Trusted Domains: microsoftelearning.com ([itacademy] https in Trusted sites)
O15 - HKU\S-1-5-21-253482043-255223015-3859330548-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-253482043-255223015-3859330548-1008\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A545B96-3FDD-4D64-8AAC-8F8F153F55F1}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/03 00:23:02 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL (1).exe
[2012/08/01 23:00:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/01 23:00:08 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\Logs
[2012/08/01 22:54:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/29 19:13:52 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\New Folder (7)
[2012/07/26 23:34:21 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\New Folder (6)
[2012/07/26 22:55:45 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\New Folder (5)
[2012/07/26 22:45:35 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\Test CC2
[2012/07/25 02:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/07/25 02:16:18 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/07/25 02:16:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/07/25 01:41:44 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\f-secure
[2012/07/25 01:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/07/25 01:18:52 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\QuickScan
[2012/07/25 00:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012/07/23 03:40:43 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/22 21:27:54 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\Malware Tools
[2012/07/22 19:31:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/22 19:31:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/22 19:31:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/22 19:31:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/22 19:31:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/22 15:42:48 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\RK_Quarantine
[2012/07/22 13:59:49 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Malwarebytes
[2012/07/22 13:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/22 13:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/22 13:59:25 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/22 13:59:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/22 13:14:51 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\test2
[2012/07/22 13:02:07 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\test
[2012/07/22 00:14:35 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\TMRBLog
[2012/07/22 00:13:37 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jamie\Desktop\HijackThis.exe
[2012/07/21 23:12:34 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/21 23:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012/07/21 14:48:01 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012/07/21 14:48:01 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012/07/21 14:48:01 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012/07/21 14:48:01 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012/07/21 14:48:00 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012/07/21 14:48:00 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012/07/21 14:48:00 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012/07/21 14:48:00 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012/07/21 14:47:59 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012/07/21 14:47:59 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012/07/21 14:47:59 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012/07/21 14:47:59 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012/07/21 14:47:59 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012/07/21 14:47:59 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012/07/21 14:47:58 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012/07/21 14:47:58 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012/07/21 14:47:58 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012/07/21 14:47:58 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012/07/21 14:47:58 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012/07/21 14:47:58 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012/07/21 14:47:57 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2012/07/21 14:47:57 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012/07/21 14:47:57 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012/07/21 14:47:57 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012/07/21 14:47:57 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012/07/21 14:47:57 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012/07/21 14:47:56 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2012/07/21 14:47:56 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012/07/21 14:47:56 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012/07/21 14:47:56 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2012/07/21 14:47:55 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2012/07/21 14:47:55 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012/07/21 14:47:55 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2012/07/21 14:47:55 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012/07/21 14:47:55 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012/07/21 14:47:55 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012/07/21 14:47:55 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2012/07/21 14:47:55 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012/07/21 14:47:53 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2012/07/21 14:47:53 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2012/07/21 14:47:53 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2012/07/21 14:47:53 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2012/07/21 14:47:53 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2012/07/21 14:47:53 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2012/07/21 14:47:52 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2012/07/21 14:47:52 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2012/07/21 14:47:52 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2012/07/21 14:47:52 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2012/07/21 14:47:52 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012/07/21 14:47:52 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012/07/21 14:47:52 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2012/07/21 14:47:52 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2012/07/21 14:47:51 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012/07/21 14:47:51 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012/07/21 14:47:51 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012/07/21 14:47:51 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012/07/21 14:47:50 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012/07/21 14:47:50 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012/07/21 14:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
[2012/07/21 14:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware
[2012/07/14 01:08:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/14 01:05:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/07/14 00:46:28 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/14 00:46:28 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/14 00:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/14 00:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/14 00:42:31 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/07/14 00:42:31 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/14 00:42:23 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/14 00:42:23 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/14 00:33:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/14 00:33:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/14 00:33:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/14 00:33:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/14 00:33:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/14 00:33:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/14 00:33:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/14 00:33:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/14 00:33:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/14 00:33:21 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/14 00:33:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/14 00:33:20 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/14 00:33:19 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/14 00:32:15 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/07/14 00:32:14 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/07/14 00:32:06 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\telnet.exe
[2012/07/14 00:31:23 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/13 23:41:20 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Defu
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/03 00:23:06 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL (1).exe
[2012/08/03 00:20:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-253482043-255223015-3859330548-1000UA.job
[2012/08/03 00:19:09 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 00:19:09 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 00:19:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/03 00:18:57 | 4292,026,368 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/02 01:01:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/08/01 23:39:07 | 000,233,472 | ---- | M] () -- C:\Users\Jamie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/28 14:20:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-253482043-255223015-3859330548-1000Core.job
[2012/07/27 21:16:54 | 613,721,429 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/27 21:13:35 | 000,000,803 | ---- | M] () -- C:\Users\Jamie\Documents\CoreTemp.ini
[2012/07/27 21:13:20 | 000,001,356 | ---- | M] () -- C:\Users\Jamie\AppData\Local\d3d9caps.dat
[2012/07/27 01:01:43 | 000,000,606 | ---- | M] () -- C:\Users\Jamie\AppData\Local\census.cache
[2012/07/27 01:01:43 | 000,000,000 | ---- | M] () -- C:\Users\Jamie\AppData\Local\ars.cache
[2012/07/26 23:41:15 | 000,001,618 | ---- | M] () -- C:\Users\Jamie\AppData\Roaming\wklnhst.dat
[2012/07/25 00:34:20 | 000,000,036 | ---- | M] () -- C:\Users\Jamie\AppData\Local\housecall.guid.cache
[2012/07/22 19:44:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/22 18:32:50 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/22 12:27:50 | 000,855,822 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/22 12:27:50 | 000,715,884 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/22 12:27:50 | 000,150,428 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/22 00:13:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jamie\Desktop\HijackThis.exe
[2012/07/21 15:37:51 | 011,661,312 | ---- | M] () -- C:\Users\Jamie\AppData\Roaming\Sandra.mdb
[2012/07/19 23:11:25 | 034,059,625 | ---- | M] () -- C:\Users\Jamie\Desktop\Windows6.0-KB968930-x86.msu
[2012/07/15 02:03:57 | 000,390,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/15 01:54:42 | 942,424,804 | ---- | M] () -- C:\Users\Jamie\Desktop\030r_4vid_1528.wmv
[2012/07/14 01:05:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/14 01:05:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/14 00:42:14 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/14 00:42:14 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/14 00:42:14 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/14 00:42:13 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/07/14 00:42:13 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/07/09 23:49:30 | 000,002,595 | ---- | M] () -- C:\Users\Jamie\Desktop\HiJackThis.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/25 00:38:25 | 000,000,606 | ---- | C] () -- C:\Users\Jamie\AppData\Local\census.cache
[2012/07/25 00:38:25 | 000,000,000 | ---- | C] () -- C:\Users\Jamie\AppData\Local\ars.cache
[2012/07/25 00:34:20 | 000,000,036 | ---- | C] () -- C:\Users\Jamie\AppData\Local\housecall.guid.cache
[2012/07/22 19:31:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/22 19:31:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/22 19:31:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/22 19:31:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/22 19:31:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/21 14:49:01 | 011,661,312 | ---- | C] () -- C:\Users\Jamie\AppData\Roaming\Sandra.mdb
[2012/07/19 23:11:24 | 034,059,625 | ---- | C] () -- C:\Users\Jamie\Desktop\Windows6.0-KB968930-x86.msu
[2012/07/16 16:04:46 | 000,093,795 | ---- | C] () -- C:\Users\Jamie\00HR_P1_hr457_big.jpg
[2012/07/16 14:32:06 | 942,424,804 | ---- | C] () -- C:\Users\Jamie\Desktop\030r_4vid_1528.wmv
[2012/07/09 23:49:30 | 000,002,595 | ---- | C] () -- C:\Users\Jamie\Desktop\HiJackThis.lnk
[2011/04/19 00:39:18 | 000,000,350 | ---- | C] () -- C:\Windows\RefreshLock.ini
[2011/04/15 23:58:41 | 000,000,732 | ---- | C] () -- C:\Users\Jamie\AppData\Local\d3d9caps64.dat
[2011/01/29 19:55:46 | 000,001,618 | ---- | C] () -- C:\Users\Jamie\AppData\Roaming\wklnhst.dat
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2010/09/04 08:29:28 | 000,132,964 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2009/09/19 16:38:07 | 000,004,096 | ---- | C] () -- C:\Users\Jamie\AppData\Local\keyfile3.drm
[2009/03/12 20:00:55 | 000,001,356 | ---- | C] () -- C:\Users\Jamie\AppData\Local\d3d9caps.dat
[2009/02/28 22:51:55 | 000,233,472 | ---- | C] () -- C:\Users\Jamie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >



OTL Extras logfile created on: 03/08/2012 00:25:11 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Jamie\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 57.08% Memory free
8.16 Gb Paging File | 6.44 Gb Available in Paging File | 78.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.07 Gb Total Space | 1.95 Gb Free Space | 0.68% Space Free | Partition Type: NTFS
Drive D: | 12.02 Gb Total Space | 1.93 Gb Free Space | 16.07% Space Free | Partition Type: NTFS

Computer Name: F117 | User Name: Jamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = F6 22 25 29 19 DF CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-253482043-255223015-3859330548-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ABCD31F-4E1B-4599-83C9-6C1ABB0405BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0CCB3EA4-2FC3-4938-8B08-BC8D93F308D2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0F71F374-6B73-404E-A2CD-30D420BF9702}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{1A112E6A-6305-4B1A-BF8F-EE5BFEF47ACA}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{2762628B-8677-4042-AD81-44AE8CDB0C1B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30173010-A90F-42D8-B441-A39E4C5DD65D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{31A5FFCF-9AAA-47A0-A1FD-23DAA1E131DE}" = rport=10244 | protocol=6 | dir=out | app=system |
"{321C76D8-F718-4CB4-843E-A96BB71BD4A3}" = lport=10244 | protocol=6 | dir=in | app=system |
"{33B022AF-437A-41F9-B9EE-029954C50C47}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{34F40F16-8EB7-4B5C-A6A7-E6250F0C7B52}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{4118B870-89FE-411C-B06B-58945D0FE613}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{428A3FBA-E5E9-4DBE-9700-CF6CD1760122}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4524E4E7-05FD-4BE5-A2E1-BA217937855D}" = lport=3390 | protocol=6 | dir=in | app=system |
"{45BBF077-DC61-42AB-89D5-52429F44EEBD}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{47D65988-4F80-407A-A77C-BD7D2D8E0D19}" = lport=3390 | protocol=6 | dir=in | app=system |
"{48B00077-61E2-4040-8A19-788490ABBC82}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{4911B02A-F1BA-4BBC-9EC3-BBABC4A47529}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{491A2D81-72F3-4B60-9FF6-B62C75F7CADB}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp4c\wnt500x64\rpcsandrasrv.exe |
"{4C9AA076-F751-4E55-9679-DD01BD584D6F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4D2A2C13-3F0D-4C8A-95AA-4234EC9DCD7A}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5784984E-2ED9-4F9A-8DE3-C2D41D25346C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58ADE6FD-4A33-46EF-9250-35FE0B121E60}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{5A4E5726-DE63-4FF3-8DC0-92E4B7E2AB6A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{5F732441-DF47-4D8F-9AC6-F97F211A2037}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{6297E414-3FBC-48F8-8F8D-148211DC92A4}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{62A2C846-C75F-4123-BF80-D4DAE5734F43}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{67A10183-C767-4557-A28E-5232BCC44B96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6CD7B625-6CA9-4A59-AFFB-448E5463FFB2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6ECBD2D1-426F-4FAD-A5EF-B5991C0A3FCA}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp4c\rpcagentsrv.exe |
"{7068A484-86DB-49DB-81C7-06CF2A6FBFB9}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{715D6915-450B-4036-9402-7357256046C7}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{739BD7DC-DC59-403F-851D-F12EF90A426C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{7D4A07A8-E463-4DEC-B0C5-5D6BDF49B96A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8644DDB0-0702-4690-901B-01474BA5B7DB}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{8688F4FF-0CF7-45E3-A7B0-6687869CE32B}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{9FA250AC-64FF-4232-8605-BB518A09B7B7}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{ACA53B94-6E7B-4484-AEEA-B8FCAFB2F36F}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{B7AE92AB-A0A7-4C62-A7D7-60559F7B54AA}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{C0E76E26-6C12-4275-B416-87C2A348D828}" = lport=10244 | protocol=6 | dir=in | app=system |
"{C2C3F502-9616-4293-B21C-BEBE66D0F48A}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{C87FD1D3-2BC5-44C4-BAF2-6AEAF26CCD82}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9175233-9236-41B8-A24B-85E602D9D5F2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D92617D3-4726-4D89-8535-03F015A3BBDF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DF7FA9F8-856F-4A80-8EBF-099FBDC5F5F0}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{E0C7B9D0-E08A-4E60-A498-45759B4B8B9E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E45363B4-89E7-446D-8A9B-32F26B1D715C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E6AFB0BB-3356-43F0-B2F5-D6BA2DD0E5E8}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{ED09FB82-DCAA-4A42-9751-DAD4DEA07005}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{F296E495-3BB2-4B6B-AC1F-2929FFD1C611}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x64\rpcsandrasrv.exe |
"{FA03E472-791A-44B6-9BD2-517D2F149B1E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065D2954-41C9-4B1F-BCE5-6EFEA0BB9973}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{122C025C-4293-43F6-862F-B4E63D3A39C3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{1279390C-4790-4225-A8D9-D88AA04EDBE1}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{12D3FF5D-E529-4388-ACD0-DD98434062B2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{13AF44C0-B0B0-48DA-933A-8E4DB43BABB8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1416C09A-6605-4517-AEB9-E193088C6E5D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{157F34A7-FB7C-4200-A938-6116203AFBE1}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{1720CEE6-F51A-4C05-83A0-6C28C3B1D7AB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{17F40505-5B46-4916-AF10-CAC94753AB7C}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{18A44D82-18D8-4103-82B6-D5097A450162}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{21E21B9D-2C42-470A-A334-B05091A2B1DA}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{29DB7FFE-CA14-448F-9941-399FB9B63B6F}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{316816A1-F403-4CC7-A66B-5C7F1408C528}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{3A615C76-9B15-43DF-AF18-AC34A3C73E53}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3C85451A-9F07-49FD-B0ED-F6608F43A28A}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{3C9685FE-0414-4351-8B7E-4639CB7CBC31}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{4FA53C3A-0405-447D-A83B-20539CA3106E}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{5DAAC1C9-3119-4FF7-90E9-F5E6872135AF}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{65EE8858-5FB5-492D-80A5-304AC01E6C03}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{68499FCB-D34B-4321-BEA9-1F3FE8CF362C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{72582E7B-9786-425F-A7C5-DD914DE6E561}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{74475A8C-6367-49B1-AF62-989F5226A481}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{760E1806-044A-4EDF-B6BC-CF1064BDA184}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{7B6FE027-508B-4A92-82B7-92D162B3656E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{7D0E66B4-4D73-4249-802F-E354A89EC384}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{7D70C345-D0B4-4258-B3C8-2EE0552A609C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7F7D56D0-5D4B-4316-9810-42F31950CC62}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{86B94D34-A234-449E-B241-07E60E294E84}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{89096E9F-FCB6-4F1F-B6A6-31BF4D034ED6}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{8C0F2D5E-160C-4B5B-A791-07BC707915DF}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{9319FD3F-2CC7-4821-A0F4-057DCC98BABA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{97472B3C-9C8A-48BA-B13F-9BD832D8E724}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{9A03442C-0574-45BF-9671-6D1CBF82F60C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9D2AD64C-0879-4046-9D7E-11916ED3157A}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{9DAB27A6-66EC-4C1C-A797-59CDEA90D84C}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{A52D3A6D-19B6-4971-8FE1-CC5BC2378247}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A9DB67BA-E707-4126-9F02-BE78F54089EF}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{BA5F17AE-2478-4069-AE91-16E47FB661E4}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{BDCD9B63-1EAB-47FA-8E8F-845971DD2412}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BE61256B-6361-4464-AA9B-0054A7BA5E55}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{C1886B25-43C6-45D1-A71A-6AE1AF3760F6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{C29964E4-8437-4DDA-AE04-83E7F522FF74}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{C740B697-9FF9-41DA-A4C4-D88F56651EDF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CBE24424-50EE-4097-ADB2-92817A25330D}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{CD8A669B-FFF9-4A3A-B4E9-A92F08DD7D01}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CED7807D-F7D1-4493-B4AD-8BF7CA79BF20}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{D0C54AAC-E4AC-44B0-939B-B2669616BAA3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D1A63704-73FF-437A-A55D-D64B9D82E1E9}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{D2EDBCBD-A887-4C08-8E5E-D2C6A0849F50}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{D3D322CE-4915-4479-9634-19B446EFDCF8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{D6438AA0-2A11-408E-BFFE-1378FD28463A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D827AAD0-1938-4DC2-B077-D60EFAAA7C7C}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{D97E7B62-2BC3-4341-8C5E-BAB2D5700C0A}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{DB9FF5DD-8475-402B-A0EF-C1B314FC973C}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{E378104C-0333-4A68-9A8F-AE8B97410735}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{E53AFD1E-D21F-42CB-82DE-0E393E533B58}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{E7084DFD-966D-4F73-A756-040CC0E2BE69}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{E937909B-7F4F-4E08-93C9-298FCD2099B7}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{E980E99F-D1EC-4ECE-AFCE-1BFE054914BF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{E9A52EC0-A910-4993-AE2F-43C4CC8EEE2B}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{F137926B-3ADF-4794-83D2-744D90FDB0B1}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{F2D8F5FA-8E9D-4B3C-8EA7-A03A9A5A2B77}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{F39D7ADC-371A-44F5-BBEA-9B8EE0FED897}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FCFE0586-D32B-49FA-8DDF-220CF111F2FA}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"TCP Query User{192ED2C3-A452-4D6A-8BCF-A29E70AE60C1}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{2615886D-AD16-4EE6-9CB9-ADB219F8FA95}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{292C7862-B1F9-4C14-9F9F-81C9D69C8575}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{3B25D4C5-ECA7-409A-812D-4C7F1889623E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{48057CE9-11D6-42C3-9FDB-72DCCEDF27BA}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{9A504596-F019-4D9B-AAAD-35F988B252BC}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{B61AAA54-2207-4B8C-8014-5A4B34C7E13B}C:\users\jamie\appdata\roaming\esorip\rofa.exe" = protocol=6 | dir=in | app=c:\users\jamie\appdata\roaming\esorip\rofa.exe |
"TCP Query User{D4BF30A0-5BDC-4773-A159-30CA922EE617}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{065122DE-C4D6-49FD-8028-14F1CA396676}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{10E4A958-3704-4392-BC7C-70316F906A20}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{258E714B-5E7A-4D57-9344-B3A38B13BBDB}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{A2291E88-E4FF-4335-96FA-7948D026EEA5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{B2E418DA-4289-41B0-B3A1-061FB583C9CA}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{C267BDAF-B0B1-4F2C-BB5E-8F94F88CE50A}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{DA99AB45-CDAF-4BD2-A4AC-BA7DCE708759}C:\users\jamie\appdata\roaming\esorip\rofa.exe" = protocol=17 | dir=in | app=c:\users\jamie\appdata\roaming\esorip\rofa.exe |
"UDP Query User{E2AE0481-9B2B-4BB4-BA16-17D38E0843B4}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{056E5A6F-BEF6-4094-8724-D45F0F564312}" = Microsoft SQL Server 2008 Setup Support Files
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0C6C4C8A-3B96-4681-90BA-0E15CDE96298}" = Microsoft SQL Server 2008 Management Studio
"{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio
"{183C740A-0406-380F-A235-2EC2F8A28D13}" = Microsoft Windows SDK MSHelp (30514)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7808E43D-2A8C-4F62-B7DC-558B7185B2CF}" = Nessus64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP4c
"{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{E0318E3E-8059-4BD3-BEBE-D3E65D34503D}" = DigitalPersona Personal 3.1.0
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"Recuva" = Recuva
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Vbsedit" = Vbsedit

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17BD1FBC-6CD3-4E1C-A134-87EFCF442D44}" = Microsoft Security Compliance Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E4AC9C-9E05-47D5-B7EB-A9FC1D762A7B}" = Quake Live Internet Explorer Plugin
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{294C633F-6933-4F86-A305-BFDF9FCE9EFF}" = HP User Guides 0116
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BC1AB78-2D98-4906-84B5-4230B5420DCC}" = Offline Course Player
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{48CABD59-C04D-4AE0-AB05-331787E336E6}" = EMET
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A423411-E28A-4A13-BDB0-8E8BC42FFA29}" = HTC Sync
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BC4A54D6-6591-4D01-AE21-C9ABAAF69D7F}" = Microsoft Expression Encoder 4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9EC30D1-F688-4708-9850-CB5120074AAA}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{FB9448E7-477B-4F92-81A0-90754E2A259B}" = Spider4
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires 2.0" = Microsoft Age of Empires II
"Audacity_is1" = Audacity 1.2.6
"AVerMedia A309 (MiniCard, DVB-T)" = AVerMedia A309 (MiniCard, DVB-T) 1.0.64.45
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"EditPad Pro 7" = Just Great Software EditPad Pro 7 DEMO 7.0.0
"Encoder_4.0.3205.0" = Microsoft Expression Encoder 4
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader_is1" = Foxit Reader
"Fraps" = Fraps
"HijackThis" = HijackThis 2.0.2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"L0phtCrack 6" = L0phtCrack 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"ODEUNST #1" = KrView
"Office14.SingleImage" = Microsoft Office Professional 2010
"OnLive" = OnLive
"Orbit_is1" = Orbit Downloader
"Password Safe" = Password Safe
"PE Builder_is1" = PE Builder 3.1.10a
"PunkBusterSvc" = PunkBuster Services
"Steam App 10" = Counter-Strike
"Steam App 440" = Team Fortress 2
"TreeSize Free_is1" = TreeSize Free V2.4
"VLC media player" = VLC media player 2.0.1
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
"Wireshark" = Wireshark 1.6.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-253482043-255223015-3859330548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25/10/2011 17:34:44 | Computer Name = F117 | Source = WinMgmt | ID = 10
Description =

Error - 26/10/2011 17:45:55 | Computer Name = F117 | Source = WinMgmt | ID = 10
Description =

Error - 27/10/2011 18:02:57 | Computer Name = F117 | Source = WinMgmt | ID = 10
Description =

Error - 28/10/2011 16:09:58 | Computer Name = F117 | Source = WinMgmt | ID = 10
Description =

Error - 28/10/2011 21:23:52 | Computer Name = F117 | Source = WinMgmt | ID = 10
Description =

Error - 28/10/2011 21:26:46 | Computer Name = F117 | Source = WinMgmt | ID = 10
Description =

Error - 29/10/2011 06:29:40 | Computer Name = F117 | Source = WinMgmt | ID = 10
Description =

Error - 29/10/2011 17:14:04 | Computer Name = F117 | Source = WinMgmt | ID = 10
Description =

Error - 30/10/2011 06:39:43 | Computer Name = F117 | Source = WinMgmt | ID = 10
Description =

Error - 30/10/2011 18:14:20 | Computer Name = F117 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 31/07/2012 19:33:31 | Computer Name = F117 | Source = Service Control Manager | ID = 7026
Description =

Error - 01/08/2012 17:16:39 | Computer Name = F117 | Source = Service Control Manager | ID = 7001
Description =

Error - 01/08/2012 17:16:39 | Computer Name = F117 | Source = Service Control Manager | ID = 7026
Description =

Error - 01/08/2012 17:28:47 | Computer Name = F117 | Source = Service Control Manager | ID = 7001
Description =

Error - 01/08/2012 17:28:47 | Computer Name = F117 | Source = Service Control Manager | ID = 7026
Description =

Error - 01/08/2012 17:34:54 | Computer Name = F117 | Source = Service Control Manager | ID = 7034
Description =

Error - 01/08/2012 17:41:40 | Computer Name = F117 | Source = Service Control Manager | ID = 7030
Description =

Error - 01/08/2012 17:47:19 | Computer Name = F117 | Source = Service Control Manager | ID = 7030
Description =

Error - 02/08/2012 19:20:42 | Computer Name = F117 | Source = Service Control Manager | ID = 7001
Description =

Error - 02/08/2012 19:20:42 | Computer Name = F117 | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Kind regards,

Spec

#6 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:57 PM

Posted 02 August 2012 - 07:18 PM

Your logs are looking good. I'm not seeing any signs of malware there.

Let's run this online scan to verify there isn't anything left we may have missed:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


#7 Spec37

Spec37
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 04 August 2012 - 09:17 AM

Hi D-FRED-BROWN,

Below is the result of the ESET scan. Is this an indication that my system is still infected?

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=733c97be3622ed41b8a306f251f5e30f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-25 12:22:53
# local_time=2012-07-25 01:22:53 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 102233363 102233363 0 0
# compatibility_mode=5892 16776574 100 56 86678451 180699577 0 0
# compatibility_mode=8192 67108863 100 0 115969 115969 0 0
# scanned=432
# found=0
# cleaned=0
# scan_time=101
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=733c97be3622ed41b8a306f251f5e30f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-04 02:10:12
# local_time=2012-08-04 03:10:12 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 103139196 103139196 0 0
# compatibility_mode=5892 16776574 100 56 87584284 181605410 0 0
# compatibility_mode=8192 67108863 100 0 1021802 1021802 0 0
# scanned=296616
# found=1
# cleaned=0
# scan_time=7908
C:\Users\Jamie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\2d7394fc-4fe172b5 Java/Exploit.CVE-2012-1723.E trojan (unable to clean) 00000000000000000000000000000000 I

Kind regards,

Spec

#8 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:57 PM

Posted 04 August 2012 - 11:44 AM

Go ahead and run the scan again, but this time, make sure Remove found threats and Scan unwanted applications are both checked.

And no, it's just a minor leftover. You're not still infected. :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users