Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Too many rundll32s in my task manager


  • This topic is locked This topic is locked
12 replies to this topic

#1 stroutman81

stroutman81

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 03 December 2014 - 08:47 AM

My computer seems to be running pretty smoothly.  However, I went into my task manager to end a process and noticed that there are dozens of rundll32s running.  It's not the first time I've seen this.  I'm assuming there's something going on with malware but that's why I'm here!

 

Thanks a ton.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 11.25.2
Run by steve at 8:28:35 on 2014-12-03
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3496.1604 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Symantec Endpoint Protection *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files\Bill Good Marketing\Gorilla CRM FS 4.3\GorillaCRM.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\LogMeIn\Ignition\LMIIgnition.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\LogMeIn\Ignition\LMIGuardianSvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.5337.5000.105\bin\ips\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [USB3MON] "c:\program files\intel\intel® usb 3.0 extensible host controller driver\application\iusb3mon.exe"
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\iastoriconlaunch.exe "c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe" 60
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1074
TCP: NameServer = 192.168.1.12
TCP: Interfaces\{905315FA-224C-4FA3-9C6F-A14B777AAB70} : DHCPNameServer = 192.168.1.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: SEP - c:\program files\symantec\symantec endpoint protection\12.1.1101.401.105\bin\WinLogoutNotifier.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.71\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\steve.mlfa\appdata\roaming\mozilla\firefox\profiles\ewpl26xa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIIPT.dll
FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIUpdater.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\steve.mlfa\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1212152.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_223.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_239.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2013-10-30 16880]
R0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\symefasi\0500010.01f\symefasi.sys [2014-10-16 1278680]
R1 BHDrvx86;BHDrvx86;c:\programdata\symantec\symantec endpoint protection\12.1.5337.5000.105\data\definitions\bashdefs\20141119.011\BHDrvx86.sys [2014-11-19 1137368]
R1 ccSettings_{7EC551EC-6FEE-44A6-BD12-987F87D7C525};Symantec Endpoint Protection 12.1.5337.5000.105 Settings Manager;c:\windows\system32\drivers\sep\0c0114d9\1388.105\x86\ccSetx86.sys [2014-10-7 127064]
R1 IDSVix86;IDSVix86;c:\programdata\symantec\symantec endpoint protection\12.1.5337.5000.105\data\definitions\ipsdefs\20141201.011\IDSvix86.sys [2014-12-2 479448]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0114d9\1388.105\x86\Ironx86.sys [2014-10-16 209624]
R1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\sep\0c0114d9\1388.105\x86\symnets.sys [2014-10-16 447704]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2014-2-18 99896]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2013-10-30 13632]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-12-10 583680]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-6-5 133992]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\intel\intel® management engine components\dal\Jhi_service.exe [2013-10-30 167736]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2014-5-9 375144]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2014-2-7 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2014-11-12 47640]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.5337.5000.105\bin\ccSvcHst.exe [2014-10-16 144496]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-10-31 111408]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2013-10-30 280576]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2013-10-30 352752]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2013-10-30 796656]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2013-10-30 56432]
R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2012-12-24 17408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-10-30 49664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-9-12 1512448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-11-12 102912]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\intel\icls client\SocketHeciServer.exe [2012-12-10 627744]
S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2010-11-20 126464]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2010-11-20 19456]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-11-7 1343400]
.
=============== File Associations ===============
.
.cmd: <filetype is not registered>
.chm: <filetype is not registered>
.ini: <filetype is not registered>
.inf: <filetype is not registered>
.
=============== Created Last 30 ================
.
2014-11-18 19:05:53    --------    d-----w-    c:\users\steve.mlfa\appdata\roaming\webex
2014-11-18 19:04:14    --------    d-----w-    c:\users\steve.mlfa\appdata\local\WebEx
2014-11-17 18:32:28    --------    d-sh--w-    c:\users\steve.mlfa\appdata\local\EmieBrowserModeList
2014-11-12 15:18:00    --------    d-----w-    c:\users\steve.mlfa\appdata\local\LogMeIn
2014-11-12 15:17:55    53096    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-11-12 15:17:55    31592    ----a-w-    c:\windows\system32\LMIport.dll
2014-11-12 15:17:54    86912    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll
2014-11-12 15:17:54    86888    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-11-12 15:17:54    47640    ----a-w-    c:\windows\system32\drivers\LMIRfsDriver.sys
2014-11-12 15:17:51    85864    ----a-w-    c:\windows\system32\LMIinit.dll
2014-11-10 15:35:43    93808    ----a-w-    c:\program files\mozilla firefox\webapprt-stub.exe
.
==================== Find3M  ====================
.
2014-11-26 06:22:04    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-26 06:22:04    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-11-17 20:47:25    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-11-17 13:27:57    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-06 03:28:20    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-11-06 03:28:06    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-11-06 03:13:43    501248    ----a-w-    c:\windows\system32\vbscript.dll
2014-11-06 03:13:36    62464    ----a-w-    c:\windows\system32\iesetup.dll
2014-11-06 03:12:44    47616    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-11-06 03:10:58    64000    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-11-06 02:59:36    115712    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-11-06 02:59:34    102912    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-11-06 02:58:38    620032    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-11-06 02:51:33    667648    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-06 02:42:36    60416    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-06 02:21:49    4298240    ----a-w-    c:\windows\system32\jscript9.dll
2014-11-06 02:21:25    2051072    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-11-06 02:20:37    1155072    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-11-06 01:52:35    1892864    ----a-w-    c:\windows\system32\wininet.dll
2014-11-05 17:50:47    254464    ----a-w-    c:\windows\system32\generaltel.dll
2014-11-05 17:50:28    203776    ----a-w-    c:\windows\system32\aepdu.dll
2014-11-05 17:47:40    302592    ----a-w-    c:\windows\system32\aeinv.dll
2014-10-25 01:32:37    67584    ----a-w-    c:\windows\system32\packager.dll
2014-10-18 01:33:18    571904    ----a-w-    c:\windows\system32\oleaut32.dll
2014-10-16 17:37:19    424288    ----a-w-    c:\windows\system32\SymVPN.dll
2014-10-16 17:37:19    31648    ----a-w-    c:\windows\system32\drivers\WGX.SYS
2014-10-16 17:37:19    139104    ----a-w-    c:\windows\system32\FwsVpn.dll
2014-10-16 17:34:56    142936    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2014-10-16 17:34:53    1278680    ----a-w-    c:\windows\system32\drivers\symefasi\0500010.01f\symefasi.sys
2014-10-16 17:29:32    668888    ----a-w-    c:\windows\system32\drivers\sep\0c0114d9\1388.105\x86\srtsp.sys
2014-10-16 17:29:32    447704    ----a-w-    c:\windows\system32\drivers\sep\0c0114d9\1388.105\x86\symnets.sys
2014-10-16 17:29:32    32984    ----a-w-    c:\windows\system32\drivers\sep\0c0114d9\1388.105\x86\srtspx.sys
2014-10-16 17:29:31    209624    ----a-w-    c:\windows\system32\drivers\sep\0c0114d9\1388.105\x86\Ironx86.sys
2014-10-16 17:29:23    83832    ----a-w-    c:\windows\system32\drivers\Teefer.sys
2014-10-14 01:56:19    136632    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50:50    523776    ----a-w-    c:\windows\system32\termsrv.dll
2014-10-14 01:50:41    2363904    ----a-w-    c:\windows\system32\msi.dll
2014-10-14 01:50:39    1059840    ----a-w-    c:\windows\system32\lsasrv.dll
2014-10-14 01:47:30    146432    ----a-w-    c:\windows\system32\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    c:\windows\system32\adtschema.dll
2014-10-10 00:45:54    2379264    ----a-w-    c:\windows\system32\win32k.sys
2014-10-07 21:58:18    127064    ----a-w-    c:\windows\system32\drivers\sep\0c0114d9\1388.105\x86\ccSetx86.sys
2014-10-03 01:44:42    442880    ----a-w-    c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:44:31    275968    ----a-w-    c:\windows\system32\EncDump.dll
2014-10-03 01:44:26    475136    ----a-w-    c:\windows\system32\audiosrv.dll
2014-10-03 01:44:26    374784    ----a-w-    c:\windows\system32\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    c:\windows\system32\AudioSes.dll
2014-10-01 15:11:24    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-01 15:11:14    75480    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 15:11:10    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-25 01:40:50    519680    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-19 09:23:55    172032    ----a-w-    c:\windows\system32\wdigest.dll
2014-09-19 09:23:52    65536    ----a-w-    c:\windows\system32\TSpkg.dll
2014-09-19 09:23:49    248832    ----a-w-    c:\windows\system32\schannel.dll
2014-09-19 09:23:46    221184    ----a-w-    c:\windows\system32\ncrypt.dll
2014-09-19 09:23:45    259584    ----a-w-    c:\windows\system32\msv1_0.dll
2014-09-19 09:23:42    550912    ----a-w-    c:\windows\system32\kerberos.dll
2014-09-19 09:23:36    17408    ----a-w-    c:\windows\system32\credssp.dll
2014-09-09 21:47:10    2048    ----a-w-    c:\windows\system32\tzres.dll
.
============= FINISH:  8:29:22.63 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:04:26 PM

Posted 03 December 2014 - 12:03 PM

Hi. I'm checking your log now and will reply with instructions soon.



#3 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:04:26 PM

Posted 03 December 2014 - 01:17 PM

Please do the following:

Download Farbar Recovery Scan Tool and save it to your desktop. http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Note: please pick the version that matches your operating system's bit type. If you don't know which version matches your system, take a look at this link: http://www.bleepingcomputer.com/tutorials/32-bit-or-64-bit-windows/

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.



#4 stroutman81

stroutman81
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 03 December 2014 - 01:39 PM

Thanks for the quick response.  Here is the FRST.txt and the Addition.txt is attached.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-12-2014 01
Ran by steve (administrator) on STEVET-PC on 03-12-2014 13:28:50
Running from C:\Users\steve.MLFA\Desktop
Loaded Profile: steve (Available profiles: SteveT & steve & mlfaadmin)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Windows\System32\HPSIsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Bill Good Marketing, Inc.) C:\Program Files\Bill Good Marketing\Gorilla CRM FS 4.3\GorillaCRM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\Ignition\LMIIgnition.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\Ignition\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe [2697872 2012-07-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-30] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2014-02-07] (LogMeIn, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\SEP: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll [X]
HKU\S-1-5-21-854245398-1604221776-682003330-1113\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-854245398-1604221776-682003330-1113\...\MountPoints2: {c9812739-93be-11e3-9cea-f8b1569df775} - E:\SISetup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-854245398-1604221776-682003330-1113\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-854245398-1604221776-682003330-1113\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-854245398-1604221776-682003330-1113 -> DefaultScope {A4AAFF8F-4603-4D7C-8D95-5BD1052CE1C8} URL =
SearchScopes: HKU\S-1-5-21-854245398-1604221776-682003330-1113 -> {A4AAFF8F-4603-4D7C-8D95-5BD1052CE1C8} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-854245398-1604221776-682003330-1113 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1074
Tcpip\Parameters: [DhcpNameServer] 192.168.1.12

FireFox:
========
FF ProfilePath: C:\Users\steve.MLFA\AppData\Roaming\Mozilla\Firefox\Profiles\ewpl26xa.default
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\steve.MLFA\AppData\Roaming\Mozilla\Firefox\Profiles\ewpl26xa.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\steve.MLFA\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Yahoo! Toolbar - C:\Users\steve.MLFA\AppData\Roaming\Mozilla\Firefox\Profiles\ewpl26xa.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-23]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\IPSFF [2014-10-16]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-11-05]

Chrome:
=======
CHR Profile: C:\Users\steve.MLFA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\steve.MLFA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-08]
CHR Extension: (Google Drive) - C:\Users\steve.MLFA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-08]
CHR Extension: (YouTube) - C:\Users\steve.MLFA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-08]
CHR Extension: (Google Search) - C:\Users\steve.MLFA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-08]
CHR Extension: (Yahoo! Toolbar for Chrome) - C:\Users\steve.MLFA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2013-12-20]
CHR Extension: (Google Wallet) - C:\Users\steve.MLFA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-08]
CHR Extension: (Gmail) - C:\Users\steve.MLFA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-02-08] (Intel Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [627744 2012-12-10] (Intel® Corporation)
R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [133992 2012-06-05] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 SepMasterService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [144496 2014-10-16] (Symantec Corporation)
S3 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\snac.exe [337248 2014-10-16] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20141119.011\BHDrvx86.sys [1137368 2014-10-13] (Symantec Corporation)
R1 ccSettings_{7EC551EC-6FEE-44A6-BD12-987F87D7C525}; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x86\ccSetx86.sys [127064 2014-10-07] (Symantec Corporation)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [393576 2012-06-15] (Intel Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-09-09] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20141201.011\IDSvix86.sys [479448 2014-12-02] (Symantec Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHDA.sys [2398544 2012-11-02] (Realtek Semiconductor Corp.)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-02-22] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [352752 2013-02-22] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [796656 2013-02-22] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-05-13] (Intel Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141202.033\NAVENG.SYS [95704 2014-08-25] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141202.033\NAVEX15.SYS [1636696 2014-08-25] (Symantec Corporation)
S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x86\SRTSP.SYS [668888 2014-10-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x86\SRTSPX.SYS [32984 2014-10-16] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys [1278680 2014-10-16] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-10-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x86\Ironx86.SYS [209624 2014-10-16] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x86\SYMNETS.SYS [447704 2014-10-16] (Symantec Corporation)
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [83832 2014-10-16] (Symantec Corporation)
S4 LMIRfsClientNP; No ImagePath
S3 radpms; system32\DRIVERS\radpms.sys [X]
U3 mbr; \??\C:\Users\STEVE~1.MLF\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 13:28 - 2014-12-03 13:29 - 00022265 _____ () C:\Users\steve.MLFA\Desktop\FRST.txt
2014-12-03 13:28 - 2014-12-03 13:28 - 00000000 ____D () C:\FRST
2014-12-03 13:27 - 2014-12-03 13:27 - 01108992 _____ (Farbar) C:\Users\steve.MLFA\Desktop\FRST.exe
2014-12-03 08:29 - 2014-12-03 08:29 - 00022667 _____ () C:\Users\steve.MLFA\Desktop\dds.txt
2014-12-03 08:29 - 2014-12-03 08:29 - 00008972 _____ () C:\Users\steve.MLFA\Desktop\attach.txt
2014-12-03 08:28 - 2014-12-03 08:28 - 00688992 ____R (Swearware) C:\Users\steve.MLFA\Desktop\dds.com
2014-11-18 14:06 - 2014-11-18 15:44 - 00000000 __SHD () C:\Users\steve.MLFA\Documents\cache
2014-11-18 14:05 - 2014-11-18 14:05 - 00000000 ____D () C:\Users\steve.MLFA\AppData\Roaming\webex
2014-11-18 14:04 - 2014-11-18 14:04 - 00000000 ____D () C:\Users\steve.MLFA\AppData\Local\WebEx
2014-11-18 10:07 - 2014-11-18 10:07 - 00033736 ____H () C:\Users\steve.MLFA\Desktop\~WRL0890.tmp
2014-11-17 15:52 - 2014-11-17 15:52 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-17 13:32 - 2014-11-17 13:32 - 00000000 __SHD () C:\Users\steve.MLFA\AppData\Local\EmieBrowserModeList
2014-11-12 10:59 - 2014-12-02 13:47 - 03716256 _____ (LogMeIn, Inc.) C:\Users\steve.MLFA\Desktop\LogMeIn Client.exe
2014-11-12 10:21 - 2014-11-25 10:19 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-11-12 10:18 - 2014-11-12 10:18 - 00000000 ____D () C:\Users\steve.MLFA\AppData\Local\LogMeIn
2014-11-12 10:17 - 2014-11-25 10:19 - 00000960 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-12 10:17 - 2014-10-31 11:54 - 00086912 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-11-12 10:17 - 2014-10-31 11:53 - 00085864 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-11-12 10:17 - 2014-10-31 11:53 - 00031592 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-11-12 10:17 - 2014-05-09 16:27 - 00086888 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll.000.bak
2014-11-12 10:17 - 2014-02-07 16:29 - 00047640 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys
2014-11-12 08:17 - 2014-11-12 08:18 - 119839488 _____ (Microsoft Corporation) C:\Users\steve.MLFA\Desktop\msert.exe
2014-11-12 06:42 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 06:42 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 06:42 - 2014-11-05 22:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 06:42 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 06:42 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 06:42 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 06:42 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 06:42 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 06:42 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 06:42 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 06:42 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 06:42 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 06:42 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 06:42 - 2014-11-05 21:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 06:42 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 06:42 - 2014-11-05 21:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 06:42 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 06:42 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 06:42 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 06:42 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 06:42 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 06:42 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 06:42 - 2014-11-05 21:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 06:42 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 06:42 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 06:42 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 06:42 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 06:42 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 06:42 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 06:42 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 06:42 - 2014-11-05 12:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 06:42 - 2014-11-05 12:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 06:42 - 2014-11-05 12:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 06:42 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 06:42 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 06:42 - 2014-10-13 20:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 06:42 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 06:42 - 2014-10-13 20:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 06:42 - 2014-10-13 20:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 06:42 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 06:42 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 06:42 - 2014-10-09 19:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 06:42 - 2014-10-02 20:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 06:42 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 06:42 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 06:42 - 2014-10-02 20:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 06:42 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 06:42 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 06:42 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 06:42 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 06:42 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 06:42 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 06:42 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 06:42 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 06:42 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 06:42 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 06:42 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-10 10:35 - 2014-11-12 08:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-04 13:32 - 2014-11-04 13:32 - 00080896 _____ () C:\Users\steve.MLFA\Desktop\Joint_Life_Mortality_Calculator.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 13:28 - 2009-07-13 23:34 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-03 13:28 - 2009-07-13 23:34 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-03 13:27 - 2013-11-05 16:18 - 00000000 ____D () C:\ProgramData\Symantec
2014-12-03 13:22 - 2013-10-30 02:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-03 13:17 - 2014-01-30 16:18 - 00000304 _____ () C:\Windows\Tasks\Digital Sites.job
2014-12-03 13:16 - 2013-11-05 15:44 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
2014-12-03 12:37 - 2013-11-08 11:48 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-03 10:18 - 2013-11-05 16:12 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-12-03 09:33 - 2013-10-30 02:37 - 01796873 _____ () C:\Windows\WindowsUpdate.log
2014-12-03 00:01 - 2014-04-17 08:50 - 00000000 ____D () C:\Users\steve.MLFA\AppData\Local\LogMeInIgnition
2014-12-02 21:37 - 2013-11-08 11:48 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-26 01:22 - 2013-10-30 02:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-26 01:22 - 2013-10-30 02:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-25 11:34 - 2014-01-21 12:25 - 00029696 _____ () C:\Users\steve.MLFA\Desktop\VACA 2014.xls
2014-11-25 10:19 - 2013-11-05 16:12 - 00000000 ____D () C:\Program Files\LogMeIn
2014-11-18 14:04 - 2014-05-09 07:24 - 00000000 ____D () C:\ProgramData\WebEx
2014-11-18 14:04 - 2013-11-05 16:08 - 00000000 ____D () C:\Users\steve.MLFA\AppData\Roaming\Mozilla
2014-11-17 15:52 - 2013-11-13 10:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-17 15:47 - 2014-08-29 14:33 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-11-17 15:47 - 2014-08-29 14:33 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-11-17 15:47 - 2014-08-29 14:33 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-11-17 15:47 - 2014-08-29 14:33 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-17 15:47 - 2013-11-13 10:59 - 00000000 ____D () C:\Program Files\Java
2014-11-17 08:36 - 2010-11-20 16:01 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-17 08:32 - 2014-10-19 00:00 - 00000336 _____ () C:\Windows\setupact.log
2014-11-17 08:32 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-17 08:27 - 2014-05-16 08:10 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 11:53 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-11-12 10:33 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 10:17 - 2013-11-05 16:12 - 00001024 _____ () C:\.rnd
2014-11-12 10:04 - 2014-07-08 13:23 - 00000000 ____D () C:\Users\steve.MLFA\AppData\Local\Adobe
2014-11-12 10:03 - 2013-11-05 15:52 - 00126472 _____ () C:\Users\steve.MLFA\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 09:59 - 2009-07-13 23:33 - 00435272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 09:57 - 2014-10-21 07:34 - 00831518 _____ () C:\Windows\PFRO.log
2014-11-12 09:57 - 2014-04-30 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 09:55 - 2013-11-08 11:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 09:53 - 2013-11-18 08:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 09:51 - 2013-11-18 08:22 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-07 11:14 - 2013-11-05 16:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-04 18:01 - 2014-05-15 08:01 - 00000000 ____D () C:\Users\steve.MLFA\AppData\Local\LogMeIn Rescue Applet
2014-11-04 14:19 - 2014-05-15 08:18 - 00001996 ____H () C:\Users\steve.MLFA\Documents\Default.rdp

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 00:12

==================== End Of Log ============================

Attached Files



#5 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:04:26 PM

Posted 03 December 2014 - 04:40 PM

Please follow these steps:

1.- Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it to your Desktop as fixlist.txt
 

CloseProcesses:
Winlogon\Notify\SEP: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll [X]
S4 LMIRfsClientNP; No ImagePath
S3 radpms; system32\DRIVERS\radpms.sys [X]
U3 mbr; \??\C:\Users\STEVE~1.MLF\AppData\Local\Temp\mbr.sys [X]
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{03520C05-10E8-4C52-BDFC-DD2419645B4E}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{035A13C6-F597-49DD-9418-75B039A0184E}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{03BE871B-47FD-4d62-BD3D-FC757AF51630}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0500A491-6CB8-4289-8313-307F021E4F0F}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0537CC53-5B6B-4FD3-9F38-45E1D9CFB6A0}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{05F15890-E95A-410C-8360-3E8744FD4B33}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{074EDFEE-E585-43D8-A184-09FF1A337A97}\InprocServer32 -> M:\WFX32\DSLIBSVR.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{07598BD3-ABBE-4bee-959F-7B90253EADFF}\InprocServer32 -> M:\WFX32\UDHEAD13.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{07B2D980-4402-40bb-B00C-9EFEC2559C07}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{07C5EF41-3C13-492C-9382-095E36BFA785}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0A2E1280-D44B-4027-9467-FCF8FAFE4F0A}\InprocServer32 -> M:\WFX32\DSLIBSVR.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0BE2E177-683C-43fd-853E-6DC503F41588}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0C734C59-CFCE-4fb8-A588-1791F94A0601}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0CC28285-CD28-4177-A163-2FFD6BF4294A}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0CEAAB94-BCB1-11D3-A9CF-00500407294E}\InprocServer32 -> OLEDBCNS.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0E21CAEE-2CF5-4139-B117-D9831D70EFB3}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0ED60035-F0E2-41c6-9BB8-6A916F5E5917}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{12533DFD-DF2F-4036-8E62-51D137DBD789}\InprocServer32 -> CCHWSV12.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{14181636-7618-42B9-8608-AA3D6F689884}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{15759CFC-26FC-4c7f-95BB-83365D4DC627}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{167E3817-E57F-42e3-9678-D8F6728FC4E1}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{186B1BAA-33AB-4E08-946F-B1BCFC6C289B}\InprocServer32 -> CCHWSV12.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{19EF81C1-33EE-4864-9B14-5FB947D3EC28}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{1A235441-1942-4056-BD43-D03095AB5606}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{1CB1F433-4B16-4d14-97DC-CDB5523B319B}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{1D69710D-FBFC-43B8-A9D6-AFFFFC3FB66E}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{1F4026E0-A61E-450A-AD46-9925DED0FCF1}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{21257B40-4DEF-4dbc-8AB1-4B626A7266AF}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{238B4549-B447-4a78-A102-8465882ABA39}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{26B8A0EC-5698-4553-A384-2EFF92C887EF}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{2703A2A5-3FA5-47FD-A15A-4317731DB2EC}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{286577D3-C208-4098-85E5-FCA3712B6F69}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{2A133A21-C4B6-4654-86CB-0D21DC2CBD76}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{2B9938BA-4604-49f1-834A-F99D0AE48BE4}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{2CBEBA09-8A4C-4b6e-B65E-8F9F9F1E425B}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{2DEE58CE-0DAC-4d2e-8EF0-F451A4CAB496}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{2E2D6F00-EACE-49dc-A575-89F17AEC1CF4}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{30913BA8-F638-4DDE-8C79-3F7F74B889ED}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{30A619E2-ADC7-4C9C-A536-BA4ADF17F25F}\InprocServer32 -> M:\WFX32\CCHPDF13.OCX No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{323B1B69-B429-406A-9C09-DECDD00A84EA}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{333076BC-E928-4d9c-A62B-5F332922FBB4}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{36B221F5-A7EE-4ac6-BD57-33DE5BC2F5E5}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{392EC442-5074-45ac-9B4E-9B69AFEC9CD6}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{3B865F74-266E-46CB-962E-F33FF9698D3A}\localserver32 -> "M:\WFX32\DESKAG04.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{3D8BAC55-120B-4a02-A80C-67DAC1067B40}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{3DBE93DE-F09C-4eb2-9A01-E9A5F0C1580F}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{3EDAB866-05E0-451F-B14A-EFF65E254D5F}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{411A87A3-92F5-413E-9188-1BEA1880E8EB}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{429BD869-B571-42EE-9C1D-34BC3322A7CB}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{464A4D5-BD81-4b28-BD3D-3E6AB9CF0422}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{469A4269-A143-4351-BCD1-94049E2AACC3}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{47AB14D4-AFF3-4C09-923B-305A6BBC0BDE}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{49F8B59B-BE10-498A-BDF9-CA23D072EF9B}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{4D9FC76F-02E6-4cc9-809B-AFCE182CED9B}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{51C850B1-7736-4f11-AECB-5600AE2334E4}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{51CA7F56-DAD0-4592-8DE5-919F3FF8E61E}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{527C6963-E12E-4560-BAC8-0F8697F2404B}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{52F9FC80-E3B7-43a2-9F6F-B2F1D5004F26}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{55D0A236-366B-466d-8532-80FF43D9D507}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{55FF41F6-6B5C-4F7D-9600-9ECADB92026F}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{57F1891A-961E-418f-AC54-9EB05F910E5A}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{5A195A01-0C88-4003-A682-A63CE3F6034E}\localserver32 -> "M:\WFX32\DESKAG04.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{5B351766-0295-48a0-B7AE-4974642C83D6}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{5C8EA124-11FC-4883-BF4E-DEF1BB431F33}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{5CB76D7C-5791-4ef7-8A0C-2519DA53421F}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{5EAD9613-373F-40D3-A548-505F94D86B09}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{61B4DEEF-4DB9-4F5B-BCBB-09F12C00EDED}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{61D1BA56-C3CB-434F-9CD0-C8662D3A1D91}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{629C4BC6-832A-4a44-9119-D9ED6849B7B0}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{64F85669-8EA4-419d-A54C-E10691AFED96}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{694BCE47-BAD6-4396-AB18-604EAB3FF65D}\localserver32 -> "M:\WFX32\DESKAG04.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{6B1948ED-E691-44d8-B54B-22A21216098D}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{6B692C50-7B0E-4c50-8ECB-E61CEEF49376}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{6F310C64-1A40-4f04-A13B-9EB7D08AF6E4}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{6F94A53D-AB51-4ce6-A1A3-9F82C26D3286}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{702DE9DD-E2C3-44c0-B31E-DBD3BB7FD2CB}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{704A5B96-99F1-4e5b-B6A2-9EEC39176549}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{70856658-C103-4ccd-A3B7-792590CC3D03}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{71B7ADE2-2C54-44cb-A373-6967654C672D}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{7AD3688C-635E-41a6-8FD5-B7F297B0CCAD}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{7B13829D-3915-440f-A679-8CF5EA0EE716}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{7CBD7F70-A9FF-4C8D-AC69-61CFCA0BF6E9}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{7CFD3155-2F63-4219-B6D1-06079344C6AC}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{86C752E6-0C3B-4719-8D9F-45CC85034571}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{8B205B66-ED10-4D47-87AE-2D0205E0DD41}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{8BF7A421-2EF6-494F-B4A3-E7EF211C99B7}\InprocServer32 -> M:\WFX32\HASHALGO.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{8C8E79A6-AE16-4a0c-B05B-EB9A32D10A81}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{8C8EC235-0786-4DAD-A957-1A6CD76C28F5}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{8EBF6555-0D04-4A09-A5CE-B214E5622807}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{8FA9E057-AE9F-42ca-A547-513DF8123209}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{911777D0-5B7C-4b31-8EFE-F1489B34E1B4}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{923D218D-1266-4e19-80DD-A9EFB8A26494}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{94817876-E312-4C29-9914-9575291C7518}\InprocServer32 -> M:\WFX32\ITKAXC.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{955C0D7D-042E-4034-9D54-EBD52477A6DB}\InprocServer32 -> M:\WFX32\UDHEAD13.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{95604CCF-6A48-4E09-999B-5A415683A158}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{9640D1AB-F860-446d-8212-F866EA0ECBD4}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{96D074FB-1F34-4861-B9CE-E4965DC2DFCD}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{97A9B026-5C9E-4CD6-84D4-0F3F95CCDC8C}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{98A581FE-9627-44da-90A0-C67AFC42A202}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{998F9490-6BB9-4C6A-B4EC-B47454A8D365}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{9A03CB14-8030-416a-96A1-63CCE2200B10}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{9C676042-70C0-40a4-9967-D7428A6CDD76}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{9CD8A088-ECE7-44a3-8F2B-19DE1223D2AD}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A468C7EF-C609-4d61-938B-ADCE216C8A01}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A4D9FE99-8868-4251-B427-848BB21195D4}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A7262729-2129-4ED4-8AF8-F34042B65314}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A749E05C-0031-414B-8DD6-1D5388BB302C}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A791A8BD-DDDC-40f5-900F-6501F5348401}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A7A7F9AE-F65B-4d8d-9AFE-DB780763A7D6}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A8DEEA4B-D039-420B-97DE-191B7F6A7E7E}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A9603291-FD4E-45d4-AC0F-7A71B3977145}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A9C3976B-7E14-4FCB-895C-61A635387182}\InprocServer32 -> M:\WFX32\ITKAXC.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AA155BF8-493D-4c91-99B6-807DAD344BA7}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AA7FC5CD-52F6-47dc-90E7-A7F70FACF05B}\localserver32 -> "M:\WFX32\DESKAG04.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AC4A22D4-4D2D-4449-BCB4-B229B11F1899}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AD34D878-012F-4c1f-B07E-391B09DB1BB0}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AF3C0CF4-D371-485C-BD7C-28C22BF99E83}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AFBB3018-F4D9-4C74-AF1E-91F3FB5B2409}\InprocServer32 -> M:\WFX32\CCHPDF13.OCX No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AFBB3019-F4D9-4C74-AF1E-91F3FB5B2409}\InprocServer32 -> M:\WFX32\CCHPDF13.OCX No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B11898C7-EC13-436e-99CC-2BC92FF14B76}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B1A3D9CF-9356-46A6-8211-2EF3EC034282}\InprocServer32 -> M:\WFX32\FXIMPORT.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B2B66E7C-426B-41ce-B6F4-4326B60BA333}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B3FC9D8B-8A0C-44c0-9458-3B7ABF1851FA}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B419A200-C7AA-43ca-A533-C841130D5F9D}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B6722A5C-4869-4D91-B518-F01205F4C346}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B78B1B69-1C4F-4725-B016-92BA200B752F}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{BB0F1EAF-BF57-448c-A157-334C2D920BC8}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{BBB024FB-B3AE-4fc8-9FBB-12B7715D5DFA}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{BE281A38-19EF-4fdf-9EFA-6F0A360183DB}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{BEACC58F-E643-4e97-B19E-95F6EE3500FA}\InprocServer32 -> M:\WFX32\UDHEAD13.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C0513C90-DA4F-4CF2-A783-6341B001E187}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C24633DB-39F7-4c05-B574-9DC163BF5198}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C2555CDB-587A-4cdc-BA8E-5A018A65DAE5}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C263D00A-0405-4263-A08B-9E944F80B9E4}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C417C420-EF48-4703-813A-940A9AD6BC8E}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C4B53756-FB20-434A-850F-A1DE31BFAC11}\InprocServer32 -> M:\WFX32\MCFUTIL.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C5DE939A-5627-4BDF-96AA-5A12427DC483}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C64A0B48-9429-4a29-B95F-4549F1E9215C}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C8401F46-39E6-4313-AF0C-27D26022BBD2}\InprocServer32 -> M:\WFX32\FXIMPORT.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C8D38565-A18B-4593-BC6D-A1E0E250352F}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{CCA4FFC6-D8E9-4419-8C6E-06609B287B1E}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{CD2A8362-9A3E-4B80-BAF3-ABE31F53B278}\InprocServer32 -> M:\WFX32\FXLINK.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{CDCFC67C-2890-4FCD-AD72-5586247F2CD1}\InprocServer32 -> CCHWSV11.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D057A477-515F-45ec-890F-99EC6B6F977B}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D0D738B1-D297-4e86-9965-4E80B5D8FA34}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D199B693-D826-439E-BEDD-974259A5F23C}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D1A120D3-4C19-4AEF-92D4-886287039D8A}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D5BED67D-A714-44B1-94B1-E575E8E597A7}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D64201A8-B77D-4FED-9507-177BD55A4B04}\localserver32 -> "M:\WFX32\DESKAG04.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D806A8D5-7A78-41ca-AB63-83CF5BF9E999}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D98945DA-7A2D-4964-8226-02728F178D47}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{DA00590E-172F-4D3D-ABAF-026116D7F4E0}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{DB210FC0-70F5-43D8-A3D6-BCEB81EBDC3B}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{DC865780-261D-49f9-A321-F2060710AA23}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{DF6406EA-8278-4b52-9A52-A91CDD8669C8}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E0E8BAC0-F9EF-41EC-9DDB-266B04A98D03}\InprocServer32 -> CCHWSV11.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E3D521B5-2D85-47ff-A569-DCAD1C6AB801}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E5DE092D-A01D-43fe-941E-86F5D4907C3F}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E6FA008F-6128-41a3-A065-4F3480A5EE48}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E7B403F8-3C6B-4909-B543-A0A0F8346BC7}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E827698E-15B4-471E-89A8-A0D88297C9EF}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E8561B52-AEFC-11D2-9062-0020AF002133}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E915D5EF-4904-473E-A770-C54CA988C3D5}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{ED3F2D56-3EE4-4ceb-8516-5A0BC9145151}\localserver32 -> "M:\WFX32\DESKAG04.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{EE9BA297-8D2D-4b80-B4AC-0E6C98BC4533}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{EFEBBF78-8320-4B77-BE42-A087BA9B1E83}\InprocServer32 -> M:\WFX32\DESKAG04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F2BB76F9-B343-4369-9F1C-0908452320B2}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F35D4DB4-E743-414b-811D-CBFBEC6FE0EB}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F3DF6412-B035-45B2-BCBD-FEF1208332A7}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F4E16220-CB8A-48B7-9EE4-D50D44B39414}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F4FE9C4A-835F-4cd4-A2F6-D6A4881A0A54}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F65CEE99-6972-4494-AFEB-1F523DEA1FB7}\InprocServer32 -> M:\WFX32\ITKAXC.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F7984E81-4E43-49fa-AF14-C1B7A30BAB57}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F8F4DDAA-6A67-4A04-B850-9FD4264CD45D}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F904D8CC-F7E9-47d6-8E4B-705287312615}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{FC3AD279-BB1A-42A9-8072-3C4A82F667A0}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{FD74D0A0-E187-420c-9BBE-865C6FF17901}\InprocServer32 -> CCHWSV10.DLL No File
Task: {B71136C2-3E2F-4FA0-B0D6-FABC993D8E97} - System32\Tasks\Digital Sites => C:\Users\STEVE~1.MLF\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\STEVE~1.MLF\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\STEVE~1.MLF\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
EmptyTemp:

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please post it to your reply.

2.- Run FRST again, check Addition.txt, press Scan and attach both reports.

 



#6 stroutman81

stroutman81
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 04 December 2014 - 08:54 AM

Okay, so the first log is below with the 2 other reports from the scan attached.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-12-2014
Ran by steve at 2014-12-04 08:47:13 Run:1
Running from C:\Users\steve.MLFA\Desktop
Loaded Profile: steve (Available profiles: SteveT & steve & mlfaadmin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:
Winlogon\Notify\SEP: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll [X]
S4 LMIRfsClientNP; No ImagePath
S3 radpms; system32\DRIVERS\radpms.sys [X]
U3 mbr; \??\C:\Users\STEVE~1.MLF\AppData\Local\Temp\mbr.sys [X]
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{03520C05-10E8-4C52-BDFC-DD2419645B4E}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{035A13C6-F597-49DD-9418-75B039A0184E}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{03BE871B-47FD-4d62-BD3D-FC757AF51630}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0500A491-6CB8-4289-8313-307F021E4F0F}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0537CC53-5B6B-4FD3-9F38-45E1D9CFB6A0}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{05F15890-E95A-410C-8360-3E8744FD4B33}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{074EDFEE-E585-43D8-A184-09FF1A337A97}\InprocServer32 -> M:\WFX32\DSLIBSVR.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{07598BD3-ABBE-4bee-959F-7B90253EADFF}\InprocServer32 -> M:\WFX32\UDHEAD13.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{07B2D980-4402-40bb-B00C-9EFEC2559C07}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{07C5EF41-3C13-492C-9382-095E36BFA785}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0A2E1280-D44B-4027-9467-FCF8FAFE4F0A}\InprocServer32 -> M:\WFX32\DSLIBSVR.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0BE2E177-683C-43fd-853E-6DC503F41588}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0C734C59-CFCE-4fb8-A588-1791F94A0601}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0CC28285-CD28-4177-A163-2FFD6BF4294A}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0CEAAB94-BCB1-11D3-A9CF-00500407294E}\InprocServer32 -> OLEDBCNS.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0E21CAEE-2CF5-4139-B117-D9831D70EFB3}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0ED60035-F0E2-41c6-9BB8-6A916F5E5917}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{12533DFD-DF2F-4036-8E62-51D137DBD789}\InprocServer32 -> CCHWSV12.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{14181636-7618-42B9-8608-AA3D6F689884}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{15759CFC-26FC-4c7f-95BB-83365D4DC627}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{167E3817-E57F-42e3-9678-D8F6728FC4E1}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{186B1BAA-33AB-4E08-946F-B1BCFC6C289B}\InprocServer32 -> CCHWSV12.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{19EF81C1-33EE-4864-9B14-5FB947D3EC28}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{1A235441-1942-4056-BD43-D03095AB5606}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{1CB1F433-4B16-4d14-97DC-CDB5523B319B}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{1D69710D-FBFC-43B8-A9D6-AFFFFC3FB66E}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{1F4026E0-A61E-450A-AD46-9925DED0FCF1}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{21257B40-4DEF-4dbc-8AB1-4B626A7266AF}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{238B4549-B447-4a78-A102-8465882ABA39}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{26B8A0EC-5698-4553-A384-2EFF92C887EF}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{2703A2A5-3FA5-47FD-A15A-4317731DB2EC}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{286577D3-C208-4098-85E5-FCA3712B6F69}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{2A133A21-C4B6-4654-86CB-0D21DC2CBD76}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{2B9938BA-4604-49f1-834A-F99D0AE48BE4}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{2CBEBA09-8A4C-4b6e-B65E-8F9F9F1E425B}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{2DEE58CE-0DAC-4d2e-8EF0-F451A4CAB496}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{2E2D6F00-EACE-49dc-A575-89F17AEC1CF4}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{30913BA8-F638-4DDE-8C79-3F7F74B889ED}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{30A619E2-ADC7-4C9C-A536-BA4ADF17F25F}\InprocServer32 -> M:\WFX32\CCHPDF13.OCX No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{323B1B69-B429-406A-9C09-DECDD00A84EA}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{333076BC-E928-4d9c-A62B-5F332922FBB4}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{36B221F5-A7EE-4ac6-BD57-33DE5BC2F5E5}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{392EC442-5074-45ac-9B4E-9B69AFEC9CD6}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{3B865F74-266E-46CB-962E-F33FF9698D3A}\localserver32 -> "M:\WFX32\DESKAG04.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{3D8BAC55-120B-4a02-A80C-67DAC1067B40}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{3DBE93DE-F09C-4eb2-9A01-E9A5F0C1580F}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{3EDAB866-05E0-451F-B14A-EFF65E254D5F}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{411A87A3-92F5-413E-9188-1BEA1880E8EB}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{429BD869-B571-42EE-9C1D-34BC3322A7CB}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{464A4D5-BD81-4b28-BD3D-3E6AB9CF0422}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{469A4269-A143-4351-BCD1-94049E2AACC3}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{47AB14D4-AFF3-4C09-923B-305A6BBC0BDE}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{49F8B59B-BE10-498A-BDF9-CA23D072EF9B}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{4D9FC76F-02E6-4cc9-809B-AFCE182CED9B}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{51C850B1-7736-4f11-AECB-5600AE2334E4}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{51CA7F56-DAD0-4592-8DE5-919F3FF8E61E}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{527C6963-E12E-4560-BAC8-0F8697F2404B}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{52F9FC80-E3B7-43a2-9F6F-B2F1D5004F26}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{55D0A236-366B-466d-8532-80FF43D9D507}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{55FF41F6-6B5C-4F7D-9600-9ECADB92026F}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{57F1891A-961E-418f-AC54-9EB05F910E5A}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{5A195A01-0C88-4003-A682-A63CE3F6034E}\localserver32 -> "M:\WFX32\DESKAG04.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{5B351766-0295-48a0-B7AE-4974642C83D6}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{5C8EA124-11FC-4883-BF4E-DEF1BB431F33}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{5CB76D7C-5791-4ef7-8A0C-2519DA53421F}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{5EAD9613-373F-40D3-A548-505F94D86B09}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{61B4DEEF-4DB9-4F5B-BCBB-09F12C00EDED}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{61D1BA56-C3CB-434F-9CD0-C8662D3A1D91}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{629C4BC6-832A-4a44-9119-D9ED6849B7B0}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{64F85669-8EA4-419d-A54C-E10691AFED96}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{694BCE47-BAD6-4396-AB18-604EAB3FF65D}\localserver32 -> "M:\WFX32\DESKAG04.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{6B1948ED-E691-44d8-B54B-22A21216098D}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{6B692C50-7B0E-4c50-8ECB-E61CEEF49376}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{6F310C64-1A40-4f04-A13B-9EB7D08AF6E4}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{6F94A53D-AB51-4ce6-A1A3-9F82C26D3286}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{702DE9DD-E2C3-44c0-B31E-DBD3BB7FD2CB}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{704A5B96-99F1-4e5b-B6A2-9EEC39176549}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{70856658-C103-4ccd-A3B7-792590CC3D03}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{71B7ADE2-2C54-44cb-A373-6967654C672D}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{7AD3688C-635E-41a6-8FD5-B7F297B0CCAD}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{7B13829D-3915-440f-A679-8CF5EA0EE716}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{7CBD7F70-A9FF-4C8D-AC69-61CFCA0BF6E9}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{7CFD3155-2F63-4219-B6D1-06079344C6AC}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{86C752E6-0C3B-4719-8D9F-45CC85034571}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{8B205B66-ED10-4D47-87AE-2D0205E0DD41}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{8BF7A421-2EF6-494F-B4A3-E7EF211C99B7}\InprocServer32 -> M:\WFX32\HASHALGO.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{8C8E79A6-AE16-4a0c-B05B-EB9A32D10A81}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{8C8EC235-0786-4DAD-A957-1A6CD76C28F5}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{8EBF6555-0D04-4A09-A5CE-B214E5622807}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{8FA9E057-AE9F-42ca-A547-513DF8123209}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{911777D0-5B7C-4b31-8EFE-F1489B34E1B4}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{923D218D-1266-4e19-80DD-A9EFB8A26494}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{94817876-E312-4C29-9914-9575291C7518}\InprocServer32 -> M:\WFX32\ITKAXC.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{955C0D7D-042E-4034-9D54-EBD52477A6DB}\InprocServer32 -> M:\WFX32\UDHEAD13.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{95604CCF-6A48-4E09-999B-5A415683A158}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{9640D1AB-F860-446d-8212-F866EA0ECBD4}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{96D074FB-1F34-4861-B9CE-E4965DC2DFCD}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{97A9B026-5C9E-4CD6-84D4-0F3F95CCDC8C}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{98A581FE-9627-44da-90A0-C67AFC42A202}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{998F9490-6BB9-4C6A-B4EC-B47454A8D365}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{9A03CB14-8030-416a-96A1-63CCE2200B10}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{9C676042-70C0-40a4-9967-D7428A6CDD76}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{9CD8A088-ECE7-44a3-8F2B-19DE1223D2AD}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A468C7EF-C609-4d61-938B-ADCE216C8A01}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A4D9FE99-8868-4251-B427-848BB21195D4}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A7262729-2129-4ED4-8AF8-F34042B65314}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A749E05C-0031-414B-8DD6-1D5388BB302C}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A791A8BD-DDDC-40f5-900F-6501F5348401}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A7A7F9AE-F65B-4d8d-9AFE-DB780763A7D6}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A8DEEA4B-D039-420B-97DE-191B7F6A7E7E}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A9603291-FD4E-45d4-AC0F-7A71B3977145}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A9C3976B-7E14-4FCB-895C-61A635387182}\InprocServer32 -> M:\WFX32\ITKAXC.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AA155BF8-493D-4c91-99B6-807DAD344BA7}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AA7FC5CD-52F6-47dc-90E7-A7F70FACF05B}\localserver32 -> "M:\WFX32\DESKAG04.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AC4A22D4-4D2D-4449-BCB4-B229B11F1899}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AD34D878-012F-4c1f-B07E-391B09DB1BB0}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AF3C0CF4-D371-485C-BD7C-28C22BF99E83}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AFBB3018-F4D9-4C74-AF1E-91F3FB5B2409}\InprocServer32 -> M:\WFX32\CCHPDF13.OCX No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AFBB3019-F4D9-4C74-AF1E-91F3FB5B2409}\InprocServer32 -> M:\WFX32\CCHPDF13.OCX No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B11898C7-EC13-436e-99CC-2BC92FF14B76}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B1A3D9CF-9356-46A6-8211-2EF3EC034282}\InprocServer32 -> M:\WFX32\FXIMPORT.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B2B66E7C-426B-41ce-B6F4-4326B60BA333}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B3FC9D8B-8A0C-44c0-9458-3B7ABF1851FA}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B419A200-C7AA-43ca-A533-C841130D5F9D}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B6722A5C-4869-4D91-B518-F01205F4C346}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B78B1B69-1C4F-4725-B016-92BA200B752F}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{BB0F1EAF-BF57-448c-A157-334C2D920BC8}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{BBB024FB-B3AE-4fc8-9FBB-12B7715D5DFA}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{BE281A38-19EF-4fdf-9EFA-6F0A360183DB}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{BEACC58F-E643-4e97-B19E-95F6EE3500FA}\InprocServer32 -> M:\WFX32\UDHEAD13.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C0513C90-DA4F-4CF2-A783-6341B001E187}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C24633DB-39F7-4c05-B574-9DC163BF5198}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C2555CDB-587A-4cdc-BA8E-5A018A65DAE5}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C263D00A-0405-4263-A08B-9E944F80B9E4}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C417C420-EF48-4703-813A-940A9AD6BC8E}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C4B53756-FB20-434A-850F-A1DE31BFAC11}\InprocServer32 -> M:\WFX32\MCFUTIL.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C5DE939A-5627-4BDF-96AA-5A12427DC483}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C64A0B48-9429-4a29-B95F-4549F1E9215C}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C8401F46-39E6-4313-AF0C-27D26022BBD2}\InprocServer32 -> M:\WFX32\FXIMPORT.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C8D38565-A18B-4593-BC6D-A1E0E250352F}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{CCA4FFC6-D8E9-4419-8C6E-06609B287B1E}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{CD2A8362-9A3E-4B80-BAF3-ABE31F53B278}\InprocServer32 -> M:\WFX32\FXLINK.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{CDCFC67C-2890-4FCD-AD72-5586247F2CD1}\InprocServer32 -> CCHWSV11.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D057A477-515F-45ec-890F-99EC6B6F977B}\InprocServer32 -> CCHWSV07.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D0D738B1-D297-4e86-9965-4E80B5D8FA34}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D199B693-D826-439E-BEDD-974259A5F23C}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D1A120D3-4C19-4AEF-92D4-886287039D8A}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D5BED67D-A714-44B1-94B1-E575E8E597A7}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D64201A8-B77D-4FED-9507-177BD55A4B04}\localserver32 -> "M:\WFX32\DESKAG04.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D806A8D5-7A78-41ca-AB63-83CF5BF9E999}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D98945DA-7A2D-4964-8226-02728F178D47}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{DA00590E-172F-4D3D-ABAF-026116D7F4E0}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{DB210FC0-70F5-43D8-A3D6-BCEB81EBDC3B}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{DC865780-261D-49f9-A321-F2060710AA23}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{DF6406EA-8278-4b52-9A52-A91CDD8669C8}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E0E8BAC0-F9EF-41EC-9DDB-266B04A98D03}\InprocServer32 -> CCHWSV11.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E3D521B5-2D85-47ff-A569-DCAD1C6AB801}\InprocServer32 -> M:\WFX32\CCHWSV04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E5DE092D-A01D-43fe-941E-86F5D4907C3F}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E6FA008F-6128-41a3-A065-4F3480A5EE48}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E7B403F8-3C6B-4909-B543-A0A0F8346BC7}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E827698E-15B4-471E-89A8-A0D88297C9EF}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E8561B52-AEFC-11D2-9062-0020AF002133}\localserver32 -> "M:\WFX32\WFXCDI.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E915D5EF-4904-473E-A770-C54CA988C3D5}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{ED3F2D56-3EE4-4ceb-8516-5A0BC9145151}\localserver32 -> "M:\WFX32\DESKAG04.EXE" No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{EE9BA297-8D2D-4b80-B4AC-0E6C98BC4533}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{EFEBBF78-8320-4B77-BE42-A087BA9B1E83}\InprocServer32 -> M:\WFX32\DESKAG04.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F2BB76F9-B343-4369-9F1C-0908452320B2}\InprocServer32 -> CCHWSV09.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F35D4DB4-E743-414b-811D-CBFBEC6FE0EB}\InprocServer32 -> CCHWSV10.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F3DF6412-B035-45B2-BCBD-FEF1208332A7}\InprocServer32 -> CCHWSV12.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F4E16220-CB8A-48B7-9EE4-D50D44B39414}\InprocServer32 -> CCHWSV11.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F4FE9C4A-835F-4cd4-A2F6-D6A4881A0A54}\InprocServer32 -> CCHWSV06.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F65CEE99-6972-4494-AFEB-1F523DEA1FB7}\InprocServer32 -> M:\WFX32\ITKAXC.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F7984E81-4E43-49fa-AF14-C1B7A30BAB57}\InprocServer32 -> CCHWSV05.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F8F4DDAA-6A67-4A04-B850-9FD4264CD45D}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F904D8CC-F7E9-47d6-8E4B-705287312615}\InprocServer32 -> CCHWSV08.DLL No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{FC3AD279-BB1A-42A9-8072-3C4A82F667A0}\InprocServer32 -> CCHWSV13.dll No File
CustomCLSID: HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{FD74D0A0-E187-420c-9BBE-865C6FF17901}\InprocServer32 -> CCHWSV10.DLL No File
Task: {B71136C2-3E2F-4FA0-B0D6-FABC993D8E97} - System32\Tasks\Digital Sites => C:\Users\STEVE~1.MLF\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\STEVE~1.MLF\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\STEVE~1.MLF\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
EmptyTemp:
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SEP" => Key deleted successfully.
LMIRfsClientNP => Service deleted successfully.
radpms => Service deleted successfully.
mbr => Service not found.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{03520C05-10E8-4C52-BDFC-DD2419645B4E}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{035A13C6-F597-49DD-9418-75B039A0184E}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{03BE871B-47FD-4d62-BD3D-FC757AF51630}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0500A491-6CB8-4289-8313-307F021E4F0F}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0537CC53-5B6B-4FD3-9F38-45E1D9CFB6A0}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{05F15890-E95A-410C-8360-3E8744FD4B33}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{074EDFEE-E585-43D8-A184-09FF1A337A97}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{07598BD3-ABBE-4bee-959F-7B90253EADFF}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{07B2D980-4402-40bb-B00C-9EFEC2559C07}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{07C5EF41-3C13-492C-9382-095E36BFA785}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0A2E1280-D44B-4027-9467-FCF8FAFE4F0A}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0BE2E177-683C-43fd-853E-6DC503F41588}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0C734C59-CFCE-4fb8-A588-1791F94A0601}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0CC28285-CD28-4177-A163-2FFD6BF4294A}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0CEAAB94-BCB1-11D3-A9CF-00500407294E}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0E21CAEE-2CF5-4139-B117-D9831D70EFB3}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{0ED60035-F0E2-41c6-9BB8-6A916F5E5917}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{12533DFD-DF2F-4036-8E62-51D137DBD789}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{14181636-7618-42B9-8608-AA3D6F689884}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{15759CFC-26FC-4c7f-95BB-83365D4DC627}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{167E3817-E57F-42e3-9678-D8F6728FC4E1}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{186B1BAA-33AB-4E08-946F-B1BCFC6C289B}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{19EF81C1-33EE-4864-9B14-5FB947D3EC28}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{1A235441-1942-4056-BD43-D03095AB5606}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{1CB1F433-4B16-4d14-97DC-CDB5523B319B}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{1D69710D-FBFC-43B8-A9D6-AFFFFC3FB66E}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{1F4026E0-A61E-450A-AD46-9925DED0FCF1}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{21257B40-4DEF-4dbc-8AB1-4B626A7266AF}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{238B4549-B447-4a78-A102-8465882ABA39}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{26B8A0EC-5698-4553-A384-2EFF92C887EF}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{2703A2A5-3FA5-47FD-A15A-4317731DB2EC}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{286577D3-C208-4098-85E5-FCA3712B6F69}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{2A133A21-C4B6-4654-86CB-0D21DC2CBD76}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{2B9938BA-4604-49f1-834A-F99D0AE48BE4}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{2CBEBA09-8A4C-4b6e-B65E-8F9F9F1E425B}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{2DEE58CE-0DAC-4d2e-8EF0-F451A4CAB496}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{2E2D6F00-EACE-49dc-A575-89F17AEC1CF4}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{30913BA8-F638-4DDE-8C79-3F7F74B889ED}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{30A619E2-ADC7-4C9C-A536-BA4ADF17F25F}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{323B1B69-B429-406A-9C09-DECDD00A84EA}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{333076BC-E928-4d9c-A62B-5F332922FBB4}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{36B221F5-A7EE-4ac6-BD57-33DE5BC2F5E5}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{392EC442-5074-45ac-9B4E-9B69AFEC9CD6}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{3B865F74-266E-46CB-962E-F33FF9698D3A}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{3D8BAC55-120B-4a02-A80C-67DAC1067B40}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{3DBE93DE-F09C-4eb2-9A01-E9A5F0C1580F}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{3EDAB866-05E0-451F-B14A-EFF65E254D5F}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{411A87A3-92F5-413E-9188-1BEA1880E8EB}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{429BD869-B571-42EE-9C1D-34BC3322A7CB}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{464A4D5-BD81-4b28-BD3D-3E6AB9CF0422}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{469A4269-A143-4351-BCD1-94049E2AACC3}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{47AB14D4-AFF3-4C09-923B-305A6BBC0BDE}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{49F8B59B-BE10-498A-BDF9-CA23D072EF9B}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{4D9FC76F-02E6-4cc9-809B-AFCE182CED9B}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{51C850B1-7736-4f11-AECB-5600AE2334E4}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{51CA7F56-DAD0-4592-8DE5-919F3FF8E61E}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{527C6963-E12E-4560-BAC8-0F8697F2404B}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{52F9FC80-E3B7-43a2-9F6F-B2F1D5004F26}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{55D0A236-366B-466d-8532-80FF43D9D507}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{55FF41F6-6B5C-4F7D-9600-9ECADB92026F}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{57F1891A-961E-418f-AC54-9EB05F910E5A}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{5A195A01-0C88-4003-A682-A63CE3F6034E}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{5B351766-0295-48a0-B7AE-4974642C83D6}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{5C8EA124-11FC-4883-BF4E-DEF1BB431F33}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{5CB76D7C-5791-4ef7-8A0C-2519DA53421F}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{5EAD9613-373F-40D3-A548-505F94D86B09}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{61B4DEEF-4DB9-4F5B-BCBB-09F12C00EDED}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{61D1BA56-C3CB-434F-9CD0-C8662D3A1D91}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{629C4BC6-832A-4a44-9119-D9ED6849B7B0}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{64F85669-8EA4-419d-A54C-E10691AFED96}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{694BCE47-BAD6-4396-AB18-604EAB3FF65D}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{6B1948ED-E691-44d8-B54B-22A21216098D}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{6B692C50-7B0E-4c50-8ECB-E61CEEF49376}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{6F310C64-1A40-4f04-A13B-9EB7D08AF6E4}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{6F94A53D-AB51-4ce6-A1A3-9F82C26D3286}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{702DE9DD-E2C3-44c0-B31E-DBD3BB7FD2CB}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{704A5B96-99F1-4e5b-B6A2-9EEC39176549}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{70856658-C103-4ccd-A3B7-792590CC3D03}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{71B7ADE2-2C54-44cb-A373-6967654C672D}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{7AD3688C-635E-41a6-8FD5-B7F297B0CCAD}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{7B13829D-3915-440f-A679-8CF5EA0EE716}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{7CBD7F70-A9FF-4C8D-AC69-61CFCA0BF6E9}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{7CFD3155-2F63-4219-B6D1-06079344C6AC}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{86C752E6-0C3B-4719-8D9F-45CC85034571}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{8B205B66-ED10-4D47-87AE-2D0205E0DD41}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{8BF7A421-2EF6-494F-B4A3-E7EF211C99B7}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{8C8E79A6-AE16-4a0c-B05B-EB9A32D10A81}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{8C8EC235-0786-4DAD-A957-1A6CD76C28F5}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{8EBF6555-0D04-4A09-A5CE-B214E5622807}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{8FA9E057-AE9F-42ca-A547-513DF8123209}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{911777D0-5B7C-4b31-8EFE-F1489B34E1B4}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{923D218D-1266-4e19-80DD-A9EFB8A26494}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{94817876-E312-4C29-9914-9575291C7518}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{955C0D7D-042E-4034-9D54-EBD52477A6DB}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{95604CCF-6A48-4E09-999B-5A415683A158}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{9640D1AB-F860-446d-8212-F866EA0ECBD4}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{96D074FB-1F34-4861-B9CE-E4965DC2DFCD}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{97A9B026-5C9E-4CD6-84D4-0F3F95CCDC8C}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{98A581FE-9627-44da-90A0-C67AFC42A202}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{998F9490-6BB9-4C6A-B4EC-B47454A8D365}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{9A03CB14-8030-416a-96A1-63CCE2200B10}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{9C676042-70C0-40a4-9967-D7428A6CDD76}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{9CD8A088-ECE7-44a3-8F2B-19DE1223D2AD}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A468C7EF-C609-4d61-938B-ADCE216C8A01}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A4D9FE99-8868-4251-B427-848BB21195D4}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A7262729-2129-4ED4-8AF8-F34042B65314}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A749E05C-0031-414B-8DD6-1D5388BB302C}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A791A8BD-DDDC-40f5-900F-6501F5348401}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A7A7F9AE-F65B-4d8d-9AFE-DB780763A7D6}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A8DEEA4B-D039-420B-97DE-191B7F6A7E7E}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A9603291-FD4E-45d4-AC0F-7A71B3977145}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{A9C3976B-7E14-4FCB-895C-61A635387182}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AA155BF8-493D-4c91-99B6-807DAD344BA7}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AA7FC5CD-52F6-47dc-90E7-A7F70FACF05B}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AC4A22D4-4D2D-4449-BCB4-B229B11F1899}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AD34D878-012F-4c1f-B07E-391B09DB1BB0}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AF3C0CF4-D371-485C-BD7C-28C22BF99E83}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AFBB3018-F4D9-4C74-AF1E-91F3FB5B2409}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{AFBB3019-F4D9-4C74-AF1E-91F3FB5B2409}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B11898C7-EC13-436e-99CC-2BC92FF14B76}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B1A3D9CF-9356-46A6-8211-2EF3EC034282}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B2B66E7C-426B-41ce-B6F4-4326B60BA333}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B3FC9D8B-8A0C-44c0-9458-3B7ABF1851FA}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B419A200-C7AA-43ca-A533-C841130D5F9D}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B6722A5C-4869-4D91-B518-F01205F4C346}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{B78B1B69-1C4F-4725-B016-92BA200B752F}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{BB0F1EAF-BF57-448c-A157-334C2D920BC8}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{BBB024FB-B3AE-4fc8-9FBB-12B7715D5DFA}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{BE281A38-19EF-4fdf-9EFA-6F0A360183DB}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{BEACC58F-E643-4e97-B19E-95F6EE3500FA}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C0513C90-DA4F-4CF2-A783-6341B001E187}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C24633DB-39F7-4c05-B574-9DC163BF5198}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C2555CDB-587A-4cdc-BA8E-5A018A65DAE5}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C263D00A-0405-4263-A08B-9E944F80B9E4}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C417C420-EF48-4703-813A-940A9AD6BC8E}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C4B53756-FB20-434A-850F-A1DE31BFAC11}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C5DE939A-5627-4BDF-96AA-5A12427DC483}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C64A0B48-9429-4a29-B95F-4549F1E9215C}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C8401F46-39E6-4313-AF0C-27D26022BBD2}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{C8D38565-A18B-4593-BC6D-A1E0E250352F}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{CCA4FFC6-D8E9-4419-8C6E-06609B287B1E}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{CD2A8362-9A3E-4B80-BAF3-ABE31F53B278}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{CDCFC67C-2890-4FCD-AD72-5586247F2CD1}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D057A477-515F-45ec-890F-99EC6B6F977B}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D0D738B1-D297-4e86-9965-4E80B5D8FA34}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D199B693-D826-439E-BEDD-974259A5F23C}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D1A120D3-4C19-4AEF-92D4-886287039D8A}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D5BED67D-A714-44B1-94B1-E575E8E597A7}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D64201A8-B77D-4FED-9507-177BD55A4B04}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D806A8D5-7A78-41ca-AB63-83CF5BF9E999}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{D98945DA-7A2D-4964-8226-02728F178D47}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{DA00590E-172F-4D3D-ABAF-026116D7F4E0}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{DB210FC0-70F5-43D8-A3D6-BCEB81EBDC3B}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{DC865780-261D-49f9-A321-F2060710AA23}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{DF6406EA-8278-4b52-9A52-A91CDD8669C8}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E0E8BAC0-F9EF-41EC-9DDB-266B04A98D03}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E3D521B5-2D85-47ff-A569-DCAD1C6AB801}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E5DE092D-A01D-43fe-941E-86F5D4907C3F}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E6FA008F-6128-41a3-A065-4F3480A5EE48}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E7B403F8-3C6B-4909-B543-A0A0F8346BC7}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E827698E-15B4-471E-89A8-A0D88297C9EF}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E8561B52-AEFC-11D2-9062-0020AF002133}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{E915D5EF-4904-473E-A770-C54CA988C3D5}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{ED3F2D56-3EE4-4ceb-8516-5A0BC9145151}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{EE9BA297-8D2D-4b80-B4AC-0E6C98BC4533}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{EFEBBF78-8320-4B77-BE42-A087BA9B1E83}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F2BB76F9-B343-4369-9F1C-0908452320B2}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F35D4DB4-E743-414b-811D-CBFBEC6FE0EB}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F3DF6412-B035-45B2-BCBD-FEF1208332A7}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F4E16220-CB8A-48B7-9EE4-D50D44B39414}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F4FE9C4A-835F-4cd4-A2F6-D6A4881A0A54}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F65CEE99-6972-4494-AFEB-1F523DEA1FB7}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F7984E81-4E43-49fa-AF14-C1B7A30BAB57}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F8F4DDAA-6A67-4A04-B850-9FD4264CD45D}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{F904D8CC-F7E9-47d6-8E4B-705287312615}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{FC3AD279-BB1A-42A9-8072-3C4A82F667A0}" => Key deleted successfully.
"HKU\S-1-5-21-854245398-1604221776-682003330-1113_Classes\CLSID\{FD74D0A0-E187-420c-9BBE-865C6FF17901}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B71136C2-3E2F-4FA0-B0D6-FABC993D8E97}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B71136C2-3E2F-4FA0-B0D6-FABC993D8E97}" => Key deleted successfully.
C:\Windows\System32\Tasks\Digital Sites => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites" => Key deleted successfully.
C:\Windows\Tasks\Digital Sites.job => Moved successfully.
"C:\Users\STEVE~1.MLF\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE" => File/Directory not found.
EmptyTemp: => Removed 1.1 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Attached Files



#7 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:04:26 PM

Posted 04 December 2014 - 04:50 PM

Please follow these steps:

 

1.- Download RogueKiller and Save to the desktop.

 

Note: Do NOT click the Delete button, unless otherwise instructed.

  • Close all windows and browsers
  • Double click on RogueKiller.exe to run the tool.
  • Press the scan button.
  • Once the scan is done, click on Report.
  • A log file will open, please copy/paste the context of that file into your next reply.

 

2.- Please open Malwarebytes Anti-Malware

 

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Please update the database by clicking on the Update Now button as shown below.

Capture1_zps47821576.jpg


  • Following the update, Click Settings > Detection and Protection and make sure Scan for Rootkits it checked.

MBAM%20rootkit%20setting.jpg


  • Click on Dashboard, then click on the large green Scan Now button to begin the Threat Scan.If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.

MBAMThreatScan_zpsc6c6daeb.jpg


  • After viewing the results, please click on the Copy to Clipboard button > OK.
    MBAMScanLog_zps21b494ad.jpg
  • Return to our forum. Paste your log into your next reply.
  • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.

 



#8 stroutman81

stroutman81
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 05 December 2014 - 08:21 AM

Here is my RogueKiller log:

 

RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : steve [Administrator]
Mode : Scan -- Date : 12/05/2014  08:19:23

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-854245398-1604221776-682003330-1113\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.StartMenu] HKEY_USERS\S-1-5-21-854245398-1604221776-682003330-1113\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 44 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x8973ebd0
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x8973ec68
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[19] : Unknown @ 0x89739318
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[22] : Unknown @ 0x8877f0b0
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[43] : Unknown @ 0x8973e268
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[74] : Unknown @ 0x8973e618
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[86] : Unknown @ 0x8973e060
[SSDT:Addr(Hook.SSDT)] NtCreateThread[87] : Unknown @ 0x89729cb0
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[88] : Unknown @ 0x8973e108
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[96] : Unknown @ 0x8973e300
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[111] : Unknown @ 0x89739458
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[131] : Unknown @ 0x897391a8
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[145] : Unknown @ 0x8973e008
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[147] : Unknown @ 0x8973eb38
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[155] : Unknown @ 0x88bc2fd0
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[168] : Unknown @ 0x897390f0
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[177] : Unknown @ 0x8973e580
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[190] : Unknown @ 0x89729c08
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[191] : Unknown @ 0x897393c0
[SSDT:Addr(Hook.SSDT)] NtOpenSection[194] : Unknown @ 0x8973e450
[SSDT:Addr(Hook.SSDT)] NtOpenThread[198] : Unknown @ 0x89729b60
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[215] : Unknown @ 0x8973e1c0
[SSDT:Addr(Hook.SSDT)] NtQueueApcThread[269] : Unknown @ 0x89739f80
[SSDT:Addr(Hook.SSDT)] NtQueueApcThreadEx[270] : Unknown @ 0x89739ed8
[SSDT:Addr(Hook.SSDT)] NtResumeThread[304] : Unknown @ 0x8973ed00
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[316] : Unknown @ 0x8973eec8
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[333] : Unknown @ 0x8973ef60
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[350] : Unknown @ 0x8973e398
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[366] : Unknown @ 0x8973e4e8
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[367] : Unknown @ 0x8973ed98
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[370] : Unknown @ 0x89732ce0
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[371] : Unknown @ 0x8973ee30
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[385] : Unknown @ 0x89739058
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[399] : Unknown @ 0x89739250
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[318] : Unknown @ 0x8874df60
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[402] : Unknown @ 0x88b60078
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[434] : Unknown @ 0x88b63ac8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[436] : Unknown @ 0x88b64f78
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[448] : Unknown @ 0x88bc2778
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[490] : Unknown @ 0x88b63fc0
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[508] : Unknown @ 0x88758320
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[509] : Unknown @ 0x8874d0c8
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0x8a7c36f8
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[588] : Unknown @ 0x88b64fb0

¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] ewpl26xa.default : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Found
[PUM.HomePage][FIREFX:Config] ewpl26xa.default : user_pref("browser.startup.homepage", "http://www.yahoo.com/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500AAKX-75U6AA0 +++++
--- User ---
[MBR] 8809a7643fb0ed02ea680e06e3f6ebea
[BSP] 3c6af27a7f8b17528c931948b17aeb37 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 750 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1617920 | Size: 237684 MB
User = LL1 ... OK
User = LL2 ... OK
 



#9 stroutman81

stroutman81
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 05 December 2014 - 08:41 AM

Here is the Malwarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/5/2014
Scan Time: 8:25:56 AM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.05.05
Rootkit Database: v2014.12.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: steve

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 422170
Time Elapsed: 16 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.DigitalSites.A, HKU\S-1-5-21-854245398-1604221776-682003330-1113-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DSiteProducts, Quarantined, [f87f1648295351e585f8b70e1be943bd],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#10 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:04:26 PM

Posted 05 December 2014 - 04:32 PM

Please re-run RogueKiller and press the Scan button.
Once the scan is done, click the Registry tab.
Place a checkmark on the following items:
 

[PUP] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} -> Found

[PUM.HomePage] HKEY_USERS\S-1-5-21-854245398-1604221776-682003330-1113\Software\Microsoft\Internet Explorer\Main | Start Page :

Click on the Delete button.
A report has been created on the Desktop. Please post it in your next reply.


Other than that, your logs looks clean. How are things running now?

 



#11 stroutman81

stroutman81
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 08 December 2014 - 08:48 AM

I don't see the report.  That said, I did take the actions you advised and the computer does seem to be running great.



#12 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:04:26 PM

Posted 10 December 2014 - 08:15 AM

If the computer is running fine and you're not having any other problem, then follow these final steps:

Create a System restore point.

Open System by clicking the Start button , right-clicking Computer, and then clicking Properties.
In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
Click the System Protection tab, and then click Create.
In the System Protection dialog box, type a description, and then click Create.

Run Delfix

This program will remove the tools used and its logs. If anything remains, you can delete manually delete them.
Please download Delfix and save it to your desktop.
Double click on Delfix.exe to run the tool and click on the Run button.

Finally, to help protect your computer in the future I recommend you to read this article: So how did I get infected in the first place?. I also recommend running Secunia PSI. It will monitor the software you have installed and let you know when something needs to be updated.

Be sure to post back if you have any more problems.

#13 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:03:26 PM

Posted 26 January 2015 - 11:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users