Suspected Virus

Activeradio · 12-05-2011, 05:35 PM

I'm suspecting this is a potential virus. I had to run both DDS and GMER from Safe Mode because it kept crashing after it was almost complete. There is also a problem I had with GMER. I am only given the options: Services, Registry, Files, C:\, ADS.

The main problem is that I cannot connect to servers outside of the browser, but everything works in Safe Mode.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by sbwong at 18:04:53 on 2011-12-05
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2038.1191 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search & Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\userinit.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\helppane.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: SDHelper: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes\mbamgui.exe" /starttray
mRun: [SDTray] "C:\Program Files (x86)\Spybot\SDTray.exe"
mRun: [PlusService] C:\Program Files (x86)\Messenger Plus!\PlusService.exe
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\sbwong\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\sbwong\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{4330DA31-61B4-4024-898E-ED67112E5467} : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{8A0240A1-8E28-4AA1-BF3A-9E12FC07AE40} : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{8A0240A1-8E28-4AA1-BF3A-9E12FC07AE40}\34245402C41475E4 : DhcpNameServer = 64.81.79.2
TCP: Interfaces\{8A0240A1-8E28-4AA1-BF3A-9E12FC07AE40}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B0E88D1C-519F-49E7-840C-DD59429632B0} : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{B0E88D1C-519F-49E7-840C-DD59429632B0}\34245402C41475E4 : DhcpNameServer = 64.81.79.2
TCP: Interfaces\{C527B26A-CF3B-4099-9361-2783F4D4BE79} : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{F6D6B46B-D91C-43C6-A595-925AF5B9E7D4} : DhcpNameServer = 192.168.10.1
Notify: SDWinLogon - SDWinLogon.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: SDHelper: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot\SDHelper.dll
BHO-X64: SDHelper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes\mbamgui.exe" /starttray
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot\SDTray.exe"
mRun-x64: [PlusService] C:\Program Files (x86)\Messenger Plus!\PlusService.exe
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\sbwong\AppData\Roaming\Mozilla\Firefox\Profiles\xabivk2t.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.ca
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\VLC\npvlc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avfwot;avfwot;C:\Windows\system32\DRIVERS\avfwot.sys --> C:\Windows\system32\DRIVERS\avfwot.sys [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\Hamachi\hamachi-2.exe [2011-8-15 2329480]
R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\system32\DRIVERS\avfwim.sys --> C:\Windows\system32\DRIVERS\avfwim.sys [?]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot\SDHookDrv64.sys [2011-9-23 48888]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 AntiVirFirewallService;Avira FireWall;C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-11-27 616400]
S2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-11-27 342480]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-11-27 86224]
S2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-11-27 110032]
S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2011-11-27 463824]
S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes\mbamservice.exe [2011-9-23 366152]
S2 SDHookService;Spybot S&D 2 Live Protection Service;C:\Program Files (x86)\Spybot\SDHookSvc.exe [2011-9-23 130976]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot\SDFSSvc.exe [2011-9-23 1082800]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot\SDUpdSvc.exe [2011-9-23 1149864]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot\SDWSCSvc.exe [2011-9-23 169624]
S2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2011-9-23 2358656]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-06 00:15:16 -------- d-----w- C:\Users\sbwong\AppData\Local\{9E47C933-9951-461A-B403-06B048C2C8BE}
2011-12-06 00:14:53 -------- d-----w- C:\Users\sbwong\AppData\Local\{80ECE11E-5C7E-4068-B0EA-542DE8F1E029}
2011-12-05 23:08:51 -------- d-----w- C:\ProcAlyzer Dumps
2011-12-05 07:22:45 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-05 04:51:31 -------- d-----w- C:\Users\sbwong\AppData\Local\{D1AF8D01-2B30-4E96-A302-A68DF9456E0F}
2011-12-05 04:51:00 -------- d-----w- C:\Users\sbwong\AppData\Local\{FCD31E11-9769-4788-96C5-9BADAA882C8F}
2011-12-04 09:27:20 -------- d-----w- C:\Users\sbwong\AppData\Local\{1ADD0496-B312-422F-9AFC-3D70D9C97757}
2011-12-04 09:26:55 -------- d-----w- C:\Users\sbwong\AppData\Local\{41E82495-398C-4825-8357-04A60CD60218}
2011-12-03 22:42:00 40960 ----a-w- C:\Windows\SysWow64\nwsftUninstall.exe
2011-12-03 22:41:56 588800 ------w- C:\Windows\SysWow64\WinFLCtxMenu.dll
2011-12-03 22:41:54 -------- d-----w- C:\Program Files (x86)\NewSoftware's
2011-12-03 21:26:06 -------- d-----w- C:\Users\sbwong\AppData\Local\{45D4E8B1-97F3-4687-A7C6-A74873489989}
2011-12-03 21:25:48 -------- d-----w- C:\Users\sbwong\AppData\Local\{5AEB28D7-60E9-4E5C-A32C-F97F5FE210F9}
2011-12-02 22:52:00 -------- d-----w- C:\Users\sbwong\AppData\Local\{F7530BAA-AA92-4B85-B27D-4628E1183DD9}
2011-12-02 22:51:35 -------- d-----w- C:\Users\sbwong\AppData\Local\{B4C313C4-ABFB-4CCB-B4A6-34C56E02A4D0}
2011-12-02 10:51:20 -------- d-----w- C:\Users\sbwong\AppData\Local\{8701D3B0-E36C-43D1-A67C-154E024EB380}
2011-12-01 22:50:41 -------- d-----w- C:\Users\sbwong\AppData\Local\{1B19BF09-F474-438F-9C44-755E410C007D}
2011-12-01 22:50:17 -------- d-----w- C:\Users\sbwong\AppData\Local\{9A7E6EF4-B296-4CAF-89B4-DFCD7BFA6274}
2011-12-01 10:49:47 -------- d-----w- C:\Users\sbwong\AppData\Local\{2526A726-72A4-425D-8265-9F5FC4C7D241}
2011-12-01 10:49:23 -------- d-----w- C:\Users\sbwong\AppData\Local\{8FEDADA9-F97C-4E1A-B7E7-16D886FCF275}
2011-11-30 22:48:46 -------- d-----w- C:\Users\sbwong\AppData\Local\{7B420D19-B8FC-48B3-89C4-399F790CDE01}
2011-11-30 22:48:20 -------- d-----w- C:\Users\sbwong\AppData\Local\{47B64BE7-09F6-4BFD-A823-A811F09A116B}
2011-11-29 07:05:15 -------- d-----w- C:\Users\sbwong\AppData\Local\{FFB1AABA-3FA9-452F-BE0A-2DDB60B61232}
2011-11-29 07:04:51 -------- d-----w- C:\Users\sbwong\AppData\Local\{3690EE5C-35EF-4C12-8B02-990DC2D99C3D}
2011-11-28 07:05:01 -------- d-----w- C:\Users\sbwong\AppData\Local\{1EEA413E-6C2A-47C8-B825-ED691215B3B6}
2011-11-28 07:04:38 -------- d-----w- C:\Users\sbwong\AppData\Local\{259F2F7D-D0D6-4214-A16C-79E7468CD166}
2011-11-27 18:43:26 -------- d-----w- C:\Users\sbwong\AppData\Roaming\Avira
2011-11-27 18:42:27 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-11-27 18:42:27 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2011-11-27 18:42:27 139512 ----a-w- C:\Windows\System32\drivers\avfwot.sys
2011-11-27 18:42:27 113768 ----a-w- C:\Windows\System32\drivers\avfwim.sys
2011-11-27 18:42:21 -------- d-----w- C:\Program Files (x86)\Avira
2011-11-27 08:13:32 -------- d-----w- C:\Users\sbwong\AppData\Local\Microsoft Help
2011-11-27 01:55:38 -------- d-----w- C:\Users\sbwong\AppData\Local\{7B572C6D-8667-4FA1-A686-F5788CCEC0DC}
2011-11-27 01:55:09 -------- d-----w- C:\Users\sbwong\AppData\Local\{547F6ECF-8C6A-44CE-BBBE-01FE0DEE7869}
2011-11-26 17:51:13 -------- d-----w- C:\Users\sbwong\AppData\Roaming\OnLive App
2011-11-26 17:50:26 -------- d-----w- C:\Program Files (x86)\OnLive
2011-11-25 16:30:50 -------- d-----w- C:\Users\sbwong\AppData\Roaming\Neverball
2011-11-18 15:52:41 -------- d-----w- C:\Program Files (x86)\OpenAL
2011-11-17 00:41:41 -------- d-----w- C:\Users\sbwong\AppData\Local\LogMeIn Hamachi
2011-11-17 00:39:01 -------- d-----w- C:\Program Files (x86)\Hamachi
2011-11-16 19:11:25 -------- d-----w- C:\Users\sbwong\AppData\Roaming\Warsow 0.6
2011-11-16 19:11:25 -------- d-----w- C:\Program Files (x86)\Warsow
2011-11-16 14:25:49 -------- d-----w- C:\Users\sbwong\AppData\Local\{90CF17A7-D8F0-428F-9BBC-A050610FEE41}
2011-11-16 05:41:52 3767504 ----a-w- C:\Windows\System32\d3dx9_26.dll
2011-11-16 05:41:52 2297552 ----a-w- C:\Windows\SysWow64\d3dx9_26.dll
2011-11-16 02:25:18 -------- d-----w- C:\Users\sbwong\AppData\Local\{D9DF60DF-AE72-4F66-A326-9B1514063CA9}
2011-11-16 02:25:05 -------- d-----w- C:\Users\sbwong\AppData\Local\{2258BD40-C4F5-4ECD-9529-7DBB75C59051}
2011-11-14 16:58:05 -------- d-----w- C:\Users\sbwong\AppData\Roaming\Avnex
2011-11-14 16:34:13 -------- d-----w- C:\Users\sbwong\AppData\Roaming\Screaming Bee
2011-11-14 16:32:05 -------- d-----w- C:\Program Files (x86)\VOX
2011-11-14 10:23:23 -------- d-----w- C:\Users\sbwong\AppData\Local\{AD5CD1D1-E923-4525-BF12-03AF8B4FF4AB}
2011-11-14 01:08:50 -------- d-----w- C:\Program Files (x86)\Common Files\TI Shared
2011-11-14 01:08:49 -------- d-----w- C:\Program Files (x86)\TI-83 Calculator
2011-11-13 22:22:52 -------- d-----w- C:\Users\sbwong\AppData\Local\{802C4AAC-BC6D-4E43-BE88-DADDF0C00614}
2011-11-13 17:53:28 -------- d-----w- C:\Users\sbwong\AppData\Local\SkypeFx
2011-11-13 17:53:15 -------- d-----w- C:\Users\sbwong\AppData\Local\IsolatedStorage
2011-11-13 10:22:21 -------- d-----w- C:\Users\sbwong\AppData\Local\{A30EDAE5-DCBB-4499-ACEA-371BD50BDC25}
2011-11-13 10:22:08 -------- d-----w- C:\Users\sbwong\AppData\Local\{5691714D-A626-4D3C-B10E-1DDEBDD80CD2}
2011-11-12 22:21:36 -------- d-----w- C:\Users\sbwong\AppData\Local\{F86A2F86-D6C6-45A5-8722-45B65B55122E}
2011-11-12 22:21:23 -------- d-----w- C:\Users\sbwong\AppData\Local\{3A994670-D172-488E-827D-FCAB5CE50F7F}
2011-11-09 15:35:31 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 15:35:30 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 15:35:28 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 15:35:25 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-11-09 01:50:42 -------- d-----w- C:\Users\sbwong\AppData\Local\{E6BF40C6-F909-4E84-851D-CF4AEDF86492}
2011-11-09 01:50:30 -------- d-----w- C:\Users\sbwong\AppData\Local\{77B2A37D-E5F2-4A63-B0FB-8EF23BC17E80}
2011-11-08 03:35:47 -------- d-----w- C:\Users\sbwong\AppData\Local\{F7EF109D-D51D-46EF-A0B4-1AC2A573D264}
2011-11-08 03:35:33 -------- d-----w- C:\Users\sbwong\AppData\Local\{937AAE91-AF5F-4C25-BB4C-F939A5540BDD}
2011-11-07 15:27:48 -------- d-----w- C:\Users\sbwong\AppData\Local\{379DC65A-D180-471B-B2D4-7852BCFFAF2B}
2011-11-07 15:27:13 -------- d-----w- C:\Users\sbwong\AppData\Local\{4B7C21B9-FA29-4265-A2C3-C1DB10E21901}
2011-11-07 03:19:56 -------- d-----w- C:\Users\sbwong\AppData\Local\{CDBE0BD5-132B-4935-B6AF-F7753A299DB3}
2011-11-07 03:19:44 -------- d-----w- C:\Users\sbwong\AppData\Local\{F4C82A9C-B742-46DD-A13A-DB7456BF6622}
2011-11-06 20

32 -------- d-----w- C:\Users\sbwong\jagexcache1
2011-11-06 15:19:13 -------- d-----w- C:\Users\sbwong\AppData\Local\{6365A65E-6BC0-4302-94A7-BD6DE7EF7B6A}
2011-11-06 15:19:00 -------- d-----w- C:\Users\sbwong\AppData\Local\{415CCCE5-B0FB-4C69-B870-C2D9570C6D16}
2011-11-06 02:27:58 -------- d-----w- C:\Users\sbwong\AppData\Local\{3257E811-96A0-4CE3-A64D-951045D9E346}
2011-11-06 02:27:45 -------- d-----w- C:\Users\sbwong\AppData\Local\{95C47E47-1659-4B74-BFBF-1CA0DF5D5233}
.
==================== Find3M ====================
.
2011-11-18 15:52:41 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-11-18 15:52:41 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-11-18 15:52:41 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-11-18 15:52:41 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-11-04 15:40:50 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-29 20

55 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-23 22:22:47 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-09-23 16:32:32 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2011-09-23 16:32:32 1008640 ----a-w- C:\Windows\System32\user32.dll
.
============= FINISH: 18:05:52.13 ===============

Activeradio · 12-08-2011, 07:15 PM

Bump thread

**Ried** · 12-09-2011, 07:25 AM

Hello Activeradio,

I see we've helped you in the past, but this is a different OS than the last time.

1. Please tell me more about this machine and what it is used for.

Quote:

The main problem is that I cannot connect to servers outside of the browser, but everything works in Safe Mode.

2. Please explain that comment. What servers are you trying to connect to?

3. I see you ran ComboFix (or at least tried to). What happened with that? Is there a log?

Activeradio · 12-09-2011, 03:08 PM

I switched over to a laptop with Windows 7. Useful for dual screens, and is more up to date. I wasn't sure weather to post the log or not, but here it is.

Minecraft loads their news feed from the web, and all I see is <html><head></head><body></body></html>. It won't let me connect to servers either, and occasionally applications won't connect to the update servers.

ComboFix 11-12-04.04 - sbwong 12/05/2011 0:05.1.2 - x64 NETWORK
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2038.1112 [GMT -7:00]
Running from: c:\users\sbwong\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search & Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\systemcpl.dll
c:\windows\SysWow64\delete.bat
.
----- File Replicators -----
.
c:\program files (x86)\Git\libexec\git-core\git-add.exe
c:\program files (x86)\Git\libexec\git-core\git-annotate.exe
c:\program files (x86)\Git\libexec\git-core\git-apply.exe
c:\program files (x86)\Git\libexec\git-core\git-archive.exe
c:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exe
c:\program files (x86)\Git\libexec\git-core\git-blame.exe
c:\program files (x86)\Git\libexec\git-core\git-branch.exe
c:\program files (x86)\Git\libexec\git-core\git-bundle.exe
c:\program files (x86)\Git\libexec\git-core\git-cat-file.exe
c:\program files (x86)\Git\libexec\git-core\git-check-attr.exe
c:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exe
c:\program files (x86)\Git\libexec\git-core\git-checkout-index.exe
c:\program files (x86)\Git\libexec\git-core\git-checkout.exe
c:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exe
c:\program files (x86)\Git\libexec\git-core\git-cherry.exe
c:\program files (x86)\Git\libexec\git-core\git-clean.exe
c:\program files (x86)\Git\libexec\git-core\git-clone.exe
c:\program files (x86)\Git\libexec\git-core\git-commit-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-commit.exe
c:\program files (x86)\Git\libexec\git-core\git-config.exe
c:\program files (x86)\Git\libexec\git-core\git-count-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-describe.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-files.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-index.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-diff.exe
c:\program files (x86)\Git\libexec\git-core\git-fast-export.exe
c:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-fetch.exe
c:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exe
c:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-format-patch.exe
c:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-fsck.exe
c:\program files (x86)\Git\libexec\git-core\git-gc.exe
c:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exe
c:\program files (x86)\Git\libexec\git-core\git-grep.exe
c:\program files (x86)\Git\libexec\git-core\git-hash-object.exe
c:\program files (x86)\Git\libexec\git-core\git-help.exe
c:\program files (x86)\Git\libexec\git-core\git-index-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-init-db.exe
c:\program files (x86)\Git\libexec\git-core\git-init.exe
c:\program files (x86)\Git\libexec\git-core\git-log.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-files.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-mailinfo.exe
c:\program files (x86)\Git\libexec\git-core\git-mailsplit.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-base.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-file.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-index.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-ours.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-merge.exe
c:\program files (x86)\Git\libexec\git-core\git-mktag.exe
c:\program files (x86)\Git\libexec\git-core\git-mktree.exe
c:\program files (x86)\Git\libexec\git-core\git-mv.exe
c:\program files (x86)\Git\libexec\git-core\git-name-rev.exe
c:\program files (x86)\Git\libexec\git-core\git-notes.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-refs.exe
c:\program files (x86)\Git\libexec\git-core\git-patch-id.exe
c:\program files (x86)\Git\libexec\git-core\git-peek-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-prune-packed.exe
c:\program files (x86)\Git\libexec\git-core\git-prune.exe
c:\program files (x86)\Git\libexec\git-core\git-push.exe
c:\program files (x86)\Git\libexec\git-core\git-read-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-receive-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-reflog.exe
c:\program files (x86)\Git\libexec\git-core\git-remote-ext.exe
c:\program files (x86)\Git\libexec\git-core\git-remote-fd.exe
c:\program files (x86)\Git\libexec\git-core\git-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-replace.exe
c:\program files (x86)\Git\libexec\git-core\git-repo-config.exe
c:\program files (x86)\Git\libexec\git-core\git-rerere.exe
c:\program files (x86)\Git\libexec\git-core\git-reset.exe
c:\program files (x86)\Git\libexec\git-core\git-rev-list.exe
c:\program files (x86)\Git\libexec\git-core\git-rev-parse.exe
c:\program files (x86)\Git\libexec\git-core\git-revert.exe
c:\program files (x86)\Git\libexec\git-core\git-rm.exe
c:\program files (x86)\Git\libexec\git-core\git-send-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-shortlog.exe
c:\program files (x86)\Git\libexec\git-core\git-show-branch.exe
c:\program files (x86)\Git\libexec\git-core\git-show-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-show.exe
c:\program files (x86)\Git\libexec\git-core\git-stage.exe
c:\program files (x86)\Git\libexec\git-core\git-status.exe
c:\program files (x86)\Git\libexec\git-core\git-stripspace.exe
c:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-tag.exe
c:\program files (x86)\Git\libexec\git-core\git-tar-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-unpack-file.exe
c:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-update-index.exe
c:\program files (x86)\Git\libexec\git-core\git-update-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-update-server-info.exe
c:\program files (x86)\Git\libexec\git-core\git-upload-archive.exe
c:\program files (x86)\Git\libexec\git-core\git-var.exe
c:\program files (x86)\Git\libexec\git-core\git-verify-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-verify-tag.exe
c:\program files (x86)\Git\libexec\git-core\git-whatchanged.exe
c:\program files (x86)\Git\libexec\git-core\git-write-tree.exe
c:\program files (x86)\Git\libexec\git-core\git.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))
.
.
2011-12-05 07:11 . 2011-12-05 07:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-03 22:42 . 2011-12-03 22:42 40960 ----a-w- c:\windows\SysWow64\nwsftUninstall.exe
2011-12-03 22:41 . 2011-12-03 22:41 588800 ------w- c:\windows\SysWow64\WinFLCtxMenu.dll
2011-12-03 22:41 . 2011-12-03 22:41 -------- d-----w- c:\program files (x86)\NewSoftware's
2011-11-27 18:43 . 2011-11-27 18:43 -------- d-----w- c:\users\sbwong\AppData\Roaming\Avira
2011-11-27 18:42 . 2011-09-18 15:39 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-27 18:42 . 2011-09-16 22:55 139512 ----a-w- c:\windows\system32\drivers\avfwot.sys
2011-11-27 18:42 . 2011-09-16 22:55 113768 ----a-w- c:\windows\system32\drivers\avfwim.sys
2011-11-27 18:42 . 2011-09-16 06:55 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-27 18:42 . 2011-09-16 06:55 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-27 18:42 . 2011-11-27 18:42 -------- d-----w- c:\program files (x86)\Avira
2011-11-27 08:13 . 2011-11-27 08:13 -------- d-----w- c:\users\sbwong\AppData\Local\Microsoft Help
2011-11-26 17:51 . 2011-11-26 17:51 -------- d-----w- c:\users\sbwong\AppData\Roaming\OnLive App
2011-11-26 17:50 . 2011-11-26 17:51 -------- d-----w- c:\program files (x86)\OnLive
2011-11-25 16:30 . 2011-11-25 16:31 -------- d-----w- c:\users\sbwong\AppData\Roaming\Neverball
2011-11-18 15:52 . 2011-11-18 15:52 -------- d-----w- c:\program files (x86)\OpenAL
2011-11-17 00:41 . 2011-12-05 01:09 -------- d-----w- c:\users\sbwong\AppData\Local\LogMeIn Hamachi
2011-11-17 00:39 . 2011-11-17 00:39 -------- d-----w- c:\program files (x86)\Hamachi
2011-11-16 19:11 . 2011-11-26 01:04 -------- d-----w- c:\users\sbwong\AppData\Roaming\Warsow 0.6
2011-11-16 19:11 . 2011-11-16 19:12 -------- d-----w- c:\program files (x86)\Warsow
2011-11-16 05:41 . 2005-05-26 22:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-11-16 05:41 . 2005-05-26 22:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2011-11-14 16:58 . 2011-11-14 16:58 -------- d-----w- c:\users\sbwong\AppData\Roaming\Avnex
2011-11-14 16:34 . 2011-11-14 16:34 -------- d-----w- c:\users\sbwong\AppData\Roaming\Screaming Bee
2011-11-14 16:32 . 2011-11-14 16:45 -------- d-----w- c:\program files (x86)\VOX
2011-11-14 01:08 . 2011-11-14 01:08 -------- d-----w- c:\program files (x86)\Common Files\TI Shared
2011-11-14 01:08 . 2011-11-14 01:09 -------- d-----w- c:\program files (x86)\TI-83 Calculator
2011-11-13 17:53 . 2011-11-13 17:53 -------- d-----w- c:\users\sbwong\AppData\Local\SkypeFx
2011-11-13 17:53 . 2011-11-13 17:53 -------- d-----w- c:\users\sbwong\AppData\Local\IsolatedStorage
2011-11-09 15:35 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 15:35 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 15:35 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 15:35 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-06 20:06 . 2011-11-06 20:06 -------- d-----w- c:\users\sbwong\jagexcache1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 15:52 . 2011-10-12 15:13 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-11-18 15:52 . 2011-10-12 15:13 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-11-18 15:52 . 2011-10-12 15:13 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-18 15:52 . 2011-10-12 15:13 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-11-04 15:40 . 2011-09-23 21:43 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-29 20:06 . 2011-09-23 21:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-19 15:21 . 2011-10-19 15:21 61440 ----a-r- c:\users\sbwong\AppData\Roaming\Microsoft\Installer\{6C82BEFA-21A9-4CC0-9F73-93BD0F406E33}\NewShortcut2_6C82BEFA21A94CC09F7393BD0F406E33.exe
2011-10-19 15:21 . 2011-10-19 15:21 61440 ----a-r- c:\users\sbwong\AppData\Roaming\Microsoft\Installer\{6C82BEFA-21A9-4CC0-9F73-93BD0F406E33}\NewShortcut1_6C82BEFA21A94CC09F7393BD0F406E33.exe
2011-10-07 04:16 . 2011-10-21 11:07 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{347F6D70-7675-4142-B5BB-4A874D886E14}\mpengine.dll
2011-10-01 03:21 . 2011-10-12 15:23 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-12 15:23 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-24 00:29 . 2011-09-24 00:29 3584 ----a-r- c:\users\sbwong\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-09-23 22:22 . 2011-09-23 22:23 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-23 21:57 . 2011-03-29 00:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-23 16:32 . 2009-07-13 23:38 1008640 ----a-w- c:\windows\system32\user32.dll
2011-09-23 16:32 . 2009-07-13 23:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2011-09-23 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2011-09-23 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\sbwong\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\sbwong\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\sbwong\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes\mbamgui.exe" [2011-08-31 449608]
"SDTray"="c:\program files (x86)\Spybot\SDTray.exe" [2011-08-04 3225504]
"PlusService"="c:\program files (x86)\Messenger Plus!\PlusService.exe" [2011-09-20 801792]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"LogMeIn Hamachi Ui"="c:\program files (x86)\Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzM1MjQwNzQ0LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1809&mid=44cb7564d82647d1b24bd15f07393400-f458025de3c079f33dadf6ffb768088d9979c26f" [?]
.
c:\users\sbwong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\sbwong\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-10-31 24241928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot\SDHookDrv64.sys [2011-08-04 48888]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-09-23 616400]
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-09-23 342480]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-24 86224]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-09-23 463824]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes\mbamservice.exe [2011-08-31 366152]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot\SDHookSvc.exe [2011-08-04 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot\SDFSSvc.exe [2011-08-04 1082800]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot\SDUpdSvc.exe [2011-08-04 1149864]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot\SDWSCSvc.exe [2011-08-04 169624]
R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\TeamViewer_Service.exe [2011-08-30 2358656]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\Hamachi\hamachi-2.exe [2011-08-15 2329480]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-04 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot\SDUpdate.exe [2011-09-23 22:18]
.
2011-12-05 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-09-24 15:26]
.
2011-12-05 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot\SDImmunize.exe [2011-09-23 22:17]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\sbwong\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\sbwong\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\sbwong\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\sbwong\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc64.dll" [2006-12-08 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-08 9809920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-08 73728]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\sbwong\AppData\Roaming\Mozilla\Firefox\Profiles\xabivk2t.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.ca
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-WinFLAdrv.sys
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-05 00:13:27
ComboFix-quarantined-files.txt 2011-12-05 07:13
.
Pre-Run: 6,409,662,464 bytes free
Post-Run: 6,247,903,232 bytes free
.
- - End Of File - - 452A9D515994F62DEFEDE679355BFF66

**Ried** · 12-09-2011, 04:47 PM

Thank you. :)

See if you can run an online scan. Please go to here to run the online scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click Scan
Wait for the scan to finish
If any threats were found, click the 'List of found threats' , then click Export to text file....
Save it to your desktop, then please copy and paste that log as a reply to this topic.

Activeradio · 12-09-2011, 09:28 PM

I hope it was alright if I was running in safe mode with networking. There were no threats found according to EEST.

**Ried** · 12-09-2011, 09:37 PM

I'm not seeing any malware in the logs, and Eset isn't detecting anything either. The fact you can connect in Safe Mode with Networking indicates it may be your protective program that is preventing you from accessing certain sites.

How long ago did you install Avira Internet Security? How long ago did this problem start?

You might want to try a little test - uninstall Avira Internet Security and see if you can connect to those sites in Normal Mode. If so - then your issue is being caused by some configuration setting in Avira. Most likely the Firewall component.

Activeradio · 12-09-2011, 11:07 PM

It kept nagging me to upgrade to 2012, so I upgraded last week. A few days before I had posted this thread, I couldn't connect to servers outside of the browser. Connections seem to be working after I uninstalled Avira. I tried disabling the individual modules, but my computer was still causing problems. It does have virus like characteristics, but there is no virus.

**Ried** · 12-10-2011, 07:36 AM

Did you pay for the program? If so, I would recommend discussing the issue with Avira Support at their forum. Perhaps they can tell you which settings would be involved.

If this is the free version, I would recommend using another AV. Here are 2 very good free Anti Virus programs:

Select one of these, or another of your choice. Download, install, update definitions.

Activeradio · 02-25-2012, 08:06 AM

Sorry about bumping this thread. Although my system turned out clean, I started to notice a few problems.

When I right click on files, explorer.exe starts to freeze up. I let it restart, and everything works fine. It eventually goes back to the way it was.
I cannot access my system properties via "My Computer > Properties" or "All Control Panel Items > System".
I can no longer use the accessibility tools such as On Screen Keyboard. It asks me to confirm usage twice, but never lets me open them.

Activeradio · 03-05-2012, 02:54 PM

Bump thread

Activeradio · 03-09-2012, 07:15 PM

Bump thread

Activeradio · 03-14-2012, 07:55 PM

Bump thread

**Ried** · 03-14-2012, 08:58 PM

I just happened to see this thread. It had been 2 months and you hadn't replied, so I unsubscribed from this thread presuming you were done. I can't remain subscribed to threads indefinitely. :)

I'm going to need all new logs. You should still have dds.scr on the machine, if not, you'll find the download link and instructions in our pre-posting topic New Instructions - Read This Before Posting for Malware Removal Help.

I'll need both logs it produces.

===============================

Also, please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. Allow it to download the Avast database.

When that has completed, click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Activeradio · 03-17-2012, 03:00 PM

Sorry about that, I'll get the logs ASAP. I'm going to try and run it though Safe Mode first

Activeradio · 03-17-2012, 03:47 PM

Here they are

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by sbwong at 16:19:54 on 2012-03-17
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2038.1240 [GMT -6:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search & Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - C:\Program Files (x86)\IEPro\iepro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: SDHelper: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\IEPro\IEProRecorder.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ScreenSnapr] C:\Program Files (x86)\ScreenSnapr\ScreenSnapr.exe /winstart
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes\mbamgui.exe" /starttray
mRun: [SDTray] "C:\Program Files (x86)\Spybot\SDTray.exe"
mRun: [PlusService] C:\Program Files (x86)\Messenger Plus!\PlusService.exe
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\sbwong\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\sbwong\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - C:\Program Files (x86)\IEPro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - C:\Program Files (x86)\IEPro\iepro.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{4330DA31-61B4-4024-898E-ED67112E5467} : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{8A0240A1-8E28-4AA1-BF3A-9E12FC07AE40} : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{8A0240A1-8E28-4AA1-BF3A-9E12FC07AE40}\34245402C41475E4 : DhcpNameServer = 64.81.79.2
TCP: Interfaces\{8A0240A1-8E28-4AA1-BF3A-9E12FC07AE40}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B0E88D1C-519F-49E7-840C-DD59429632B0} : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{B0E88D1C-519F-49E7-840C-DD59429632B0}\14E64627F69646021405 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{B0E88D1C-519F-49E7-840C-DD59429632B0}\14E64627F696461405 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{B0E88D1C-519F-49E7-840C-DD59429632B0}\342454027457563747E45647 : DhcpNameServer = 64.81.79.2
TCP: Interfaces\{B0E88D1C-519F-49E7-840C-DD59429632B0}\34245402C41475E4 : DhcpNameServer = 64.81.79.2
TCP: Interfaces\{B0E88D1C-519F-49E7-840C-DD59429632B0}\7527F6E67602D4F62696C656 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{C527B26A-CF3B-4099-9361-2783F4D4BE79} : DhcpNameServer = 192.168.10.1
Notify: SDWinLogon - SDWinLogon.dll
BHO-X64: IE7Pro BHO: {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\IEPro\iepro.dll
BHO-X64: IE7Pro - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: SDHelper: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot\SDHelper.dll
BHO-X64: SDHelper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\IEPro\IEProRecorder.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes\mbamgui.exe" /starttray
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot\SDTray.exe"
mRun-x64: [PlusService] C:\Program Files (x86)\Messenger Plus!\PlusService.exe
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\Hamachi\hamachi-2-ui.exe" --auto-start
IE-X64: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\sbwong\AppData\Roaming\Mozilla\Firefox\Profiles\xabivk2t.default\
FF - prefs.js: browser.startup.homepage - file:///C:/Program%20Files%20(x86)/Firefox/homepage/index.htm
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\VLC\npvlc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avfwot;avfwot;C:\Windows\system32\DRIVERS\avfwot.sys --> C:\Windows\system32\DRIVERS\avfwot.sys [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\Hamachi\hamachi-2.exe [2012-2-28 2343816]
R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\system32\DRIVERS\avfwim.sys --> C:\Windows\system32\DRIVERS\avfwim.sys [?]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot\SDHookDrv64.sys [2011-9-23 48888]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 AntiVirFirewallService;Avira FireWall;C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-1-21 616400]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-1-21 86224]
S2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-1-21 110032]
S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-1-21 463824]
S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes\mbamservice.exe [2011-12-29 652872]
S2 SDHookService;Spybot S&D 2 Live Protection Service;C:\Program Files (x86)\Spybot\SDHookSvc.exe [2011-9-23 130976]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot\SDFSSvc.exe [2011-12-30 892336]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot\SDUpdSvc.exe [2011-9-23 955816]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot\SDWSCSvc.exe [2011-9-23 169624]
S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-23 2886528]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-1-21 342480]
.
=============== Created Last 30 ================
.
2012-03-17 14:41:28 -------- d-----w- C:\Users\sbwong\AppData\Local\{8C90B231-F001-40D8-BEFA-2AC4BC67049D}
2012-03-17 14:41:01 -------- d-----w- C:\Users\sbwong\AppData\Local\{7A1E736B-E568-40B6-A364-360C5F2B2CA1}
2012-03-17 02:40:31 -------- d-----w- C:\Users\sbwong\AppData\Local\{6BB52499-65B7-4220-9A3A-683194C8A3F6}
2012-03-17 02:40:06 -------- d-----w- C:\Users\sbwong\AppData\Local\{384CF5DD-1E70-49A2-8028-DA5FFB32F4C2}
2012-03-15 00:31:47 -------- d-----w- C:\Users\sbwong\AppData\Local\{DFBE50A5-70BF-4FD9-8A09-D3A092815DDF}
2012-03-12 20:57:43 -------- d-----w- C:\Users\sbwong\AppData\Local\{C798F957-C621-49B9-BED6-00C1F2336D7A}
2012-03-12 08:55:53 -------- d-----w- C:\Users\sbwong\AppData\Local\{1D687E91-B03C-4939-AFC0-B051583B0B8A}
2012-03-11 20:55:15 -------- d-----w- C:\Users\sbwong\AppData\Local\{559C0B36-74C1-419E-B91C-0AC8F8283F46}
2012-03-11 20:55:01 -------- d-----w- C:\Users\sbwong\AppData\Local\{949B8B12-8648-44FC-8BC1-3668007BC601}
2012-03-11 20:54:49 -------- d-----w- C:\Users\sbwong\AppData\Local\{58574ED1-C24A-4521-BFEB-4E2B84D56C01}
2012-03-11 20:54:20 -------- d-----w- C:\Users\sbwong\AppData\Local\{E99FFCCD-83F4-451D-AA13-97714A948837}
2012-03-11 20:49:47 -------- d-----w- C:\Windows\System32\SPReview
2012-03-11 20:46:46 -------- d-----w- C:\Windows\System32\EventProviders
2012-03-11 15:22:42 -------- d-----w- C:\ProgramData\SecTaskMan
2012-03-11 15:21:34 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2012-03-10 21:14:02 -------- d-----w- C:\Users\sbwong\AppData\Local\{B6A9C7DB-69BD-4BB8-AD64-24A0D902FEF4}
2012-03-10 21:13:35 -------- d-----w- C:\Users\sbwong\AppData\Local\{26BDA260-E6B7-43CA-A5E7-AB5069E328B5}
2012-03-10 03

11 -------- d-----w- C:\Program Files (x86)\Hamachi
2012-03-09 17:32:04 -------- d-----w- C:\Users\sbwong\AppData\Local\{92054F62-9D66-492C-B81B-F673089EB575}
2012-03-09 17:31:53 -------- d-----w- C:\Users\sbwong\AppData\Local\{B75CFCCA-38C7-4A9C-A882-8BB1C382198F}
2012-03-09 05:31:02 -------- d-----w- C:\Users\sbwong\AppData\Local\{C7701E88-D969-44EB-830D-89DF925416F6}
2012-03-09 05:30:51 -------- d-----w- C:\Users\sbwong\AppData\Local\{4DDF2C45-FE09-4F98-932C-65159F59642D}
2012-03-08 17:29:58 -------- d-----w- C:\Users\sbwong\AppData\Local\{DEECF573-D71E-48C7-BF65-9502B33BB4AB}
2012-03-08 17:29:47 -------- d-----w- C:\Users\sbwong\AppData\Local\{F0BA7B5E-47AE-42BF-A994-B6A6DB961222}
2012-03-08 05:28:56 -------- d-----w- C:\Users\sbwong\AppData\Local\{8B4797BB-4589-4F54-8ACF-08BBA115F4F9}
2012-03-08 05:28:45 -------- d-----w- C:\Users\sbwong\AppData\Local\{E0FE5AD0-23A6-4274-A182-C237EE66E808}
2012-03-07 17:27:52 -------- d-----w- C:\Users\sbwong\AppData\Local\{73044FA5-741D-43A3-A03A-5821F03B4751}
2012-03-07 17:27:40 -------- d-----w- C:\Users\sbwong\AppData\Local\{5991BEE1-B95A-4814-AEF6-BD915076642C}
2012-03-07 05:26:43 -------- d-----w- C:\Users\sbwong\AppData\Local\{3496F4EB-6810-4065-8DEA-D68123F49832}
2012-03-07 05:26:31 -------- d-----w- C:\Users\sbwong\AppData\Local\{9C17F46D-E3B5-49CE-88C7-C243C98C8213}
2012-03-07 05:26:18 -------- d-----w- C:\Users\sbwong\AppData\Local\{57F81820-D244-4E8D-B332-87626D15B767}
2012-03-06 17:25:35 -------- d-----w- C:\Users\sbwong\AppData\Local\{F2FF2E1A-83DB-4B6D-88A5-C667A85EB7E4}
2012-03-06 05:24:52 -------- d-----w- C:\Users\sbwong\AppData\Local\{78125A3D-360C-407C-8580-4BADC3AEBC5F}
2012-03-05 17:24:12 -------- d-----w- C:\Users\sbwong\AppData\Local\{F49A5820-A43C-4680-AC22-0534AE5C0EFC}
2012-03-05 05:23:32 -------- d-----w- C:\Users\sbwong\AppData\Local\{74C58D2B-DB3D-4C99-9692-877871A936E9}
2012-03-04 17:22:50 -------- d-----w- C:\Users\sbwong\AppData\Local\{2DBC7720-07FA-4AA0-A5B8-BD76A4591996}
2012-03-04 05:22:08 -------- d-----w- C:\Users\sbwong\AppData\Local\{7EDF4F41-7691-4BD7-8384-2C8A1CC65570}
2012-03-04 05:21:39 -------- d-----w- C:\Users\sbwong\AppData\Local\{357410CF-2952-493C-968F-637E3632AB7E}
2012-03-03 17:21:06 -------- d-----w- C:\Users\sbwong\AppData\Local\{0CB6EFA4-9C3B-4556-94B3-CE4EEBDE4A31}
2012-03-03 05:20:23 -------- d-----w- C:\Users\sbwong\AppData\Local\{1D9CD0DA-D337-4D4B-BEB9-3A631408F04D}
2012-03-02 17:19:38 -------- d-----w- C:\Users\sbwong\AppData\Local\{9081D2EC-D7AF-4887-AF97-8EFC92ED5351}
2012-03-02 05:22:00 -------- d-----w- C:\Users\sbwong\AppData\Roaming\SWFWireDebugger
2012-03-02 05:21:53 -------- d-----w- C:\Program Files (x86)\SWFWire Debugger
2012-03-02 05:18:57 -------- d-----w- C:\Users\sbwong\AppData\Local\{7126251C-0A24-496F-813A-57FDC20A2A04}
2012-03-02 05:17:58 -------- d-----w- C:\Program Files (x86)\FlashDecompiler
2012-03-01 17:18:15 -------- d-----w- C:\Users\sbwong\AppData\Local\{A80DD9E3-5C48-4F5E-AFD0-0C8E3BE9DBCD}
2012-03-01 05:17:34 -------- d-----w- C:\Users\sbwong\AppData\Local\{A804C396-75C4-4AF7-BC31-0C3DCE0807E8}
2012-02-29 17:16:52 -------- d-----w- C:\Users\sbwong\AppData\Local\{9A4ECD0B-0228-4D8D-A0DB-2F5AAC120BDE}
2012-02-29 05:16:10 -------- d-----w- C:\Users\sbwong\AppData\Local\{9A4D0983-DBED-4BD5-B311-224919C5C809}
2012-02-28 17:15:29 -------- d-----w- C:\Users\sbwong\AppData\Local\{D7AAC295-947B-4EF3-9C8B-35FE29BCB041}
2012-02-28 05:14:45 -------- d-----w- C:\Users\sbwong\AppData\Local\{B9E95BEC-2530-4673-803D-0E59CB876334}
2012-02-28 02:10:49 -------- d-----w- C:\Users\sbwong\AppData\Roaming\Powerbat
2012-02-27 17:14:04 -------- d-----w- C:\Users\sbwong\AppData\Local\{DBE102A4-3042-4D3D-844F-56B4F6E53769}
2012-02-27 05:13:19 -------- d-----w- C:\Users\sbwong\AppData\Local\{3FCA2B78-EF44-4019-A355-0A69B908E0F9}
2012-02-27 05:12:51 -------- d-----w- C:\Users\sbwong\AppData\Local\{20553986-D753-4107-8BE4-FC28172FE443}
2012-02-26 17:12:15 -------- d-----w- C:\Users\sbwong\AppData\Local\{0DC0B0D3-E103-4572-834A-02B04D92B8D2}
2012-02-26 17:12:09 -------- d-----w- C:\Users\sbwong\AppData\Local\{B437B9C6-8FF0-485D-ADF9-879C7487DC64}
2012-02-26 17:11:46 -------- d-----w- C:\Users\sbwong\AppData\Local\{E9634BFB-97B5-4ABE-AF82-322337F76D1E}
2012-02-26 02:41:18 -------- d-----w- C:\Users\sbwong\AppData\Roaming\fofix
2012-02-26 00:32:54 -------- d-----w- C:\FoFiX
2012-02-26 00:30:21 -------- d-----w- C:\Program Files (x86)\FoFiX
2012-02-25 23:36:18 -------- d-----w- C:\Users\sbwong\AppData\Local\{714276AD-77B5-4F5B-AE97-1F7012928C11}
2012-02-25 23

36 -------- d-----w- C:\Users\sbwong\AppData\Local\DDMSettings
2012-02-25 22:02:11 -------- d-----w- C:\Program Files (x86)\ScreenSnapr
2012-02-25 11:35:34 -------- d-----w- C:\Users\sbwong\AppData\Local\{682EFEE8-1E02-4631-8466-244AF0BC687F}
2012-02-24 23:34:52 -------- d-----w- C:\Users\sbwong\AppData\Local\{E33E740E-2AA2-4C26-ACF7-08DA37E6175D}
2012-02-24 11:34:20 -------- d-----w- C:\Users\sbwong\AppData\Local\{C589FEBE-F6B6-4E41-B09B-0D93A39A6106}
2012-02-24 05:33:52 -------- d-----w- C:\Ace of Spades
2012-02-23 23:33:38 -------- d-----w- C:\Users\sbwong\AppData\Local\{5E41CFF5-6E82-4F11-8A70-98CD0A640C72}
2012-02-23 11:32:55 -------- d-----w- C:\Users\sbwong\AppData\Local\{FFB6A13F-0E39-4171-A4FE-873551C36F52}
2012-02-22 23:32:06 -------- d-----w- C:\Users\sbwong\AppData\Local\{C93B47E5-F49F-49A2-A6DE-FBCF2DC07F34}
2012-02-22 23:31:41 -------- d-----w- C:\Users\sbwong\AppData\Local\{3FA5D384-F950-4B1F-8611-F3F7A86B008E}
2012-02-21 04:02:04 -------- d-----w- C:\Users\sbwong\AppData\Local\{ADA6E03E-06FC-431C-8962-DB93334E3E96}
2012-02-21 04:01:37 -------- d-----w- C:\Users\sbwong\AppData\Local\{54D98A21-D879-4DC1-8E50-819E9068BE55}
2012-02-20 16:00:31 -------- d-----w- C:\Users\sbwong\AppData\Local\{F8E89E5D-52B8-4258-B996-A5077CEAC822}
2012-02-20 15:59:34 -------- d-----w- C:\Users\sbwong\AppData\Local\{C1184060-8DAB-4500-BB88-271AE8FD63C4}
2012-02-20 03:59:15 -------- d-----w- C:\Users\sbwong\AppData\Local\{91035AB4-D627-4E66-BE4C-6525EC2122E7}
2012-02-20 03:58:51 -------- d-----w- C:\Users\sbwong\AppData\Local\{788FB8EF-2D92-4616-A697-DBF99E940BE6}
2012-02-19 15:58:32 -------- d-----w- C:\Users\sbwong\AppData\Local\{38D7109B-EE68-4E19-B582-74514C075D77}
2012-02-19 15:58:06 -------- d-----w- C:\Users\sbwong\AppData\Local\{2EEAEBB4-4CF7-42E4-B7F8-0F8FB2DFC63B}
2012-02-19 03:57:49 -------- d-----w- C:\Users\sbwong\AppData\Local\{4D7294B3-C216-4924-8773-1BA6E2622763}
2012-02-19 03:57:23 -------- d-----w- C:\Users\sbwong\AppData\Local\{7D7B4299-3715-4E64-B80D-78C077663BDD}
2012-02-18 20:13:39 -------- d-----w- C:\Program Files (x86)\PopCap Games
2012-02-18 20:09:19 -------- d-----w- C:\ProgramData\PopCap Games
2012-02-18 15:57:07 -------- d-----w- C:\Users\sbwong\AppData\Local\{79F0C71A-05AF-4212-B2DE-80839E73BCAA}
2012-02-18 15:56:42 -------- d-----w- C:\Users\sbwong\AppData\Local\{46808610-B070-4813-9B1C-3741439C0D76}
2012-02-18 03:56:26 -------- d-----w- C:\Users\sbwong\AppData\Local\{3A4044E7-E29A-44EC-AF6F-EB3BCE8B50FC}
2012-02-17 15:55:44 -------- d-----w- C:\Users\sbwong\AppData\Local\{2B2FFFEE-0599-485C-959E-FD6E9842C8EE}
2012-02-17 03:55:02 -------- d-----w- C:\Users\sbwong\AppData\Local\{9AE62B46-A86C-4396-8004-D21F06F0C831}
.
==================== Find3M ====================
.
2012-03-15 01:36:55 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 00:48:42 354176 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 16:22:00.22 ===============

**Ried** · 03-18-2012, 09:31 PM

I'm not seeing any malware in those logs. Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply. Please copy/paste the log directly into the reply window. Only attach logs when requested, thanks.

Activeradio · 03-19-2012, 03:42 PM

16:40:41.0588 1480 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
16:40:43.0619 1480 ============================================================
16:40:43.0619 1480 Current date / time: 2012/03/19 16:40:43.0619
16:40:43.0619 1480 SystemInfo:
16:40:43.0619 1480
16:40:43.0619 1480 OS Version: 6.1.7600 ServicePack: 0.0
16:40:43.0619 1480 Product type: Workstation
16:40:43.0619 1480 ComputerName: SJW-D630
16:40:43.0619 1480 UserName: sbwong
16:40:43.0620 1480 Windows directory: C:\Windows
16:40:43.0620 1480 System windows directory: C:\Windows
16:40:43.0620 1480 Running under WOW64
16:40:43.0620 1480 Processor architecture: Intel x64
16:40:43.0620 1480 Number of processors: 2
16:40:43.0620 1480 Page size: 0x1000
16:40:43.0620 1480 Boot type: Normal boot
16:40:43.0620 1480 ============================================================
16:40:45.0201 1480 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:40:45.0217 1480 \Device\Harddisk0\DR0:
16:40:45.0225 1480 MBR used
16:40:45.0226 1480 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:40:45.0226 1480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A52800
16:40:45.0248 1480 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4A8533F, BlocksNum 0x4A89182
16:40:45.0373 1480 Initialize success
16:40:45.0373 1480 ============================================================
16:40:59.0948 2904 ============================================================
16:40:59.0948 2904 Scan started
16:40:59.0948 2904 Mode: Manual;
16:40:59.0948 2904 ============================================================
16:41:02.0230 2904 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
16:41:02.0248 2904 1394ohci - ok
16:41:02.0315 2904 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
16:41:02.0324 2904 ACPI - ok
16:41:02.0375 2904 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
16:41:02.0383 2904 AcpiPmi - ok
16:41:02.0532 2904 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:41:02.0606 2904 adp94xx - ok
16:41:02.0726 2904 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:41:02.0781 2904 adpahci - ok
16:41:02.0842 2904 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:41:02.0855 2904 adpu320 - ok
16:41:02.0964 2904 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
16:41:02.0975 2904 AFD - ok
16:41:03.0020 2904 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
16:41:03.0028 2904 agp440 - ok
16:41:03.0067 2904 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
16:41:03.0073 2904 aliide - ok
16:41:03.0095 2904 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
16:41:03.0101 2904 amdide - ok
16:41:03.0143 2904 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:41:03.0152 2904 AmdK8 - ok
16:41:03.0175 2904 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:41:03.0183 2904 AmdPPM - ok
16:41:03.0243 2904 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
16:41:03.0254 2904 amdsata - ok
16:41:03.0299 2904 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:41:03.0314 2904 amdsbs - ok
16:41:03.0360 2904 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
16:41:03.0363 2904 amdxata - ok
16:41:03.0581 2904 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
16:41:03.0591 2904 AppID - ok
16:41:03.0671 2904 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:41:03.0682 2904 arc - ok
16:41:03.0709 2904 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:41:03.0723 2904 arcsas - ok
16:41:03.0808 2904 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:41:03.0824 2904 AsyncMac - ok
16:41:03.0867 2904 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
16:41:03.0868 2904 atapi - ok
16:41:03.0967 2904 avfwim (886ceddeb9e347f7c37263ca234eae65) C:\Windows\system32\DRIVERS\avfwim.sys
16:41:03.0971 2904 avfwim - ok
16:41:04.0085 2904 avfwot (10ce27cb8e47feb48f557e0cd8d1874d) C:\Windows\system32\DRIVERS\avfwot.sys
16:41:04.0089 2904 avfwot - ok
16:41:04.0182 2904 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
16:41:04.0186 2904 avgntflt - ok
16:41:04.0252 2904 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
16:41:04.0256 2904 avipbb - ok
16:41:04.0308 2904 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
16:41:04.0310 2904 avkmgr - ok
16:41:04.0377 2904 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:41:04.0401 2904 b06bdrv - ok
16:41:04.0459 2904 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:41:04.0475 2904 b57nd60a - ok
16:41:04.0589 2904 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
16:41:04.0664 2904 BCM43XX - ok
16:41:04.0740 2904 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:41:04.0745 2904 Beep - ok
16:41:04.0817 2904 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:41:04.0825 2904 blbdrive - ok
16:41:04.0901 2904 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
16:41:04.0904 2904 bowser - ok
16:41:04.0980 2904 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:41:04.0991 2904 BrFiltLo - ok
16:41:05.0023 2904 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:41:05.0044 2904 BrFiltUp - ok
16:41:05.0097 2904 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:41:05.0136 2904 Brserid - ok
16:41:05.0170 2904 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:41:05.0193 2904 BrSerWdm - ok
16:41:05.0243 2904 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:41:05.0248 2904 BrUsbMdm - ok
16:41:05.0269 2904 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:41:05.0276 2904 BrUsbSer - ok
16:41:05.0345 2904 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:41:05.0352 2904 BthEnum - ok
16:41:05.0403 2904 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:41:05.0413 2904 BTHMODEM - ok
16:41:05.0468 2904 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:41:05.0479 2904 BthPan - ok
16:41:05.0545 2904 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
16:41:05.0578 2904 BTHPORT - ok
16:41:05.0620 2904 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
16:41:05.0654 2904 BTHUSB - ok
16:41:05.0718 2904 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:41:05.0745 2904 cdfs - ok
16:41:05.0797 2904 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
16:41:05.0812 2904 cdrom - ok
16:41:05.0865 2904 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:41:05.0876 2904 circlass - ok
16:41:05.0921 2904 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:41:05.0931 2904 CLFS - ok
16:41:06.0017 2904 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:41:06.0024 2904 CmBatt - ok
16:41:06.0054 2904 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
16:41:06.0061 2904 cmdide - ok
16:41:06.0118 2904 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
16:41:06.0129 2904 CNG - ok
16:41:06.0182 2904 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:41:06.0185 2904 Compbatt - ok
16:41:06.0229 2904 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:41:06.0239 2904 CompositeBus - ok
16:41:06.0273 2904 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:41:06.0281 2904 crcdisk - ok
16:41:06.0339 2904 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
16:41:06.0363 2904 CSC - ok
16:41:06.0511 2904 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
16:41:06.0522 2904 dc3d - ok
16:41:06.0634 2904 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
16:41:06.0638 2904 DfsC - ok
16:41:06.0706 2904 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:41:06.0709 2904 discache - ok
16:41:06.0761 2904 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:41:06.0764 2904 Disk - ok
16:41:06.0828 2904 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:41:06.0833 2904 drmkaud - ok
16:41:06.0916 2904 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
16:41:06.0967 2904 DXGKrnl - ok
16:41:07.0203 2904 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:41:07.0364 2904 ebdrv - ok
16:41:07.0508 2904 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:41:07.0549 2904 elxstor - ok
16:41:07.0601 2904 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
16:41:07.0625 2904 ErrDev - ok
16:41:07.0679 2904 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:41:07.0707 2904 exfat - ok
16:41:07.0775 2904 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:41:07.0790 2904 fastfat - ok
16:41:07.0829 2904 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:41:07.0836 2904 fdc - ok
16:41:07.0863 2904 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:41:07.0866 2904 FileInfo - ok
16:41:07.0893 2904 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:41:07.0901 2904 Filetrace - ok
16:41:07.0928 2904 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:41:07.0935 2904 flpydisk - ok
16:41:07.0982 2904 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
16:41:07.0989 2904 FltMgr - ok
16:41:08.0040 2904 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:41:08.0061 2904 FsDepends - ok
16:41:08.0088 2904 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:41:08.0096 2904 Fs_Rec - ok
16:41:08.0151 2904 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:41:08.0157 2904 fvevol - ok
16:41:08.0198 2904 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:41:08.0208 2904 gagp30kx - ok
16:41:08.0242 2904 GEARAspiWDM - ok
16:41:08.0313 2904 guardian2 (d8e84d3d614bc444fab97bc78489f067) C:\Windows\system32\Drivers\oz776x64.sys
16:41:08.0325 2904 guardian2 - ok
16:41:08.0389 2904 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
16:41:08.0397 2904 hamachi - ok
16:41:08.0454 2904 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys
16:41:08.0463 2904 hcmon - ok
16:41:08.0509 2904 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:41:08.0519 2904 hcw85cir - ok
16:41:08.0577 2904 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
16:41:08.0598 2904 HdAudAddService - ok
16:41:08.0661 2904 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:41:08.0664 2904 HDAudBus - ok
16:41:08.0687 2904 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:41:08.0696 2904 HidBatt - ok
16:41:08.0714 2904 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:41:08.0727 2904 HidBth - ok
16:41:08.0754 2904 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:41:08.0762 2904 HidIr - ok
16:41:08.0822 2904 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
16:41:08.0830 2904 HidUsb - ok
16:41:08.0878 2904 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:41:08.0889 2904 HpSAMD - ok
16:41:08.0941 2904 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
16:41:08.0959 2904 HTTP - ok
16:41:08.0984 2904 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
16:41:08.0986 2904 hwpolicy - ok
16:41:09.0055 2904 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:41:09.0068 2904 i8042prt - ok
16:41:09.0173 2904 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
16:41:09.0198 2904 iaStorV - ok
16:41:09.0472 2904 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:41:09.0728 2904 igfx - ok
16:41:09.0823 2904 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:41:09.0832 2904 iirsp - ok
16:41:09.0888 2904 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
16:41:09.0891 2904 intelide - ok
16:41:09.0929 2904 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:41:09.0931 2904 intelppm - ok
16:41:09.0967 2904 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:41:09.0978 2904 IpFilterDriver - ok
16:41:10.0047 2904 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:41:10.0067 2904 IPMIDRV - ok
16:41:10.0086 2904 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:41:10.0099 2904 IPNAT - ok
16:41:10.0140 2904 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:41:10.0146 2904 IRENUM - ok
16:41:10.0171 2904 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
16:41:10.0179 2904 isapnp - ok
16:41:10.0219 2904 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
16:41:10.0236 2904 iScsiPrt - ok
16:41:10.0312 2904 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:41:10.0323 2904 kbdclass - ok
16:41:10.0377 2904 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
16:41:10.0384 2904 kbdhid - ok
16:41:10.0444 2904 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
16:41:10.0447 2904 KSecDD - ok
16:41:10.0472 2904 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
16:41:10.0477 2904 KSecPkg - ok
16:41:10.0526 2904 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:41:10.0533 2904 ksthunk - ok
16:41:10.0630 2904 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:41:10.0640 2904 lltdio - ok
16:41:10.0701 2904 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:41:10.0714 2904 LSI_FC - ok
16:41:10.0745 2904 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:41:10.0774 2904 LSI_SAS - ok
16:41:10.0804 2904 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:41:10.0815 2904 LSI_SAS2 - ok
16:41:10.0846 2904 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:41:10.0857 2904 LSI_SCSI - ok
16:41:10.0901 2904 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:41:10.0904 2904 luafv - ok
16:41:10.0953 2904 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
16:41:10.0955 2904 MBAMProtector - ok
16:41:11.0003 2904 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:41:11.0012 2904 megasas - ok
16:41:11.0059 2904 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:41:11.0084 2904 MegaSR - ok
16:41:11.0123 2904 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:41:11.0125 2904 Modem - ok
16:41:11.0161 2904 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:41:11.0162 2904 monitor - ok
16:41:11.0206 2904 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:41:11.0216 2904 mouclass - ok
16:41:11.0262 2904 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:41:11.0270 2904 mouhid - ok
16:41:11.0299 2904 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
16:41:11.0303 2904 mountmgr - ok
16:41:11.0337 2904 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
16:41:11.0367 2904 mpio - ok
16:41:11.0403 2904 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:41:11.0413 2904 mpsdrv - ok
16:41:11.0448 2904 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
16:41:11.0461 2904 MRxDAV - ok
16:41:11.0517 2904 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:41:11.0522 2904 mrxsmb - ok
16:41:11.0558 2904 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:41:11.0566 2904 mrxsmb10 - ok
16:41:11.0595 2904 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:41:11.0599 2904 mrxsmb20 - ok
16:41:11.0655 2904 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
16:41:11.0663 2904 msahci - ok
16:41:11.0701 2904 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
16:41:11.0715 2904 msdsm - ok
16:41:11.0803 2904 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:41:11.0805 2904 Msfs - ok
16:41:11.0824 2904 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:41:11.0830 2904 mshidkmdf - ok
16:41:11.0852 2904 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
16:41:11.0854 2904 msisadrv - ok
16:41:11.0909 2904 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:41:11.0918 2904 MSKSSRV - ok
16:41:11.0946 2904 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:41:11.0952 2904 MSPCLOCK - ok
16:41:11.0982 2904 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:41:11.0988 2904 MSPQM - ok
16:41:12.0030 2904 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
16:41:12.0039 2904 MsRPC - ok
16:41:12.0081 2904 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:41:12.0082 2904 mssmbios - ok
16:41:12.0122 2904 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:41:12.0128 2904 MSTEE - ok
16:41:12.0165 2904 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:41:12.0181 2904 MTConfig - ok
16:41:12.0214 2904 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:41:12.0217 2904 Mup - ok
16:41:12.0281 2904 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:41:12.0301 2904 NativeWifiP - ok
16:41:12.0369 2904 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
16:41:12.0413 2904 NDIS - ok
16:41:12.0447 2904 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:41:12.0455 2904 NdisCap - ok
16:41:12.0492 2904 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:41:12.0499 2904 NdisTapi - ok
16:41:12.0550 2904 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
16:41:12.0559 2904 Ndisuio - ok
16:41:12.0587 2904 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:41:12.0602 2904 NdisWan - ok
16:41:12.0629 2904 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
16:41:12.0638 2904 NDProxy - ok
16:41:12.0680 2904 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:41:12.0683 2904 NetBIOS - ok
16:41:12.0741 2904 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
16:41:12.0748 2904 NetBT - ok
16:41:13.0068 2904 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
16:41:13.0331 2904 netw5v64 - ok
16:41:13.0449 2904 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:41:13.0458 2904 nfrd960 - ok
16:41:13.0497 2904 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:41:13.0500 2904 Npfs - ok
16:41:13.0530 2904 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:41:13.0532 2904 nsiproxy - ok
16:41:13.0651 2904 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
16:41:13.0719 2904 Ntfs - ok
16:41:13.0786 2904 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:41:13.0792 2904 Null - ok
16:41:14.0072 2904 nvlddmkm (70a8de13525b96c0659016b5cd6ca3e2) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:41:14.0353 2904 nvlddmkm - ok
16:41:14.0488 2904 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
16:41:14.0501 2904 nvraid - ok
16:41:14.0532 2904 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
16:41:14.0545 2904 nvstor - ok
16:41:14.0584 2904 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
16:41:14.0597 2904 nv_agp - ok
16:41:14.0668 2904 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
16:41:14.0680 2904 ohci1394 - ok
16:41:14.0777 2904 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:41:14.0791 2904 Parport - ok
16:41:14.0820 2904 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
16:41:14.0823 2904 partmgr - ok
16:41:14.0856 2904 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
16:41:14.0861 2904 pci - ok
16:41:14.0887 2904 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
16:41:14.0898 2904 pciide - ok
16:41:14.0933 2904 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:41:14.0939 2904 pcmcia - ok
16:41:14.0960 2904 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:41:14.0963 2904 pcw - ok
16:41:15.0008 2904 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:41:15.0041 2904 PEAUTH - ok
16:41:15.0234 2904 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
16:41:15.0244 2904 Point64 - ok
16:41:15.0336 2904 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
16:41:15.0348 2904 PptpMiniport - ok
16:41:15.0377 2904 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:41:15.0388 2904 Processor - ok
16:41:15.0434 2904 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
16:41:15.0439 2904 Psched - ok
16:41:15.0519 2904 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:41:15.0606 2904 ql2300 - ok
16:41:15.0633 2904 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:41:15.0646 2904 ql40xx - ok
16:41:15.0676 2904 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:41:15.0685 2904 QWAVEdrv - ok
16:41:15.0710 2904 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:41:15.0716 2904 RasAcd - ok
16:41:15.0761 2904 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:41:15.0770 2904 RasAgileVpn - ok
16:41:15.0813 2904 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:41:15.0826 2904 Rasl2tp - ok
16:41:15.0858 2904 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:41:15.0872 2904 RasPppoe - ok
16:41:15.0905 2904 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:41:15.0915 2904 RasSstp - ok
16:41:15.0946 2904 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
16:41:15.0954 2904 rdbss - ok
16:41:15.0980 2904 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:41:15.0988 2904 rdpbus - ok
16:41:16.0010 2904 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:41:16.0012 2904 RDPCDD - ok
16:41:16.0046 2904 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
16:41:16.0059 2904 RDPDR - ok
16:41:16.0113 2904 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:41:16.0121 2904 RDPENCDD - ok
16:41:16.0160 2904 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:41:16.0162 2904 RDPREFMP - ok
16:41:16.0210 2904 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
16:41:16.0224 2904 RDPWD - ok
16:41:16.0267 2904 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
16:41:16.0273 2904 rdyboost - ok
16:41:16.0336 2904 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:41:16.0362 2904 RFCOMM - ok
16:41:16.0429 2904 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:41:16.0436 2904 RimUsb - ok
16:41:16.0503 2904 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:41:16.0532 2904 rspndr - ok
16:41:16.0575 2904 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
16:41:16.0581 2904 s3cap - ok
16:41:16.0615 2904 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
16:41:16.0628 2904 sbp2port - ok
16:41:16.0672 2904 SCDEmu (46942b6980b35ffda6afa40a8328938c) C:\Windows\system32\drivers\SCDEmu.sys
16:41:16.0683 2904 SCDEmu - ok
16:41:16.0704 2904 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
16:41:16.0713 2904 scfilter - ok
16:41:16.0782 2904 ScreamBAudioSvc (490b0b68bb938d5c628ec4a67277be75) C:\Windows\system32\drivers\ScreamingBAudio64.sys
16:41:16.0811 2904 ScreamBAudioSvc - ok
16:41:16.0899 2904 SDHookDriver (16080b87c1992415be20a83fe8da1b14) C:\Program Files (x86)\Spybot\SDHookDrv64.sys
16:41:16.0927 2904 SDHookDriver - ok
16:41:17.0073 2904 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:41:17.0080 2904 secdrv - ok
16:41:17.0168 2904 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:41:17.0176 2904 Serenum - ok
16:41:17.0231 2904 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:41:17.0243 2904 Serial - ok
16:41:17.0289 2904 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:41:17.0297 2904 sermouse - ok
16:41:17.0379 2904 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
16:41:17.0386 2904 sffdisk - ok
16:41:17.0433 2904 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:41:17.0444 2904 sffp_mmc - ok
16:41:17.0468 2904 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:41:17.0476 2904 sffp_sd - ok
16:41:17.0501 2904 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:41:17.0508 2904 sfloppy - ok
16:41:17.0649 2904 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:41:17.0658 2904 SiSRaid2 - ok
16:41:17.0683 2904 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:41:17.0695 2904 SiSRaid4 - ok
16:41:17.0727 2904 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:41:17.0742 2904 Smb - ok
16:41:17.0793 2904 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:41:17.0795 2904 spldr - ok
16:41:17.0883 2904 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
16:41:17.0909 2904 srv - ok
16:41:17.0949 2904 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
16:41:17.0959 2904 srv2 - ok
16:41:18.0021 2904 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:41:18.0037 2904 SrvHsfHDA - ok
16:41:18.0118 2904 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:41:18.0193 2904 SrvHsfV92 - ok
16:41:18.0259 2904 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:41:18.0305 2904 SrvHsfWinac - ok
16:41:18.0354 2904 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
16:41:18.0359 2904 srvnet - ok
16:41:18.0412 2904 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:41:18.0421 2904 stexstor - ok
16:41:18.0468 2904 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
16:41:18.0471 2904 storflt - ok
16:41:18.0501 2904 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
16:41:18.0510 2904 storvsc - ok
16:41:18.0535 2904 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:41:18.0543 2904 swenum - ok
16:41:18.0695 2904 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
16:41:18.0764 2904 Tcpip - ok
16:41:18.0869 2904 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
16:41:18.0892 2904 TCPIP6 - ok
16:41:18.0934 2904 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
16:41:18.0943 2904 tcpipreg - ok
16:41:18.0974 2904 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:41:18.0981 2904 TDPIPE - ok
16:41:19.0026 2904 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
16:41:19.0033 2904 TDTCP - ok
16:41:19.0078 2904 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
16:41:19.0089 2904 tdx - ok
16:41:19.0188 2904 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
16:41:19.0199 2904 TermDD - ok
16:41:19.0280 2904 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:41:19.0283 2904 tssecsrv - ok
16:41:19.0357 2904 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
16:41:19.0362 2904 tunnel - ok
16:41:19.0409 2904 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:41:19.0426 2904 uagp35 - ok
16:41:19.0491 2904 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
16:41:19.0512 2904 udfs - ok
16:41:19.0575 2904 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:41:19.0586 2904 uliagpkx - ok
16:41:19.0628 2904 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
16:41:19.0637 2904 umbus - ok
16:41:19.0660 2904 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:41:19.0665 2904 UmPass - ok
16:41:19.0717 2904 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
16:41:19.0727 2904 usbccgp - ok
16:41:19.0819 2904 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
16:41:19.0853 2904 usbcir - ok
16:41:19.0906 2904 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
16:41:19.0922 2904 usbehci - ok
16:41:19.0977 2904 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
16:41:20.0002 2904 usbhub - ok
16:41:20.0032 2904 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
16:41:20.0039 2904 usbohci - ok
16:41:20.0084 2904 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:41:20.0092 2904 usbprint - ok
16:41:20.0119 2904 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:41:20.0140 2904 USBSTOR - ok
16:41:20.0173 2904 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:41:20.0186 2904 usbuhci - ok
16:41:20.0261 2904 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
16:41:20.0276 2904 usbvideo - ok
16:41:20.0379 2904 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:41:20.0382 2904 vdrvroot - ok
16:41:20.0443 2904 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:41:20.0451 2904 vga - ok
16:41:20.0480 2904 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:41:20.0488 2904 VgaSave - ok
16:41:20.0524 2904 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
16:41:20.0542 2904 vhdmp - ok
16:41:20.0588 2904 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
16:41:20.0596 2904 viaide - ok
16:41:20.0680 2904 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
16:41:20.0698 2904 vmbus - ok
16:41:20.0722 2904 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
16:41:20.0728 2904 VMBusHID - ok
16:41:20.0787 2904 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys
16:41:20.0792 2904 vmci - ok
16:41:20.0836 2904 vmkbd (ed82d26b5e26542615483b8bed77d826) C:\Windows\system32\drivers\VMkbd.sys
16:41:20.0853 2904 vmkbd - ok
16:41:20.0898 2904 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys
16:41:20.0906 2904 VMnetAdapter - ok
16:41:20.0961 2904 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys
16:41:20.0971 2904 VMnetBridge - ok
16:41:21.0006 2904 VMnetuserif (94dd802da1a3bbf7402246cb48cfea83) C:\Windows\system32\drivers\vmnetuserif.sys
16:41:21.0014 2904 VMnetuserif - ok
16:41:21.0055 2904 VMparport (a36c1a0ed9c6ea4c9d7872db7401fa6f) C:\Windows\system32\drivers\VMparport.sys
16:41:21.0063 2904 VMparport - ok
16:41:21.0182 2904 vmx86 (06eb22ea8e451654346ea0f9c56dd795) C:\Windows\system32\drivers\vmx86.sys
16:41:21.0192 2904 vmx86 - ok
16:41:21.0243 2904 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
16:41:21.0247 2904 volmgr - ok
16:41:21.0289 2904 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
16:41:21.0299 2904 volmgrx - ok
16:41:21.0333 2904 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
16:41:21.0341 2904 volsnap - ok
16:41:21.0385 2904 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:41:21.0399 2904 vsmraid - ok
16:41:21.0433 2904 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:41:21.0441 2904 vwifibus - ok
16:41:21.0486 2904 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:41:21.0496 2904 VWiFiFlt - ok
16:41:21.0522 2904 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:41:21.0529 2904 vwifimp - ok
16:41:21.0566 2904 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:41:21.0573 2904 WacomPen - ok
16:41:21.0625 2904 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:41:21.0637 2904 WANARP - ok
16:41:21.0644 2904 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:41:21.0646 2904 Wanarpv6 - ok
16:41:21.0795 2904 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:41:21.0804 2904 Wd - ok
16:41:21.0849 2904 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:41:21.0864 2904 Wdf01000 - ok
16:41:21.0999 2904 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:41:22.0006 2904 WfpLwf - ok
16:41:22.0059 2904 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:41:22.0068 2904 WIMMount - ok
16:41:22.0182 2904 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
16:41:22.0193 2904 WinUsb - ok
16:41:22.0266 2904 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:41:22.0268 2904 WmiAcpi - ok
16:41:22.0314 2904 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:41:22.0321 2904 ws2ifsl - ok
16:41:22.0365 2904 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
16:41:22.0377 2904 WudfPf - ok
16:41:22.0424 2904 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:41:22.0437 2904 WUDFRd - ok
16:41:22.0562 2904 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:41:22.0618 2904 \Device\Harddisk0\DR0 - ok
16:41:22.0625 2904 Boot (0x1200) (53ecb83d5197ee0a39f30d4d97e8dc6d) \Device\Harddisk0\DR0\Partition0
16:41:22.0627 2904 \Device\Harddisk0\DR0\Partition0 - ok
16:41:22.0639 2904 Boot (0x1200) (ca9f0ba8b7b698cc3338dabb386df538) \Device\Harddisk0\DR0\Partition1
16:41:22.0641 2904 \Device\Harddisk0\DR0\Partition1 - ok
16:41:22.0660 2904 Boot (0x1200) (9f61fdf2586f8cead64092e9307a4a63) \Device\Harddisk0\DR0\Partition2
16:41:22.0662 2904 \Device\Harddisk0\DR0\Partition2 - ok
16:41:22.0663 2904 ============================================================
16:41:22.0663 2904 Scan finished
16:41:22.0663 2904 ============================================================
16:41:22.0684 2096 Detected object count: 0
16:41:22.0684 2096 Actual detected object count: 0
16:41:37.0886 3928 Deinitialize success

**Ried** · 03-19-2012, 05:48 PM

Delete your existing ComboFix.exe if you still have it from last time. Download the latest version from here

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Activeradio · 03-22-2012, 12:01 AM

Alright, doing the scan now