Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware removal help consvr.dll


  • This topic is locked This topic is locked
37 replies to this topic

#1 NickPower

NickPower

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 06 March 2012 - 11:27 AM

I can not get rid of consvr.dll, I have tried awsmbr and malwarebytes. Sometime when i reboot i get the blue screen %hs missing. I have figured out hoe to fix that but when i scan again consvr.dll is still infected and I am getting redirects. PLEASE let me know what scans/logs you would like.
Thank you
Nick

I have run combofix also, if you want i can post the log.
sorry i didn't see the disclaimer.

Edited by NickPower, 06 March 2012 - 11:34 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:22 PM

Posted 06 March 2012 - 12:03 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 NickPower

NickPower
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 06 March 2012 - 12:37 PM

ComboFix 12-03-04.02 - Richard 03/06/2012 12:26:15.10.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4874 [GMT -5:00]
Running from: c:\users\Richard\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 17:30 . 2012-03-06 17:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-05 21:36 . 2009-07-14 01:41 19968 ----a-w- c:\windows\system32\wshelper.dll
2012-03-02 15:40 . 2012-03-02 16:18 -------- d-----w- c:\users\Richard\AppData\Roaming\9AEBD
2012-03-02 15:33 . 2012-03-05 22:10 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-03-02 15:33 . 2012-03-03 01:02 -------- d-----w- c:\programdata\Hitman Pro
2012-03-02 15:29 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-03-01 20:16 . 2012-03-02 16:18 -------- d-----w- c:\users\Richard\AppData\Roaming\08A9A
2012-03-01 19:34 . 2012-03-03 01:03 -------- d-----w- c:\windows\CheckSur
2012-03-01 19:26 . 2012-03-01 19:26 -------- d-----w- c:\users\Richard\AppData\Local\ElevatedDiagnostics
2012-03-01 18:37 . 2012-03-03 01:03 -------- d-----w- c:\windows\Standalone System Sweeper
2012-03-01 18:24 . 2012-03-01 18:24 -------- d-----w- c:\windows\system32\SPReview
2012-03-01 17:47 . 2012-03-01 17:47 -------- d-----w- c:\windows\system32\EventProviders
2012-02-23 12:54 . 2012-03-06 17:31 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-22 14:18 . 2012-03-03 01:02 -------- d-----w- c:\program files\DIFX
2012-02-22 13:52 . 2012-03-06 13:57 -------- d-----w- c:\programdata\PCPitstop
2012-02-21 12:48 . 2012-02-08 07:13 8643640 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59A32373-B751-448A-9569-FAD6440F352F}\mpengine.dll
2012-02-18 15:36 . 2012-02-18 15:36 414368 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-18 15:36 . 2012-02-18 15:36 -------- d-----w- c:\windows\system32\Macromed
2012-02-17 03:01 . 2012-03-03 01:02 -------- d-sh--w- c:\users\Richard\AppData\Roaming\AV Security Essentials
2012-02-17 03:01 . 2012-02-17 03:01 -------- d-sh--w- c:\programdata\AVNCGOSCKXSE
2012-02-17 03:00 . 2012-03-03 01:02 -------- d-sh--w- c:\programdata\74c2f2
2012-02-15 13:56 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 13:56 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 13:56 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 13:56 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 13:56 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 13:56 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 13:56 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 13:56 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-12 14:27 . 2012-03-03 01:02 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-12 14:26 . 2012-02-12 14:26 -------- d-----w- C:\System.sav
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 10:10 . 2010-06-22 14:00 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 20:24 . 2011-02-18 19:05 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 136176]
R3 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 23:16]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 23:16]
.
2012-02-28 c:\windows\Tasks\HPCeeScheduleForRichard.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]
"combofix"="c:\combofix\CF22278.3XE" [2009-07-14 344576]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pnarp
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 10.1.10.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-03-06 12:35:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-06 17:35
.
Pre-Run: 947,250,057,216 bytes free
Post-Run: 947,000,356,864 bytes free
.
- - End Of File - - 0BA82B9195E71A11B8608745F2632FE5

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:22 PM

Posted 06 March 2012 - 12:40 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 NickPower

NickPower
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 06 March 2012 - 12:48 PM

12:46:55.0537 1188 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
12:46:55.0818 1188 ============================================================
12:46:55.0818 1188 Current date / time: 2012/03/06 12:46:55.0818
12:46:55.0818 1188 SystemInfo:
12:46:55.0818 1188
12:46:55.0818 1188 OS Version: 6.1.7600 ServicePack: 0.0
12:46:55.0818 1188 Product type: Workstation
12:46:55.0818 1188 ComputerName: RICHARD-PC
12:46:55.0818 1188 UserName: Richard
12:46:55.0818 1188 Windows directory: C:\Windows
12:46:55.0818 1188 System windows directory: C:\Windows
12:46:55.0818 1188 Running under WOW64
12:46:55.0818 1188 Processor architecture: Intel x64
12:46:55.0818 1188 Number of processors: 4
12:46:55.0818 1188 Page size: 0x1000
12:46:55.0818 1188 Boot type: Normal boot
12:46:55.0818 1188 ============================================================
12:46:56.0722 1188 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:46:56.0738 1188 \Device\Harddisk0\DR0:
12:46:56.0738 1188 MBR used
12:46:56.0738 1188 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:46:56.0738 1188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x730FB000
12:46:56.0738 1188 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7312D800, BlocksNum 0x15D8800
12:46:56.0816 1188 Initialize success
12:46:56.0816 1188 ============================================================
12:46:57.0814 2836 ============================================================
12:46:57.0814 2836 Scan started
12:46:57.0814 2836 Mode: Manual;
12:46:57.0814 2836 ============================================================
12:46:58.0345 2836 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:46:58.0360 2836 1394ohci - ok
12:46:58.0376 2836 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:46:58.0376 2836 ACPI - ok
12:46:58.0407 2836 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:46:58.0407 2836 AcpiPmi - ok
12:46:58.0485 2836 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:46:58.0485 2836 adp94xx - ok
12:46:58.0516 2836 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:46:58.0516 2836 adpahci - ok
12:46:58.0548 2836 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:46:58.0548 2836 adpu320 - ok
12:46:58.0641 2836 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
12:46:58.0657 2836 AFD - ok
12:46:58.0672 2836 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:46:58.0672 2836 agp440 - ok
12:46:58.0719 2836 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:46:58.0719 2836 aliide - ok
12:46:58.0735 2836 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:46:58.0735 2836 amdide - ok
12:46:58.0766 2836 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:46:58.0766 2836 AmdK8 - ok
12:46:58.0813 2836 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:46:58.0813 2836 AmdPPM - ok
12:46:58.0844 2836 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
12:46:58.0844 2836 amdsata - ok
12:46:58.0891 2836 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:46:58.0891 2836 amdsbs - ok
12:46:58.0906 2836 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
12:46:58.0906 2836 amdxata - ok
12:46:58.0953 2836 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:46:58.0953 2836 AppID - ok
12:46:59.0016 2836 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:46:59.0016 2836 arc - ok
12:46:59.0047 2836 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:46:59.0047 2836 arcsas - ok
12:46:59.0062 2836 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:46:59.0062 2836 AsyncMac - ok
12:46:59.0094 2836 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:46:59.0094 2836 atapi - ok
12:46:59.0156 2836 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:46:59.0156 2836 b06bdrv - ok
12:46:59.0187 2836 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:46:59.0203 2836 b57nd60a - ok
12:46:59.0234 2836 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:46:59.0234 2836 Beep - ok
12:46:59.0281 2836 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:46:59.0281 2836 blbdrive - ok
12:46:59.0359 2836 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:46:59.0359 2836 bowser - ok
12:46:59.0390 2836 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:46:59.0390 2836 BrFiltLo - ok
12:46:59.0406 2836 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:46:59.0406 2836 BrFiltUp - ok
12:46:59.0437 2836 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:46:59.0437 2836 BridgeMP - ok
12:46:59.0468 2836 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:46:59.0484 2836 Brserid - ok
12:46:59.0499 2836 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:46:59.0499 2836 BrSerWdm - ok
12:46:59.0515 2836 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:46:59.0515 2836 BrUsbMdm - ok
12:46:59.0530 2836 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:46:59.0530 2836 BrUsbSer - ok
12:46:59.0546 2836 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:46:59.0546 2836 BTHMODEM - ok
12:46:59.0562 2836 catchme - ok
12:46:59.0624 2836 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:46:59.0624 2836 cdfs - ok
12:46:59.0655 2836 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:46:59.0655 2836 cdrom - ok
12:46:59.0702 2836 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:46:59.0702 2836 circlass - ok
12:46:59.0749 2836 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:46:59.0749 2836 CLFS - ok
12:46:59.0811 2836 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:46:59.0811 2836 CmBatt - ok
12:46:59.0827 2836 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:46:59.0827 2836 cmdide - ok
12:46:59.0889 2836 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
12:46:59.0905 2836 CNG - ok
12:46:59.0936 2836 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:46:59.0936 2836 Compbatt - ok
12:46:59.0967 2836 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:46:59.0967 2836 CompositeBus - ok
12:46:59.0998 2836 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:46:59.0998 2836 crcdisk - ok
12:47:00.0076 2836 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
12:47:00.0076 2836 DfsC - ok
12:47:00.0108 2836 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:47:00.0108 2836 discache - ok
12:47:00.0139 2836 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:47:00.0139 2836 Disk - ok
12:47:00.0201 2836 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:47:00.0201 2836 drmkaud - ok
12:47:00.0264 2836 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
12:47:00.0279 2836 DXGKrnl - ok
12:47:00.0357 2836 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:47:00.0388 2836 ebdrv - ok
12:47:00.0420 2836 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:47:00.0420 2836 elxstor - ok
12:47:00.0435 2836 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:47:00.0435 2836 ErrDev - ok
12:47:00.0451 2836 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:47:00.0451 2836 exfat - ok
12:47:00.0466 2836 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:47:00.0482 2836 fastfat - ok
12:47:00.0513 2836 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:47:00.0513 2836 fdc - ok
12:47:00.0529 2836 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:47:00.0529 2836 FileInfo - ok
12:47:00.0560 2836 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:47:00.0560 2836 Filetrace - ok
12:47:00.0576 2836 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:47:00.0576 2836 flpydisk - ok
12:47:00.0591 2836 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:47:00.0591 2836 FltMgr - ok
12:47:00.0638 2836 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:47:00.0638 2836 FsDepends - ok
12:47:00.0654 2836 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:47:00.0654 2836 Fs_Rec - ok
12:47:00.0685 2836 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:47:00.0685 2836 fvevol - ok
12:47:00.0716 2836 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:47:00.0716 2836 gagp30kx - ok
12:47:00.0778 2836 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:47:00.0778 2836 hcw85cir - ok
12:47:00.0825 2836 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:47:00.0825 2836 HDAudBus - ok
12:47:00.0841 2836 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:47:00.0841 2836 HidBatt - ok
12:47:00.0856 2836 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:47:00.0856 2836 HidBth - ok
12:47:00.0872 2836 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:47:00.0872 2836 HidIr - ok
12:47:00.0919 2836 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:47:00.0919 2836 HidUsb - ok
12:47:01.0012 2836 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:47:01.0012 2836 HpSAMD - ok
12:47:01.0075 2836 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:47:01.0075 2836 HTTP - ok
12:47:01.0106 2836 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:47:01.0106 2836 hwpolicy - ok
12:47:01.0122 2836 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:47:01.0137 2836 i8042prt - ok
12:47:01.0168 2836 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
12:47:01.0168 2836 iaStorV - ok
12:47:01.0200 2836 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:47:01.0200 2836 iirsp - ok
12:47:01.0402 2836 IntcAzAudAddService (150ac23f21dbdbf8488408ba944b0d65) C:\Windows\system32\drivers\RTKVHD64.sys
12:47:01.0434 2836 IntcAzAudAddService - ok
12:47:01.0449 2836 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:47:01.0449 2836 intelide - ok
12:47:01.0465 2836 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:47:01.0465 2836 intelppm - ok
12:47:01.0496 2836 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:47:01.0496 2836 IpFilterDriver - ok
12:47:01.0527 2836 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:47:01.0527 2836 IPMIDRV - ok
12:47:01.0527 2836 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:47:01.0543 2836 IPNAT - ok
12:47:01.0574 2836 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:47:01.0574 2836 IRENUM - ok
12:47:01.0590 2836 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:47:01.0590 2836 isapnp - ok
12:47:01.0621 2836 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:47:01.0621 2836 iScsiPrt - ok
12:47:01.0652 2836 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:47:01.0652 2836 kbdclass - ok
12:47:01.0683 2836 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:47:01.0683 2836 kbdhid - ok
12:47:01.0746 2836 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
12:47:01.0746 2836 KSecDD - ok
12:47:01.0761 2836 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
12:47:01.0761 2836 KSecPkg - ok
12:47:01.0792 2836 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:47:01.0792 2836 ksthunk - ok
12:47:01.0855 2836 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:47:01.0855 2836 lltdio - ok
12:47:01.0902 2836 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:47:01.0902 2836 LSI_FC - ok
12:47:01.0917 2836 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:47:01.0917 2836 LSI_SAS - ok
12:47:01.0948 2836 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:47:01.0948 2836 LSI_SAS2 - ok
12:47:01.0964 2836 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:47:01.0964 2836 LSI_SCSI - ok
12:47:01.0995 2836 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:47:01.0995 2836 luafv - ok
12:47:02.0026 2836 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:47:02.0042 2836 megasas - ok
12:47:02.0073 2836 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:47:02.0073 2836 MegaSR - ok
12:47:02.0089 2836 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:47:02.0089 2836 Modem - ok
12:47:02.0136 2836 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:47:02.0136 2836 monitor - ok
12:47:02.0151 2836 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:47:02.0151 2836 mouclass - ok
12:47:02.0167 2836 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:47:02.0167 2836 mouhid - ok
12:47:02.0182 2836 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:47:02.0182 2836 mountmgr - ok
12:47:02.0198 2836 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:47:02.0214 2836 mpio - ok
12:47:02.0229 2836 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:47:02.0229 2836 mpsdrv - ok
12:47:02.0276 2836 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:47:02.0276 2836 MRxDAV - ok
12:47:02.0338 2836 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:47:02.0338 2836 mrxsmb - ok
12:47:02.0354 2836 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:47:02.0370 2836 mrxsmb10 - ok
12:47:02.0385 2836 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:47:02.0401 2836 mrxsmb20 - ok
12:47:02.0416 2836 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
12:47:02.0416 2836 msahci - ok
12:47:02.0432 2836 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:47:02.0432 2836 msdsm - ok
12:47:02.0463 2836 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:47:02.0463 2836 Msfs - ok
12:47:02.0463 2836 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:47:02.0479 2836 mshidkmdf - ok
12:47:02.0494 2836 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:47:02.0494 2836 msisadrv - ok
12:47:02.0541 2836 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:47:02.0557 2836 MSKSSRV - ok
12:47:02.0713 2836 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:47:02.0744 2836 MSPCLOCK - ok
12:47:02.0744 2836 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:47:02.0760 2836 MSPQM - ok
12:47:02.0791 2836 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:47:02.0806 2836 MsRPC - ok
12:47:02.0822 2836 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:47:02.0822 2836 mssmbios - ok
12:47:02.0822 2836 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:47:02.0822 2836 MSTEE - ok
12:47:02.0853 2836 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:47:02.0853 2836 MTConfig - ok
12:47:02.0884 2836 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:47:02.0884 2836 Mup - ok
12:47:02.0916 2836 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:47:02.0931 2836 NativeWifiP - ok
12:47:02.0978 2836 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
12:47:02.0994 2836 NDIS - ok
12:47:03.0025 2836 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:47:03.0025 2836 NdisCap - ok
12:47:03.0056 2836 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:47:03.0056 2836 NdisTapi - ok
12:47:03.0056 2836 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:47:03.0056 2836 Ndisuio - ok
12:47:03.0087 2836 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:47:03.0087 2836 NdisWan - ok
12:47:03.0103 2836 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:47:03.0103 2836 NDProxy - ok
12:47:03.0118 2836 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:47:03.0118 2836 NetBIOS - ok
12:47:03.0150 2836 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:47:03.0150 2836 NetBT - ok
12:47:03.0196 2836 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:47:03.0196 2836 nfrd960 - ok
12:47:03.0228 2836 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:47:03.0228 2836 Npfs - ok
12:47:03.0243 2836 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:47:03.0243 2836 nsiproxy - ok
12:47:03.0337 2836 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
12:47:03.0352 2836 Ntfs - ok
12:47:03.0368 2836 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:47:03.0368 2836 Null - ok
12:47:03.0602 2836 nvlddmkm (1cf597c9f0745735a6c5181ecb83706e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:47:03.0649 2836 nvlddmkm - ok
12:47:03.0696 2836 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
12:47:03.0696 2836 NVNET - ok
12:47:03.0742 2836 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
12:47:03.0742 2836 nvraid - ok
12:47:03.0774 2836 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys
12:47:03.0774 2836 nvsmu - ok
12:47:03.0805 2836 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
12:47:03.0805 2836 nvstor - ok
12:47:03.0836 2836 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
12:47:03.0836 2836 nvstor64 - ok
12:47:03.0852 2836 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
12:47:03.0852 2836 nv_agp - ok
12:47:03.0883 2836 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:47:03.0883 2836 ohci1394 - ok
12:47:03.0898 2836 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:47:03.0914 2836 Parport - ok
12:47:03.0930 2836 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
12:47:03.0930 2836 partmgr - ok
12:47:03.0945 2836 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:47:03.0961 2836 pci - ok
12:47:03.0976 2836 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
12:47:03.0976 2836 pciide - ok
12:47:03.0992 2836 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:47:04.0008 2836 pcmcia - ok
12:47:04.0008 2836 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:47:04.0008 2836 pcw - ok
12:47:04.0039 2836 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:47:04.0054 2836 PEAUTH - ok
12:47:04.0132 2836 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:47:04.0132 2836 PptpMiniport - ok
12:47:04.0148 2836 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:47:04.0148 2836 Processor - ok
12:47:04.0164 2836 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
12:47:04.0164 2836 Psched - ok
12:47:04.0210 2836 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:47:04.0226 2836 ql2300 - ok
12:47:04.0242 2836 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:47:04.0242 2836 ql40xx - ok
12:47:04.0257 2836 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:47:04.0257 2836 QWAVEdrv - ok
12:47:04.0273 2836 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:47:04.0273 2836 RasAcd - ok
12:47:04.0304 2836 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:47:04.0304 2836 RasAgileVpn - ok
12:47:04.0335 2836 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:47:04.0335 2836 Rasl2tp - ok
12:47:04.0351 2836 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:47:04.0351 2836 RasPppoe - ok
12:47:04.0382 2836 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:47:04.0382 2836 RasSstp - ok
12:47:04.0398 2836 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:47:04.0413 2836 rdbss - ok
12:47:04.0429 2836 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:47:04.0429 2836 rdpbus - ok
12:47:04.0444 2836 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:47:04.0444 2836 RDPCDD - ok
12:47:04.0507 2836 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:47:04.0507 2836 RDPENCDD - ok
12:47:04.0522 2836 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:47:04.0522 2836 RDPREFMP - ok
12:47:04.0554 2836 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
12:47:04.0554 2836 RDPWD - ok
12:47:04.0585 2836 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
12:47:04.0585 2836 rdyboost - ok
12:47:04.0647 2836 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:47:04.0647 2836 rspndr - ok
12:47:04.0678 2836 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:47:04.0678 2836 sbp2port - ok
12:47:04.0694 2836 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:47:04.0694 2836 scfilter - ok
12:47:04.0741 2836 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:47:04.0741 2836 secdrv - ok
12:47:04.0772 2836 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:47:04.0772 2836 Serenum - ok
12:47:04.0803 2836 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:47:04.0803 2836 Serial - ok
12:47:04.0819 2836 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:47:04.0819 2836 sermouse - ok
12:47:04.0866 2836 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:47:04.0866 2836 sffdisk - ok
12:47:04.0881 2836 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:47:04.0881 2836 sffp_mmc - ok
12:47:04.0897 2836 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:47:04.0897 2836 sffp_sd - ok
12:47:04.0928 2836 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:47:04.0928 2836 sfloppy - ok
12:47:04.0975 2836 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:47:04.0975 2836 SiSRaid2 - ok
12:47:04.0990 2836 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:47:05.0006 2836 SiSRaid4 - ok
12:47:05.0037 2836 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:47:05.0037 2836 Smb - ok
12:47:05.0068 2836 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:47:05.0068 2836 spldr - ok
12:47:05.0131 2836 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
12:47:05.0146 2836 srv - ok
12:47:05.0162 2836 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
12:47:05.0162 2836 srv2 - ok
12:47:05.0224 2836 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
12:47:05.0224 2836 srvnet - ok
12:47:05.0271 2836 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:47:05.0271 2836 stexstor - ok
12:47:05.0302 2836 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:47:05.0302 2836 swenum - ok
12:47:05.0427 2836 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
12:47:05.0458 2836 Tcpip - ok
12:47:05.0505 2836 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
12:47:05.0521 2836 TCPIP6 - ok
12:47:05.0536 2836 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:47:05.0536 2836 tcpipreg - ok
12:47:05.0568 2836 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:47:05.0568 2836 TDPIPE - ok
12:47:05.0583 2836 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:47:05.0583 2836 TDTCP - ok
12:47:05.0614 2836 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
12:47:05.0614 2836 tdx - ok
12:47:05.0630 2836 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
12:47:05.0630 2836 TermDD - ok
12:47:05.0677 2836 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:47:05.0677 2836 tssecsrv - ok
12:47:05.0724 2836 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
12:47:05.0724 2836 tunnel - ok
12:47:05.0755 2836 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:47:05.0755 2836 uagp35 - ok
12:47:05.0786 2836 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
12:47:05.0786 2836 udfs - ok
12:47:05.0833 2836 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:47:05.0833 2836 uliagpkx - ok
12:47:05.0864 2836 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
12:47:05.0864 2836 umbus - ok
12:47:05.0880 2836 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:47:05.0880 2836 UmPass - ok
12:47:05.0926 2836 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
12:47:05.0926 2836 usbccgp - ok
12:47:05.0958 2836 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
12:47:05.0958 2836 usbcir - ok
12:47:06.0020 2836 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
12:47:06.0020 2836 usbehci - ok
12:47:06.0036 2836 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
12:47:06.0051 2836 usbhub - ok
12:47:06.0114 2836 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
12:47:06.0114 2836 usbohci - ok
12:47:06.0160 2836 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:47:06.0160 2836 usbprint - ok
12:47:06.0192 2836 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:47:06.0192 2836 usbscan - ok
12:47:06.0223 2836 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:47:06.0238 2836 USBSTOR - ok
12:47:06.0285 2836 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
12:47:06.0285 2836 usbuhci - ok
12:47:06.0332 2836 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:47:06.0332 2836 vdrvroot - ok
12:47:06.0363 2836 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:47:06.0363 2836 vga - ok
12:47:06.0379 2836 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:47:06.0394 2836 VgaSave - ok
12:47:06.0410 2836 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
12:47:06.0410 2836 vhdmp - ok
12:47:06.0441 2836 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
12:47:06.0441 2836 viaide - ok
12:47:06.0457 2836 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
12:47:06.0457 2836 volmgr - ok
12:47:06.0472 2836 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
12:47:06.0472 2836 volmgrx - ok
12:47:06.0504 2836 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
12:47:06.0504 2836 volsnap - ok
12:47:06.0535 2836 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:47:06.0535 2836 vsmraid - ok
12:47:06.0566 2836 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:47:06.0566 2836 vwifibus - ok
12:47:06.0597 2836 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:47:06.0597 2836 WacomPen - ok
12:47:06.0628 2836 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:47:06.0644 2836 WANARP - ok
12:47:06.0660 2836 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:47:06.0660 2836 Wanarpv6 - ok
12:47:06.0722 2836 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:47:06.0722 2836 Wd - ok
12:47:06.0738 2836 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:47:06.0753 2836 Wdf01000 - ok
12:47:06.0784 2836 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:47:06.0784 2836 WfpLwf - ok
12:47:06.0800 2836 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:47:06.0816 2836 WIMMount - ok
12:47:06.0847 2836 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:47:06.0847 2836 WmiAcpi - ok
12:47:06.0894 2836 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:47:06.0894 2836 ws2ifsl - ok
12:47:06.0925 2836 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
12:47:06.0925 2836 WudfPf - ok
12:47:06.0940 2836 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:47:06.0940 2836 WUDFRd - ok
12:47:06.0956 2836 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:47:07.0034 2836 \Device\Harddisk0\DR0 - ok
12:47:07.0034 2836 Boot (0x1200) (d0188df8e40ec8a2049dece568da186a) \Device\Harddisk0\DR0\Partition0
12:47:07.0034 2836 \Device\Harddisk0\DR0\Partition0 - ok
12:47:07.0050 2836 Boot (0x1200) (58bbf9623683b1c618c443fb80be7754) \Device\Harddisk0\DR0\Partition1
12:47:07.0065 2836 \Device\Harddisk0\DR0\Partition1 - ok
12:47:07.0096 2836 Boot (0x1200) (ff14ca2e45d9ee355902cdedc4b79850) \Device\Harddisk0\DR0\Partition2
12:47:07.0096 2836 \Device\Harddisk0\DR0\Partition2 - ok
12:47:07.0096 2836 ============================================================
12:47:07.0096 2836 Scan finished
12:47:07.0096 2836 ============================================================
12:47:07.0112 1800 Detected object count: 0
12:47:07.0112 1800 Actual detected object count: 0
12:47:13.0336 2400 Deinitialize success

#6 NickPower

NickPower
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 06 March 2012 - 12:49 PM

aswmbr running now

#7 NickPower

NickPower
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 06 March 2012 - 12:56 PM

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-06 12:47:26
-----------------------------
12:47:26.937 OS Version: Windows x64 6.1.7600
12:47:26.937 Number of processors: 4 586 0x502
12:47:26.937 ComputerName: RICHARD-PC UserName: Richard
12:47:28.169 Initialize success
12:49:35.247 AVAST engine defs: 12030600
12:49:39.553 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054
12:49:39.553 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
12:49:39.568 Disk 0 MBR read successfully
12:49:39.584 Disk 0 MBR scan
12:49:39.584 Disk 0 Windows 7 default MBR code
12:49:39.600 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:49:39.600 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942582 MB offset 206848
12:49:39.646 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11185 MB offset 1930614784
12:49:39.709 Disk 0 scanning C:\Windows\system32\drivers
12:49:50.036 Service scanning
12:50:07.352 Modules scanning
12:50:07.368 Disk 0 trace - called modules:
12:50:07.399 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
12:50:07.414 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e39060]
12:50:07.430 3 CLASSPNP.SYS[fffff880018af43f] -> nt!IofCallDriver -> [0xfffffa80059f7e40]
12:50:07.446 5 ACPI.sys[fffff88000f3c781] -> nt!IofCallDriver -> \Device\00000054[0xfffffa80058e9520]
12:50:09.364 AVAST engine scan C:\Windows
12:50:12.360 AVAST engine scan C:\Windows\system32
12:52:47.408 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
12:52:47.470 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
12:52:48.562 AVAST engine scan C:\Windows\system32\drivers
12:53:03.273 AVAST engine scan C:\Users\Richard
12:53:20.995 Disk 0 MBR has been saved successfully to "C:\Users\Richard\Desktop\MBR.dat"
12:53:21.010 The log file has been saved successfully to "C:\Users\Richard\Desktop\aswMBR.txt"
12:54:10.848 AVAST engine scan C:\ProgramData
12:54:46.494 Scan finished successfully
12:55:09.472 Disk 0 MBR has been saved successfully to "C:\Users\Richard\Desktop\MBR.dat"
12:55:09.488 The log file has been saved successfully to "C:\Users\Richard\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:22 PM

Posted 06 March 2012 - 02:51 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
C:\Windows\assembly\temp\U

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 NickPower

NickPower
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 06 March 2012 - 03:02 PM

The machine is rebooting now. Some of the problems I have been having are redirects and updates not installing. My prior attempts of repairing left me at a blue screen c00000135 %hs missing. I found that i could edit the registry at HKLM\System\control setX\control\seasion manager\sub system\windows, replace consrv with winsrv and get it to boot again.

#10 NickPower

NickPower
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 06 March 2012 - 03:05 PM

ComboFix 12-03-04.02 - Richard 03/06/2012 14:55:05.11.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.5126 [GMT -5:00]
Running from: c:\users\Richard\Desktop\ComboFix.exe
Command switches used :: c:\users\Richard\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\U
c:\windows\assembly\temp\U\00000001.@
c:\windows\assembly\temp\U\00000002.@
c:\windows\assembly\temp\U\00000004.@
c:\windows\assembly\temp\U\000000c0.@
c:\windows\assembly\temp\U\000000cb.@
c:\windows\assembly\temp\U\000000cf.@
c:\windows\assembly\temp\U\80000000.@
c:\windows\assembly\temp\U\80000004.@
c:\windows\assembly\temp\U\80000032.@
c:\windows\assembly\temp\U\80000064.@
c:\windows\assembly\temp\U\800000c0.@
c:\windows\assembly\temp\U\800000cb.@
c:\windows\assembly\temp\U\800000cf.@
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 19:58 . 2012-03-06 19:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-05 21:36 . 2009-07-14 01:41 19968 ----a-w- c:\windows\system32\wshelper.dll
2012-03-02 15:40 . 2012-03-02 16:18 -------- d-----w- c:\users\Richard\AppData\Roaming\9AEBD
2012-03-02 15:33 . 2012-03-05 22:10 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-03-02 15:33 . 2012-03-03 01:02 -------- d-----w- c:\programdata\Hitman Pro
2012-03-02 15:29 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-03-01 20:16 . 2012-03-02 16:18 -------- d-----w- c:\users\Richard\AppData\Roaming\08A9A
2012-03-01 19:34 . 2012-03-03 01:03 -------- d-----w- c:\windows\CheckSur
2012-03-01 19:26 . 2012-03-01 19:26 -------- d-----w- c:\users\Richard\AppData\Local\ElevatedDiagnostics
2012-03-01 18:37 . 2012-03-03 01:03 -------- d-----w- c:\windows\Standalone System Sweeper
2012-03-01 18:24 . 2012-03-01 18:24 -------- d-----w- c:\windows\system32\SPReview
2012-03-01 17:47 . 2012-03-01 17:47 -------- d-----w- c:\windows\system32\EventProviders
2012-02-23 12:54 . 2012-03-06 19:59 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-22 14:18 . 2012-03-03 01:02 -------- d-----w- c:\program files\DIFX
2012-02-22 13:52 . 2012-03-06 13:57 -------- d-----w- c:\programdata\PCPitstop
2012-02-21 12:48 . 2012-02-08 07:13 8643640 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59A32373-B751-448A-9569-FAD6440F352F}\mpengine.dll
2012-02-18 15:36 . 2012-02-18 15:36 414368 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-18 15:36 . 2012-02-18 15:36 -------- d-----w- c:\windows\system32\Macromed
2012-02-17 03:01 . 2012-03-03 01:02 -------- d-sh--w- c:\users\Richard\AppData\Roaming\AV Security Essentials
2012-02-17 03:01 . 2012-02-17 03:01 -------- d-sh--w- c:\programdata\AVNCGOSCKXSE
2012-02-17 03:00 . 2012-03-03 01:02 -------- d-sh--w- c:\programdata\74c2f2
2012-02-15 13:56 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 13:56 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 13:56 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 13:56 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 13:56 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 13:56 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 13:56 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 13:56 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-12 14:27 . 2012-03-03 01:02 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-12 14:26 . 2012-02-12 14:26 -------- d-----w- C:\System.sav
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 10:10 . 2010-06-22 14:00 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 20:24 . 2011-02-18 19:05 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-06_17.31.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-22 13:31 . 2012-03-06 18:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-22 13:31 . 2012-03-06 17:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-22 13:31 . 2012-03-06 17:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-22 13:31 . 2012-03-06 18:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-06 17:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-06 18:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-06 17:31 . 2012-03-06 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-06 19:58 . 2012-03-06 19:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-06 17:31 . 2012-03-06 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-06 19:58 . 2012-03-06 19:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-03-06 17:28 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-06 17:41 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-06 17:28 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-06 17:41 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36 . 2012-03-06 17:26 636544 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-06 17:38 636544 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-06 17:26 110724 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-06 17:38 110724 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-06 17:30 334648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-06 19:58 334648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-03-06 17:28 2244608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-06 17:41 2244608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 02:34 . 2012-03-06 18:46 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-03-06 17:26 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 136176]
R3 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 23:16]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 23:16]
.
2012-02-28 c:\windows\Tasks\HPCeeScheduleForRichard.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]
"combofix"="c:\combofix\CF18596.3XE" [2009-07-14 344576]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pnarp
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 10.1.10.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-03-06 15:03:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-06 20:03
ComboFix2.txt 2012-03-06 17:35
.
Pre-Run: 946,604,380,160 bytes free
Post-Run: 946,665,787,392 bytes free
.
- - End Of File - - 8F569AA760CD47FF7443B6F2316494E0

whats next doc

#11 NickPower

NickPower
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 06 March 2012 - 03:19 PM

i just ran aswmbr again, so far i see consvr.dll infection is back. Would you like the log?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:22 PM

Posted 06 March 2012 - 05:14 PM

yes i want to see that report now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 NickPower

NickPower
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 07 March 2012 - 08:34 AM

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-06 15:14:03
-----------------------------
15:14:03.952 OS Version: Windows x64 6.1.7600
15:14:03.952 Number of processors: 4 586 0x502
15:14:03.968 ComputerName: RICHARD-PC UserName: Richard
15:14:05.169 Initialize success
15:15:21.666 AVAST engine defs: 12030600
15:17:01.194 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054
15:17:01.210 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
15:17:01.226 Disk 0 MBR read successfully
15:17:01.226 Disk 0 MBR scan
15:17:01.226 Disk 0 Windows 7 default MBR code
15:17:01.241 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:17:01.257 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942582 MB offset 206848
15:17:01.304 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11185 MB offset 1930614784
15:17:01.366 Disk 0 scanning C:\Windows\system32\drivers
15:17:10.617 Service scanning
15:17:27.090 Modules scanning
15:17:27.106 Disk 0 trace - called modules:
15:17:27.122 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
15:17:27.137 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005d58060]
15:17:27.137 3 CLASSPNP.SYS[fffff8800192143f] -> nt!IofCallDriver -> [0xfffffa8006242e40]
15:17:27.153 5 ACPI.sys[fffff88000ed7781] -> nt!IofCallDriver -> \Device\00000054[0xfffffa80058988e0]
15:17:28.526 AVAST engine scan C:\Windows
15:17:31.412 AVAST engine scan C:\Windows\system32
15:17:42.254 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
15:19:13.498 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
15:19:15.651 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
15:20:12.076 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
15:20:12.154 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
15:20:13.308 AVAST engine scan C:\Windows\system32\drivers
15:20:30.593 AVAST engine scan C:\Users\Richard
15:21:36.722 AVAST engine scan C:\ProgramData
15:22:12.695 Scan finished successfully
15:24:07.511 Disk 0 MBR has been saved successfully to "C:\Users\Richard\Desktop\MBR.dat"
15:24:07.511 The log file has been saved successfully to "C:\Users\Richard\Desktop\aswMBR2.txt"

Edited by NickPower, 07 March 2012 - 08:35 AM.


#14 NickPower

NickPower
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 07 March 2012 - 08:37 AM

I know I broke the rules a little but I tried a combofix script myself

ClearJavaCache::

KillAll::
C:\Windows\system32\consrv.dll
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\temp\U\80000004.@
C:\Windows\assembly\temp\U\80000032.@

Folder::
C:\Windows\assembly\temp\U

#15 NickPower

NickPower
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 07 March 2012 - 08:40 AM

HERE IS THE LOG

ComboFix 12-03-04.02 - Richard 03/06/2012 14:55:05.11.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.5126 [GMT -5:00]
Running from: c:\users\Richard\Desktop\ComboFix.exe
Command switches used :: c:\users\Richard\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\U
c:\windows\assembly\temp\U\00000001.@
c:\windows\assembly\temp\U\00000002.@
c:\windows\assembly\temp\U\00000004.@
c:\windows\assembly\temp\U\000000c0.@
c:\windows\assembly\temp\U\000000cb.@
c:\windows\assembly\temp\U\000000cf.@
c:\windows\assembly\temp\U\80000000.@
c:\windows\assembly\temp\U\80000004.@
c:\windows\assembly\temp\U\80000032.@
c:\windows\assembly\temp\U\80000064.@
c:\windows\assembly\temp\U\800000c0.@
c:\windows\assembly\temp\U\800000cb.@
c:\windows\assembly\temp\U\800000cf.@
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 19:58 . 2012-03-06 19:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-05 21:36 . 2009-07-14 01:41 19968 ----a-w- c:\windows\system32\wshelper.dll
2012-03-02 15:40 . 2012-03-02 16:18 -------- d-----w- c:\users\Richard\AppData\Roaming\9AEBD
2012-03-02 15:33 . 2012-03-05 22:10 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-03-02 15:33 . 2012-03-03 01:02 -------- d-----w- c:\programdata\Hitman Pro
2012-03-02 15:29 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-03-01 20:16 . 2012-03-02 16:18 -------- d-----w- c:\users\Richard\AppData\Roaming\08A9A
2012-03-01 19:34 . 2012-03-03 01:03 -------- d-----w- c:\windows\CheckSur
2012-03-01 19:26 . 2012-03-01 19:26 -------- d-----w- c:\users\Richard\AppData\Local\ElevatedDiagnostics
2012-03-01 18:37 . 2012-03-03 01:03 -------- d-----w- c:\windows\Standalone System Sweeper
2012-03-01 18:24 . 2012-03-01 18:24 -------- d-----w- c:\windows\system32\SPReview
2012-03-01 17:47 . 2012-03-01 17:47 -------- d-----w- c:\windows\system32\EventProviders
2012-02-23 12:54 . 2012-03-06 19:59 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-22 14:18 . 2012-03-03 01:02 -------- d-----w- c:\program files\DIFX
2012-02-22 13:52 . 2012-03-06 13:57 -------- d-----w- c:\programdata\PCPitstop
2012-02-21 12:48 . 2012-02-08 07:13 8643640 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59A32373-B751-448A-9569-FAD6440F352F}\mpengine.dll
2012-02-18 15:36 . 2012-02-18 15:36 414368 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-18 15:36 . 2012-02-18 15:36 -------- d-----w- c:\windows\system32\Macromed
2012-02-17 03:01 . 2012-03-03 01:02 -------- d-sh--w- c:\users\Richard\AppData\Roaming\AV Security Essentials
2012-02-17 03:01 . 2012-02-17 03:01 -------- d-sh--w- c:\programdata\AVNCGOSCKXSE
2012-02-17 03:00 . 2012-03-03 01:02 -------- d-sh--w- c:\programdata\74c2f2
2012-02-15 13:56 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 13:56 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 13:56 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 13:56 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 13:56 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 13:56 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 13:56 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 13:56 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-12 14:27 . 2012-03-03 01:02 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-12 14:26 . 2012-02-12 14:26 -------- d-----w- C:\System.sav
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 10:10 . 2010-06-22 14:00 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 20:24 . 2011-02-18 19:05 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-06_17.31.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-22 13:31 . 2012-03-06 18:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-22 13:31 . 2012-03-06 17:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-22 13:31 . 2012-03-06 17:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-22 13:31 . 2012-03-06 18:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-06 17:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-06 18:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-06 17:31 . 2012-03-06 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-06 19:58 . 2012-03-06 19:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-06 17:31 . 2012-03-06 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-06 19:58 . 2012-03-06 19:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-03-06 17:28 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-06 17:41 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-06 17:28 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-06 17:41 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36 . 2012-03-06 17:26 636544 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-06 17:38 636544 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-06 17:26 110724 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-06 17:38 110724 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-06 17:30 334648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-06 19:58 334648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-03-06 17:28 2244608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-06 17:41 2244608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 02:34 . 2012-03-06 18:46 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-03-06 17:26 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 136176]
R3 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 23:16]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 23:16]
.
2012-02-28 c:\windows\Tasks\HPCeeScheduleForRichard.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]
"combofix"="c:\combofix\CF18596.3XE" [2009-07-14 344576]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pnarp
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 10.1.10.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-03-06 15:03:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-06 20:03
ComboFix2.txt 2012-03-06 17:35
.
Pre-Run: 946,604,380,160 bytes free
Post-Run: 946,665,787,392 bytes free
.
- - End Of File - - 8F569AA760CD47FF7443B6F2316494E0

upon the reboot for this run I booted from cd and repaired the MBR, just in case




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users