Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adobe Flash Player Update / Redirect Virus?


  • Please log in to reply
18 replies to this topic

#1 llmonty

llmonty

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 28 January 2013 - 12:04 PM

Hi there. First post. First problem in a while.

I am having a problem with what seems to be a fake Adobe Flash Player Update / Redirect virus. It seems to be like this one here -- http://www.bleepingcomputer.com/forums/topic447651.html

I came into my office/studio over the weekend and there was a series of adobe flash player 11.5 installer windows. Connected to the internet a new one pops up every 10 minutes or so. I also came to experience (in researching the problem) that internet links were being redirected to random/odd looking sites.

When not connected to the internet the adobe player windows are not opening. And to add to it, last night I received an error window message -- Windows detected a hard disk problem. And asking me to back up my files. This is on a data drive and not the OS disk.

The only think I did was uninstall the flash player from the programs view in windows (before I realized that it was likely not really adobe).

I was going to follow the instructions on the link above, but after reading the forum rules I thought I should create a new post.

Here are the system details:

This is a 3 year old computer. Used primarily for music recording and optimized for that (no virus protection is 1). It rarely is connected to the internet. The only thing I can think of recently is that I mistyped an internet address that created some popups. If something looked vaguely like Adobe it is possible I clicked on something while half paying attention - like walked away, came back saw it wanted to update and clicked? It is against my nature to do that, but I guess it is possible.

This is a windows desktop PC. Windows 7 Home Premium 64 bit.

Please let me know what you think and if I should follow the same process of the link above. Thank you in advance!!

Edited by llmonty, 28 January 2013 - 12:05 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:54 PM

Posted 28 January 2013 - 01:54 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 llmonty

llmonty
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 28 January 2013 - 04:11 PM

Here is the TDSSkiller LOG

14:25:33.0238 0696 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:25:33.0675 0696 ============================================================
14:25:33.0675 0696 Current date / time: 2013/01/28 14:25:33.0675
14:25:33.0675 0696 SystemInfo:
14:25:33.0675 0696
14:25:33.0675 0696 OS Version: 6.1.7600 ServicePack: 0.0
14:25:33.0675 0696 Product type: Workstation
14:25:33.0675 0696 ComputerName: OWNER-PC0599
14:25:33.0675 0696 UserName: owner
14:25:33.0675 0696 Windows directory: C:\Windows
14:25:33.0675 0696 System windows directory: C:\Windows
14:25:33.0675 0696 Running under WOW64
14:25:33.0675 0696 Processor architecture: Intel x64
14:25:33.0675 0696 Number of processors: 8
14:25:33.0675 0696 Page size: 0x1000
14:25:33.0675 0696 Boot type: Normal boot
14:25:33.0675 0696 ============================================================
14:25:33.0988 0696 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:25:34.0003 0696 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:25:34.0019 0696 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:25:34.0035 0696 Drive \Device\Harddisk3\DR7 - Size: 0xEC800000 (3.70 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:25:34.0035 0696 ============================================================
14:25:34.0035 0696 \Device\Harddisk0\DR0:
14:25:34.0035 0696 MBR partitions:
14:25:34.0035 0696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32A5839C
14:25:34.0035 0696 \Device\Harddisk1\DR1:
14:25:34.0035 0696 MBR partitions:
14:25:34.0035 0696 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
14:25:34.0035 0696 \Device\Harddisk2\DR2:
14:25:34.0035 0696 MBR partitions:
14:25:34.0035 0696 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
14:25:34.0035 0696 \Device\Harddisk3\DR7:
14:25:34.0035 0696 MBR partitions:
14:25:34.0035 0696 \Device\Harddisk3\DR7\Partition1: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0x762080
14:25:34.0035 0696 ============================================================
14:25:34.0066 0696 C: <-> \Device\Harddisk0\DR0\Partition1
14:25:34.0081 0696 E: <-> \Device\Harddisk1\DR1\Partition1
14:25:34.0113 0696 F: <-> \Device\Harddisk2\DR2\Partition1
14:25:34.0113 0696 ============================================================
14:25:34.0113 0696 Initialize success
14:25:34.0113 0696 ============================================================
14:26:05.0253 2092 ============================================================
14:26:05.0253 2092 Scan started
14:26:05.0253 2092 Mode: Manual; TDLFS;
14:26:05.0253 2092 ============================================================
14:26:06.0238 2092 ================ Scan system memory ========================
14:26:06.0238 2092 System memory - ok
14:26:06.0238 2092 ================ Scan services =============================
14:26:06.0316 2092 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
14:26:06.0316 2092 1394ohci - ok
14:26:06.0331 2092 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
14:26:06.0331 2092 ACPI - ok
14:26:06.0347 2092 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
14:26:06.0347 2092 AcpiPmi - ok
14:26:06.0378 2092 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:26:06.0378 2092 adp94xx - ok
14:26:06.0378 2092 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:26:06.0394 2092 adpahci - ok
14:26:06.0410 2092 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:26:06.0410 2092 adpu320 - ok
14:26:06.0425 2092 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:26:06.0425 2092 AeLookupSvc - ok
14:26:06.0441 2092 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
14:26:06.0441 2092 AFD - ok
14:26:06.0456 2092 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
14:26:06.0456 2092 agp440 - ok
14:26:06.0472 2092 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:26:06.0472 2092 ALG - ok
14:26:06.0472 2092 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
14:26:06.0472 2092 aliide - ok
14:26:06.0488 2092 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
14:26:06.0488 2092 amdide - ok
14:26:06.0503 2092 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:26:06.0503 2092 AmdK8 - ok
14:26:06.0503 2092 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:26:06.0519 2092 AmdPPM - ok
14:26:06.0519 2092 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
14:26:06.0519 2092 amdsata - ok
14:26:06.0519 2092 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:26:06.0519 2092 amdsbs - ok
14:26:06.0535 2092 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
14:26:06.0535 2092 amdxata - ok
14:26:06.0535 2092 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
14:26:06.0535 2092 AppID - ok
14:26:06.0550 2092 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:26:06.0550 2092 AppIDSvc - ok
14:26:06.0550 2092 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
14:26:06.0550 2092 Appinfo - ok
14:26:06.0628 2092 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:26:06.0628 2092 Apple Mobile Device - ok
14:26:06.0644 2092 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:26:06.0644 2092 arc - ok
14:26:06.0660 2092 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:26:06.0660 2092 arcsas - ok
14:26:06.0675 2092 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:26:06.0675 2092 AsyncMac - ok
14:26:06.0706 2092 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
14:26:06.0706 2092 atapi - ok
14:26:06.0738 2092 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:26:06.0753 2092 AudioEndpointBuilder - ok
14:26:06.0753 2092 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:26:06.0753 2092 AudioSrv - ok
14:26:06.0769 2092 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:26:06.0769 2092 AxInstSV - ok
14:26:06.0831 2092 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:26:06.0831 2092 b06bdrv - ok
14:26:06.0847 2092 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:26:06.0847 2092 b57nd60a - ok
14:26:06.0847 2092 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:26:06.0847 2092 BDESVC - ok
14:26:06.0863 2092 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:26:06.0863 2092 Beep - ok
14:26:06.0878 2092 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:26:06.0878 2092 blbdrive - ok
14:26:06.0941 2092 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
14:26:06.0941 2092 Bonjour Service - ok
14:26:06.0956 2092 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:26:06.0956 2092 bowser - ok
14:26:06.0956 2092 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:26:06.0956 2092 BrFiltLo - ok
14:26:06.0956 2092 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:26:06.0956 2092 BrFiltUp - ok
14:26:06.0988 2092 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
14:26:06.0988 2092 Browser - ok
14:26:07.0003 2092 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:26:07.0003 2092 Brserid - ok
14:26:07.0003 2092 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:26:07.0003 2092 BrSerWdm - ok
14:26:07.0019 2092 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:26:07.0019 2092 BrUsbMdm - ok
14:26:07.0019 2092 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:26:07.0019 2092 BrUsbSer - ok
14:26:07.0035 2092 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:26:07.0035 2092 BTHMODEM - ok
14:26:07.0050 2092 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:26:07.0050 2092 bthserv - ok
14:26:07.0050 2092 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:26:07.0050 2092 cdfs - ok
14:26:07.0066 2092 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:26:07.0066 2092 cdrom - ok
14:26:07.0081 2092 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
14:26:07.0081 2092 CertPropSvc - ok
14:26:07.0097 2092 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:26:07.0097 2092 circlass - ok
14:26:07.0113 2092 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:26:07.0113 2092 CLFS - ok
14:26:07.0160 2092 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:26:07.0160 2092 clr_optimization_v2.0.50727_32 - ok
14:26:07.0175 2092 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:26:07.0175 2092 clr_optimization_v2.0.50727_64 - ok
14:26:07.0238 2092 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:26:07.0238 2092 clr_optimization_v4.0.30319_32 - ok
14:26:07.0253 2092 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:26:07.0253 2092 clr_optimization_v4.0.30319_64 - ok
14:26:07.0269 2092 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:26:07.0269 2092 CmBatt - ok
14:26:07.0285 2092 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
14:26:07.0285 2092 cmdide - ok
14:26:07.0300 2092 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
14:26:07.0300 2092 CNG - ok
14:26:07.0300 2092 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:26:07.0300 2092 Compbatt - ok
14:26:07.0316 2092 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:26:07.0316 2092 CompositeBus - ok
14:26:07.0316 2092 COMSysApp - ok
14:26:07.0347 2092 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:26:07.0347 2092 crcdisk - ok
14:26:07.0378 2092 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:26:07.0378 2092 CryptSvc - ok
14:26:07.0425 2092 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:26:07.0425 2092 DcomLaunch - ok
14:26:07.0441 2092 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:26:07.0441 2092 defragsvc - ok
14:26:07.0456 2092 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:26:07.0456 2092 DfsC - ok
14:26:07.0472 2092 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
14:26:07.0472 2092 Dhcp - ok
14:26:07.0503 2092 [ CFC4C17F4472808D2023077375A4C7D8 ] DIGIFW C:\Windows\system32\DRIVERS\digifw.sys
14:26:07.0503 2092 DIGIFW - ok
14:26:07.0519 2092 [ 3F1FF4B1EC288033DA5F6BAAA86482AD ] DigiNet C:\Windows\system32\DRIVERS\diginet.sys
14:26:07.0519 2092 DigiNet - ok
14:26:07.0550 2092 DigiRefresh - ok
14:26:07.0581 2092 [ D4A2A72E7018A386D7C12BBA21825A89 ] digiSPTIService C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe
14:26:07.0581 2092 digiSPTIService - ok
14:26:07.0597 2092 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:26:07.0597 2092 discache - ok
14:26:07.0644 2092 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:26:07.0644 2092 Disk - ok
14:26:07.0675 2092 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:26:07.0675 2092 Dnscache - ok
14:26:07.0691 2092 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
14:26:07.0691 2092 dot3svc - ok
14:26:07.0722 2092 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
14:26:07.0722 2092 DPS - ok
14:26:07.0753 2092 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:26:07.0753 2092 drmkaud - ok
14:26:07.0785 2092 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:26:07.0785 2092 DXGKrnl - ok
14:26:07.0800 2092 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:26:07.0800 2092 EapHost - ok
14:26:07.0863 2092 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:26:07.0894 2092 ebdrv - ok
14:26:07.0925 2092 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
14:26:07.0925 2092 EFS - ok
14:26:07.0972 2092 [ 3D69FAE60EDE442E004611A4EE4DB44C ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:26:07.0988 2092 ehRecvr - ok
14:26:08.0003 2092 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:26:08.0003 2092 ehSched - ok
14:26:08.0035 2092 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:26:08.0035 2092 elxstor - ok
14:26:08.0050 2092 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
14:26:08.0050 2092 ErrDev - ok
14:26:08.0066 2092 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:26:08.0066 2092 EventSystem - ok
14:26:08.0081 2092 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:26:08.0081 2092 exfat - ok
14:26:08.0113 2092 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:26:08.0113 2092 fastfat - ok
14:26:08.0144 2092 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
14:26:08.0144 2092 Fax - ok
14:26:08.0144 2092 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:26:08.0144 2092 fdc - ok
14:26:08.0160 2092 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:26:08.0160 2092 fdPHost - ok
14:26:08.0160 2092 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:26:08.0175 2092 FDResPub - ok
14:26:08.0175 2092 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:26:08.0175 2092 FileInfo - ok
14:26:08.0191 2092 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:26:08.0191 2092 Filetrace - ok
14:26:08.0191 2092 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:26:08.0191 2092 flpydisk - ok
14:26:08.0206 2092 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:26:08.0206 2092 FltMgr - ok
14:26:08.0238 2092 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
14:26:08.0253 2092 FontCache - ok
14:26:08.0285 2092 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:26:08.0285 2092 FontCache3.0.0.0 - ok
14:26:08.0300 2092 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:26:08.0300 2092 FsDepends - ok
14:26:08.0316 2092 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:26:08.0316 2092 Fs_Rec - ok
14:26:08.0347 2092 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:26:08.0347 2092 fvevol - ok
14:26:08.0378 2092 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:26:08.0378 2092 gagp30kx - ok
14:26:08.0410 2092 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:26:08.0410 2092 GEARAspiWDM - ok
14:26:08.0441 2092 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
14:26:08.0441 2092 gpsvc - ok
14:26:08.0456 2092 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:26:08.0456 2092 hcw85cir - ok
14:26:08.0472 2092 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:26:08.0472 2092 HDAudBus - ok
14:26:08.0472 2092 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:26:08.0472 2092 HidBatt - ok
14:26:08.0488 2092 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:26:08.0488 2092 HidBth - ok
14:26:08.0488 2092 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:26:08.0488 2092 HidIr - ok
14:26:08.0503 2092 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:26:08.0503 2092 hidserv - ok
14:26:08.0519 2092 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:26:08.0519 2092 HidUsb - ok
14:26:08.0535 2092 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:26:08.0535 2092 hkmsvc - ok
14:26:08.0550 2092 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:26:08.0550 2092 HomeGroupListener - ok
14:26:08.0566 2092 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:26:08.0566 2092 HomeGroupProvider - ok
14:26:08.0597 2092 [ 9104B5C25F45116655A665ACE0B92886 ] hotcore3 C:\Windows\system32\DRIVERS\hotcore3.sys
14:26:08.0597 2092 hotcore3 - ok
14:26:08.0613 2092 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
14:26:08.0613 2092 HpSAMD - ok
14:26:08.0628 2092 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:26:08.0644 2092 HTTP - ok
14:26:08.0706 2092 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:26:08.0706 2092 hwpolicy - ok
14:26:08.0722 2092 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:26:08.0738 2092 i8042prt - ok
14:26:08.0753 2092 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
14:26:08.0753 2092 iaStor - ok
14:26:08.0800 2092 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:26:08.0800 2092 IAStorDataMgrSvc - ok
14:26:08.0816 2092 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
14:26:08.0816 2092 iaStorV - ok
14:26:08.0863 2092 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:26:08.0878 2092 idsvc - ok
14:26:08.0894 2092 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:26:08.0894 2092 iirsp - ok
14:26:08.0925 2092 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
14:26:08.0925 2092 IKEEXT - ok
14:26:09.0003 2092 [ F37E4DC8EFC72AEE6CEFEE2DAD00ABD0 ] iLokDrvr C:\Windows\system32\DRIVERS\iLokDrvr.sys
14:26:09.0003 2092 iLokDrvr - ok
14:26:09.0019 2092 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
14:26:09.0019 2092 intelide - ok
14:26:09.0035 2092 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:26:09.0035 2092 intelppm - ok
14:26:09.0035 2092 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:26:09.0035 2092 IPBusEnum - ok
14:26:09.0050 2092 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:26:09.0050 2092 IpFilterDriver - ok
14:26:09.0066 2092 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:26:09.0066 2092 IPMIDRV - ok
14:26:09.0066 2092 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:26:09.0066 2092 IPNAT - ok
14:26:09.0113 2092 [ 9B812A3484D89EB934982D67FB7D9313 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:26:09.0128 2092 iPod Service - ok
14:26:09.0144 2092 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:26:09.0144 2092 IRENUM - ok
14:26:09.0160 2092 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
14:26:09.0160 2092 isapnp - ok
14:26:09.0160 2092 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:26:09.0160 2092 iScsiPrt - ok
14:26:09.0222 2092 [ 1C368C1A2733DCC5B8E15420AA2B0F6D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
14:26:09.0222 2092 JRAID - ok
14:26:09.0238 2092 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:26:09.0238 2092 kbdclass - ok
14:26:09.0253 2092 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:26:09.0253 2092 kbdhid - ok
14:26:09.0253 2092 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
14:26:09.0253 2092 KeyIso - ok
14:26:09.0269 2092 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:26:09.0269 2092 KSecDD - ok
14:26:09.0300 2092 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:26:09.0300 2092 KSecPkg - ok
14:26:09.0316 2092 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:26:09.0316 2092 ksthunk - ok
14:26:09.0331 2092 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:26:09.0331 2092 KtmRm - ok
14:26:09.0363 2092 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:26:09.0363 2092 LanmanServer - ok
14:26:09.0378 2092 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:26:09.0378 2092 LanmanWorkstation - ok
14:26:09.0410 2092 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:26:09.0410 2092 lltdio - ok
14:26:09.0425 2092 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:26:09.0425 2092 lltdsvc - ok
14:26:09.0441 2092 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:26:09.0441 2092 lmhosts - ok
14:26:09.0472 2092 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:26:09.0472 2092 LSI_FC - ok
14:26:09.0472 2092 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:26:09.0472 2092 LSI_SAS - ok
14:26:09.0472 2092 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:26:09.0472 2092 LSI_SAS2 - ok
14:26:09.0488 2092 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:26:09.0488 2092 LSI_SCSI - ok
14:26:09.0503 2092 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:26:09.0503 2092 luafv - ok
14:26:09.0535 2092 [ 58ADAFF3CD700515035955256881F0B7 ] LynxWDM C:\Windows\system32\DRIVERS\LynxV264.sys
14:26:09.0535 2092 LynxWDM - ok
14:26:09.0581 2092 [ 0633546736E7816165ADFA5009251CFA ] MacDrive8ServiceD C:\Program Files\Mediafour\MacDrive 8\MacDrive8ServiceD.exe
14:26:09.0597 2092 MacDrive8ServiceD - ok
14:26:09.0613 2092 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:26:09.0613 2092 Mcx2Svc - ok
14:26:09.0628 2092 [ 1F2A22E735646F72BEA9D6E454DE2F57 ] MDFSYSNT C:\Windows\system32\drivers\MDFSYSNT.sys
14:26:09.0628 2092 MDFSYSNT - ok
14:26:09.0863 2092 [ E742557A08EABCCC897D79717DB2D5FE ] MDPMGRNT C:\Windows\system32\DRIVERS\MDPMGRNT.SYS
14:26:09.0863 2092 MDPMGRNT - ok
14:26:09.0972 2092 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:26:09.0972 2092 megasas - ok
14:26:10.0081 2092 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:26:10.0113 2092 MegaSR - ok
14:26:10.0128 2092 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:26:10.0128 2092 MMCSS - ok
14:26:10.0144 2092 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:26:10.0144 2092 Modem - ok
14:26:10.0160 2092 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:26:10.0160 2092 monitor - ok
14:26:10.0175 2092 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:26:10.0175 2092 mouclass - ok
14:26:10.0191 2092 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:26:10.0191 2092 mouhid - ok
14:26:10.0206 2092 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:26:10.0206 2092 mountmgr - ok
14:26:10.0222 2092 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
14:26:10.0222 2092 mpio - ok
14:26:10.0238 2092 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:26:10.0238 2092 mpsdrv - ok
14:26:10.0238 2092 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:26:10.0238 2092 MRxDAV - ok
14:26:10.0269 2092 [ 767A4C3BCF9410C286CED15A2DB17108 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:26:10.0269 2092 mrxsmb - ok
14:26:10.0285 2092 [ 920EE0FF995FCFDEB08C41605A959E1C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:26:10.0285 2092 mrxsmb10 - ok
14:26:10.0285 2092 [ 740D7EA9D72C981510A5292CF6ADC941 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:26:10.0300 2092 mrxsmb20 - ok
14:26:10.0300 2092 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
14:26:10.0300 2092 msahci - ok
14:26:10.0316 2092 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
14:26:10.0316 2092 msdsm - ok
14:26:10.0316 2092 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:26:10.0331 2092 MSDTC - ok
14:26:10.0347 2092 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:26:10.0347 2092 Msfs - ok
14:26:10.0363 2092 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:26:10.0363 2092 mshidkmdf - ok
14:26:10.0363 2092 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
14:26:10.0363 2092 msisadrv - ok
14:26:10.0394 2092 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:26:10.0394 2092 MSiSCSI - ok
14:26:10.0394 2092 msiserver - ok
14:26:10.0425 2092 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:26:10.0425 2092 MSKSSRV - ok
14:26:10.0425 2092 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:26:10.0425 2092 MSPCLOCK - ok
14:26:10.0441 2092 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:26:10.0441 2092 MSPQM - ok
14:26:10.0456 2092 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:26:10.0456 2092 MsRPC - ok
14:26:10.0472 2092 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:26:10.0472 2092 mssmbios - ok
14:26:10.0472 2092 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:26:10.0472 2092 MSTEE - ok
14:26:10.0488 2092 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:26:10.0488 2092 MTConfig - ok
14:26:10.0503 2092 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:26:10.0503 2092 Mup - ok
14:26:10.0519 2092 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
14:26:10.0519 2092 napagent - ok
14:26:10.0550 2092 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:26:10.0550 2092 NativeWifiP - ok
14:26:10.0566 2092 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
14:26:10.0581 2092 NDIS - ok
14:26:10.0597 2092 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:26:10.0597 2092 NdisCap - ok
14:26:10.0613 2092 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:26:10.0613 2092 NdisTapi - ok
14:26:10.0613 2092 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:26:10.0628 2092 Ndisuio - ok
14:26:10.0628 2092 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:26:10.0644 2092 NdisWan - ok
14:26:10.0675 2092 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:26:10.0691 2092 NDProxy - ok
14:26:10.0847 2092 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:26:10.0847 2092 NetBIOS - ok
14:26:10.0863 2092 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:26:10.0863 2092 NetBT - ok
14:26:10.0878 2092 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
14:26:10.0878 2092 Netlogon - ok
14:26:10.0894 2092 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:26:10.0910 2092 Netman - ok
14:26:10.0925 2092 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:26:10.0925 2092 netprofm - ok
14:26:10.0941 2092 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:26:10.0941 2092 NetTcpPortSharing - ok
14:26:10.0972 2092 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:26:10.0972 2092 nfrd960 - ok
14:26:10.0988 2092 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:26:10.0988 2092 NlaSvc - ok
14:26:11.0019 2092 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
14:26:11.0019 2092 NMSAccess - ok
14:26:11.0035 2092 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:26:11.0035 2092 Npfs - ok
14:26:11.0035 2092 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:26:11.0035 2092 nsi - ok
14:26:11.0035 2092 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:26:11.0035 2092 nsiproxy - ok
14:26:11.0066 2092 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:26:11.0097 2092 Ntfs - ok
14:26:11.0097 2092 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:26:11.0097 2092 Null - ok
14:26:11.0113 2092 [ 785298579B5F9B4032152DFBB992FDB6 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
14:26:11.0113 2092 nusb3hub - ok
14:26:11.0128 2092 [ DF2750481B4964814467C974F2B0EEF1 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
14:26:11.0128 2092 nusb3xhc - ok
14:26:11.0331 2092 [ B34E9BFBD9C61048EF6281C3E7EC210A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:26:11.0378 2092 nvlddmkm - ok
14:26:11.0425 2092 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
14:26:11.0425 2092 nvraid - ok
14:26:11.0456 2092 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
14:26:11.0456 2092 nvstor - ok
14:26:11.0503 2092 [ DFDA089BB2CD0FF7E789E2EF6BA1E4BA ] nvsvc C:\Windows\system32\nvvsvc.exe
14:26:11.0503 2092 nvsvc - ok
14:26:11.0566 2092 [ E7818CD4FB51284C948D68A7A85A69B8 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
14:26:11.0597 2092 nvUpdatusService - ok
14:26:11.0597 2092 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
14:26:11.0613 2092 nv_agp - ok
14:26:11.0613 2092 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:26:11.0613 2092 ohci1394 - ok
14:26:11.0644 2092 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:26:11.0644 2092 p2pimsvc - ok
14:26:11.0660 2092 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:26:11.0660 2092 p2psvc - ok
14:26:11.0738 2092 [ 08525AD1115D8DACF1920B25861FEA78 ] PaceLicenseDServices C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
14:26:11.0785 2092 PaceLicenseDServices - ok
14:26:11.0800 2092 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:26:11.0800 2092 Parport - ok
14:26:11.0816 2092 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:26:11.0816 2092 partmgr - ok
14:26:11.0816 2092 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:26:11.0816 2092 PcaSvc - ok
14:26:11.0831 2092 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
14:26:11.0831 2092 pci - ok
14:26:11.0847 2092 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
14:26:11.0847 2092 pciide - ok
14:26:11.0863 2092 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:26:11.0863 2092 pcmcia - ok
14:26:11.0863 2092 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:26:11.0863 2092 pcw - ok
14:26:11.0894 2092 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:26:11.0894 2092 PEAUTH - ok
14:26:11.0925 2092 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:26:11.0941 2092 PerfHost - ok
14:26:11.0972 2092 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
14:26:12.0003 2092 pla - ok
14:26:12.0003 2092 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:26:12.0019 2092 PlugPlay - ok
14:26:12.0019 2092 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:26:12.0019 2092 PNRPAutoReg - ok
14:26:12.0050 2092 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:26:12.0050 2092 PNRPsvc - ok
14:26:12.0081 2092 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:26:12.0081 2092 PolicyAgent - ok
14:26:12.0097 2092 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:26:12.0097 2092 Power - ok
14:26:12.0128 2092 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:26:12.0128 2092 PptpMiniport - ok
14:26:12.0144 2092 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:26:12.0144 2092 Processor - ok
14:26:12.0160 2092 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
14:26:12.0160 2092 ProfSvc - ok
14:26:12.0175 2092 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
14:26:12.0175 2092 ProtectedStorage - ok
14:26:12.0175 2092 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:26:12.0191 2092 Psched - ok
14:26:12.0222 2092 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:26:12.0238 2092 ql2300 - ok
14:26:12.0269 2092 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:26:12.0269 2092 ql40xx - ok
14:26:12.0300 2092 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:26:12.0300 2092 QWAVE - ok
14:26:12.0300 2092 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:26:12.0316 2092 QWAVEdrv - ok
14:26:12.0316 2092 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:26:12.0316 2092 RasAcd - ok
14:26:12.0347 2092 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:26:12.0347 2092 RasAgileVpn - ok
14:26:12.0363 2092 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:26:12.0363 2092 RasAuto - ok
14:26:12.0378 2092 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:26:12.0378 2092 Rasl2tp - ok
14:26:12.0394 2092 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
14:26:12.0394 2092 RasMan - ok
14:26:12.0410 2092 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:26:12.0410 2092 RasPppoe - ok
14:26:12.0410 2092 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:26:12.0410 2092 RasSstp - ok
14:26:12.0425 2092 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:26:12.0425 2092 rdbss - ok
14:26:12.0441 2092 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:26:12.0441 2092 rdpbus - ok
14:26:12.0456 2092 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:26:12.0456 2092 RDPCDD - ok
14:26:12.0472 2092 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:26:12.0472 2092 RDPENCDD - ok
14:26:12.0472 2092 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:26:12.0472 2092 RDPREFMP - ok
14:26:12.0488 2092 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:26:12.0488 2092 RDPWD - ok
14:26:12.0503 2092 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:26:12.0503 2092 rdyboost - ok
14:26:12.0535 2092 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:26:12.0535 2092 RemoteAccess - ok
14:26:12.0535 2092 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:26:12.0550 2092 RemoteRegistry - ok
14:26:12.0566 2092 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:26:12.0566 2092 RpcEptMapper - ok
14:26:12.0581 2092 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:26:12.0581 2092 RpcLocator - ok
14:26:12.0597 2092 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
14:26:12.0597 2092 RpcSs - ok
14:26:12.0628 2092 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:26:12.0628 2092 rspndr - ok
14:26:12.0706 2092 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:26:12.0706 2092 RTL8167 - ok
14:26:12.0706 2092 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
14:26:12.0706 2092 SamSs - ok
14:26:12.0753 2092 [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x64\Sandra.sys
14:26:12.0769 2092 SANDRA - ok
14:26:12.0769 2092 [ 5779E6D075D9976C7FAE79FD1A3DFAC9 ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe
14:26:12.0769 2092 SandraAgentSrv - ok
14:26:12.0785 2092 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
14:26:12.0785 2092 sbp2port - ok
14:26:12.0816 2092 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:26:12.0816 2092 SCardSvr - ok
14:26:12.0831 2092 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:26:12.0831 2092 scfilter - ok
14:26:12.0863 2092 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll
14:26:12.0878 2092 Schedule - ok
14:26:12.0894 2092 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:26:12.0894 2092 SCPolicySvc - ok
14:26:12.0894 2092 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:26:12.0910 2092 SDRSVC - ok
14:26:12.0925 2092 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:26:12.0925 2092 secdrv - ok
14:26:12.0941 2092 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
14:26:12.0941 2092 seclogon - ok
14:26:12.0941 2092 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:26:12.0956 2092 SENS - ok
14:26:12.0956 2092 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:26:12.0972 2092 SensrSvc - ok
14:26:12.0972 2092 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:26:12.0972 2092 Serenum - ok
14:26:13.0003 2092 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:26:13.0003 2092 Serial - ok
14:26:13.0003 2092 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:26:13.0019 2092 sermouse - ok
14:26:13.0019 2092 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
14:26:13.0035 2092 SessionEnv - ok
14:26:13.0066 2092 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
14:26:13.0066 2092 sffdisk - ok
14:26:13.0081 2092 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:26:13.0081 2092 sffp_mmc - ok
14:26:13.0097 2092 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
14:26:13.0097 2092 sffp_sd - ok
14:26:13.0097 2092 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:26:13.0113 2092 sfloppy - ok
14:26:13.0128 2092 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:26:13.0128 2092 ShellHWDetection - ok
14:26:13.0128 2092 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:26:13.0144 2092 SiSRaid2 - ok
14:26:13.0144 2092 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:26:13.0144 2092 SiSRaid4 - ok
14:26:13.0160 2092 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:26:13.0175 2092 Smb - ok
14:26:13.0175 2092 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:26:13.0191 2092 SNMPTRAP - ok
14:26:13.0191 2092 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:26:13.0191 2092 spldr - ok
14:26:13.0206 2092 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe
14:26:13.0206 2092 Spooler - ok
14:26:13.0253 2092 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
14:26:13.0316 2092 sppsvc - ok
14:26:13.0331 2092 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:26:13.0331 2092 sppuinotify - ok
14:26:13.0363 2092 [ 37C3ABC2338010E110D2A6A3930F3149 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:26:13.0363 2092 srv - ok
14:26:13.0378 2092 [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:26:13.0378 2092 srv2 - ok
14:26:13.0394 2092 [ CCE32BB223E9FF55D241099A858FA889 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:26:13.0394 2092 srvnet - ok
14:26:13.0425 2092 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:26:13.0425 2092 SSDPSRV - ok
14:26:13.0425 2092 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:26:13.0441 2092 SstpSvc - ok
14:26:13.0456 2092 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
14:26:13.0456 2092 StarOpen - ok
14:26:13.0488 2092 [ 29662881A46DB66730C62A4F1BFA3DC2 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:26:13.0503 2092 Stereo Service - ok
14:26:13.0503 2092 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:26:13.0503 2092 stexstor - ok
14:26:13.0519 2092 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
14:26:13.0535 2092 stisvc - ok
14:26:13.0550 2092 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:26:13.0550 2092 swenum - ok
14:26:13.0566 2092 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:26:13.0581 2092 swprv - ok
14:26:13.0597 2092 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
14:26:13.0628 2092 SysMain - ok
14:26:13.0644 2092 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:26:13.0644 2092 TabletInputService - ok
14:26:13.0785 2092 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
14:26:13.0785 2092 TapiSrv - ok
14:26:13.0800 2092 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:26:13.0800 2092 TBS - ok
14:26:13.0831 2092 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:26:13.0863 2092 Tcpip - ok
14:26:13.0894 2092 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:26:13.0910 2092 TCPIP6 - ok
14:26:13.0925 2092 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:26:13.0925 2092 tcpipreg - ok
14:26:13.0956 2092 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:26:13.0956 2092 TDPIPE - ok
14:26:13.0956 2092 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:26:13.0956 2092 TDTCP - ok
14:26:13.0972 2092 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:26:13.0972 2092 tdx - ok
14:26:13.0972 2092 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:26:13.0972 2092 TermDD - ok
14:26:13.0988 2092 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
14:26:14.0003 2092 TermService - ok
14:26:14.0019 2092 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:26:14.0019 2092 Themes - ok
14:26:14.0035 2092 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:26:14.0035 2092 THREADORDER - ok
14:26:14.0066 2092 [ 8DD33A57339ADAE34CDB12994ACBC50F ] Tpkd C:\Windows\system32\drivers\Tpkd.sys
14:26:14.0066 2092 Tpkd - ok
14:26:14.0081 2092 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:26:14.0081 2092 TrkWks - ok
14:26:14.0128 2092 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:26:14.0128 2092 TrustedInstaller - ok
14:26:14.0144 2092 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:26:14.0144 2092 tssecsrv - ok
14:26:14.0175 2092 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:26:14.0175 2092 tunnel - ok
14:26:14.0191 2092 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:26:14.0191 2092 uagp35 - ok
14:26:14.0222 2092 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:26:14.0222 2092 udfs - ok
14:26:14.0238 2092 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:26:14.0238 2092 UI0Detect - ok
14:26:14.0253 2092 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
14:26:14.0253 2092 uliagpkx - ok
14:26:14.0269 2092 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:26:14.0269 2092 umbus - ok
14:26:14.0285 2092 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:26:14.0285 2092 UmPass - ok
14:26:14.0300 2092 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:26:14.0300 2092 upnphost - ok
14:26:14.0347 2092 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:26:14.0347 2092 USBAAPL64 - ok
14:26:14.0363 2092 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:26:14.0363 2092 usbccgp - ok
14:26:14.0378 2092 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
14:26:14.0378 2092 usbcir - ok
14:26:14.0394 2092 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:26:14.0394 2092 usbehci - ok
14:26:14.0410 2092 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:26:14.0410 2092 usbhub - ok
14:26:14.0410 2092 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:26:14.0410 2092 usbohci - ok
14:26:14.0425 2092 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:26:14.0425 2092 usbprint - ok
14:26:14.0441 2092 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:26:14.0441 2092 USBSTOR - ok
14:26:14.0456 2092 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:26:14.0456 2092 usbuhci - ok
14:26:14.0472 2092 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:26:14.0488 2092 UxSms - ok
14:26:14.0488 2092 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
14:26:14.0488 2092 VaultSvc - ok
14:26:14.0488 2092 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
14:26:14.0488 2092 vdrvroot - ok
14:26:14.0503 2092 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
14:26:14.0519 2092 vds - ok
14:26:14.0519 2092 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:26:14.0519 2092 vga - ok
14:26:14.0535 2092 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:26:14.0535 2092 VgaSave - ok
14:26:14.0550 2092 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
14:26:14.0550 2092 vhdmp - ok
14:26:14.0566 2092 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
14:26:14.0566 2092 viaide - ok
14:26:14.0566 2092 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
14:26:14.0566 2092 volmgr - ok
14:26:14.0581 2092 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:26:14.0581 2092 volmgrx - ok
14:26:14.0597 2092 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
14:26:14.0597 2092 volsnap - ok
14:26:14.0628 2092 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:26:14.0628 2092 vsmraid - ok
14:26:14.0769 2092 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
14:26:14.0785 2092 VSS - ok
14:26:14.0800 2092 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:26:14.0800 2092 vwifibus - ok
14:26:14.0816 2092 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:26:14.0831 2092 W32Time - ok
14:26:14.0831 2092 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:26:14.0831 2092 WacomPen - ok
14:26:14.0847 2092 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:26:14.0847 2092 WANARP - ok
14:26:14.0847 2092 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:26:14.0847 2092 Wanarpv6 - ok
14:26:14.0894 2092 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:26:14.0910 2092 WatAdminSvc - ok
14:26:14.0956 2092 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
14:26:14.0988 2092 wbengine - ok
14:26:14.0988 2092 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:26:14.0988 2092 WbioSrvc - ok
14:26:15.0003 2092 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:26:15.0003 2092 wcncsvc - ok
14:26:15.0019 2092 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:26:15.0019 2092 WcsPlugInService - ok
14:26:15.0035 2092 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:26:15.0035 2092 Wd - ok
14:26:15.0050 2092 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:26:15.0066 2092 Wdf01000 - ok
14:26:15.0066 2092 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:26:15.0066 2092 WdiServiceHost - ok
14:26:15.0066 2092 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:26:15.0066 2092 WdiSystemHost - ok
14:26:15.0081 2092 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
14:26:15.0081 2092 WebClient - ok
14:26:15.0097 2092 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:26:15.0097 2092 Wecsvc - ok
14:26:15.0113 2092 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:26:15.0113 2092 wercplsupport - ok
14:26:15.0128 2092 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:26:15.0128 2092 WerSvc - ok
14:26:15.0144 2092 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:26:15.0144 2092 WfpLwf - ok
14:26:15.0144 2092 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:26:15.0144 2092 WIMMount - ok
14:26:15.0160 2092 WinHttpAutoProxySvc - ok
14:26:15.0191 2092 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:26:15.0191 2092 Winmgmt - ok
14:26:15.0238 2092 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
14:26:15.0269 2092 WinRM - ok
14:26:15.0316 2092 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:26:15.0316 2092 WinUsb - ok
14:26:15.0331 2092 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:26:15.0331 2092 Wlansvc - ok
14:26:15.0363 2092 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:26:15.0363 2092 WmiAcpi - ok
14:26:15.0378 2092 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:26:15.0394 2092 wmiApSrv - ok
14:26:15.0410 2092 WMPNetworkSvc - ok
14:26:15.0410 2092 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:26:15.0425 2092 WPCSvc - ok
14:26:15.0425 2092 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:26:15.0441 2092 WPDBusEnum - ok
14:26:15.0441 2092 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:26:15.0441 2092 ws2ifsl - ok
14:26:15.0441 2092 WSearch - ok
14:26:15.0456 2092 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:26:15.0456 2092 WudfPf - ok
14:26:15.0472 2092 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:26:15.0472 2092 WUDFRd - ok
14:26:15.0488 2092 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:26:15.0503 2092 wudfsvc - ok
14:26:15.0503 2092 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:26:15.0519 2092 WwanSvc - ok
14:26:15.0519 2092 ================ Scan global ===============================
14:26:15.0535 2092 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:26:15.0550 2092 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
14:26:15.0566 2092 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
14:26:15.0566 2092 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:26:15.0581 2092 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:26:15.0597 2092 [Global] - ok
14:26:15.0597 2092 ================ Scan MBR ==================================
14:26:15.0597 2092 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:26:15.0863 2092 \Device\Harddisk0\DR0 - ok
14:26:15.0878 2092 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:26:15.0941 2092 \Device\Harddisk1\DR1 - ok
14:26:15.0956 2092 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
14:26:16.0003 2092 \Device\Harddisk2\DR2 - ok
14:26:16.0003 2092 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk3\DR7
14:26:16.0472 2092 \Device\Harddisk3\DR7 - ok
14:26:16.0472 2092 ================ Scan VBR ==================================
14:26:16.0472 2092 [ E09725F47F18F8AF671C9F027F4AF984 ] \Device\Harddisk0\DR0\Partition1
14:26:16.0488 2092 \Device\Harddisk0\DR0\Partition1 - ok
14:26:16.0503 2092 [ 0E5AB9E50EEF15ADC1D445501DC4C5E9 ] \Device\Harddisk1\DR1\Partition1
14:26:16.0503 2092 \Device\Harddisk1\DR1\Partition1 - ok
14:26:16.0503 2092 [ BBF554ED1D32D9D04F0C2C20C083C457 ] \Device\Harddisk2\DR2\Partition1
14:26:16.0503 2092 \Device\Harddisk2\DR2\Partition1 - ok
14:26:16.0503 2092 [ 24357C3CA888545BAA3079C1013A67D9 ] \Device\Harddisk3\DR7\Partition1
14:26:16.0503 2092 \Device\Harddisk3\DR7\Partition1 - ok
14:26:16.0503 2092 ============================================================
14:26:16.0503 2092 Scan finished
14:26:16.0503 2092 ============================================================
14:26:16.0519 3932 Detected object count: 0
14:26:16.0519 3932 Actual detected object count: 0

#4 llmonty

llmonty
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 28 January 2013 - 04:12 PM

Here is the aswMBR log

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-28 14:29:07
-----------------------------
14:29:07.628 OS Version: Windows x64 6.1.7600
14:29:07.628 Number of processors: 8 586 0x1A05
14:29:07.628 ComputerName: OWNER-PC0599 UserName: owner
14:29:11.144 Initialize success
14:30:03.269 AVAST engine defs: 13012800
14:30:22.378 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:30:22.378 Disk 0 Vendor: ST350041 CC38 Size: 476940MB BusType: 8
14:30:22.378 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
14:30:22.378 Disk 1 Vendor: ST350041 CC38 Size: 476940MB BusType: 8
14:30:22.378 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
14:30:22.378 Disk 2 Vendor: ST310005 CC38 Size: 953869MB BusType: 8
14:30:22.394 Disk 0 MBR read successfully
14:30:22.394 Disk 0 MBR scan
14:30:22.394 Disk 0 Windows 7 default MBR code
14:30:22.410 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 414896 MB offset 2048
14:30:22.425 Disk 0 Partition 2 00 BC BCFS 62042 MB offset 849709980
14:30:22.456 Disk 0 scanning C:\Windows\system32\drivers
14:30:28.816 Service scanning
14:30:40.753 Modules scanning
14:30:40.753 Disk 0 trace - called modules:
14:30:40.769 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:30:40.769 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80084be060]
14:30:40.785 3 CLASSPNP.SYS[fffff88001daf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006007050]
14:30:43.066 AVAST engine scan C:\Windows
14:30:44.269 AVAST engine scan C:\Windows\system32
14:31:58.019 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:31:59.035 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:32:37.566 AVAST engine scan C:\Windows\system32\drivers
14:32:45.222 AVAST engine scan C:\Users\owner
14:34:08.847 Disk 0 MBR has been saved successfully to "H:\MBR.dat"
14:34:08.863 The log file has been saved successfully to "H:\aswMBR - log.txt"

#5 llmonty

llmonty
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 28 January 2013 - 04:14 PM

Here is the ESET Found Threats

C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L3GEZ3DC\78665[1].pdf JS/Exploit.Pdfka.QCG trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:54 PM

Posted 28 January 2013 - 04:41 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.



Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 llmonty

llmonty
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 28 January 2013 - 09:49 PM

mbam log
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.28.13

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
owner :: OWNER-PC0599 [administrator]

1/28/2013 8:33:18 PM
mbam-log-2013-01-28 (20-33-18).txt

Scan type: Full scan (C:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 531374
Time elapsed: 41 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\$Recycle.Bin\S-1-5-18\$f759576dc0201126cd0c66ac2d72728a\n (Trojan.0Access) -> Delete on reboot.
C:\$Recycle.Bin\S-1-5-18\$f759576dc0201126cd0c66ac2d72728a\U\00000004.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$f759576dc0201126cd0c66ac2d72728a\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$f759576dc0201126cd0c66ac2d72728a\U\000000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$f759576dc0201126cd0c66ac2d72728a\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$f759576dc0201126cd0c66ac2d72728a\U\80000032.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$f759576dc0201126cd0c66ac2d72728a\U\80000064.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-4071513801-369943056-4252249209-1000\$f759576dc0201126cd0c66ac2d72728a\n (Trojan.0Access) -> Delete on reboot.

(end)

mini toolbox log

MiniToolBox by Farbar Version:10-01-2013
Ran by owner (administrator) on 28-01-2013 at 21:27:58
Running from "C:\Users\owner\Desktop\virus\Phase II"
Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : owner-PC0599
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 6C-F0-49-E8-24-FA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::acc9:5adc:ec71:43d3%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, January 28, 2013 9:24:45 PM
Lease Expires . . . . . . . . . . : Tuesday, January 29, 2013 9:24:45 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 242020425
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-E3-98-17-6C-F0-49-E8-24-FA
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4004:800::1009
74.125.228.1
74.125.228.5
74.125.228.4
74.125.228.3
74.125.228.6
74.125.228.8
74.125.228.0
74.125.228.7
74.125.228.9
74.125.228.2
74.125.228.14


Pinging google.com [74.125.228.5] with 32 bytes of data:
Reply from 74.125.228.5: bytes=32 time=48ms TTL=55
Reply from 74.125.228.5: bytes=32 time=60ms TTL=55

Ping statistics for 74.125.228.5:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 48ms, Maximum = 60ms, Average = 54ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=131ms TTL=53
Reply from 98.138.253.109: bytes=32 time=112ms TTL=53

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 112ms, Maximum = 131ms, Average = 121ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...6c f0 49 e8 24 fa ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.5 266
192.168.1.5 255.255.255.255 On-link 192.168.1.5 266
192.168.1.255 255.255.255.255 On-link 192.168.1.5 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.5 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.5 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 266 fe80::/64 On-link
11 266 fe80::acc9:5adc:ec71:43d3/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File not found] ()
Catalog9 02 mswsock.dll [File not found] ()
Catalog9 03 mswsock.dll [File not found] ()
Catalog9 04 mswsock.dll [File not found] ()
Catalog9 05 mswsock.dll [File not found] ()
Catalog9 06 mswsock.dll [File not found] ()
Catalog9 07 mswsock.dll [File not found] ()
Catalog9 08 mswsock.dll [File not found] ()
Catalog9 09 mswsock.dll [File not found] ()
Catalog9 10 mswsock.dll [File not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/28/2013 03:22:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 8.0.7600.16588, time stamp: 0x4be2b810
Exception code: 0xc00000fd
Fault offset: 0x000d3e4e
Faulting process id: 0xaa4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/28/2013 02:34:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (01/28/2013 02:24:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (01/28/2013 02:24:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (01/28/2013 11:30:56 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter explain text strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/28/2013 11:30:56 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter explain text strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/28/2013 11:17:29 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter explain text strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/28/2013 11:17:29 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter explain text strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/28/2013 11:00:38 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 8.0.7600.16588, time stamp: 0x4be2b810
Exception code: 0xc00000fd
Fault offset: 0x000d0092
Faulting process id: 0xf14
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/28/2013 10:52:42 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 8.0.7600.16588, time stamp: 0x4be2b810
Exception code: 0xc00000fd
Fault offset: 0x000c7fbb
Faulting process id: 0xe04
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (01/28/2013 09:25:00 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (01/28/2013 09:25:00 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (01/28/2013 08:32:40 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (01/28/2013 08:32:40 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (01/28/2013 10:46:23 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (01/28/2013 10:46:23 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (01/24/2013 00:44:27 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (01/24/2013 00:44:27 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (01/24/2013 00:44:14 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:43:40 AM on ?1/?18/?2013 was unexpected.

Error: (01/17/2013 07:03:03 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


Microsoft Office Sessions:
=========================
Error: (01/28/2013 03:22:30 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll8.0.7600.165884be2b810c00000fd000d3e4eaa401cdfd94cf5a7914C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dll7066481a-6988-11e2-be5b-6cf049e824fa

Error: (01/28/2013 02:34:50 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\owner\Desktop\virus\esetsmartinstaller_enu.exe

Error: (01/28/2013 02:24:59 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\owner\Desktop\virus\esetsmartinstaller_enu.exe

Error: (01/28/2013 02:24:39 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestH:\esetsmartinstaller_enu.exe

Error: (01/28/2013 11:30:56 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 0098020000004B010000

Error: (01/28/2013 11:30:56 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 009120200000000000000CF000000

Error: (01/28/2013 11:17:29 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 0098020000004B010000

Error: (01/28/2013 11:17:29 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 009120200000000000000CF000000

Error: (01/28/2013 11:00:38 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll8.0.7600.165884be2b810c00000fd000d0092f1401cdfd6fa937d77eC:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dlldb4ef5c0-6963-11e2-be5b-6cf049e824fa

Error: (01/28/2013 10:52:42 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll8.0.7600.165884be2b810c00000fd000c7fbbe0401cdfd6f30c6fa9aC:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dllbfa016ac-6962-11e2-be5b-6cf049e824fa


=========================== Installed Programs ============================

Adobe Reader 9.3.3 (Version: 9.3.3)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.3.127)
Avid Free DigiRack Plug-Ins 9.0.3 (Version: 9.0.3)
Avid HD Driver (x64) (Version: 9.0)
Avid Pro Tools 9.0.3 (Version: 9.0.3)
Avid Pro Tools Creative Collection 9.0.3 (Version: 9.0.3)
Beatscape 1.0.2 (Version: 1.0.2)
Blue Cat's FreqAnalyst RTAS 1.71 (Version: 1.71)
Bonjour (Version: 2.0.4.0)
CCleaner (Version: 3.09)
CDBurnerXP (Version: 4.3.7.2316)
Digidesign ElevenRack Driver 1.0.8 (x64) (Version: 1.0.8)
Digidesign HFS+ Disk Support (Version: 8.0.6.52)
Dimension Pro 1.2 (Version: 18.0)
Dropbox (Version: 1.6.16)
elysia niveau filter 1.0.1
ESET Online Scanner v3
iLok Client Helper (Version: 5.9.1)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
Interlok driver setup x64 (Version: 5.9.1)
iTunes (Version: 10.1.1.4)
JMicron JMB36X Driver (Version: 1.00.0000)
License Support (Version: 1.1.1.1524)
Lynx Aurora Remote Control (Remove Only)
Lynx Version 2 Driver (Remove Only)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Native Instruments Guitar Rig 3 (Version: 3.2.1.004)
Native Instruments Service Center
Native Instruments Service Center (Version: 2.0.6.001)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.18.0)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.78.0)
NVIDIA PhysX (Version: 9.10.0224)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.5896)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
Paragon Drive Backup™ 10 Professional Edition (Version: 90.00.0003)
QuickTime (Version: 7.69.80.9)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.23.623.2010)
REAPER
SeaTools for Windows (Version: 1.2.0.1)
SiSoftware Sandra Lite 2010.SP2 (Version: 16.52.2010.7)
SONAR 8.5 Producer (Version: 18.0)
SONAR 8.5 Producer x64 (Version: 18.0)
SoundToys Decapitator TDM V4
SoundToys Devil-Loc Deluxe V1
SoundToys Native Effects V4
SPL Transient Designer 1.3.2
Spotify (Version: 0.8.5.1333.g822e0de8)
ValhallaRoomDemo version 1.0.8 (Version: 1.0.8)
Visual C++ 64-bit Redistributables (Version: 1.1.1.1524)
Visual C++ Redistributables (Version: 1.1.1.1524)

========================= Memory info: ===================================

Percentage of memory in use: 16%
Total physical RAM: 6142.45 MB
Available physical RAM: 5114.45 MB
Total Pagefile: 15353.6 MB
Available Pagefile: 14246.59 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.21 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:405.17 GB) (Free:300.65 GB) NTFS
3 Drive e: (Audio) (Fixed) (Total:465.76 GB) (Free:344.41 GB) NTFS
4 Drive f: (Samples) (Fixed) (Total:931.51 GB) (Free:576.46 GB) NTFS
5 Drive g: (DTVP) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
6 Drive h: (KINGSTON) (Removable) (Total:3.69 GB) (Free:3.65 GB) FAT32

========================= Users: ========================================

User accounts for \\OWNER-PC0599

9795684B0B0D4F34B680 Administrator Guest
owner UpdatusUser

========================= Restore Points ==================================

04-08-2012 15:29:21 Scheduled Checkpoint
20-08-2012 15:10:07 Scheduled Checkpoint
06-09-2012 15:39:17 Scheduled Checkpoint
29-09-2012 09:41:35 Scheduled Checkpoint
07-10-2012 04:00:00 Scheduled Checkpoint
25-10-2012 13:36:35 Scheduled Checkpoint
02-11-2012 13:33:29 Scheduled Checkpoint
11-11-2012 17:30:14 Scheduled Checkpoint
20-11-2012 15:17:00 Scheduled Checkpoint
29-11-2012 14:15:46 Scheduled Checkpoint
03-12-2012 15:45:08 Device Driver Package Install: Lynx Studio Technology, Inc. Sound, video and game controllers
11-12-2012 05:00:02 Scheduled Checkpoint
18-12-2012 15:59:09 Scheduled Checkpoint
26-12-2012 05:00:02 Scheduled Checkpoint
02-01-2013 16:55:18 Scheduled Checkpoint
17-01-2013 18:54:24 Scheduled Checkpoint
25-01-2013 05:00:02 Scheduled Checkpoint

**** End of log ****

#8 llmonty

llmonty
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 28 January 2013 - 09:50 PM

mini toolbox log

MiniToolBox by Farbar Version:10-01-2013
Ran by owner (administrator) on 28-01-2013 at 21:27:58
Running from "C:\Users\owner\Desktop\virus\Phase II"
Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : owner-PC0599
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 6C-F0-49-E8-24-FA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::acc9:5adc:ec71:43d3%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, January 28, 2013 9:24:45 PM
Lease Expires . . . . . . . . . . : Tuesday, January 29, 2013 9:24:45 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 242020425
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-E3-98-17-6C-F0-49-E8-24-FA
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4004:800::1009
74.125.228.1
74.125.228.5
74.125.228.4
74.125.228.3
74.125.228.6
74.125.228.8
74.125.228.0
74.125.228.7
74.125.228.9
74.125.228.2
74.125.228.14


Pinging google.com [74.125.228.5] with 32 bytes of data:
Reply from 74.125.228.5: bytes=32 time=48ms TTL=55
Reply from 74.125.228.5: bytes=32 time=60ms TTL=55

Ping statistics for 74.125.228.5:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 48ms, Maximum = 60ms, Average = 54ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=131ms TTL=53
Reply from 98.138.253.109: bytes=32 time=112ms TTL=53

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 112ms, Maximum = 131ms, Average = 121ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...6c f0 49 e8 24 fa ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.5 266
192.168.1.5 255.255.255.255 On-link 192.168.1.5 266
192.168.1.255 255.255.255.255 On-link 192.168.1.5 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.5 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.5 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 266 fe80::/64 On-link
11 266 fe80::acc9:5adc:ec71:43d3/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File not found] ()
Catalog9 02 mswsock.dll [File not found] ()
Catalog9 03 mswsock.dll [File not found] ()
Catalog9 04 mswsock.dll [File not found] ()
Catalog9 05 mswsock.dll [File not found] ()
Catalog9 06 mswsock.dll [File not found] ()
Catalog9 07 mswsock.dll [File not found] ()
Catalog9 08 mswsock.dll [File not found] ()
Catalog9 09 mswsock.dll [File not found] ()
Catalog9 10 mswsock.dll [File not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/28/2013 03:22:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 8.0.7600.16588, time stamp: 0x4be2b810
Exception code: 0xc00000fd
Fault offset: 0x000d3e4e
Faulting process id: 0xaa4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/28/2013 02:34:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (01/28/2013 02:24:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (01/28/2013 02:24:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (01/28/2013 11:30:56 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter explain text strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/28/2013 11:30:56 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter explain text strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/28/2013 11:17:29 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter explain text strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/28/2013 11:17:29 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter explain text strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/28/2013 11:00:38 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 8.0.7600.16588, time stamp: 0x4be2b810
Exception code: 0xc00000fd
Fault offset: 0x000d0092
Faulting process id: 0xf14
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/28/2013 10:52:42 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 8.0.7600.16588, time stamp: 0x4be2b810
Exception code: 0xc00000fd
Fault offset: 0x000c7fbb
Faulting process id: 0xe04
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (01/28/2013 09:25:00 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (01/28/2013 09:25:00 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (01/28/2013 08:32:40 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (01/28/2013 08:32:40 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (01/28/2013 10:46:23 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (01/28/2013 10:46:23 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (01/24/2013 00:44:27 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (01/24/2013 00:44:27 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (01/24/2013 00:44:14 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:43:40 AM on ?1/?18/?2013 was unexpected.

Error: (01/17/2013 07:03:03 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


Microsoft Office Sessions:
=========================
Error: (01/28/2013 03:22:30 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll8.0.7600.165884be2b810c00000fd000d3e4eaa401cdfd94cf5a7914C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dll7066481a-6988-11e2-be5b-6cf049e824fa

Error: (01/28/2013 02:34:50 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\owner\Desktop\virus\esetsmartinstaller_enu.exe

Error: (01/28/2013 02:24:59 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\owner\Desktop\virus\esetsmartinstaller_enu.exe

Error: (01/28/2013 02:24:39 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestH:\esetsmartinstaller_enu.exe

Error: (01/28/2013 11:30:56 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 0098020000004B010000

Error: (01/28/2013 11:30:56 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 009120200000000000000CF000000

Error: (01/28/2013 11:17:29 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 0098020000004B010000

Error: (01/28/2013 11:17:29 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 009120200000000000000CF000000

Error: (01/28/2013 11:00:38 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll8.0.7600.165884be2b810c00000fd000d0092f1401cdfd6fa937d77eC:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dlldb4ef5c0-6963-11e2-be5b-6cf049e824fa

Error: (01/28/2013 10:52:42 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll8.0.7600.165884be2b810c00000fd000c7fbbe0401cdfd6f30c6fa9aC:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dllbfa016ac-6962-11e2-be5b-6cf049e824fa


=========================== Installed Programs ============================

Adobe Reader 9.3.3 (Version: 9.3.3)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.3.127)
Avid Free DigiRack Plug-Ins 9.0.3 (Version: 9.0.3)
Avid HD Driver (x64) (Version: 9.0)
Avid Pro Tools 9.0.3 (Version: 9.0.3)
Avid Pro Tools Creative Collection 9.0.3 (Version: 9.0.3)
Beatscape 1.0.2 (Version: 1.0.2)
Blue Cat's FreqAnalyst RTAS 1.71 (Version: 1.71)
Bonjour (Version: 2.0.4.0)
CCleaner (Version: 3.09)
CDBurnerXP (Version: 4.3.7.2316)
Digidesign ElevenRack Driver 1.0.8 (x64) (Version: 1.0.8)
Digidesign HFS+ Disk Support (Version: 8.0.6.52)
Dimension Pro 1.2 (Version: 18.0)
Dropbox (Version: 1.6.16)
elysia niveau filter 1.0.1
ESET Online Scanner v3
iLok Client Helper (Version: 5.9.1)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
Interlok driver setup x64 (Version: 5.9.1)
iTunes (Version: 10.1.1.4)
JMicron JMB36X Driver (Version: 1.00.0000)
License Support (Version: 1.1.1.1524)
Lynx Aurora Remote Control (Remove Only)
Lynx Version 2 Driver (Remove Only)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Native Instruments Guitar Rig 3 (Version: 3.2.1.004)
Native Instruments Service Center
Native Instruments Service Center (Version: 2.0.6.001)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.18.0)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.78.0)
NVIDIA PhysX (Version: 9.10.0224)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.5896)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
Paragon Drive Backup™ 10 Professional Edition (Version: 90.00.0003)
QuickTime (Version: 7.69.80.9)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.23.623.2010)
REAPER
SeaTools for Windows (Version: 1.2.0.1)
SiSoftware Sandra Lite 2010.SP2 (Version: 16.52.2010.7)
SONAR 8.5 Producer (Version: 18.0)
SONAR 8.5 Producer x64 (Version: 18.0)
SoundToys Decapitator TDM V4
SoundToys Devil-Loc Deluxe V1
SoundToys Native Effects V4
SPL Transient Designer 1.3.2
Spotify (Version: 0.8.5.1333.g822e0de8)
ValhallaRoomDemo version 1.0.8 (Version: 1.0.8)
Visual C++ 64-bit Redistributables (Version: 1.1.1.1524)
Visual C++ Redistributables (Version: 1.1.1.1524)

========================= Memory info: ===================================

Percentage of memory in use: 16%
Total physical RAM: 6142.45 MB
Available physical RAM: 5114.45 MB
Total Pagefile: 15353.6 MB
Available Pagefile: 14246.59 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.21 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:405.17 GB) (Free:300.65 GB) NTFS
3 Drive e: (Audio) (Fixed) (Total:465.76 GB) (Free:344.41 GB) NTFS
4 Drive f: (Samples) (Fixed) (Total:931.51 GB) (Free:576.46 GB) NTFS
5 Drive g: (DTVP) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
6 Drive h: (KINGSTON) (Removable) (Total:3.69 GB) (Free:3.65 GB) FAT32

========================= Users: ========================================

User accounts for \\OWNER-PC0599

9795684B0B0D4F34B680 Administrator Guest
owner UpdatusUser

========================= Restore Points ==================================

04-08-2012 15:29:21 Scheduled Checkpoint
20-08-2012 15:10:07 Scheduled Checkpoint
06-09-2012 15:39:17 Scheduled Checkpoint
29-09-2012 09:41:35 Scheduled Checkpoint
07-10-2012 04:00:00 Scheduled Checkpoint
25-10-2012 13:36:35 Scheduled Checkpoint
02-11-2012 13:33:29 Scheduled Checkpoint
11-11-2012 17:30:14 Scheduled Checkpoint
20-11-2012 15:17:00 Scheduled Checkpoint
29-11-2012 14:15:46 Scheduled Checkpoint
03-12-2012 15:45:08 Device Driver Package Install: Lynx Studio Technology, Inc. Sound, video and game controllers
11-12-2012 05:00:02 Scheduled Checkpoint
18-12-2012 15:59:09 Scheduled Checkpoint
26-12-2012 05:00:02 Scheduled Checkpoint
02-01-2013 16:55:18 Scheduled Checkpoint
17-01-2013 18:54:24 Scheduled Checkpoint
25-01-2013 05:00:02 Scheduled Checkpoint

**** End of log ****

#9 llmonty

llmonty
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 28 January 2013 - 09:55 PM

Fss log

Farbar Service Scanner Version: 16-01-2013
Ran by owner (administrator) on 28-01-2013 at 21:29:41
Running from "C:\Users\owner\Desktop\virus\Phase II"
Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2009-07-13 18:25] - [2009-07-13 20:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

# AdwCleaner v2.109 - Logfile created 01/28/2013 at 21:30:49
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : owner - OWNER-PC0599
# Boot Mode : Normal
# Running from : C:\Users\owner\Desktop\virus\Phase II\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [520 octets] - [28/01/2013 21:30:49]

########## EOF - C:\AdwCleaner[S1].txt - [579 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.2 (01.26.2013:2)
OS: Windows 7 Home Premium x64
Ran by owner on Mon 01/28/2013 at 21:35:29.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/28/2013 at 21:39:25.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/28/2013 09:41:17 PM in x64 mode.
Windows Version: Windows 7 Home Premium

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\owner\AppData\Local\Temp\DTVault Privacy-G\DTVP_Launcher.exe (PID: 2892) [T-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\owner\Desktop\rkill\rkill-01-28-2013-09-41-22.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-18\$f759576dc0201126cd0c66ac2d72728a\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$f759576dc0201126cd0c66ac2d72728a\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$f759576dc0201126cd0c66ac2d72728a\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$f759576dc0201126cd0c66ac2d72728a\L\00000004.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$f759576dc0201126cd0c66ac2d72728a\L\201d3dde [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$f759576dc0201126cd0c66ac2d72728a\L\76603ac3 [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$f759576dc0201126cd0c66ac2d72728a\U\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-4071513801-369943056-4252249209-1000\$f759576dc0201126cd0c66ac2d72728a\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-4071513801-369943056-4252249209-1000\$f759576dc0201126cd0c66ac2d72728a\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-4071513801-369943056-4252249209-1000\$f759576dc0201126cd0c66ac2d72728a\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-4071513801-369943056-4252249209-1000\$f759576dc0201126cd0c66ac2d72728a\U\ [ZA Dir]
* C:\Windows\assembly\GAC_32\Desktop.ini [ZA File]
* C:\Windows\assembly\GAC_64\Desktop.ini [ZA File]

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* BITS [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/28/2013 09:41:29 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "DigidesignMMERefresh" "Avid Audio MME Binder" "Avid Technology, Inc." "c:\program files (x86)\digidesign\pro tools\mmerefresh.exe"
+ "IAStorIcon" "IAStorIcon" "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe"
+ "JMB36X IDE Setup" "" "" "c:\windows\raidtool\xinside.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Lynx Tray Volume.lnk" "Lynx Tray Volume Application" "Lynx Studio Technology, Inc." "c:\program files\lynx studio technology\lynxtrayvolume.exe"
"C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Dropbox.lnk" "" "" "c:\users\owner\appdata\roaming\microsoft\windows\start menu\programs\startup\dropbox.lnk"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Spotify Web Helper" "SpotifyWebHelper" "Spotify Ltd" "c:\users\owner\appdata\roaming\spotify\data\spotifywebhelper.exe"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Mediafour MacDrive Context Menu" "MacDrive Shell Extensions" "Mediafour Corporation" "c:\program files\mediafour\macdrive 8\mdshell.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "Mediafour Mac file properties" "MacDrive file properties resources" "Mediafour Corporation" "c:\program files\common files\mediafour\macfprop.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
"HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers" "" "" ""
+ "Mediafour Mac file properties" "MacDrive file properties resources" "Mediafour Corporation" "c:\program files\common files\mediafour\macfprop.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "NvCplDesktopContext" "" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "Mediafour Mac file columns" "MacDrive file properties resources" "Mediafour Corporation" "c:\program files\common files\mediafour\macfprop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
+ "MacDrive volume icons" "MDVolumeIcons.dll" "Mediafour Corporation" "c:\program files\mediafour\macdrive 8\mdvolumeicons.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext.17.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files (x86)\bonjour\mdnsresponder.exe"
+ "DigiRefresh" "Avid Audio MME Binder" "Avid Technology, Inc." "c:\program files (x86)\digidesign\pro tools\mmerefresh.exe"
+ "digiSPTIService" "Pro Tools CD Ripping Service using SPTI" "Avid Technology, Inc." "c:\program files (x86)\digidesign\pro tools\digisptiservice.exe"
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "NMSAccess" "Allows Non-Admins to use the CDBurnerXP Application" "" "c:\program files (x86)\cdburnerxp\nmsaccessu.exe"
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvvsvc.exe"
+ "nvUpdatusService" "NVIDIA Settings Update Manager service, used to check new updates from NVIDIA server." "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe"
+ "PaceLicenseDServices" "Services for PACE Licensing Technology" "PACE Anti-Piracy, Inc." "c:\program files (x86)\common files\pace\services\licenseservices\ldsvc.exe"
+ "SandraAgentSrv" "Provides invokation services both local and remote clients. If this service is disabled, any services that explicitly depend on it will fail to start." "SiSoftware" "c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\rpcagentsrv.exe"
+ "Stereo Service" "Provides system support for NVIDIA Stereoscopic 3D driver" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "DIGIFW" "64-bit Mbox 2 Pro Driver (WDM)" "Avid Technology, Inc." "c:\windows\system32\drivers\digifw.sys"
+ "DigiNet" "Digidesign Ethernet Support" "Avid Technology, Inc." "c:\windows\system32\drivers\diginet.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "hotcore3" "A part of Paragon System Utilities" "Paragon Software Group" "c:\windows\system32\drivers\hotcore3.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "iLokDrvr" "iLok Kernel Driver" "" "c:\windows\system32\drivers\ilokdrvr.sys"
+ "JRAID" "JMicron JMB36X RAID Driver" "JMicron Technology Corp." "c:\windows\system32\drivers\jraid.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "LynxWDM" "LynxTWO/L22/AES16 WDM Driver" "Lynx Studio Technology, Inc." "c:\windows\system32\drivers\lynxv264.sys"
+ "MDFSYSNT" "MacDrive file system driver" "Mediafour Corporation" "c:\windows\system32\drivers\mdfsysnt.sys"
+ "MDPMGRNT" "MacDrive partition driver" "Mediafour Corporation" "c:\windows\system32\drivers\mdpmgrnt.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nusb3hub" "USB 3.0 Hub Driver" "NEC Electronics Corporation" "c:\windows\system32\drivers\nusb3hub.sys"
+ "nusb3xhc" "USB 3.0 Host Controller Driver" "NEC Electronics Corporation" "c:\windows\system32\drivers\nusb3xhc.sys"
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 275.33 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "SANDRA" "Sandra Device Driver (x64)(Unicode)" "SiSoftware" "c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x64\sandra.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "StarOpen" "" "" "c:\windows\system32\drivers\staropen.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "Tpkd" "64bit Tpkd Device Driver" "PACE Anti-Piracy, Inc." "c:\windows\system32\drivers\tpkd.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Cakewalk AliasFactor" "AliasFactor DLL" "" "c:\program files\cakewalk\shared plugins\aliasfactor.dll"
+ "Cakewalk AliasFactor" "AliasFactor DLL" "" "c:\program files (x86)\cakewalk\shared plugins\aliasfactor.dll"
+ "Cakewalk Amp Sim" "Cakewalk AmpSim" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\ampsim.ax"
+ "Cakewalk Amp Sim" "Cakewalk AmpSim" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\ampsim.ax"
+ "Cakewalk Classic Phaser" "Cakewalk Project5 Classic Phaser" "Twelve Tone Systems, Inc." "c:\program files\cakewalk\shared plugins\classicphaser.dll"
+ "Cakewalk Classic Phaser" "" "Twelve Tone Systems, Inc." "c:\program files (x86)\cakewalk\shared plugins\classicphaser.dll"
+ "Cakewalk Compressor/Gate" "Cakewalk Project5 Compgate" "Twelve Tone Systems, Inc." "c:\program files\cakewalk\shared plugins\compgate.dll"
+ "Cakewalk Compressor/Gate" "" "Twelve Tone Systems, Inc." "c:\program files (x86)\cakewalk\shared plugins\compgate.dll"
+ "Cakewalk FX2 Tape Sim" "Cakewalk TapeSim" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\tapesim.ax"
+ "Cakewalk FX2 Tape Sim" "Cakewalk TapeSim" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\tapesim.ax"
+ "Cakewalk FxChorus" "Cakewalk/Power Technologies Chorus" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\fxchorus.ax"
+ "Cakewalk FxDelay" "Cakewalk/Power Technologies Delay" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\fxdelay.ax"
+ "Cakewalk FxEq" "Cakewalk/Power Technologies EQ" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\fxeq.ax"
+ "Cakewalk FxFlange" "Cakewalk/Power Technologies Flange" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\fxflange.ax"
+ "Cakewalk FxReverb" "Cakewalk/Power Technologies Reverb" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\fxreverb.ax"
+ "Cakewalk HF Exciter" "Cakewalk Project5 HF Exciter" "Twelve Tone Systems, Inc." "c:\program files\cakewalk\shared plugins\hfexciter.dll"
+ "Cakewalk HF Exciter" "Cakewalk Project5 HF Exciter" "Twelve Tone Systems, Inc." "c:\program files (x86)\cakewalk\shared plugins\hfexciter.dll"
+ "Cakewalk Modfilter" "Cakewalk Project5 Modfilter" "Twelve Tone Systems, Inc." "c:\program files\cakewalk\shared plugins\modfilter.dll"
+ "Cakewalk Modfilter" "" "Twelve Tone Systems, Inc." "c:\program files (x86)\cakewalk\shared plugins\modfilter.dll"
+ "Cakewalk Multivoice Chorus/Flanger" "Cakewalk Project5 Multivoice Chorus/Flanger" "Twelve Tone Systems, Inc." "c:\program files\cakewalk\shared plugins\multivoicechorusflanger.dll"
+ "Cakewalk Multivoice Chorus/Flanger" "" "Twelve Tone Systems, Inc." "c:\program files (x86)\cakewalk\shared plugins\multivoicechorusflanger.dll"
+ "Cakewalk Para-Q" "Cakewalk Project5 Para-Q" "Twelve Tone Systems, Inc." "c:\program files\cakewalk\shared plugins\paraq.dll"
+ "Cakewalk Para-Q" "" "Twelve Tone Systems, Inc." "c:\program files (x86)\cakewalk\shared plugins\paraq.dll"
+ "Cakewalk Pitch Shifter" "CFX Pitch Shifter" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\pitch.ax"
+ "Cakewalk Pitch Shifter" "CFX Pitch Shifter" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\pitch.ax"
+ "Cakewalk Studioverb2" "" "Twelve Tone Systems, Inc." "c:\program files (x86)\cakewalk\shared plugins\studioverb2.dll"
+ "Cakewalk Tempo Delay" "Cakewalk Project5 Tempo Delay" "Twelve Tone Systems, Inc." "c:\program files\cakewalk\shared plugins\tempodelay.dll"
+ "Cakewalk Tempo Delay" "" "Twelve Tone Systems, Inc." "c:\program files (x86)\cakewalk\shared plugins\tempodelay.dll"
+ "Cakewalk Time/Pitch Stretch 2" "CFX Time/Pitch Stretch 2" "Cakewalk, Inc.." "c:\program files\cakewalk\sonar 8.5 producer\stretch.ax"
+ "Cakewalk Time/Pitch Stretch 2" "CFX Time/Pitch Stretch 2" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\sonar 8.5 producer\stretch.ax"
+ "Cakewalk Tuner" "CWTuner Plug-In" "" "c:\program files\cakewalk\shared plugins\cwtuner.dll"
+ "Cakewalk Tuner" "CWTuner Plug-In" "" "c:\program files (x86)\cakewalk\shared plugins\cwtuner.dll"
+ "Cronus" "V-Vocal" "Roland Corporation." "c:\program files\cakewalk\shared dxi\vvocal\cronus.dll"
+ "Cronus" "V-Vocal" "Roland Corporation." "c:\program files (x86)\cakewalk\shared dxi\vvocal\cronus.dll"
+ "GroovePlayer" "GroovePlayer DLL" "Cakewalk" "c:\program files\cakewalk\shared dxi\groove player\grooveplayer.dll"
+ "GroovePlayer" "GroovePlayer DLL" "Cakewalk" "c:\program files (x86)\cakewalk\shared dxi\groove player\grooveplayer.dll"
+ "Lexicon Pantheon" "Pantheon DirectX Plugin" "Lexicon" "c:\program files\cakewalk\shared plugins\pantheon.dll"
+ "Lexicon Pantheon" "Pantheon DirectX Plugin" "Lexicon" "c:\program files (x86)\cakewalk\shared plugins\pantheon.dll"
+ "Sonitus:fx Compressor" "Cakewalk Sonitus fx:compressor plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxcompressor.dll"
+ "Sonitus:fx Compressor" "Cakewalk Sonitus fx:compressor plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxcompressor.dll"
+ "Sonitus:fx Delay" "Cakewalk Sonitus fx:delay plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxdelay.dll"
+ "Sonitus:fx Delay" "Cakewalk Sonitus fx:delay plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxdelay.dll"
+ "Sonitus:fx Equalizer" "Cakewalk Sonitus fx:equalizer plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxequalizer.dll"
+ "Sonitus:fx Equalizer" "Cakewalk Sonitus fx:equalizer plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxequalizer.dll"
+ "Sonitus:fx Gate" "Cakewalk Sonitus fx:gate plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxgate.dll"
+ "Sonitus:fx Gate" "Cakewalk Sonitus fx:gate plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxgate.dll"
+ "Sonitus:fx Modulator" "Cakewalk Sonitus fx:modulator plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxmodulator.dll"
+ "Sonitus:fx Modulator" "Cakewalk Sonitus fx:modulator plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxmodulator.dll"
+ "Sonitus:fx Multiband" "Cakewalk Sonitus fx:multiband plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxmultiband.dll"
+ "Sonitus:fx Multiband" "Cakewalk Sonitus fx:multiband plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxmultiband.dll"
+ "Sonitus:fx Phase" "Cakewalk Sonitus fx:phase plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxphase.dll"
+ "Sonitus:fx Phase" "Cakewalk Sonitus fx:phase plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxphase.dll"
+ "Sonitus:fx Reverb" "Cakewalk Sonitus fx:reverb plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxreverb.dll"
+ "Sonitus:fx Reverb" "Cakewalk Sonitus fx:reverb plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxreverb.dll"
+ "Sonitus:fx Surround" "Cakewalk Sonitus fx:surround plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxsurround.dll"
+ "Sonitus:fx Surround" "Cakewalk Sonitus fx:surround plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxsurround.dll"
+ "Sonitus:fx SurroundComp" "Cakewalk Sonitus:fx Surround Compressor plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxsurroundcompressor.dll"
+ "Sonitus:fx SurroundComp" "Cakewalk Sonitus:fx Surround Compressor plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxsurroundcompressor.dll"
+ "Sonitus:fx Wahwah" "Cakewalk Sonitus fx:wahwah plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxwahwah.dll"
+ "Sonitus:fx Wahwah" "Cakewalk Sonitus fx:wahwah plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxwahwah.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Cakewalk Analyst" "Analyst DLL" "" "c:\program files\cakewalk\shared plugins\analyst.dll"
+ "Cakewalk TTS-1" "Cakewalk TTS-1 HQ Software Synthesizer" "Twelve Tone Systems Inc." "c:\program files\cakewalk\shared dxi\tts-1\tts-1.dll"
+ "Cyclone" "Cakewalk Cyclone" "Cakewalk, Inc.." "c:\program files\cakewalk\shared dxi\cyclone\cyclone.dll"
+ "Dimension Pro" "Dimension Pro Sampling Synthesizer" "Cakewalk " "c:\program files\cakewalk\dimension pro\dimension pro x64.dll"
+ "Pentagon I" "P1DXi DLL" "" "c:\program files\cakewalk\shared dxi\pentagon i\p1dxi.dll"
+ "PSYN II" "" "" "c:\program files\cakewalk\shared dxi\psynii\psyn ii.dll"
+ "Roland GrooveSynth" "GrooveSynth Software Synthesizer" "Cakewalk / Roland" "c:\program files\cakewalk\shared dxi\p5antom\p5antom.dll"
+ "Sonitus:fx Compressor" "Cakewalk Sonitus fx:compressor plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxcompressor.dll"
+ "Sonitus:fx Delay" "Cakewalk Sonitus fx:delay plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxdelay.dll"
+ "Sonitus:fx Equalizer" "Cakewalk Sonitus fx:equalizer plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxequalizer.dll"
+ "Sonitus:fx Gate" "Cakewalk Sonitus fx:gate plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxgate.dll"
+ "Sonitus:fx Modulator" "Cakewalk Sonitus fx:modulator plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxmodulator.dll"
+ "Sonitus:fx Multiband" "Cakewalk Sonitus fx:multiband plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxmultiband.dll"
+ "Sonitus:fx Phase" "Cakewalk Sonitus fx:phase plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxphase.dll"
+ "Sonitus:fx Reverb" "Cakewalk Sonitus fx:reverb plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxreverb.dll"
+ "Sonitus:fx Surround" "Cakewalk Sonitus fx:surround plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxsurround.dll"
+ "Sonitus:fx SurroundComp" "Cakewalk Sonitus:fx Surround Compressor plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxsurroundcompressor.dll"
+ "Sonitus:fx Wahwah" "Cakewalk Sonitus fx:wahwah plug-in" "Cakewalk, Inc.." "c:\program files\cakewalk\shared plugins\sonitusfxwahwah.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Cakewalk Analyst" "Analyst DLL" "" "c:\program files (x86)\cakewalk\shared plugins\analyst.dll"
+ "Cakewalk QuickTime File Writer" "QtFileWriter" "Cakewalk" "c:\program files (x86)\cakewalk\shared plugins\qtfilewriter.ax"
+ "Cakewalk QuickTime Source Filter" "QtFileInputFilter" "Cakewalk" "c:\program files (x86)\cakewalk\shared plugins\qtfileinputfilter.ax"
+ "Cakewalk TTS-1" "Cakewalk TTS-1 HQ Software Synthesizer" "Twelve Tone Systems Inc." "c:\program files (x86)\cakewalk\shared dxi\tts-1\tts-1.dll"
+ "Cyclone" "Cakewalk Cyclone" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared dxi\cyclone\cyclone.dll"
+ "Digiclock" "DigiDesign Reference Clock" "Avid Technology, Inc." "c:\program files (x86)\digidesign\pro tools\digirefclock.dll"
+ "Dimension Pro" "Dimension Pro Sampling Synthesizer" "Cakewalk " "c:\program files (x86)\cakewalk\dimension pro\dimension pro.dll"
+ "Pentagon I" "P1DXi DLL" "" "c:\program files (x86)\cakewalk\shared dxi\pentagon i\p1dxi.dll"
+ "PSYN II" "" "" "c:\program files (x86)\cakewalk\shared dxi\psynii\psyn ii.dll"
+ "Roland GrooveSynth" "GrooveSynth Software Synthesizer" "Cakewalk / Roland" "c:\program files (x86)\cakewalk\shared dxi\p5antom\p5antom.dll"
+ "RXP" "RXP Groove Player" "Cakewalk " "c:\program files (x86)\cakewalk\shared dxi\rxp\rxp.dll"
+ "Sonitus:fx Compressor" "Cakewalk Sonitus fx:compressor plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxcompressor.dll"
+ "Sonitus:fx Delay" "Cakewalk Sonitus fx:delay plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxdelay.dll"
+ "Sonitus:fx Equalizer" "Cakewalk Sonitus fx:equalizer plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxequalizer.dll"
+ "Sonitus:fx Gate" "Cakewalk Sonitus fx:gate plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxgate.dll"
+ "Sonitus:fx Modulator" "Cakewalk Sonitus fx:modulator plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxmodulator.dll"
+ "Sonitus:fx Multiband" "Cakewalk Sonitus fx:multiband plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxmultiband.dll"
+ "Sonitus:fx Phase" "Cakewalk Sonitus fx:phase plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxphase.dll"
+ "Sonitus:fx Reverb" "Cakewalk Sonitus fx:reverb plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxreverb.dll"
+ "Sonitus:fx Surround" "Cakewalk Sonitus fx:surround plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxsurround.dll"
+ "Sonitus:fx SurroundComp" "Cakewalk Sonitus:fx Surround Compressor plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxsurroundcompressor.dll"
+ "Sonitus:fx Wahwah" "Cakewalk Sonitus fx:wahwah plug-in" "Cakewalk, Inc.." "c:\program files (x86)\cakewalk\shared plugins\sonitusfxwahwah.dll"
+ "SyncReader" "Digi SyncReader" "Avid Technology, Inc." "c:\program files (x86)\digidesign\pro tools\digisyncreader.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"

Edited by llmonty, 28 January 2013 - 09:53 PM.


#10 llmonty

llmonty
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 28 January 2013 - 10:14 PM

Upon rebooting - I am getting a message that says The Recycle Bin on C:\ is corrupted. Do you want to empty the recycle bin for this drive?

I would assume yes, but haven't done it yet.

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:54 PM

Posted 28 January 2013 - 11:35 PM

Now run RKILL given in previous instructions and post the new log


Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log

Edited by narenxp, 29 January 2013 - 01:42 PM.


#12 llmonty

llmonty
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 29 January 2013 - 08:50 AM

One thing -- the Rkiller kept taking me to a download site and asking me to install adobe flash player. I don't know if that is legit. I didn't do it.


Farbar Service Scanner Version: 16-01-2013
Ran by owner (administrator) on 29-01-2013 at 08:44:45
Running from "C:\Users\owner\Desktop\virus\Phase II"
Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2009-07-13 18:25] - [2009-07-13 20:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:54 PM

Posted 29 January 2013 - 01:43 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#14 llmonty

llmonty
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 29 January 2013 - 02:24 PM

Awesome! Thank you thank you NARENXP! Incredible help!

One question -- upon reboot I am still getting the windows detected a hard disk problem. Could this be a coincidence, and a real problem with the drive, or do you believe it was related to the malware? Thoughts?

Again, brilliant help. Thank you!

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:54 PM

Posted 29 January 2013 - 03:30 PM

If this is the error you receive

Posted Image

Its time you start backing up your Harddrive.This error shows that your harddisk is failing.

Did you run CHKDSK?

Edited by narenxp, 29 January 2013 - 03:30 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users