Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A device attached to the system is not functioning- Sirefef


  • This topic is locked This topic is locked
23 replies to this topic

#1 Kimota

Kimota

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 06 November 2012 - 01:53 PM

I had a system that was infected with Sirefef.AB and Sirefef.P. I removed (it seems) the infection using Combofix, but now I'm getting an error message for certain functions stating 'A device attached to the system is not functioning'. This is a Widows 7 PC. The DDS log is below and attached. Any assistance is greatly appreciated.

DDS (Ver_2012-11-05.02) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by serveradmin at 12:36:30 on 2012-11-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2251 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Users\cbpope\AppData\Local\Sage\SlxDesktopManager.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: QGate Add-on for SalesLogix Web: {09de5c80-1610-3f65-920f-a13410a1944e} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Client Access Service] "C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.6 192.168.1.252
TCP: Interfaces\{CC54FD8B-0212-4B2F-ADF8-9E9B971D9082} : DHCPNameServer = 192.168.1.6 192.168.1.252
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 228768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-8-26 55856]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-9 173568]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-10-19 375728]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-8-24 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-11-5 72216]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-26 317440]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-26 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown oqcwkrqs;oqcwkrqs; [x]
SUnknown oxiorhhm;oxiorhhm; [x]
SUnknown qdisxhqg;qdisxhqg; [x]
SUnknown qgxrxtzh;qgxrxtzh; [x]
SUnknown sgdkbych;sgdkbych; [x]
SUnknown ycvtkejn;ycvtkejn; [x]
SUnknown zqxvingi;zqxvingi; [x]
.
=============== Created Last 30 ================
.
2012-11-06 17:48:37 388096 ----a-r- C:\Users\serveradmin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-06 17:48:36 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-11-06 12:22:30 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-06 04:11:01 256000 ----a-w- C:\Windows\PEV.exe
2012-11-06 04:11:01 208896 ----a-w- C:\Windows\MBR.exe
2012-11-06 04:11:00 98816 ----a-w- C:\Windows\sed.exe
2012-11-06 04:08:56 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD67C298-49AD-477B-BC4D-56A60F49D27D}\offreg.dll
2012-11-06 03:54:39 -------- d-----w- C:\LogicNet
2012-11-06 03:29:49 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD67C298-49AD-477B-BC4D-56A60F49D27D}\mpengine.dll
2012-11-06 03:29:35 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-06 03:29:24 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-11-06 03:27:46 -------- d-----w- C:\Users\serveradmin\AppData\Roaming\Malwarebytes
2012-11-06 03:27:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-05 17:39:45 60328 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll
2012-11-05 17:39:45 35240 ----a-w- C:\Windows\System32\LMIport.dll
2012-11-05 17:39:44 88008 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-11-05 17:39:44 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys
2012-11-05 17:39:41 83880 ----a-w- C:\Windows\System32\LMIinit.dll
2012-11-05 17:39:36 -------- d-----w- C:\ProgramData\LogMeIn
2012-11-05 17:39:26 -------- d-----w- C:\Program Files (x86)\LogMeIn
2012-11-05 13:21:11 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
2012-10-31 12:00:34 -------- d-----w- C:\Firefox
2012-10-31 11:50:27 -------- d-----w- C:\ProgramData\Ask
2012-10-29 20:03:15 9575864 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-10-29 19:11:55 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-10-29 19:06:34 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-10-29 20:03:18 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-24 20:32:24 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-24 20:32:20 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-31 04:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 04:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-24 20:41:16 35616 ----a-w- C:\Windows\System32\lmimirr.dll
2012-08-24 20:41:16 14624 ----a-w- C:\Windows\System32\lmimirr2.dll
2012-08-24 20:41:16 11552 ----a-w- C:\Windows\System32\drivers\lmimirr.sys
.
============= FINISH: 12:36:46.60 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 11 November 2012 - 01:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/474327 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Kimota

Kimota
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 11 November 2012 - 09:13 PM

I do still need assistance with this problem. I had a system that was infected with Sirefef.AB and Sirefef.P. I removed (it seems) the infection using Combofix, but now I'm getting an error message for certain functions stating 'A device attached to the system is not functioning'. This is a Windows 7 Professional x64 PC, and I do have access to the original media. The DDS log is below and attached. Any assistance is greatly appreciated.

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by serveradmin at 20:10:24 on 2012-11-11
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2248 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Users\cbpope\AppData\Local\Sage\SlxDesktopManager.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: QGate Add-on for SalesLogix Web: {09de5c80-1610-3f65-920f-a13410a1944e} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Client Access Service] "C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.6 192.168.1.252
TCP: Interfaces\{CC54FD8B-0212-4B2F-ADF8-9E9B971D9082} : DHCPNameServer = 192.168.1.6 192.168.1.252
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 228768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-8-26 55856]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-9 173568]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-10-19 375728]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-8-24 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-11-5 72216]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-26 317440]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-26 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown oqcwkrqs;oqcwkrqs; [x]
SUnknown oxiorhhm;oxiorhhm; [x]
SUnknown qdisxhqg;qdisxhqg; [x]
SUnknown qgxrxtzh;qgxrxtzh; [x]
SUnknown sgdkbych;sgdkbych; [x]
SUnknown ycvtkejn;ycvtkejn; [x]
SUnknown zqxvingi;zqxvingi; [x]
.
=============== Created Last 30 ================
.
2012-11-06 18:44:34 -------- d-----w- C:\Users\serveradmin\AppData\Local\Apps
2012-11-06 17:48:37 388096 ----a-r- C:\Users\serveradmin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-06 17:48:36 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-11-06 12:22:30 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-06 04:11:01 256000 ----a-w- C:\Windows\PEV.exe
2012-11-06 04:11:01 208896 ----a-w- C:\Windows\MBR.exe
2012-11-06 04:11:00 98816 ----a-w- C:\Windows\sed.exe
2012-11-06 04:08:56 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD67C298-49AD-477B-BC4D-56A60F49D27D}\offreg.dll
2012-11-06 03:54:39 -------- d-----w- C:\LogicNet
2012-11-06 03:29:49 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD67C298-49AD-477B-BC4D-56A60F49D27D}\mpengine.dll
2012-11-06 03:29:35 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-06 03:29:24 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-11-06 03:27:46 -------- d-----w- C:\Users\serveradmin\AppData\Roaming\Malwarebytes
2012-11-06 03:27:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-05 17:39:45 60328 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll
2012-11-05 17:39:45 35240 ----a-w- C:\Windows\System32\LMIport.dll
2012-11-05 17:39:44 88008 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-11-05 17:39:44 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys
2012-11-05 17:39:41 83880 ----a-w- C:\Windows\System32\LMIinit.dll
2012-11-05 17:39:36 -------- d-----w- C:\ProgramData\LogMeIn
2012-11-05 17:39:26 -------- d-----w- C:\Program Files (x86)\LogMeIn
2012-11-05 13:21:11 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
2012-10-31 12:00:34 -------- d-----w- C:\Firefox
2012-10-31 11:50:27 -------- d-----w- C:\ProgramData\Ask
2012-10-29 20:03:15 9575864 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-10-29 19:11:55 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-10-29 19:06:34 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-10-29 20:03:18 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-24 20:32:24 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-24 20:32:20 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-31 04:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 04:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-24 20:41:16 35616 ----a-w- C:\Windows\System32\lmimirr.dll
2012-08-24 20:41:16 14624 ----a-w- C:\Windows\System32\lmimirr2.dll
2012-08-24 20:41:16 11552 ----a-w- C:\Windows\System32\drivers\lmimirr.sys
.
============= FINISH: 20:10:31.46 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 AM

Posted 13 November 2012 - 12:11 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Kimota

Kimota
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 13 November 2012 - 12:54 PM

Thank you for your assistance. The requested logs are below.

Security Check Log:

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 37
Java version out of Date!
Adobe Reader X 10.1.1 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

AdwCleaner Log:

# AdwCleaner v2.007 - Logfile created 11/13/2012 at 11:47:29
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : serveradmin - 93JJ0R1
# Boot Mode : Normal
# Running from : C:\Users\serveradmin\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Ask

***** [Registry] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [682 octets] - [13/11/2012 11:47:29]

########## EOF - C:\AdwCleaner[S1].txt - [741 octets] ##########

RogueKiller Log:

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : serveradmin [Admin rights]
Mode : Remove -- Date : 11/13/2012 11:53:14

Bad processes : 0

Registry Entries : 5
[STARTUP][SUSP PATH] SalesLogix Desktop Manager.lnk @cbpope : C:\Users\cbpope\AppData\Local\Sage\SlxDesktopManager.exe -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: ST3250312AS ATA Device +++++
--- User ---
[MBR] 025568d198e85768fb74d9ba80d3790b
[BSP] 908f605fedfa147180f041da9a5ade37 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15038 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30879744 | Size: 223396 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11132012_02d1153.txt >>
RKreport[1]_S_11132012_02d1152.txt ; RKreport[2]_D_11132012_02d1153.txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 AM

Posted 13 November 2012 - 01:02 PM

Hello Kimota

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 AM

Posted 16 November 2012 - 09:20 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 AM

Posted 18 November 2012 - 11:48 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Kimota

Kimota
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 19 November 2012 - 11:01 AM

I apologize- I somehow missed your last two responses in my email. I am running Combofix this morning and will post the logs shortly.

#10 Kimota

Kimota
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 19 November 2012 - 11:58 AM

Combofix log:

ComboFix 12-11-16.02 - serveradmin 11/19/2012 10:47:32.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2689 [GMT -6:00]
Running from: c:\downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 )))))))))))))))))))))))))))))))
.
.
2012-11-19 16:51 . 2012-11-19 16:51 -------- d-----w- c:\users\setup1\AppData\Local\temp
2012-11-19 16:51 . 2012-11-19 16:51 -------- d-----w- c:\users\setup\AppData\Local\temp
2012-11-19 16:51 . 2012-11-19 16:51 -------- d-----w- c:\users\matthen\AppData\Local\temp
2012-11-19 16:51 . 2012-11-19 16:51 -------- d-----w- c:\users\drhager\AppData\Local\temp
2012-11-19 16:51 . 2012-11-19 16:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-19 16:51 . 2012-11-19 16:51 -------- d-----w- c:\users\cbpope\AppData\Local\temp
2012-11-19 16:45 . 2012-11-19 16:45 -------- d-----w- C:\Downloads
2012-11-19 08:29 . 2012-11-19 08:29 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97475DF2-927A-4A1D-857F-63CC8321FAB3}\offreg.dll
2012-11-19 08:28 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97475DF2-927A-4A1D-857F-63CC8321FAB3}\mpengine.dll
2012-11-18 17:59 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-13 17:59 . 2012-08-07 22:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCCCD483-A19C-4541-8726-A8D9F99541A6}\gapaengine.dll
2012-11-12 04:22 . 2012-08-07 22:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C08E0389-7D5B-4E2E-8C18-8A329D697252}\gapaengine.dll
2012-11-06 17:48 . 2012-11-06 17:48 -------- d-----w- c:\program files (x86)\Trend Micro
2012-11-06 03:54 . 2012-11-06 18:37 -------- d-----w- C:\LogicNet
2012-11-06 03:29 . 2012-11-06 03:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-11-06 03:27 . 2012-11-06 03:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-06 03:22 . 2012-11-06 03:22 -------- d-----w- c:\users\serveradmin
2012-11-05 17:39 . 2012-11-05 17:39 -------- d-----w- c:\users\cbpope\AppData\Local\LogMeIn
2012-11-05 17:39 . 2012-10-20 00:10 60328 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2012-11-05 17:39 . 2012-10-20 00:10 35240 ----a-w- c:\windows\system32\LMIport.dll
2012-11-05 17:39 . 2012-10-20 00:11 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-05 17:39 . 2012-08-24 20:41 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-11-05 17:39 . 2012-10-20 00:10 83880 ----a-w- c:\windows\system32\LMIinit.dll
2012-11-05 17:39 . 2012-11-19 15:54 -------- d-----w- c:\programdata\LogMeIn
2012-11-05 17:39 . 2012-11-05 17:39 -------- d-----w- c:\program files (x86)\LogMeIn
2012-11-05 13:21 . 2012-11-05 13:21 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2012-10-31 12:00 . 2012-11-06 03:26 -------- d-----w- C:\Firefox
2012-10-31 11:50 . 2012-10-31 11:50 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-31 11:49 . 2012-10-31 11:49 -------- d-----w- c:\programdata\McAfee
2012-10-29 20:03 . 2012-10-29 20:03 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-29 19:11 . 2012-10-29 19:11 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-10-29 19:06 . 2012-11-13 17:52 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-29 19:06 . 2012-10-29 19:06 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-13 17:52 . 2011-08-27 03:39 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 01:54 . 2011-12-16 13:58 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 20:32 . 2012-05-16 13:23 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 20:32 . 2011-08-27 03:48 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 04:03 . 2011-04-27 21:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-31 04:03 . 2011-04-18 19:18 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-24 20:41 . 2012-08-24 20:41 35616 ----a-w- c:\windows\system32\lmimirr.dll
2012-08-24 20:41 . 2012-08-24 20:41 14624 ----a-w- c:\windows\system32\lmimirr2.dll
2012-08-24 20:41 . 2012-08-24 20:41 11552 ----a-w- c:\windows\system32\drivers\lmimirr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{09de5c80-1610-3f65-920f-a13410a1944e}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Client Access Service"="c:\program files (x86)\IBM\Client Access\cwbsvstr.exe" [2005-10-19 20531]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 ajjnqeiw;ajjnqeiw;c:\windows\system32\drivers\ajjnqeiw.sys [x]
R1 comhurib;comhurib;c:\windows\system32\drivers\comhurib.sys [x]
R1 lusugoip;lusugoip;c:\windows\system32\drivers\lusugoip.sys [x]
R1 nzbihiew;nzbihiew;c:\windows\system32\drivers\nzbihiew.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-15 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-09 173568]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-10-20 375728]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-08-24 15928]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-29 17:52]
.
2012-11-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2012-11-19 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-10-10 57928]
"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.6 192.168.1.252
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1547161642-1292428093-725345543-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{09DE5C80-1610-3F65-920F-A13410A1944E}"=hex:51,66,7a,6c,4c,1d,3b,1b,90,43,c9,
14,20,44,0c,73,88,00,e1,74,11,e0,d8,50
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,c8,
05,9d,ba,ea,0e,bf,99,ba,17,8d,6f,f1,dd
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,3b,1b,6b,28,b6,
01,2d,8e,3b,06,8f,8a,2e,46,04,4e,e0,4d
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,03,
6b,c0,84,45,0a,ac,e4,94,9a,f0,98,61,5d
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,27,
8d,32,1e,d6,06,94,c3,11,24,77,49,2f,d8
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,df,
c6,75,f6,32,0f,a6,7b,dc,65,c0,84,c4,b7
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,81,12,
e2,6a,9e,47,02,a5,34,d6,a9,28,97,19,1d
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c1,fd,
a0,55,90,b9,5d,a6,e2,40,e0,c8,4b,f9,11
.
[HKEY_USERS\S-1-5-21-1547161642-1292428093-725345543-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:1a,c4,e0,5c,ce,bb,cd,01
.
[HKEY_USERS\S-1-5-21-1547161642-1292428093-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f4,1e,21,65,51,c1,68,41,ac,6a,f2,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f4,1e,21,65,51,c1,68,41,ac,6a,f2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f4,1e,21,65,51,c1,68,41,ac,6a,f2,\
.
[HKEY_USERS\S-1-5-21-1547161642-1292428093-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-1547161642-1292428093-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-1547161642-1292428093-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1547161642-1292428093-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1547161642-1292428093-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-1547161642-1292428093-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-1547161642-1292428093-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-1547161642-1292428093-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-1547161642-1292428093-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-1547161642-1292428093-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-19 10:52:25
ComboFix-quarantined-files.txt 2012-11-19 16:52
ComboFix2.txt 2012-11-06 04:20
.
Pre-Run: 188,687,949,824 bytes free
Post-Run: 188,516,474,880 bytes free
.
- - End Of File - - 30FFA4E01E0E7EA76FEDE226B1E6BFD2

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 AM

Posted 19 November 2012 - 04:27 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Kimota

Kimota
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 19 November 2012 - 05:23 PM

TDSSKiller Log:

16:23:01.0837 6084 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:23:02.0204 6084 ============================================================
16:23:02.0204 6084 Current date / time: 2012/11/19 16:23:02.0204
16:23:02.0204 6084 SystemInfo:
16:23:02.0204 6084
16:23:02.0204 6084 OS Version: 6.1.7601 ServicePack: 1.0
16:23:02.0204 6084 Product type: Workstation
16:23:02.0204 6084 ComputerName: 93JJ0R1
16:23:02.0204 6084 UserName: cbpope
16:23:02.0204 6084 Windows directory: C:\Windows
16:23:02.0204 6084 System windows directory: C:\Windows
16:23:02.0204 6084 Running under WOW64
16:23:02.0205 6084 Processor architecture: Intel x64
16:23:02.0205 6084 Number of processors: 2
16:23:02.0205 6084 Page size: 0x1000
16:23:02.0205 6084 Boot type: Normal boot
16:23:02.0205 6084 ============================================================
16:23:03.0735 6084 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:23:03.0747 6084 ============================================================
16:23:03.0747 6084 \Device\Harddisk0\DR0:
16:23:03.0748 6084 MBR partitions:
16:23:03.0748 6084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D5F000
16:23:03.0748 6084 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D73000, BlocksNum 0x1B452000
16:23:03.0748 6084 ============================================================
16:23:03.0778 6084 C: <-> \Device\Harddisk0\DR0\Partition2
16:23:03.0778 6084 ============================================================
16:23:03.0778 6084 Initialize success
16:23:03.0778 6084 ============================================================
16:23:05.0514 6740 ============================================================
16:23:05.0514 6740 Scan started
16:23:05.0514 6740 Mode: Manual;
16:23:05.0514 6740 ============================================================
16:23:06.0326 6740 ================ Scan system memory ========================
16:23:06.0326 6740 System memory - ok
16:23:06.0327 6740 ================ Scan services =============================
16:23:06.0480 6740 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:23:06.0482 6740 1394ohci - ok
16:23:06.0512 6740 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:23:06.0515 6740 ACPI - ok
16:23:06.0534 6740 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:23:06.0535 6740 AcpiPmi - ok
16:23:06.0617 6740 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:23:06.0618 6740 AdobeARMservice - ok
16:23:06.0693 6740 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:23:06.0695 6740 AdobeFlashPlayerUpdateSvc - ok
16:23:06.0734 6740 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:23:06.0739 6740 adp94xx - ok
16:23:06.0775 6740 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:23:06.0778 6740 adpahci - ok
16:23:06.0803 6740 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:23:06.0805 6740 adpu320 - ok
16:23:06.0831 6740 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:23:06.0832 6740 AeLookupSvc - ok
16:23:06.0873 6740 [ D5B031C308A409A0A576BFF4CF083D30 ] AFD C:\Windows\system32\drivers\afd.sys
16:23:06.0878 6740 AFD - ok
16:23:06.0906 6740 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:23:06.0907 6740 agp440 - ok
16:23:06.0919 6740 ajjnqeiw - ok
16:23:06.0947 6740 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:23:06.0948 6740 ALG - ok
16:23:06.0969 6740 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:23:06.0970 6740 aliide - ok
16:23:06.0981 6740 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:23:06.0982 6740 amdide - ok
16:23:07.0015 6740 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:23:07.0016 6740 AmdK8 - ok
16:23:07.0026 6740 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:23:07.0026 6740 AmdPPM - ok
16:23:07.0054 6740 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:23:07.0055 6740 amdsata - ok
16:23:07.0075 6740 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:23:07.0077 6740 amdsbs - ok
16:23:07.0099 6740 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:23:07.0099 6740 amdxata - ok
16:23:07.0124 6740 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:23:07.0125 6740 AppID - ok
16:23:07.0144 6740 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:23:07.0145 6740 AppIDSvc - ok
16:23:07.0151 6740 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:23:07.0152 6740 Appinfo - ok
16:23:07.0190 6740 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:23:07.0192 6740 AppMgmt - ok
16:23:07.0218 6740 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:23:07.0219 6740 arc - ok
16:23:07.0233 6740 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:23:07.0234 6740 arcsas - ok
16:23:07.0300 6740 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:23:07.0301 6740 aspnet_state - ok
16:23:07.0327 6740 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:23:07.0327 6740 AsyncMac - ok
16:23:07.0352 6740 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:23:07.0352 6740 atapi - ok
16:23:07.0392 6740 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:23:07.0398 6740 AudioEndpointBuilder - ok
16:23:07.0415 6740 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:23:07.0419 6740 AudioSrv - ok
16:23:07.0452 6740 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:23:07.0453 6740 AxInstSV - ok
16:23:07.0491 6740 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:23:07.0493 6740 b06bdrv - ok
16:23:07.0521 6740 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:23:07.0523 6740 b57nd60a - ok
16:23:07.0558 6740 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:23:07.0559 6740 BDESVC - ok
16:23:07.0571 6740 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:23:07.0571 6740 Beep - ok
16:23:07.0608 6740 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:23:07.0613 6740 BFE - ok
16:23:07.0645 6740 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
16:23:07.0651 6740 BITS - ok
16:23:07.0673 6740 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:23:07.0674 6740 blbdrive - ok
16:23:07.0723 6740 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:23:07.0724 6740 bowser - ok
16:23:07.0734 6740 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:23:07.0735 6740 BrFiltLo - ok
16:23:07.0759 6740 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:23:07.0760 6740 BrFiltUp - ok
16:23:07.0791 6740 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:23:07.0792 6740 BridgeMP - ok
16:23:07.0826 6740 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
16:23:07.0828 6740 Browser - ok
16:23:07.0844 6740 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:23:07.0847 6740 Brserid - ok
16:23:07.0858 6740 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:23:07.0859 6740 BrSerWdm - ok
16:23:07.0871 6740 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:23:07.0872 6740 BrUsbMdm - ok
16:23:07.0884 6740 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:23:07.0885 6740 BrUsbSer - ok
16:23:07.0895 6740 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:23:07.0896 6740 BTHMODEM - ok
16:23:07.0924 6740 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:23:07.0924 6740 bthserv - ok
16:23:07.0939 6740 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:23:07.0939 6740 cdfs - ok
16:23:07.0965 6740 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:23:07.0966 6740 cdrom - ok
16:23:07.0996 6740 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:23:07.0997 6740 CertPropSvc - ok
16:23:08.0017 6740 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:23:08.0018 6740 circlass - ok
16:23:08.0033 6740 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:23:08.0035 6740 CLFS - ok
16:23:08.0080 6740 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:23:08.0081 6740 clr_optimization_v2.0.50727_32 - ok
16:23:08.0112 6740 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:23:08.0113 6740 clr_optimization_v2.0.50727_64 - ok
16:23:08.0147 6740 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:23:08.0148 6740 clr_optimization_v4.0.30319_32 - ok
16:23:08.0175 6740 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:23:08.0177 6740 clr_optimization_v4.0.30319_64 - ok
16:23:08.0197 6740 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:23:08.0198 6740 CmBatt - ok
16:23:08.0220 6740 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:23:08.0221 6740 cmdide - ok
16:23:08.0247 6740 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys
16:23:08.0251 6740 CNG - ok
16:23:08.0301 6740 [ 5C855932E4DF00B1B6F5F6F57E82B6C5 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
16:23:08.0314 6740 CnxtHdAudService - ok
16:23:08.0322 6740 comhurib - ok
16:23:08.0335 6740 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:23:08.0335 6740 Compbatt - ok
16:23:08.0362 6740 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:23:08.0363 6740 CompositeBus - ok
16:23:08.0379 6740 COMSysApp - ok
16:23:08.0400 6740 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:23:08.0401 6740 crcdisk - ok
16:23:08.0436 6740 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:23:08.0438 6740 CryptSvc - ok
16:23:08.0470 6740 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:23:08.0474 6740 CSC - ok
16:23:08.0496 6740 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:23:08.0500 6740 CscService - ok
16:23:08.0544 6740 [ B22149A6DEF5C65483B1130232CE063D ] Cwbrxd C:\Windows\CWBRXD.EXE
16:23:08.0544 6740 Cwbrxd - ok
16:23:08.0579 6740 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:23:08.0583 6740 DcomLaunch - ok
16:23:08.0609 6740 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:23:08.0611 6740 defragsvc - ok
16:23:08.0669 6740 [ 3A42B00C88E3E68080DAB6B27BB35B6E ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
16:23:08.0702 6740 DellDigitalDelivery - ok
16:23:08.0813 6740 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:23:08.0815 6740 DfsC - ok
16:23:08.0884 6740 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:23:08.0887 6740 Dhcp - ok
16:23:09.0004 6740 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:23:09.0005 6740 discache - ok
16:23:09.0116 6740 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:23:09.0117 6740 Disk - ok
16:23:09.0148 6740 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
16:23:09.0149 6740 dmvsc - ok
16:23:09.0178 6740 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:23:09.0180 6740 Dnscache - ok
16:23:09.0198 6740 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:23:09.0201 6740 dot3svc - ok
16:23:09.0211 6740 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:23:09.0212 6740 DPS - ok
16:23:09.0240 6740 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:23:09.0240 6740 drmkaud - ok
16:23:09.0269 6740 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:23:09.0277 6740 DXGKrnl - ok
16:23:09.0303 6740 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:23:09.0304 6740 EapHost - ok
16:23:09.0364 6740 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:23:09.0381 6740 ebdrv - ok
16:23:09.0405 6740 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
16:23:09.0406 6740 EFS - ok
16:23:09.0450 6740 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:23:09.0456 6740 ehRecvr - ok
16:23:09.0471 6740 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:23:09.0473 6740 ehSched - ok
16:23:09.0508 6740 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:23:09.0511 6740 elxstor - ok
16:23:09.0522 6740 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:23:09.0522 6740 ErrDev - ok
16:23:09.0557 6740 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:23:09.0560 6740 EventSystem - ok
16:23:09.0589 6740 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:23:09.0590 6740 exfat - ok
16:23:09.0610 6740 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:23:09.0612 6740 fastfat - ok
16:23:09.0639 6740 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:23:09.0643 6740 Fax - ok
16:23:09.0658 6740 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:23:09.0659 6740 fdc - ok
16:23:09.0692 6740 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:23:09.0694 6740 fdPHost - ok
16:23:09.0703 6740 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:23:09.0704 6740 FDResPub - ok
16:23:09.0724 6740 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:23:09.0725 6740 FileInfo - ok
16:23:09.0737 6740 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:23:09.0738 6740 Filetrace - ok
16:23:09.0757 6740 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:23:09.0758 6740 flpydisk - ok
16:23:09.0770 6740 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:23:09.0772 6740 FltMgr - ok
16:23:09.0809 6740 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:23:09.0815 6740 FontCache - ok
16:23:09.0855 6740 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:23:09.0855 6740 FontCache3.0.0.0 - ok
16:23:09.0876 6740 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:23:09.0877 6740 FsDepends - ok
16:23:09.0891 6740 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:23:09.0892 6740 Fs_Rec - ok
16:23:09.0919 6740 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:23:09.0921 6740 fvevol - ok
16:23:09.0953 6740 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:23:09.0954 6740 gagp30kx - ok
16:23:09.0988 6740 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:23:09.0995 6740 gpsvc - ok
16:23:10.0016 6740 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:23:10.0016 6740 hcw85cir - ok
16:23:10.0039 6740 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:23:10.0040 6740 HDAudBus - ok
16:23:10.0053 6740 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:23:10.0054 6740 HidBatt - ok
16:23:10.0064 6740 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:23:10.0065 6740 HidBth - ok
16:23:10.0088 6740 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:23:10.0089 6740 HidIr - ok
16:23:10.0110 6740 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
16:23:10.0111 6740 hidserv - ok
16:23:10.0146 6740 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:23:10.0147 6740 HidUsb - ok
16:23:10.0173 6740 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:23:10.0175 6740 hkmsvc - ok
16:23:10.0194 6740 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:23:10.0197 6740 HomeGroupListener - ok
16:23:10.0224 6740 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:23:10.0225 6740 HomeGroupProvider - ok
16:23:10.0251 6740 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:23:10.0252 6740 HpSAMD - ok
16:23:10.0272 6740 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:23:10.0277 6740 HTTP - ok
16:23:10.0299 6740 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:23:10.0300 6740 hwpolicy - ok
16:23:10.0315 6740 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:23:10.0316 6740 i8042prt - ok
16:23:10.0358 6740 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:23:10.0362 6740 iaStorV - ok
16:23:10.0410 6740 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:23:10.0417 6740 idsvc - ok
16:23:10.0643 6740 [ 0089B53F1BEFD34B7D8CA4AB021335FA ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:23:10.0703 6740 igfx - ok
16:23:10.0742 6740 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:23:10.0743 6740 iirsp - ok
16:23:10.0782 6740 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:23:10.0790 6740 IKEEXT - ok
16:23:10.0823 6740 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:23:10.0825 6740 IntcDAud - ok
16:23:10.0833 6740 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:23:10.0834 6740 intelide - ok
16:23:10.0857 6740 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:23:10.0857 6740 intelppm - ok
16:23:10.0873 6740 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:23:10.0874 6740 IPBusEnum - ok
16:23:10.0886 6740 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:23:10.0887 6740 IpFilterDriver - ok
16:23:10.0913 6740 [ A34A587FFFD45FA649FBA6D03784D257 ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll
16:23:10.0916 6740 IpHlpSvc - ok
16:23:10.0929 6740 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:23:10.0930 6740 IPMIDRV - ok
16:23:10.0949 6740 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:23:10.0950 6740 IPNAT - ok
16:23:10.0982 6740 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:23:10.0983 6740 IRENUM - ok
16:23:10.0994 6740 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:23:10.0995 6740 isapnp - ok
16:23:11.0026 6740 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:23:11.0027 6740 iScsiPrt - ok
16:23:11.0046 6740 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:23:11.0047 6740 kbdclass - ok
16:23:11.0075 6740 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:23:11.0076 6740 kbdhid - ok
16:23:11.0080 6740 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
16:23:11.0081 6740 KeyIso - ok
16:23:11.0106 6740 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:23:11.0107 6740 KSecDD - ok
16:23:11.0126 6740 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:23:11.0127 6740 KSecPkg - ok
16:23:11.0149 6740 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:23:11.0150 6740 ksthunk - ok
16:23:11.0177 6740 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:23:11.0179 6740 KtmRm - ok
16:23:11.0222 6740 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:23:11.0226 6740 LanmanServer - ok
16:23:11.0247 6740 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:23:11.0250 6740 LanmanWorkstation - ok
16:23:11.0281 6740 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:23:11.0283 6740 lltdio - ok
16:23:11.0313 6740 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:23:11.0317 6740 lltdsvc - ok
16:23:11.0333 6740 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:23:11.0334 6740 lmhosts - ok
16:23:11.0401 6740 [ 7109163D8027076D2680CFC4E80E2A28 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
16:23:11.0404 6740 LMIGuardianSvc - ok
16:23:11.0433 6740 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
16:23:11.0433 6740 LMIInfo - ok
16:23:11.0448 6740 [ 8054CE1FC8B417691960D00F931516A7 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
16:23:11.0532 6740 LMIMaint - ok
16:23:11.0568 6740 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
16:23:11.0568 6740 lmimirr - ok
16:23:11.0572 6740 LMIRfsClientNP - ok
16:23:11.0582 6740 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
16:23:11.0583 6740 LMIRfsDriver - ok
16:23:11.0623 6740 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
16:23:11.0625 6740 LogMeIn - ok
16:23:11.0655 6740 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:23:11.0656 6740 LSI_FC - ok
16:23:11.0675 6740 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:23:11.0677 6740 LSI_SAS - ok
16:23:11.0700 6740 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:23:11.0701 6740 LSI_SAS2 - ok
16:23:11.0723 6740 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:23:11.0724 6740 LSI_SCSI - ok
16:23:11.0750 6740 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:23:11.0751 6740 luafv - ok
16:23:11.0763 6740 lusugoip - ok
16:23:11.0779 6740 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:23:11.0780 6740 Mcx2Svc - ok
16:23:11.0802 6740 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:23:11.0802 6740 megasas - ok
16:23:11.0827 6740 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:23:11.0828 6740 MegaSR - ok
16:23:11.0846 6740 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:23:11.0847 6740 MEIx64 - ok
16:23:11.0866 6740 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:23:11.0868 6740 MMCSS - ok
16:23:11.0879 6740 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:23:11.0880 6740 Modem - ok
16:23:11.0911 6740 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:23:11.0911 6740 monitor - ok
16:23:11.0934 6740 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:23:11.0935 6740 mouclass - ok
16:23:11.0961 6740 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:23:11.0962 6740 mouhid - ok
16:23:11.0992 6740 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:23:11.0993 6740 mountmgr - ok
16:23:12.0039 6740 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:23:12.0041 6740 MpFilter - ok
16:23:12.0058 6740 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:23:12.0060 6740 mpio - ok
16:23:12.0079 6740 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:23:12.0080 6740 mpsdrv - ok
16:23:12.0112 6740 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:23:12.0117 6740 MpsSvc - ok
16:23:12.0126 6740 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:23:12.0127 6740 MRxDAV - ok
16:23:12.0152 6740 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:23:12.0153 6740 mrxsmb - ok
16:23:12.0186 6740 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:23:12.0189 6740 mrxsmb10 - ok
16:23:12.0202 6740 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:23:12.0203 6740 mrxsmb20 - ok
16:23:12.0212 6740 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:23:12.0213 6740 msahci - ok
16:23:12.0243 6740 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:23:12.0244 6740 msdsm - ok
16:23:12.0266 6740 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:23:12.0267 6740 MSDTC - ok
16:23:12.0289 6740 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:23:12.0290 6740 Msfs - ok
16:23:12.0298 6740 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:23:12.0299 6740 mshidkmdf - ok
16:23:12.0309 6740 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:23:12.0310 6740 msisadrv - ok
16:23:12.0330 6740 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:23:12.0331 6740 MSiSCSI - ok
16:23:12.0335 6740 msiserver - ok
16:23:12.0350 6740 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:23:12.0351 6740 MSKSSRV - ok
16:23:12.0417 6740 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:23:12.0418 6740 MsMpSvc - ok
16:23:12.0435 6740 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:23:12.0435 6740 MSPCLOCK - ok
16:23:12.0449 6740 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:23:12.0450 6740 MSPQM - ok
16:23:12.0469 6740 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:23:12.0471 6740 MsRPC - ok
16:23:12.0495 6740 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:23:12.0496 6740 mssmbios - ok
16:23:12.0553 6740 MSSQL$SQLEXPRESS - ok
16:23:12.0591 6740 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:23:12.0592 6740 MSSQLServerADHelper - ok
16:23:12.0612 6740 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:23:12.0612 6740 MSTEE - ok
16:23:12.0629 6740 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:23:12.0630 6740 MTConfig - ok
16:23:12.0641 6740 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:23:12.0641 6740 Mup - ok
16:23:12.0670 6740 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:23:12.0674 6740 napagent - ok
16:23:12.0695 6740 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:23:12.0697 6740 NativeWifiP - ok
16:23:12.0736 6740 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:23:12.0742 6740 NDIS - ok
16:23:12.0752 6740 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:23:12.0753 6740 NdisCap - ok
16:23:12.0772 6740 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:23:12.0773 6740 NdisTapi - ok
16:23:12.0783 6740 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:23:12.0784 6740 Ndisuio - ok
16:23:12.0802 6740 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:23:12.0803 6740 NdisWan - ok
16:23:12.0813 6740 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:23:12.0814 6740 NDProxy - ok
16:23:12.0835 6740 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:23:12.0835 6740 NetBIOS - ok
16:23:12.0849 6740 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:23:12.0850 6740 NetBT - ok
16:23:12.0868 6740 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
16:23:12.0869 6740 Netlogon - ok
16:23:12.0890 6740 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:23:12.0893 6740 Netman - ok
16:23:12.0927 6740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:23:12.0929 6740 NetMsmqActivator - ok
16:23:12.0934 6740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:23:12.0935 6740 NetPipeActivator - ok
16:23:12.0951 6740 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:23:12.0955 6740 netprofm - ok
16:23:12.0959 6740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:23:12.0960 6740 NetTcpActivator - ok
16:23:12.0964 6740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:23:12.0965 6740 NetTcpPortSharing - ok
16:23:12.0994 6740 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys
16:23:12.0995 6740 netvsc - ok
16:23:13.0011 6740 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:23:13.0011 6740 nfrd960 - ok
16:23:13.0046 6740 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:23:13.0047 6740 NisDrv - ok
16:23:13.0094 6740 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
16:23:13.0097 6740 NisSrv - ok
16:23:13.0123 6740 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:23:13.0126 6740 NlaSvc - ok
16:23:13.0146 6740 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:23:13.0147 6740 Npfs - ok
16:23:13.0156 6740 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:23:13.0157 6740 nsi - ok
16:23:13.0163 6740 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:23:13.0163 6740 nsiproxy - ok
16:23:13.0204 6740 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:23:13.0217 6740 Ntfs - ok
16:23:13.0240 6740 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:23:13.0241 6740 Null - ok
16:23:13.0266 6740 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:23:13.0268 6740 nvraid - ok
16:23:13.0278 6740 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:23:13.0280 6740 nvstor - ok
16:23:13.0305 6740 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:23:13.0306 6740 nv_agp - ok
16:23:13.0319 6740 nzbihiew - ok
16:23:13.0399 6740 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:23:13.0403 6740 odserv - ok
16:23:13.0423 6740 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:23:13.0424 6740 ohci1394 - ok
16:23:13.0459 6740 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:23:13.0460 6740 ose - ok
16:23:13.0488 6740 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:23:13.0491 6740 p2pimsvc - ok
16:23:13.0512 6740 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:23:13.0516 6740 p2psvc - ok
16:23:13.0527 6740 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:23:13.0528 6740 Parport - ok
16:23:13.0539 6740 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:23:13.0540 6740 partmgr - ok
16:23:13.0548 6740 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:23:13.0550 6740 PcaSvc - ok
16:23:13.0564 6740 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:23:13.0566 6740 pci - ok
16:23:13.0591 6740 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:23:13.0592 6740 pciide - ok
16:23:13.0611 6740 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:23:13.0613 6740 pcmcia - ok
16:23:13.0625 6740 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:23:13.0625 6740 pcw - ok
16:23:13.0641 6740 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:23:13.0644 6740 PEAUTH - ok
16:23:13.0677 6740 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:23:13.0685 6740 PeerDistSvc - ok
16:23:13.0743 6740 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:23:13.0745 6740 PerfHost - ok
16:23:13.0803 6740 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:23:13.0815 6740 pla - ok
16:23:13.0844 6740 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:23:13.0847 6740 PlugPlay - ok
16:23:13.0860 6740 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:23:13.0861 6740 PNRPAutoReg - ok
16:23:13.0879 6740 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:23:13.0881 6740 PNRPsvc - ok
16:23:13.0904 6740 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:23:13.0907 6740 PolicyAgent - ok
16:23:13.0932 6740 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:23:13.0934 6740 Power - ok
16:23:13.0962 6740 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:23:13.0963 6740 PptpMiniport - ok
16:23:13.0975 6740 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:23:13.0976 6740 Processor - ok
16:23:13.0997 6740 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
16:23:13.0999 6740 ProfSvc - ok
16:23:14.0009 6740 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
16:23:14.0010 6740 ProtectedStorage - ok
16:23:14.0039 6740 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:23:14.0040 6740 Psched - ok
16:23:14.0068 6740 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
16:23:14.0069 6740 PxHlpa64 - ok
16:23:14.0250 6740 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:23:14.0262 6740 ql2300 - ok
16:23:14.0309 6740 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:23:14.0310 6740 ql40xx - ok
16:23:14.0333 6740 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:23:14.0336 6740 QWAVE - ok
16:23:14.0353 6740 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:23:14.0354 6740 QWAVEdrv - ok
16:23:14.0364 6740 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:23:14.0364 6740 RasAcd - ok
16:23:14.0396 6740 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:23:14.0397 6740 RasAgileVpn - ok
16:23:14.0422 6740 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:23:14.0425 6740 RasAuto - ok
16:23:14.0440 6740 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:23:14.0441 6740 Rasl2tp - ok
16:23:14.0460 6740 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:23:14.0464 6740 RasMan - ok
16:23:14.0481 6740 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:23:14.0482 6740 RasPppoe - ok
16:23:14.0496 6740 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:23:14.0497 6740 RasSstp - ok
16:23:14.0512 6740 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:23:14.0514 6740 rdbss - ok
16:23:14.0535 6740 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:23:14.0535 6740 rdpbus - ok
16:23:14.0556 6740 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:23:14.0557 6740 RDPCDD - ok
16:23:14.0588 6740 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:23:14.0589 6740 RDPDR - ok
16:23:14.0615 6740 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:23:14.0616 6740 RDPENCDD - ok
16:23:14.0641 6740 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:23:14.0642 6740 RDPREFMP - ok
16:23:14.0656 6740 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:23:14.0657 6740 RDPWD - ok
16:23:14.0685 6740 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:23:14.0686 6740 rdyboost - ok
16:23:14.0706 6740 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:23:14.0708 6740 RemoteAccess - ok
16:23:14.0730 6740 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:23:14.0733 6740 RemoteRegistry - ok
16:23:14.0830 6740 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
16:23:14.0839 6740 RoxMediaDB12OEM - ok
16:23:14.0858 6740 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
16:23:14.0860 6740 RoxWatch12 - ok
16:23:14.0893 6740 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:23:14.0896 6740 RpcEptMapper - ok
16:23:14.0914 6740 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:23:14.0915 6740 RpcLocator - ok
16:23:14.0931 6740 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:23:14.0937 6740 RpcSs - ok
16:23:14.0965 6740 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:23:14.0965 6740 rspndr - ok
16:23:15.0000 6740 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:23:15.0004 6740 RTL8167 - ok
16:23:15.0028 6740 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:23:15.0029 6740 s3cap - ok
16:23:15.0041 6740 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
16:23:15.0043 6740 SamSs - ok
16:23:15.0054 6740 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:23:15.0055 6740 sbp2port - ok
16:23:15.0076 6740 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:23:15.0078 6740 SCardSvr - ok
16:23:15.0092 6740 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:23:15.0093 6740 scfilter - ok
16:23:15.0118 6740 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:23:15.0125 6740 Schedule - ok
16:23:15.0148 6740 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:23:15.0148 6740 SCPolicySvc - ok
16:23:15.0164 6740 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:23:15.0166 6740 SDRSVC - ok
16:23:15.0195 6740 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:23:15.0196 6740 secdrv - ok
16:23:15.0202 6740 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:23:15.0203 6740 seclogon - ok
16:23:15.0215 6740 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
16:23:15.0217 6740 SENS - ok
16:23:15.0225 6740 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:23:15.0226 6740 SensrSvc - ok
16:23:15.0252 6740 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:23:15.0252 6740 Serenum - ok
16:23:15.0268 6740 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
16:23:15.0269 6740 Serial - ok
16:23:15.0302 6740 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:23:15.0303 6740 sermouse - ok
16:23:15.0335 6740 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:23:15.0336 6740 SessionEnv - ok
16:23:15.0359 6740 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:23:15.0359 6740 sffdisk - ok
16:23:15.0374 6740 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:23:15.0375 6740 sffp_mmc - ok
16:23:15.0382 6740 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:23:15.0383 6740 sffp_sd - ok
16:23:15.0401 6740 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:23:15.0401 6740 sfloppy - ok
16:23:15.0434 6740 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:23:15.0438 6740 SharedAccess - ok
16:23:15.0462 6740 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:23:15.0465 6740 ShellHWDetection - ok
16:23:15.0494 6740 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:23:15.0495 6740 SiSRaid2 - ok
16:23:15.0523 6740 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:23:15.0524 6740 SiSRaid4 - ok
16:23:15.0552 6740 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:23:15.0553 6740 Smb - ok
16:23:15.0580 6740 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:23:15.0581 6740 SNMPTRAP - ok
16:23:15.0590 6740 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:23:15.0590 6740 spldr - ok
16:23:15.0604 6740 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
16:23:15.0608 6740 Spooler - ok
16:23:15.0661 6740 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:23:15.0679 6740 sppsvc - ok
16:23:15.0692 6740 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:23:15.0693 6740 sppuinotify - ok
16:23:15.0751 6740 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:23:15.0753 6740 SQLBrowser - ok
16:23:15.0781 6740 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:23:15.0783 6740 SQLWriter - ok
16:23:15.0810 6740 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:23:15.0814 6740 srv - ok
16:23:15.0827 6740 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:23:15.0830 6740 srv2 - ok
16:23:15.0841 6740 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:23:15.0842 6740 srvnet - ok
16:23:15.0867 6740 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:23:15.0869 6740 SSDPSRV - ok
16:23:15.0883 6740 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:23:15.0885 6740 SstpSvc - ok
16:23:15.0902 6740 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:23:15.0903 6740 stexstor - ok
16:23:15.0935 6740 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:23:15.0939 6740 stisvc - ok
16:23:15.0974 6740 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
16:23:15.0993 6740 stllssvr - ok
16:23:16.0022 6740 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:23:16.0023 6740 storflt - ok
16:23:16.0049 6740 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
16:23:16.0051 6740 StorSvc - ok
16:23:16.0079 6740 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:23:16.0080 6740 storvsc - ok
16:23:16.0094 6740 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:23:16.0095 6740 swenum - ok
16:23:16.0121 6740 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:23:16.0127 6740 swprv - ok
16:23:16.0152 6740 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys
16:23:16.0153 6740 SynthVid - ok
16:23:16.0190 6740 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:23:16.0204 6740 SysMain - ok
16:23:16.0225 6740 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:23:16.0227 6740 TabletInputService - ok
16:23:16.0243 6740 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:23:16.0246 6740 TapiSrv - ok
16:23:16.0261 6740 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:23:16.0262 6740 TBS - ok
16:23:16.0317 6740 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:23:16.0330 6740 Tcpip - ok
16:23:16.0371 6740 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:23:16.0381 6740 TCPIP6 - ok
16:23:16.0406 6740 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:23:16.0406 6740 tcpipreg - ok
16:23:16.0425 6740 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:23:16.0426 6740 TDPIPE - ok
16:23:16.0430 6740 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:23:16.0431 6740 TDTCP - ok
16:23:16.0442 6740 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:23:16.0443 6740 tdx - ok
16:23:16.0462 6740 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:23:16.0463 6740 TermDD - ok
16:23:16.0494 6740 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:23:16.0499 6740 TermService - ok
16:23:16.0511 6740 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:23:16.0513 6740 Themes - ok
16:23:16.0528 6740 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:23:16.0530 6740 THREADORDER - ok
16:23:16.0550 6740 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:23:16.0552 6740 TrkWks - ok
16:23:16.0594 6740 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:23:16.0596 6740 TrustedInstaller - ok
16:23:16.0616 6740 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:23:16.0617 6740 tssecsrv - ok
16:23:16.0638 6740 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:23:16.0639 6740 TsUsbFlt - ok
16:23:16.0660 6740 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:23:16.0661 6740 TsUsbGD - ok
16:23:16.0687 6740 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:23:16.0689 6740 tunnel - ok
16:23:16.0703 6740 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:23:16.0704 6740 uagp35 - ok
16:23:16.0725 6740 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:23:16.0727 6740 udfs - ok
16:23:16.0747 6740 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:23:16.0748 6740 UI0Detect - ok
16:23:16.0780 6740 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:23:16.0781 6740 uliagpkx - ok
16:23:16.0809 6740 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:23:16.0810 6740 umbus - ok
16:23:16.0831 6740 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:23:16.0832 6740 UmPass - ok
16:23:16.0857 6740 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:23:16.0860 6740 UmRdpService - ok
16:23:16.0886 6740 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:23:16.0890 6740 upnphost - ok
16:23:16.0907 6740 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
16:23:16.0908 6740 usbccgp - ok
16:23:16.0935 6740 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:23:16.0936 6740 usbcir - ok
16:23:16.0956 6740 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:23:16.0957 6740 usbehci - ok
16:23:16.0994 6740 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:23:16.0996 6740 usbhub - ok
16:23:17.0015 6740 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:23:17.0016 6740 usbohci - ok
16:23:17.0031 6740 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:23:17.0032 6740 usbprint - ok
16:23:17.0047 6740 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:23:17.0049 6740 USBSTOR - ok
16:23:17.0066 6740 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:23:17.0067 6740 usbuhci - ok
16:23:17.0080 6740 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:23:17.0082 6740 UxSms - ok
16:23:17.0089 6740 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
16:23:17.0090 6740 VaultSvc - ok
16:23:17.0123 6740 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:23:17.0123 6740 vdrvroot - ok
16:23:17.0153 6740 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:23:17.0159 6740 vds - ok
16:23:17.0181 6740 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:23:17.0182 6740 vga - ok
16:23:17.0192 6740 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:23:17.0193 6740 VgaSave - ok
16:23:17.0212 6740 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:23:17.0214 6740 vhdmp - ok
16:23:17.0220 6740 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:23:17.0221 6740 viaide - ok
16:23:17.0242 6740 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:23:17.0244 6740 vmbus - ok
16:23:17.0271 6740 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:23:17.0271 6740 VMBusHID - ok
16:23:17.0287 6740 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:23:17.0288 6740 volmgr - ok
16:23:17.0304 6740 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:23:17.0307 6740 volmgrx - ok
16:23:17.0334 6740 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:23:17.0336 6740 volsnap - ok
16:23:17.0362 6740 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
16:23:17.0363 6740 vpcbus - ok
16:23:17.0397 6740 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
16:23:17.0398 6740 vpcnfltr - ok
16:23:17.0429 6740 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
16:23:17.0430 6740 vpcusb - ok
16:23:17.0459 6740 [ 30D4243726A15A14F5C5E45898D14394 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
16:23:17.0463 6740 vpcvmm - ok
16:23:17.0495 6740 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:23:17.0497 6740 vsmraid - ok
16:23:17.0538 6740 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:23:17.0552 6740 VSS - ok
16:23:17.0577 6740 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:23:17.0578 6740 vwifibus - ok
16:23:17.0599 6740 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:23:17.0604 6740 W32Time - ok
16:23:17.0623 6740 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:23:17.0624 6740 WacomPen - ok
16:23:17.0651 6740 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:23:17.0652 6740 WANARP - ok
16:23:17.0666 6740 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:23:17.0667 6740 Wanarpv6 - ok
16:23:17.0728 6740 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:23:17.0738 6740 WatAdminSvc - ok
16:23:17.0788 6740 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:23:17.0802 6740 wbengine - ok
16:23:17.0825 6740 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:23:17.0827 6740 WbioSrvc - ok
16:23:17.0840 6740 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:23:17.0843 6740 wcncsvc - ok
16:23:17.0851 6740 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:23:17.0853 6740 WcsPlugInService - ok
16:23:17.0874 6740 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:23:17.0875 6740 Wd - ok
16:23:17.0900 6740 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:23:17.0903 6740 Wdf01000 - ok
16:23:17.0930 6740 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:23:17.0933 6740 WdiServiceHost - ok
16:23:17.0939 6740 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:23:17.0942 6740 WdiSystemHost - ok
16:23:17.0968 6740 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:23:17.0971 6740 WebClient - ok
16:23:17.0989 6740 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:23:17.0993 6740 Wecsvc - ok
16:23:18.0009 6740 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:23:18.0011 6740 wercplsupport - ok
16:23:18.0036 6740 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:23:18.0039 6740 WerSvc - ok
16:23:18.0073 6740 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:23:18.0073 6740 WfpLwf - ok
16:23:18.0084 6740 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:23:18.0085 6740 WIMMount - ok
16:23:18.0106 6740 WinDefend - ok
16:23:18.0117 6740 WinHttpAutoProxySvc - ok
16:23:18.0160 6740 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:23:18.0163 6740 Winmgmt - ok
16:23:18.0211 6740 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:23:18.0227 6740 WinRM - ok
16:23:18.0263 6740 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:23:18.0268 6740 Wlansvc - ok
16:23:18.0312 6740 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:23:18.0313 6740 wlcrasvc - ok
16:23:18.0382 6740 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:23:18.0397 6740 wlidsvc - ok
16:23:18.0409 6740 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:23:18.0410 6740 WmiAcpi - ok
16:23:18.0440 6740 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:23:18.0441 6740 wmiApSrv - ok
16:23:18.0463 6740 WMPNetworkSvc - ok
16:23:18.0482 6740 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:23:18.0485 6740 WPCSvc - ok
16:23:18.0500 6740 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:23:18.0503 6740 WPDBusEnum - ok
16:23:18.0530 6740 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:23:18.0530 6740 ws2ifsl - ok
16:23:18.0559 6740 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
16:23:18.0562 6740 wscsvc - ok
16:23:18.0566 6740 WSearch - ok
16:23:18.0631 6740 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll
16:23:18.0651 6740 wuauserv - ok
16:23:18.0668 6740 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:23:18.0669 6740 WudfPf - ok
16:23:18.0686 6740 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:23:18.0687 6740 WUDFRd - ok
16:23:18.0699 6740 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:23:18.0701 6740 wudfsvc - ok
16:23:18.0715 6740 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:23:18.0717 6740 WwanSvc - ok
16:23:18.0722 6740 ================ Scan global ===============================
16:23:18.0745 6740 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:23:18.0771 6740 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:23:18.0781 6740 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:23:18.0805 6740 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:23:18.0822 6740 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:23:18.0825 6740 [Global] - ok
16:23:18.0825 6740 ================ Scan MBR ==================================
16:23:18.0837 6740 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:23:18.0987 6740 \Device\Harddisk0\DR0 - ok
16:23:18.0988 6740 ================ Scan VBR ==================================
16:23:18.0991 6740 [ 7D5F31E7D0A54FF70D48D7392E9E0E57 ] \Device\Harddisk0\DR0\Partition1
16:23:18.0992 6740 \Device\Harddisk0\DR0\Partition1 - ok
16:23:19.0012 6740 [ 30611B09966962562EC8414941BC524B ] \Device\Harddisk0\DR0\Partition2
16:23:19.0014 6740 \Device\Harddisk0\DR0\Partition2 - ok
16:23:19.0014 6740 ============================================================
16:23:19.0014 6740 Scan finished
16:23:19.0014 6740 ============================================================
16:23:19.0024 4852 Detected object count: 0
16:23:19.0024 4852 Actual detected object count: 0

#13 Kimota

Kimota
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 19 November 2012 - 05:42 PM

aswMBR Log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-19 16:25:23
-----------------------------
16:25:23.467 OS Version: Windows x64 6.1.7601 Service Pack 1
16:25:23.467 Number of processors: 2 586 0x2A07
16:25:23.467 ComputerName: 93JJ0R1 UserName: cbpope
16:25:27.227 Initialize success
16:26:14.663 AVAST engine defs: 12111901
16:26:39.543 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:26:39.547 Disk 0 Vendor: ST3250312AS JC47 Size: 238475MB BusType: 3
16:26:39.579 Disk 0 MBR read successfully
16:26:39.582 Disk 0 MBR scan
16:26:39.588 Disk 0 Windows VISTA default MBR code
16:26:39.591 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
16:26:39.612 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15038 MB offset 81920
16:26:39.645 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223396 MB offset 30879744
16:26:39.706 Disk 0 scanning C:\Windows\system32\drivers
16:26:51.938 Service scanning
16:27:21.938 Modules scanning
16:27:21.952 Disk 0 trace - called modules:
16:27:21.985 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
16:27:22.368 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c05410]
16:27:22.379 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa8004aba580]
16:27:22.390 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004736060]
16:27:24.541 AVAST engine scan C:\Windows
16:27:27.790 AVAST engine scan C:\Windows\system32
16:30:35.428 AVAST engine scan C:\Windows\system32\drivers
16:30:51.317 AVAST engine scan C:\Users\cbpope
16:33:42.691 AVAST engine scan C:\ProgramData
16:36:23.936 Scan finished successfully
16:43:03.523 Disk 0 MBR has been saved successfully to "C:\Users\cbpope\Desktop\MBR.dat"
16:43:03.531 The log file has been saved successfully to "C:\Users\cbpope\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 AM

Posted 19 November 2012 - 08:50 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Driver::
ajjnqeiw
comhurib
lusugoip
nzbihiew

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Kimota

Kimota
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 20 November 2012 - 11:15 AM

Combofix Log:

ComboFix 12-11-20.02 - cbpope 11/20/2012 10:06:44.4.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2396 [GMT -6:00]
Running from: c:\users\cbpope\Desktop\ComboFix.exe
Command switches used :: c:\users\cbpope\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ajjnqeiw
-------\Service_comhurib
-------\Service_lusugoip
-------\Service_nzbihiew
.
.
((((((((((((((((((((((((( Files Created from 2012-10-20 to 2012-11-20 )))))))))))))))))))))))))))))))
.
.
2012-11-20 16:10 . 2012-11-20 16:10 -------- d-----w- c:\users\setup1\AppData\Local\temp
2012-11-20 16:10 . 2012-11-20 16:10 -------- d-----w- c:\users\setup\AppData\Local\temp
2012-11-20 16:10 . 2012-11-20 16:10 -------- d-----w- c:\users\matthen\AppData\Local\temp
2012-11-20 16:10 . 2012-11-20 16:10 -------- d-----w- c:\users\drhager\AppData\Local\temp
2012-11-20 16:10 . 2012-11-20 16:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-20 08:29 . 2012-11-20 08:29 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C39BCB4C-1C70-4FEC-BA85-6E56276BAA96}\offreg.dll
2012-11-20 08:29 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C39BCB4C-1C70-4FEC-BA85-6E56276BAA96}\mpengine.dll
2012-11-19 18:00 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-19 16:52 . 2012-11-20 16:10 -------- d-----w- c:\users\cbpope\AppData\Local\temp
2012-11-19 16:45 . 2012-11-19 16:45 -------- d-----w- C:\Downloads
2012-11-13 17:59 . 2012-08-07 22:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCCCD483-A19C-4541-8726-A8D9F99541A6}\gapaengine.dll
2012-11-12 04:22 . 2012-08-07 22:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C08E0389-7D5B-4E2E-8C18-8A329D697252}\gapaengine.dll
2012-11-06 17:48 . 2012-11-06 17:48 -------- d-----w- c:\program files (x86)\Trend Micro
2012-11-06 03:54 . 2012-11-20 03:01 -------- d-----w- C:\LogicNet
2012-11-06 03:29 . 2012-11-06 03:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-11-06 03:27 . 2012-11-06 03:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-06 03:22 . 2012-11-06 03:22 -------- d-----w- c:\users\serveradmin
2012-11-05 17:39 . 2012-11-05 17:39 -------- d-----w- c:\users\cbpope\AppData\Local\LogMeIn
2012-11-05 17:39 . 2012-10-20 00:10 60328 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2012-11-05 17:39 . 2012-10-20 00:10 35240 ----a-w- c:\windows\system32\LMIport.dll
2012-11-05 17:39 . 2012-10-20 00:11 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-05 17:39 . 2012-08-24 20:41 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-11-05 17:39 . 2012-10-20 00:10 83880 ----a-w- c:\windows\system32\LMIinit.dll
2012-11-05 17:39 . 2012-11-20 15:54 -------- d-----w- c:\programdata\LogMeIn
2012-11-05 17:39 . 2012-11-05 17:39 -------- d-----w- c:\program files (x86)\LogMeIn
2012-11-05 13:21 . 2012-11-05 13:21 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2012-10-31 12:00 . 2012-11-06 03:26 -------- d-----w- C:\Firefox
2012-10-31 11:50 . 2012-10-31 11:50 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-31 11:49 . 2012-10-31 11:49 -------- d-----w- c:\programdata\McAfee
2012-10-29 20:03 . 2012-10-29 20:03 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-29 19:11 . 2012-10-29 19:11 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-10-29 19:06 . 2012-11-13 17:52 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-29 19:06 . 2012-10-29 19:06 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-13 17:52 . 2011-08-27 03:39 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 01:54 . 2011-12-16 13:58 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 20:32 . 2012-05-16 13:23 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 20:32 . 2011-08-27 03:48 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 04:03 . 2011-04-27 21:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-31 04:03 . 2011-04-18 19:18 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-24 20:41 . 2012-08-24 20:41 35616 ----a-w- c:\windows\system32\lmimirr.dll
2012-08-24 20:41 . 2012-08-24 20:41 14624 ----a-w- c:\windows\system32\lmimirr2.dll
2012-08-24 20:41 . 2012-08-24 20:41 11552 ----a-w- c:\windows\system32\drivers\lmimirr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{09de5c80-1610-3f65-920f-a13410a1944e}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Client Access Service"="c:\program files (x86)\IBM\Client Access\cwbsvstr.exe" [2005-10-19 20531]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 40233582
*NewlyCreated* - ASWMBR
*NewlyCreated* - WS2IFSL
*Deregistered* - 40233582
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-29 17:52]
.
2012-11-20 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2012-11-20 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-10-10 57928]
"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.6 192.168.1.252
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-20 10:11:27
ComboFix-quarantined-files.txt 2012-11-20 16:11
ComboFix2.txt 2012-11-19 16:52
ComboFix3.txt 2012-11-06 04:20
.
Pre-Run: 187,338,788,864 bytes free
Post-Run: 187,262,578,688 bytes free
.
- - End Of File - - F1FE3F844C6DE47C4DC020F1AF0CF7BF




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users