Jump to content

PUM.UserWLoad


Recommended Posts

Hi, I'm here because I need help getting rid of this stupid PUM.UserWLoad thing. I had that moneypack FBI virus a few weeks ago but I got rid of it. Now I'm having trouble with internet browsing (I'm using Safe Mode with Networking to make my life easier). I've been getting a ieframe.dll error page online too. I've run MB several times, and the only thing that is detected is this PUP file, which won't go away after restarting my computer!

I should also mention when I log in to my desktop I always get a .dll error message ("could not be found"), but this has been going on for a while and I haven't noticed any other problems along with it.

some more Context: I have a little Sony Vaio computer with windows 7 (starter edition). I'm using the latest internet explorer. I don't think that I have an AV but I run MB (quick scan) every week or two, and it will usually help if I have any snags/bugs. I delete myhistory/files/cookies/ every day too.

I've been following these instructions as best as I can to get here. (although I ran the dds thing in safe mode, is that okay?).

If anyone could help me out, I'd really appreciate it, and bear with me as I'm not the most tech-savvy person on earth.

dds.txt

attach.txt

Link to post
Share on other sites

Thanks screen317

So here's this...

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2012.12.29.03

Windows 7 x86 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Wyatt :: WYATT-VAIO [administrator]

12/29/2012 10:52:21 PM

mbam-log-2012-12-29 (22-52-21).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 228008

Time elapsed: 9 minute(s), 5 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Wyatt\LOCALS~1\Temp\msuquuyk.pif -> Delete on reboot.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

After I rebooted, ran DDS and got this...

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK

Internet Explorer: 9.0.8112.16457

Run by Wyatt at 23:03:57 on 2012-12-29

Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.593 [GMT -8:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.com/

mStart Page = hxxp://www.bigseekpro.com/accmeware/{E528FBF1-D27C-48FE-B374-B967816EC659}

uProxyServer = hxxp=127.0.0.1:54949

uProxyOverride = <local>;*.local

uWindows: Load = c:\users\wyatt\locals~1\temp\msuquuyk.pif

BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - c:\program files\coupon companion plugin\Coupon Companion Plugin.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} -

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} -

uRun: [CompHost] rundll32 "certdccw.dll",CreateProcessNotify

uRun: [Loytyd] c:\users\wyatt\appdata\roaming\mucay\okfys.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [smartWiHelper] "c:\program files\sony\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"

mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{1C7094A9-AF19-464E-91A2-EEF617F124C6} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{1C7094A9-AF19-464E-91A2-EEF617F124C6}\14454583036383 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{1C7094A9-AF19-464E-91A2-EEF617F124C6}\2375942554633353 : DHCPNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

Notify: VESWinlogon - VESWinlogon.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2010-6-28 789856]

R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-12-2 9344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2012-6-22 265952]

S2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-9-14 642416]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-27 43944]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-30 29472]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-9-27 140376]

S3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\drivers\MAudioMIDISPORT.sys [2010-10-6 169224]

S3 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2010-6-30 122880]

S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2010-6-30 120104]

S3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\common files\sony shared\sohlib\SOHDBSvr.exe [2010-6-30 70952]

S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2010-6-30 427304]

S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2010-6-30 75048]

S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\common files\sony shared\sohlib\SOHPlMgr.exe [2010-6-30 91432]

S3 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2010-6-30 513392]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2010-6-30 480624]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\sony\vcm intelligent network service manager\VcmINSMgr.exe [2010-6-30 361840]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2010-6-30 83312]

S3 VUAgent;VUAgent;c:\program files\sony\vaio update common\VUAgent.exe [2012-1-13 939624]

.

=============== Created Last 30 ================

.

2012-12-30 00:52:36 -------- d-----w- c:\users\wyatt\appdata\local\Wajam

2012-12-30 00:52:26 -------- d-----w- c:\users\wyatt\appdata\local\Coupon Companion Plugin

2012-12-30 00:52:19 -------- d-----w- c:\program files\Coupon Companion Plugin

2012-12-28 22:40:00 -------- d-----w- c:\users\wyatt\appdata\roaming\Poyh

2012-12-28 22:40:00 -------- d-----w- c:\users\wyatt\appdata\roaming\Mucay

2012-12-28 22:40:00 -------- d-----w- c:\users\wyatt\appdata\roaming\Epxoak

2012-12-28 17:32:21 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fe27f9ab-a723-418b-83c2-2089070ac68e}\mpengine.dll

2012-12-21 06:29:52 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 06:29:52 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-13 06:32:53 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-12-13 06:32:52 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-12-13 06:32:42 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-09 23:59:46 -------- d-----w- c:\program files\Enigma Software Group

.

==================== Find3M ====================

.

2012-12-15 00:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-22 07:43:13 2344960 ----a-w- c:\windows\system32\win32k.sys

2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-10-16 20:34:37 559104 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-11 03:20:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-11 03:20:29 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-04 16:53:53 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-10-04 16:49:12 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-10-04 15:00:00 271360 ----a-w- c:\windows\system32\conhost.exe

2012-10-04 14:44:29 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:44:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:44:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:44:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 23:06:29.82 ===============

And this...

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Starter

Boot Device: \Device\HarddiskVolume2

Install Date: 11/12/2010 5:20:09 PM

System Uptime: 12/29/2012 11:02:38 PM (0 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Atom CPU N470 @ 1.83GHz | N/A | 1828/667mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 227 GiB total, 172.344 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Ethernet Controller

Device ID: PCI\VEN_197B&DEV_0260&SUBSYS_9075104D&REV_02\4&194AE453&0&05E1

Manufacturer:

Name: Ethernet Controller

PNP Device ID: PCI\VEN_197B&DEV_0260&SUBSYS_9075104D&REV_02\4&194AE453&0&05E1

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP312: 12/9/2012 4:11:59 PM - Removed SpyHunter

RP313: 12/9/2012 4:13:23 PM - Removed SpyHunter

RP314: 12/9/2012 4:40:01 PM - Windows Update

RP315: 12/13/2012 3:02:17 AM - Windows Update

RP316: 12/18/2012 10:13:06 AM - Windows Update

RP317: 12/20/2012 10:29:05 PM - Windows Update

RP318: 12/25/2012 12:30:45 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.1.2

Adobe Shockwave Player 11.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft WebCam Companion 3

Armagetron Advanced 0.2.8.3.1.gcc

AstroViewer 3.1.4

Audacity 1.3.13 (Unicode)

Bonjour

Compatibility Pack for the 2007 Office system

Coupon Companion Plugin

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Intel® Graphics Media Accelerator Driver

iTunes

Java Auto Updater

Java 6 Update 18

JMicron Flash Media Controller Driver

Junk Mail filter update

LAME v3.98.3 for Audacity

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MilkDrop for Winamp 2x (remove only)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Next Generation Visualisations

One-click FLAC to MP3 Converter

PMB

QuickTime

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Setting Utility Series

SmartWi Connection Utility

Sony Home Network Library

Stop Motion Animator 1.1.XP

Synaptics Pointing Device Driver

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VAIO Care

VAIO Content Metadata Intelligent Analyzing Manager

VAIO Content Metadata Intelligent Network Service Manager

VAIO Content Metadata Manager Settings

VAIO Content Metadata XML Interface Library

VAIO Content Monitoring Settings

VAIO Control Center

VAIO Data Restore Tool

VAIO Entertainment Platform

VAIO Event Service

VAIO Hardware Diagnostics

VAIO Help and Support

VAIO Media plus

VAIO Media plus Opening Movie

VAIO OOBE and Startup Assistant

VAIO Original Function Settings

VAIO Power Management

VAIO Survey

VAIO Transfer Support

VAIO Update

VAIO Update Merge Module x86

VU5x86

WIDCOMM Bluetooth Software

Winamp

Winamp Detector Plug-in

Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)

Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

12/29/2012 6:01:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

12/29/2012 4:52:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

12/29/2012 4:14:51 PM, Error: Service Control Manager [7022] - The VAIO Content Folder Watcher service hung on starting.

12/29/2012 3:21:14 PM, Error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The process cannot access the file because it is being used by another process.

12/29/2012 11:05:23 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/29/2012 11:03:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/29/2012 11:03:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/29/2012 11:03:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/29/2012 11:03:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/29/2012 11:03:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/29/2012 11:03:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache spldr Wanarpv6

12/28/2012 9:31:41 PM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831

12/26/2012 8:43:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

12/25/2012 9:33:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

12/25/2012 1:17:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

12/24/2012 3:05:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VzCdbSvc service.

12/24/2012 12:51:47 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.

.

==== End Of File ===========================

Link to post
Share on other sites

Hey thanks! Here it is:

# AdwCleaner v2.104 - Logfile created 01/01/2013 at 11:43:48

# Updated 29/12/2012 by Xplode

# Operating system : Windows 7 Starter (32 bits)

# User : Wyatt - WYATT-VAIO

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Wyatt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MN1JFWKD\adwcleaner.exe

# Option [search]

***** [services] *****

Found : Updater Service for StartNow Toolbar

***** [Files / Folders] *****

File Found : C:\Users\Wyatt\AppData\Local\Temp\Uninstall.exe

Folder Found : C:\ProgramData\Trymedia

Folder Found : C:\Users\Wyatt\AppData\Local\Wajam

Folder Found : C:\Users\Wyatt\AppData\LocalLow\FunWebProducts

Folder Found : C:\Users\Wyatt\AppData\LocalLow\MyWebSearch

Folder Found : C:\Users\Wyatt\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products

Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts

Key Found : HKCU\Software\Cr_Installer

Key Found : HKCU\Software\InstalledBrowserExtensions

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\Zugo

Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject

Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject

Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/accmeware/{E528FBF1-D27C-48FE-B374-B967816EC659}

*************************

AdwCleaner[R1].txt - [4457 octets] - [01/01/2013 11:43:48]

########## EOF - C:\AdwCleaner[R1].txt - [4517 octets] ##########

Link to post
Share on other sites

  • Staff

Hi,

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number

Link to post
Share on other sites

Here ya go:

# AdwCleaner v2.104 - Logfile created 01/01/2013 at 11:51:00

# Updated 29/12/2012 by Xplode

# Operating system : Windows 7 Starter (32 bits)

# User : Wyatt - WYATT-VAIO

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Wyatt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MN1JFWKD\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Updater Service for StartNow Toolbar

***** [Files / Folders] *****

File Deleted : C:\Users\Wyatt\AppData\Local\Temp\Uninstall.exe

Folder Deleted : C:\ProgramData\Trymedia

Folder Deleted : C:\Users\Wyatt\AppData\Local\Wajam

Folder Deleted : C:\Users\Wyatt\AppData\LocalLow\FunWebProducts

Folder Deleted : C:\Users\Wyatt\AppData\LocalLow\MyWebSearch

Folder Deleted : C:\Users\Wyatt\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products

Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\InstalledBrowserExtensions

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Zugo

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/accmeware/{E528FBF1-D27C-48FE-B374-B967816EC659} --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [4586 octets] - [01/01/2013 11:43:48]

AdwCleaner[s1].txt - [4672 octets] - [01/01/2013 11:51:00]

########## EOF - C:\AdwCleaner[s1].txt - [4732 octets] ##########

Link to post
Share on other sites

Things are running fine in safe mode- normal mode not so much.

Dang, ran a scan and it's still there. I'm going to reboot anyway

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2012.12.29.03

Windows 7 x86 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Wyatt :: WYATT-VAIO [administrator]

1/1/2013 12:22:15 PM

mbam-log-2013-01-01 (12-22-15).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 232163

Time elapsed: 11 minute(s), 59 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Wyatt\LOCALS~1\Temp\msuquuyk.pif -> Delete on reboot.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

  • Staff

Hi,

We have an advanced product in development that is now in public Beta: Malwarebytes Anti-Rootkit. This tool has been designed to address the specific type of infection(s) identified on your system. At this stage Malwarebytes Anti-Rootkit has been heavily tested and we are confident in it's capabilities and stability. That being said, this is a Beta product and certain disclaimers need to be made. All Beta versions are not final products. Malwarebytes does not guarantee the absence of errors which might lead to interruption in normal computer operations or data loss. Precautions should be taken. The types of infections targeted by Malwarebytes Anti-Rootkit can be very difficult to remove. Please be sure you have any valued data backed up before proceeding, just as a precaution.

While we encourage and invite participation, Malwarebytes Anti-Rootkit Beta users run the tool at their own risk. Malwarebytes bears no responsibility for issues that may arise during use of this tool, however all reasonable efforts will be made by Malwarebytes to assist in recovery should the need arise.

If you agree to these terms, please let us know and we will provide a download link and instructions for you.

Link to post
Share on other sites

  • Staff

Simply copy and paste any documents or pictures you couldn't live without to an external hard drive or flash drive. Alternatively, burn a CD. The risk is low, but we give that disclaimer because you can never be too careful.

When you're ready, here is a link to instructions and a download link; post both logs that it creates:

http://www.malwarebytes.org/products/mbar/

Link to post
Share on other sites

  • Staff

Okay let's skip that for now.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

If after ComboFix reboots you get a message about an "Invalid Option Registry Key Marked for Deletion," please reboot again and the error will go away.

-screen317

Link to post
Share on other sites

ComboFix 13-01-01.02 - Wyatt 01/01/2013 14:05:32.1.2 - x86 NETWORK

Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.448 [GMT -8:00]

Running from: c:\users\Wyatt\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Coupon Companion Plugin\CoUPon companion plugin.dll

c:\program files\Downloaded Installers

c:\program files\StartNow Toolbar

c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe

c:\programdata\4e0eaba6

c:\users\Public\Documents\~WRL2546.tmp

c:\users\Wyatt\99

c:\users\Wyatt\AppData\Roaming\Axefo

c:\users\Wyatt\AppData\Roaming\Axefo\avbe.tmp

c:\users\Wyatt\AppData\Roaming\Axefo\avbe.yni

c:\users\Wyatt\AppData\Roaming\Mucay

c:\users\Wyatt\AppData\Roaming\Mucay\okfys.exe

c:\users\Wyatt\Documents\~WRL3338.tmp

c:\users\Wyatt\Documents\~WRL3745.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-12-01 to 2013-01-01 )))))))))))))))))))))))))))))))

.

.

2013-01-01 22:20 . 2013-01-01 22:20 -------- d-----w- c:\users\Trish\AppData\Local\temp

2013-01-01 22:19 . 2013-01-01 22:22 -------- d-----w- c:\users\Wyatt\AppData\Local\temp

2013-01-01 22:19 . 2013-01-01 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-01 22:05 . 2013-01-01 22:05 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CE8D026-02BD-4DA6-987F-F08AA8F4FF18}\offreg.dll

2013-01-01 20:00 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CE8D026-02BD-4DA6-987F-F08AA8F4FF18}\mpengine.dll

2013-01-01 04:19 . 2013-01-01 04:19 -------- d-----w- c:\windows\Sun

2012-12-30 00:52 . 2012-12-30 00:52 -------- d-----w- c:\users\Wyatt\AppData\Local\Coupon Companion Plugin

2012-12-30 00:52 . 2013-01-01 22:18 -------- d-----w- c:\program files\Coupon Companion Plugin

2012-12-28 22:40 . 2012-12-31 23:29 -------- d-----w- c:\users\Wyatt\AppData\Roaming\Epxoak

2012-12-28 22:40 . 2012-12-28 22:40 -------- d-----w- c:\users\Wyatt\AppData\Roaming\Poyh

2012-12-21 06:29 . 2012-12-16 14:25 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 06:29 . 2012-12-16 14:25 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-13 06:32 . 2012-11-02 04:48 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-12-13 06:32 . 2012-09-06 16:48 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-12-13 06:32 . 2012-11-09 04:49 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-09 23:59 . 2012-12-09 23:59 -------- d-----w- c:\program files\Enigma Software Group

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-15 00:49 . 2011-02-19 19:44 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-16 20:34 . 2012-11-27 23:58 559104 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-11 03:20 . 2012-10-11 03:20 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-11 03:20 . 2011-10-11 05:43 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-23 8120864]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-26 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-26 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-26 150552]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-23 1578280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"SmartWiHelper"="c:\program files\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880]

"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-12-15 1091432]

"Z1"="c:\users\Wyatt\Desktop\mbar-1.01.0.1011\mbar\mbar.exe" [2013-01-01 1342312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-12-01 02:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2012-12-15 00:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [x]

R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [x]

R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\DRIVERS\MAudioMIDISPORT.sys [x]

R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [x]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]

R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [x]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]

R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [x]

R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [x]

R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [x]

S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

.

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com/

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = <local>;*.local

uInternet Settings,ProxyServer = http=127.0.0.1:54949

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKCU-Run-CompHost - certdccw.dll

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-01 14:26:24

ComboFix-quarantined-files.txt 2013-01-01 22:26

.

Pre-Run: 184,612,323,328 bytes free

Post-Run: 186,689,589,248 bytes free

.

- - End Of File - - A51E2845DF908A811DF040C30902390C

And here's this one..........

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK

Internet Explorer: 9.0.8112.16457

Run by Wyatt at 14:30:57 on 2013-01-01

Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.321 [GMT -8:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\ctfmon.exe

C:\Windows\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k secsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.com/

mStart Page = hxxp://www.google.com

uProxyServer = hxxp=127.0.0.1:54949

uProxyOverride = <local>;*.local

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [smartWiHelper] "c:\program files\sony\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"

mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript

mRunOnce: [Z1] c:\users\wyatt\desktop\mbar-1.01.0.1011\mbar\mbar.exe /cleanup /s

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{1C7094A9-AF19-464E-91A2-EEF617F124C6} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{1C7094A9-AF19-464E-91A2-EEF617F124C6}\14454583036383 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{1C7094A9-AF19-464E-91A2-EEF617F124C6}\2375942554633353 : DHCPNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

Notify: VESWinlogon - VESWinlogon.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2010-6-28 789856]

R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-12-2 9344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-9-14 642416]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-27 43944]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-30 29472]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-9-27 140376]

S3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\drivers\MAudioMIDISPORT.sys [2010-10-6 169224]

S3 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2010-6-30 122880]

S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2010-6-30 120104]

S3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\common files\sony shared\sohlib\SOHDBSvr.exe [2010-6-30 70952]

S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2010-6-30 427304]

S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2010-6-30 75048]

S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\common files\sony shared\sohlib\SOHPlMgr.exe [2010-6-30 91432]

S3 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2010-6-30 513392]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2010-6-30 480624]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\sony\vcm intelligent network service manager\VcmINSMgr.exe [2010-6-30 361840]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2010-6-30 83312]

S3 VUAgent;VUAgent;c:\program files\sony\vaio update common\VUAgent.exe [2012-1-13 939624]

.

=============== Created Last 30 ================

.

2013-01-01 22:26:36 -------- d-sh--w- C:\$RECYCLE.BIN

2013-01-01 22:26:28 -------- d-----w- c:\users\wyatt\appdata\local\temp

2013-01-01 22:05:24 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8ce8d026-02bd-4da6-987f-f08aa8f4ff18}\offreg.dll

2013-01-01 22:01:56 98816 ----a-w- c:\windows\sed.exe

2013-01-01 22:01:56 256000 ----a-w- c:\windows\PEV.exe

2013-01-01 22:01:56 208896 ----a-w- c:\windows\MBR.exe

2013-01-01 20:00:15 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8ce8d026-02bd-4da6-987f-f08aa8f4ff18}\mpengine.dll

2012-12-30 00:52:26 -------- d-----w- c:\users\wyatt\appdata\local\Coupon Companion Plugin

2012-12-30 00:52:19 -------- d-----w- c:\program files\Coupon Companion Plugin

2012-12-28 22:40:00 -------- d-----w- c:\users\wyatt\appdata\roaming\Poyh

2012-12-28 22:40:00 -------- d-----w- c:\users\wyatt\appdata\roaming\Epxoak

2012-12-21 06:29:52 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 06:29:52 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-13 06:32:53 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-12-13 06:32:52 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-12-13 06:32:42 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-09 23:59:46 -------- d-----w- c:\program files\Enigma Software Group

.

==================== Find3M ====================

.

2012-12-15 00:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-22 07:43:13 2344960 ----a-w- c:\windows\system32\win32k.sys

2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-10-16 20:34:37 559104 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-11 03:20:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-11 03:20:29 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-04 16:53:53 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-10-04 16:49:12 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-10-04 15:00:00 271360 ----a-w- c:\windows\system32\conhost.exe

2012-10-04 14:44:29 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:44:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:44:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:44:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 14:31:21.52 ===============

Link to post
Share on other sites

Hey good news: I just ran a quick MBAM scan for the heck of it and nothing was detected.

I'm going to restart in normal mode and see if it has gotten any better.

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2012.12.29.03

Windows 7 x86 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Wyatt :: WYATT-VAIO [administrator]

1/1/2013 3:06:54 PM

mbam-log-2013-01-01 (15-06-54).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 226529

Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

  • Staff

Hi,

Great!

Please zip up and attach this folder:

C:\qoobox

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Export the threats found (if any), and post them here.

Next, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Next, download my Security Check from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Qoobox.zip is attached

Ran TCF (it deleted about ten MB of stuff I think), then rebooted

Ran TDSSkiller. (It didn't detect anything, or ask me to reboot. I think this is the right log)

17:04:08.0353 4840 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

17:04:08.0852 4840 ============================================================

17:04:08.0852 4840 Current date / time: 2013/01/01 17:04:08.0852

17:04:08.0852 4840 SystemInfo:

17:04:08.0852 4840

17:04:08.0852 4840 OS Version: 6.1.7600 ServicePack: 0.0

17:04:08.0852 4840 Product type: Workstation

17:04:08.0852 4840 ComputerName: WYATT-VAIO

17:04:08.0852 4840 UserName: Wyatt

17:04:08.0852 4840 Windows directory: C:\Windows

17:04:08.0852 4840 System windows directory: C:\Windows

17:04:08.0852 4840 Processor architecture: Intel x86

17:04:08.0852 4840 Number of processors: 2

17:04:08.0852 4840 Page size: 0x1000

17:04:08.0852 4840 Boot type: Normal boot

17:04:08.0852 4840 ============================================================

17:04:10.0460 4840 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

17:04:10.0475 4840 ============================================================

17:04:10.0475 4840 \Device\Harddisk0\DR0:

17:04:10.0475 4840 MBR partitions:

17:04:10.0475 4840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xACC800, BlocksNum 0x32000

17:04:10.0475 4840 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAFE800, BlocksNum 0x1C6C6970

17:04:10.0475 4840 ============================================================

17:04:10.0506 4840 C: <-> \Device\Harddisk0\DR0\Partition2

17:04:10.0506 4840 ============================================================

17:04:10.0506 4840 Initialize success

17:04:10.0506 4840 ============================================================

17:04:13.0517 2980 ============================================================

17:04:13.0517 2980 Scan started

17:04:13.0517 2980 Mode: Manual;

17:04:13.0517 2980 ============================================================

17:04:14.0204 2980 ================ Scan system memory ========================

17:04:14.0204 2980 System memory - ok

17:04:14.0219 2980 ================ Scan services =============================

17:04:14.0391 2980 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

17:04:14.0391 2980 1394ohci - ok

17:04:14.0484 2980 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

17:04:14.0484 2980 ACDaemon - ok

17:04:14.0547 2980 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\drivers\ACPI.sys

17:04:14.0547 2980 ACPI - ok

17:04:14.0594 2980 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

17:04:14.0594 2980 AcpiPmi - ok

17:04:14.0640 2980 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

17:04:14.0656 2980 adp94xx - ok

17:04:14.0687 2980 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys

17:04:14.0687 2980 adpahci - ok

17:04:14.0734 2980 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

17:04:14.0750 2980 adpu320 - ok

17:04:14.0812 2980 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

17:04:14.0812 2980 AeLookupSvc - ok

17:04:14.0874 2980 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys

17:04:14.0890 2980 AFD - ok

17:04:14.0921 2980 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys

17:04:14.0921 2980 agp440 - ok

17:04:14.0984 2980 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys

17:04:14.0984 2980 aic78xx - ok

17:04:15.0030 2980 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe

17:04:15.0030 2980 ALG - ok

17:04:15.0062 2980 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys

17:04:15.0062 2980 aliide - ok

17:04:15.0093 2980 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys

17:04:15.0093 2980 amdagp - ok

17:04:15.0124 2980 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys

17:04:15.0124 2980 amdide - ok

17:04:15.0171 2980 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

17:04:15.0171 2980 AmdK8 - ok

17:04:15.0186 2980 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

17:04:15.0186 2980 AmdPPM - ok

17:04:15.0249 2980 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys

17:04:15.0249 2980 amdsata - ok

17:04:15.0280 2980 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

17:04:15.0280 2980 amdsbs - ok

17:04:15.0311 2980 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys

17:04:15.0311 2980 amdxata - ok

17:04:15.0342 2980 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys

17:04:15.0342 2980 AppID - ok

17:04:15.0389 2980 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll

17:04:15.0389 2980 AppIDSvc - ok

17:04:15.0420 2980 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll

17:04:15.0420 2980 Appinfo - ok

17:04:15.0514 2980 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

17:04:15.0530 2980 Apple Mobile Device - ok

17:04:15.0623 2980 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys

17:04:15.0623 2980 arc - ok

17:04:15.0654 2980 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys

17:04:15.0654 2980 arcsas - ok

17:04:15.0717 2980 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

17:04:15.0717 2980 AsyncMac - ok

17:04:15.0732 2980 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys

17:04:15.0748 2980 atapi - ok

17:04:15.0810 2980 [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr C:\Windows\system32\DRIVERS\athr.sys

17:04:15.0826 2980 athr - ok

17:04:15.0904 2980 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

17:04:15.0904 2980 AudioEndpointBuilder - ok

17:04:15.0951 2980 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll

17:04:15.0966 2980 Audiosrv - ok

17:04:15.0998 2980 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll

17:04:15.0998 2980 AxInstSV - ok

17:04:16.0076 2980 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys

17:04:16.0076 2980 b06bdrv - ok

17:04:16.0138 2980 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys

17:04:16.0154 2980 b57nd60x - ok

17:04:16.0216 2980 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll

17:04:16.0216 2980 BDESVC - ok

17:04:16.0232 2980 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys

17:04:16.0232 2980 Beep - ok

17:04:16.0278 2980 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll

17:04:16.0294 2980 BFE - ok

17:04:16.0341 2980 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll

17:04:16.0356 2980 BITS - ok

17:04:16.0403 2980 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

17:04:16.0403 2980 blbdrive - ok

17:04:16.0497 2980 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

17:04:16.0512 2980 Bonjour Service - ok

17:04:16.0559 2980 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

17:04:16.0559 2980 bowser - ok

17:04:16.0590 2980 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

17:04:16.0590 2980 BrFiltLo - ok

17:04:16.0637 2980 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

17:04:16.0637 2980 BrFiltUp - ok

17:04:16.0715 2980 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

17:04:16.0715 2980 BridgeMP - ok

17:04:16.0856 2980 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll

17:04:16.0856 2980 Browser - ok

17:04:16.0980 2980 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys

17:04:16.0980 2980 Brserid - ok

17:04:17.0012 2980 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

17:04:17.0012 2980 BrSerWdm - ok

17:04:17.0055 2980 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

17:04:17.0056 2980 BrUsbMdm - ok

17:04:17.0078 2980 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

17:04:17.0078 2980 BrUsbSer - ok

17:04:17.0156 2980 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

17:04:17.0156 2980 BthEnum - ok

17:04:17.0187 2980 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

17:04:17.0187 2980 BTHMODEM - ok

17:04:17.0218 2980 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

17:04:17.0218 2980 BthPan - ok

17:04:17.0281 2980 [ 04CEDA17A195924070B01174CB1F9AF8 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

17:04:17.0281 2980 BTHPORT - ok

17:04:17.0327 2980 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll

17:04:17.0327 2980 bthserv - ok

17:04:17.0374 2980 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

17:04:17.0374 2980 BTHUSB - ok

17:04:17.0421 2980 [ 92C5B845803F3662637EB691AC0B250F ] btusbflt C:\Windows\system32\drivers\btusbflt.sys

17:04:17.0421 2980 btusbflt - ok

17:04:17.0499 2980 [ CE5833C144CA6623BCBDE93B188AA850 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys

17:04:17.0499 2980 btwaudio - ok

17:04:17.0577 2980 [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys

17:04:17.0577 2980 btwavdt - ok

17:04:17.0671 2980 [ F55C99818FD1EACFC7784958A8592536 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

17:04:17.0686 2980 btwdins - ok

17:04:17.0733 2980 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys

17:04:17.0733 2980 btwl2cap - ok

17:04:17.0795 2980 [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys

17:04:17.0795 2980 btwrchid - ok

17:04:17.0889 2980 catchme - ok

17:04:17.0951 2980 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

17:04:17.0951 2980 cdfs - ok

17:04:18.0014 2980 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\drivers\cdrom.sys

17:04:18.0014 2980 cdrom - ok

17:04:18.0061 2980 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll

17:04:18.0076 2980 CertPropSvc - ok

17:04:18.0107 2980 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys

17:04:18.0107 2980 circlass - ok

17:04:18.0139 2980 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys

17:04:18.0139 2980 CLFS - ok

17:04:18.0217 2980 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:04:18.0217 2980 clr_optimization_v2.0.50727_32 - ok

17:04:18.0295 2980 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:04:18.0295 2980 clr_optimization_v4.0.30319_32 - ok

17:04:18.0326 2980 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

17:04:18.0326 2980 CmBatt - ok

17:04:18.0373 2980 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys

17:04:18.0373 2980 cmdide - ok

17:04:18.0419 2980 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys

17:04:18.0419 2980 CNG - ok

17:04:18.0466 2980 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys

17:04:18.0466 2980 Compbatt - ok

17:04:18.0529 2980 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

17:04:18.0544 2980 CompositeBus - ok

17:04:18.0560 2980 COMSysApp - ok

17:04:18.0622 2980 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

17:04:18.0622 2980 crcdisk - ok

17:04:18.0700 2980 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll

17:04:18.0716 2980 CryptSvc - ok

17:04:18.0778 2980 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll

17:04:18.0794 2980 DcomLaunch - ok

17:04:18.0825 2980 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll

17:04:18.0841 2980 defragsvc - ok

17:04:18.0903 2980 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

17:04:18.0903 2980 DfsC - ok

17:04:18.0965 2980 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll

17:04:18.0981 2980 Dhcp - ok

17:04:19.0028 2980 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys

17:04:19.0028 2980 discache - ok

17:04:19.0090 2980 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys

17:04:19.0090 2980 Disk - ok

17:04:19.0121 2980 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll

17:04:19.0137 2980 Dnscache - ok

17:04:19.0184 2980 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll

17:04:19.0184 2980 dot3svc - ok

17:04:19.0215 2980 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll

17:04:19.0231 2980 DPS - ok

17:04:19.0262 2980 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

17:04:19.0262 2980 drmkaud - ok

17:04:19.0340 2980 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

17:04:19.0340 2980 DXGKrnl - ok

17:04:19.0371 2980 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll

17:04:19.0387 2980 EapHost - ok

17:04:19.0511 2980 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys

17:04:19.0543 2980 ebdrv - ok

17:04:19.0605 2980 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe

17:04:19.0605 2980 EFS - ok

17:04:19.0683 2980 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys

17:04:19.0683 2980 elxstor - ok

17:04:19.0714 2980 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys

17:04:19.0714 2980 ErrDev - ok

17:04:19.0777 2980 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll

17:04:19.0792 2980 EventSystem - ok

17:04:19.0808 2980 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys

17:04:19.0808 2980 exfat - ok

17:04:19.0839 2980 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys

17:04:19.0839 2980 fastfat - ok

17:04:19.0886 2980 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe

17:04:19.0886 2980 Fax - ok

17:04:19.0917 2980 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys

17:04:19.0917 2980 fdc - ok

17:04:19.0948 2980 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll

17:04:19.0948 2980 fdPHost - ok

17:04:19.0964 2980 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll

17:04:19.0979 2980 FDResPub - ok

17:04:20.0011 2980 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

17:04:20.0011 2980 FileInfo - ok

17:04:20.0026 2980 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

17:04:20.0026 2980 Filetrace - ok

17:04:20.0073 2980 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

17:04:20.0073 2980 flpydisk - ok

17:04:20.0104 2980 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

17:04:20.0104 2980 FltMgr - ok

17:04:20.0167 2980 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll

17:04:20.0182 2980 FontCache - ok

17:04:20.0229 2980 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

17:04:20.0229 2980 FontCache3.0.0.0 - ok

17:04:20.0260 2980 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

17:04:20.0260 2980 FsDepends - ok

17:04:20.0307 2980 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

17:04:20.0307 2980 Fs_Rec - ok

17:04:20.0354 2980 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

17:04:20.0354 2980 fvevol - ok

17:04:20.0385 2980 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

17:04:20.0385 2980 gagp30kx - ok

17:04:20.0432 2980 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:04:20.0432 2980 GEARAspiWDM - ok

17:04:20.0479 2980 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll

17:04:20.0494 2980 gpsvc - ok

17:04:20.0541 2980 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

17:04:20.0541 2980 hcw85cir - ok

17:04:20.0588 2980 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

17:04:20.0588 2980 HdAudAddService - ok

17:04:20.0619 2980 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

17:04:20.0619 2980 HDAudBus - ok

17:04:20.0650 2980 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

17:04:20.0650 2980 HidBatt - ok

17:04:20.0681 2980 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys

17:04:20.0681 2980 HidBth - ok

17:04:20.0697 2980 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys

17:04:20.0697 2980 HidIr - ok

17:04:20.0728 2980 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll

17:04:20.0728 2980 hidserv - ok

17:04:20.0759 2980 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

17:04:20.0759 2980 HidUsb - ok

17:04:20.0791 2980 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll

17:04:20.0806 2980 hkmsvc - ok

17:04:20.0837 2980 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

17:04:20.0837 2980 HomeGroupListener - ok

17:04:20.0869 2980 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

17:04:20.0884 2980 HomeGroupProvider - ok

17:04:20.0915 2980 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

17:04:20.0915 2980 HpSAMD - ok

17:04:20.0962 2980 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys

17:04:20.0993 2980 HTTP - ok

17:04:21.0009 2980 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

17:04:21.0009 2980 hwpolicy - ok

17:04:21.0071 2980 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

17:04:21.0071 2980 i8042prt - ok

17:04:21.0134 2980 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

17:04:21.0134 2980 iaStorV - ok

17:04:21.0213 2980 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:04:21.0244 2980 idsvc - ok

17:04:21.0400 2980 [ E21A74A91F7AA3BB2E985C4CDDCA63F2 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys

17:04:21.0447 2980 igfx - ok

17:04:21.0494 2980 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys

17:04:21.0494 2980 iirsp - ok

17:04:21.0556 2980 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll

17:04:21.0587 2980 IKEEXT - ok

17:04:21.0712 2980 [ 0B7E398549ACEC7A6F8BD755C2CE40B5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

17:04:21.0743 2980 IntcAzAudAddService - ok

17:04:21.0774 2980 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys

17:04:21.0774 2980 intelide - ok

17:04:21.0806 2980 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys

17:04:21.0806 2980 intelppm - ok

17:04:21.0837 2980 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

17:04:21.0852 2980 IPBusEnum - ok

17:04:21.0868 2980 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:04:21.0868 2980 IpFilterDriver - ok

17:04:21.0915 2980 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

17:04:21.0946 2980 iphlpsvc - ok

17:04:21.0977 2980 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

17:04:21.0977 2980 IPMIDRV - ok

17:04:22.0008 2980 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys

17:04:22.0071 2980 IPNAT - ok

17:04:22.0149 2980 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

17:04:22.0180 2980 iPod Service - ok

17:04:22.0227 2980 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys

17:04:22.0227 2980 IRENUM - ok

17:04:22.0274 2980 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys

17:04:22.0274 2980 isapnp - ok

17:04:22.0289 2980 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

17:04:22.0305 2980 iScsiPrt - ok

17:04:22.0336 2980 [ EC176CC42D17B160F8A57F62BB1E7E92 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys

17:04:22.0336 2980 JMCR - ok

17:04:22.0352 2980 JME - ok

17:04:22.0383 2980 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

17:04:22.0383 2980 kbdclass - ok

17:04:22.0414 2980 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

17:04:22.0414 2980 kbdhid - ok

17:04:22.0445 2980 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe

17:04:22.0445 2980 KeyIso - ok

17:04:22.0492 2980 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

17:04:22.0492 2980 KSecDD - ok

17:04:22.0523 2980 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

17:04:22.0539 2980 KSecPkg - ok

17:04:22.0570 2980 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll

17:04:22.0586 2980 KtmRm - ok

17:04:22.0617 2980 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll

17:04:22.0632 2980 LanmanServer - ok

17:04:22.0679 2980 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

17:04:22.0679 2980 LanmanWorkstation - ok

17:04:22.0726 2980 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

17:04:22.0726 2980 lltdio - ok

17:04:22.0773 2980 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll

17:04:22.0773 2980 lltdsvc - ok

17:04:22.0804 2980 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll

17:04:22.0804 2980 lmhosts - ok

17:04:22.0866 2980 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

17:04:22.0866 2980 LSI_FC - ok

17:04:22.0882 2980 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

17:04:22.0898 2980 LSI_SAS - ok

17:04:22.0913 2980 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

17:04:22.0913 2980 LSI_SAS2 - ok

17:04:22.0944 2980 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

17:04:22.0944 2980 LSI_SCSI - ok

17:04:22.0976 2980 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys

17:04:22.0976 2980 luafv - ok

17:04:23.0038 2980 [ B6E1CCD6572984ADCAE68439AFD07011 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys

17:04:23.0038 2980 LVRS - ok

17:04:23.0225 2980 [ 6C42815DD57E397F0CD988304B5EB4B3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys

17:04:23.0381 2980 LVUVC - ok

17:04:23.0428 2980 [ EA664E3AC4E285C831362971B3F6505F ] MAUSBMIDISPORT C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys

17:04:23.0428 2980 MAUSBMIDISPORT - ok

17:04:23.0459 2980 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys

17:04:23.0459 2980 megasas - ok

17:04:23.0506 2980 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

17:04:23.0506 2980 MegaSR - ok

17:04:23.0584 2980 Microsoft SharePoint Workspace Audit Service - ok

17:04:23.0631 2980 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll

17:04:23.0646 2980 MMCSS - ok

17:04:23.0678 2980 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys

17:04:23.0678 2980 Modem - ok

17:04:23.0724 2980 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

17:04:23.0724 2980 monitor - ok

17:04:23.0756 2980 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys

17:04:23.0756 2980 mouclass - ok

17:04:23.0771 2980 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\drivers\mouhid.sys

17:04:23.0787 2980 mouhid - ok

17:04:23.0802 2980 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

17:04:23.0802 2980 mountmgr - ok

17:04:23.0834 2980 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\drivers\mpio.sys

17:04:23.0834 2980 mpio - ok

17:04:23.0849 2980 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

17:04:23.0865 2980 mpsdrv - ok

17:04:23.0896 2980 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll

17:04:23.0927 2980 MpsSvc - ok

17:04:23.0943 2980 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

17:04:23.0943 2980 MRxDAV - ok

17:04:23.0990 2980 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

17:04:23.0990 2980 mrxsmb - ok

17:04:24.0036 2980 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:04:24.0036 2980 mrxsmb10 - ok

17:04:24.0052 2980 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:04:24.0068 2980 mrxsmb20 - ok

17:04:24.0083 2980 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\drivers\msahci.sys

17:04:24.0083 2980 msahci - ok

17:04:24.0114 2980 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\drivers\msdsm.sys

17:04:24.0114 2980 msdsm - ok

17:04:24.0161 2980 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe

17:04:24.0161 2980 MSDTC - ok

17:04:24.0224 2980 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys

17:04:24.0224 2980 Msfs - ok

17:04:24.0255 2980 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

17:04:24.0255 2980 mshidkmdf - ok

17:04:24.0270 2980 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

17:04:24.0270 2980 msisadrv - ok

17:04:24.0317 2980 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

17:04:24.0317 2980 MSiSCSI - ok

17:04:24.0333 2980 msiserver - ok

17:04:24.0380 2980 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

17:04:24.0380 2980 MSKSSRV - ok

17:04:24.0395 2980 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

17:04:24.0411 2980 MSPCLOCK - ok

17:04:24.0426 2980 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

17:04:24.0426 2980 MSPQM - ok

17:04:24.0458 2980 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

17:04:24.0458 2980 MsRPC - ok

17:04:24.0504 2980 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

17:04:24.0504 2980 mssmbios - ok

17:04:24.0536 2980 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

17:04:24.0536 2980 MSTEE - ok

17:04:24.0551 2980 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

17:04:24.0551 2980 MTConfig - ok

17:04:24.0582 2980 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys

17:04:24.0582 2980 Mup - ok

17:04:24.0629 2980 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll

17:04:24.0660 2980 napagent - ok

17:04:24.0707 2980 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

17:04:24.0707 2980 NativeWifiP - ok

17:04:24.0754 2980 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys

17:04:24.0785 2980 NDIS - ok

17:04:24.0816 2980 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

17:04:24.0816 2980 NdisCap - ok

17:04:24.0848 2980 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

17:04:24.0863 2980 NdisTapi - ok

17:04:24.0879 2980 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

17:04:24.0879 2980 Ndisuio - ok

17:04:24.0894 2980 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

17:04:24.0910 2980 NdisWan - ok

17:04:24.0926 2980 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

17:04:24.0926 2980 NDProxy - ok

17:04:24.0957 2980 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

17:04:24.0957 2980 NetBIOS - ok

17:04:24.0972 2980 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

17:04:24.0972 2980 NetBT - ok

17:04:24.0988 2980 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe

17:04:25.0004 2980 Netlogon - ok

17:04:25.0050 2980 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll

17:04:25.0066 2980 Netman - ok

17:04:25.0082 2980 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll

17:04:25.0097 2980 netprofm - ok

17:04:25.0144 2980 [ C340A607BA9D7FB82D39B12F0E829BDB ] netr28 C:\Windows\system32\DRIVERS\netr28.sys

17:04:25.0175 2980 netr28 - ok

17:04:25.0206 2980 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:04:25.0206 2980 NetTcpPortSharing - ok

17:04:25.0238 2980 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

17:04:25.0238 2980 nfrd960 - ok

17:04:25.0284 2980 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll

17:04:25.0300 2980 NlaSvc - ok

17:04:25.0316 2980 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys

17:04:25.0316 2980 Npfs - ok

17:04:25.0347 2980 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll

17:04:25.0347 2980 nsi - ok

17:04:25.0362 2980 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

17:04:25.0362 2980 nsiproxy - ok

17:04:25.0440 2980 [ 5126C5402C730C2A953275D8497A4715 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

17:04:25.0472 2980 Ntfs - ok

17:04:25.0503 2980 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys

17:04:25.0503 2980 Null - ok

17:04:25.0565 2980 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys

17:04:25.0565 2980 nvraid - ok

17:04:25.0612 2980 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys

17:04:25.0612 2980 nvstor - ok

17:04:25.0643 2980 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

17:04:25.0659 2980 nv_agp - ok

17:04:25.0706 2980 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

17:04:25.0706 2980 ohci1394 - ok

17:04:25.0768 2980 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:04:25.0768 2980 ose - ok

17:04:25.0955 2980 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

17:04:26.0080 2980 osppsvc - ok

17:04:26.0142 2980 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

17:04:26.0158 2980 p2pimsvc - ok

17:04:26.0189 2980 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll

17:04:26.0205 2980 p2psvc - ok

17:04:26.0236 2980 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys

17:04:26.0236 2980 Parport - ok

17:04:26.0267 2980 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys

17:04:26.0283 2980 partmgr - ok

17:04:26.0298 2980 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys

17:04:26.0298 2980 Parvdm - ok

17:04:26.0330 2980 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll

17:04:26.0330 2980 PcaSvc - ok

17:04:26.0376 2980 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\drivers\pci.sys

17:04:26.0376 2980 pci - ok

17:04:26.0408 2980 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys

17:04:26.0408 2980 pciide - ok

17:04:26.0439 2980 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

17:04:26.0439 2980 pcmcia - ok

17:04:26.0470 2980 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys

17:04:26.0470 2980 pcw - ok

17:04:26.0517 2980 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys

17:04:26.0548 2980 PEAUTH - ok

17:04:26.0642 2980 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll

17:04:26.0688 2980 pla - ok

17:04:26.0735 2980 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

17:04:26.0751 2980 PlugPlay - ok

17:04:26.0813 2980 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

17:04:26.0829 2980 PMBDeviceInfoProvider - ok

17:04:26.0860 2980 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

17:04:26.0876 2980 PNRPAutoReg - ok

17:04:26.0907 2980 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

17:04:26.0907 2980 PNRPsvc - ok

17:04:26.0954 2980 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

17:04:26.0954 2980 PolicyAgent - ok

17:04:27.0000 2980 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll

17:04:27.0016 2980 Power - ok

17:04:27.0047 2980 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

17:04:27.0047 2980 PptpMiniport - ok

17:04:27.0078 2980 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys

17:04:27.0094 2980 Processor - ok

17:04:27.0141 2980 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll

17:04:27.0141 2980 ProfSvc - ok

17:04:27.0156 2980 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe

17:04:27.0172 2980 ProtectedStorage - ok

17:04:27.0188 2980 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys

17:04:27.0188 2980 Psched - ok

17:04:27.0250 2980 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

17:04:27.0297 2980 ql2300 - ok

17:04:27.0328 2980 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

17:04:27.0328 2980 ql40xx - ok

17:04:27.0359 2980 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll

17:04:27.0375 2980 QWAVE - ok

17:04:27.0406 2980 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

17:04:27.0406 2980 QWAVEdrv - ok

17:04:27.0422 2980 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

17:04:27.0422 2980 RasAcd - ok

17:04:27.0468 2980 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

17:04:27.0468 2980 RasAgileVpn - ok

17:04:27.0500 2980 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll

17:04:27.0515 2980 RasAuto - ok

17:04:27.0531 2980 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

17:04:27.0531 2980 Rasl2tp - ok

17:04:27.0578 2980 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll

17:04:27.0578 2980 RasMan - ok

17:04:27.0609 2980 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

17:04:27.0609 2980 RasPppoe - ok

17:04:27.0640 2980 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

17:04:27.0640 2980 RasSstp - ok

17:04:27.0656 2980 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

17:04:27.0671 2980 rdbss - ok

17:04:27.0702 2980 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

17:04:27.0702 2980 rdpbus - ok

17:04:27.0718 2980 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

17:04:27.0734 2980 RDPCDD - ok

17:04:27.0765 2980 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

17:04:27.0765 2980 RDPENCDD - ok

17:04:27.0796 2980 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

17:04:27.0796 2980 RDPREFMP - ok

17:04:27.0827 2980 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

17:04:27.0843 2980 RDPWD - ok

17:04:27.0874 2980 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

17:04:27.0874 2980 rdyboost - ok

17:04:27.0905 2980 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll

17:04:27.0921 2980 RemoteAccess - ok

17:04:27.0936 2980 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll

17:04:27.0952 2980 RemoteRegistry - ok

17:04:27.0999 2980 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

17:04:27.0999 2980 RFCOMM - ok

17:04:28.0014 2980 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

17:04:28.0030 2980 RpcEptMapper - ok

17:04:28.0046 2980 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe

17:04:28.0061 2980 RpcLocator - ok

17:04:28.0077 2980 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll

17:04:28.0092 2980 RpcSs - ok

17:04:28.0139 2980 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

17:04:28.0155 2980 rspndr - ok

17:04:28.0186 2980 [ 5B33F64111F626A28026211DA65E6547 ] SampleCollector C:\Program Files\Sony\VAIO Care\collsvc.exe

17:04:28.0202 2980 SampleCollector - ok

17:04:28.0217 2980 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe

17:04:28.0217 2980 SamSs - ok

17:04:28.0264 2980 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

17:04:28.0264 2980 sbp2port - ok

17:04:28.0311 2980 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll

17:04:28.0311 2980 SCardSvr - ok

17:04:28.0342 2980 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

17:04:28.0358 2980 scfilter - ok

17:04:28.0404 2980 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll

17:04:28.0436 2980 Schedule - ok

17:04:28.0467 2980 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll

17:04:28.0467 2980 SCPolicySvc - ok

17:04:28.0498 2980 [ AA826E35F6D28A8E5D1EFEB337F24BA2 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

17:04:28.0498 2980 sdbus - ok

17:04:28.0545 2980 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll

17:04:28.0560 2980 SDRSVC - ok

17:04:28.0592 2980 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

17:04:28.0592 2980 secdrv - ok

17:04:28.0607 2980 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll

17:04:28.0623 2980 seclogon - ok

17:04:28.0654 2980 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll

17:04:28.0654 2980 SENS - ok

17:04:28.0685 2980 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys

17:04:28.0701 2980 Serenum - ok

17:04:28.0732 2980 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys

17:04:28.0748 2980 Serial - ok

17:04:28.0779 2980 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys

17:04:28.0779 2980 sermouse - ok

17:04:28.0857 2980 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll

17:04:28.0872 2980 SessionEnv - ok

17:04:28.0919 2980 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\drivers\SFEP.sys

17:04:28.0919 2980 SFEP - ok

17:04:28.0935 2980 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

17:04:28.0950 2980 sffdisk - ok

17:04:28.0950 2980 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

17:04:28.0966 2980 sffp_mmc - ok

17:04:28.0997 2980 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

17:04:28.0997 2980 sffp_sd - ok

17:04:29.0028 2980 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

17:04:29.0028 2980 sfloppy - ok

17:04:29.0075 2980 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll

17:04:29.0091 2980 SharedAccess - ok

17:04:29.0138 2980 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

17:04:29.0153 2980 ShellHWDetection - ok

17:04:29.0216 2980 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys

17:04:29.0216 2980 sisagp - ok

17:04:29.0247 2980 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

17:04:29.0247 2980 SiSRaid2 - ok

17:04:29.0278 2980 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

17:04:29.0278 2980 SiSRaid4 - ok

17:04:29.0325 2980 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys

17:04:29.0340 2980 Smb - ok

17:04:29.0387 2980 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

17:04:29.0387 2980 SNMPTRAP - ok

17:04:29.0481 2980 [ 98886C88A1CB13D61672AE2C638B7E1C ] SOHCImp C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe

17:04:29.0496 2980 SOHCImp - ok

17:04:29.0512 2980 [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe

17:04:29.0512 2980 SOHDBSvr - ok

17:04:29.0559 2980 [ 556681BE668D71DC162391A45422B52C ] SOHDms C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe

17:04:29.0559 2980 SOHDms - ok

17:04:29.0590 2980 [ 72B46103E4111439109ACF5882627C24 ] SOHDs C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe

17:04:29.0590 2980 SOHDs - ok

17:04:29.0606 2980 [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe

17:04:29.0621 2980 SOHPlMgr - ok

17:04:29.0652 2980 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys

17:04:29.0652 2980 spldr - ok

17:04:29.0715 2980 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe

17:04:29.0730 2980 Spooler - ok

17:04:29.0855 2980 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe

17:04:29.0964 2980 sppsvc - ok

17:04:29.0996 2980 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll

17:04:30.0011 2980 sppuinotify - ok

17:04:30.0058 2980 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys

17:04:30.0058 2980 srv - ok

17:04:30.0089 2980 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

17:04:30.0105 2980 srv2 - ok

17:04:30.0120 2980 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

17:04:30.0136 2980 srvnet - ok

17:04:30.0167 2980 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

17:04:30.0167 2980 SSDPSRV - ok

17:04:30.0198 2980 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll

17:04:30.0198 2980 SstpSvc - ok

17:04:30.0230 2980 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys

17:04:30.0230 2980 stexstor - ok

17:04:30.0276 2980 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll

17:04:30.0308 2980 StiSvc - ok

17:04:30.0339 2980 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys

17:04:30.0339 2980 swenum - ok

17:04:30.0386 2980 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll

17:04:30.0417 2980 swprv - ok

17:04:30.0464 2980 [ 215A45246C6E2D0A9C263CE1786C8D8A ] SynTP C:\Windows\system32\drivers\SynTP.sys

17:04:30.0479 2980 SynTP - ok

17:04:30.0526 2980 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll

17:04:30.0557 2980 SysMain - ok

17:04:30.0588 2980 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll

17:04:30.0604 2980 TabletInputService - ok

17:04:30.0620 2980 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll

17:04:30.0651 2980 TapiSrv - ok

17:04:30.0666 2980 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll

17:04:30.0666 2980 TBS - ok

17:04:30.0760 2980 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys

17:04:30.0791 2980 Tcpip - ok

17:04:30.0854 2980 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

17:04:30.0869 2980 TCPIP6 - ok

17:04:30.0900 2980 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

17:04:30.0900 2980 tcpipreg - ok

17:04:30.0932 2980 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

17:04:30.0932 2980 TDPIPE - ok

17:04:30.0978 2980 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

17:04:30.0978 2980 TDTCP - ok

17:04:31.0010 2980 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

17:04:31.0010 2980 tdx - ok

17:04:31.0041 2980 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\drivers\termdd.sys

17:04:31.0041 2980 TermDD - ok

17:04:31.0088 2980 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll

17:04:31.0103 2980 TermService - ok

17:04:31.0134 2980 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll

17:04:31.0150 2980 Themes - ok

17:04:31.0166 2980 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll

17:04:31.0166 2980 THREADORDER - ok

17:04:31.0197 2980 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll

17:04:31.0212 2980 TrkWks - ok

17:04:31.0259 2980 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

17:04:31.0275 2980 TrustedInstaller - ok

17:04:31.0306 2980 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

17:04:31.0306 2980 tssecsrv - ok

17:04:31.0353 2980 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

17:04:31.0353 2980 tunnel - ok

17:04:31.0368 2980 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys

17:04:31.0384 2980 uagp35 - ok

17:04:31.0400 2980 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys

17:04:31.0415 2980 udfs - ok

17:04:31.0478 2980 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

17:04:31.0478 2980 UI0Detect - ok

17:04:31.0524 2980 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

17:04:31.0524 2980 uliagpkx - ok

17:04:31.0556 2980 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys

17:04:31.0556 2980 umbus - ok

17:04:31.0587 2980 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys

17:04:31.0587 2980 UmPass - ok

17:04:31.0618 2980 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll

17:04:31.0649 2980 upnphost - ok

17:04:31.0696 2980 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys

17:04:31.0696 2980 USBAAPL - ok

17:04:31.0758 2980 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

17:04:31.0758 2980 usbaudio - ok

17:04:31.0790 2980 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

17:04:31.0805 2980 usbccgp - ok

17:04:31.0836 2980 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys

17:04:31.0836 2980 usbcir - ok

17:04:31.0883 2980 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

17:04:31.0883 2980 usbehci - ok

17:04:31.0946 2980 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

17:04:31.0946 2980 usbhub - ok

17:04:31.0992 2980 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys

17:04:31.0992 2980 usbohci - ok

17:04:32.0008 2980 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys

17:04:32.0008 2980 usbprint - ok

17:04:32.0039 2980 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:04:32.0055 2980 USBSTOR - ok

17:04:32.0070 2980 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

17:04:32.0070 2980 usbuhci - ok

17:04:32.0117 2980 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

17:04:32.0117 2980 usbvideo - ok

17:04:32.0164 2980 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll

17:04:32.0164 2980 UxSms - ok

17:04:32.0211 2980 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe

17:04:32.0211 2980 VAIO Entertainment TV Device Arbitration Service - ok

17:04:32.0273 2980 [ D4197CF0C8567046FD4AF28FF47AF528 ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

17:04:32.0273 2980 VAIO Event Service - ok

17:04:32.0352 2980 [ 49A7C107D51D5F481F702FE75548CE8F ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe

17:04:32.0368 2980 VAIO Power Management - ok

17:04:32.0383 2980 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe

17:04:32.0399 2980 VaultSvc - ok

17:04:32.0446 2980 [ 6A740F5FF3246C3BE3DD317299EFC88E ] VCFw C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

17:04:32.0461 2980 VCFw - ok

17:04:32.0524 2980 [ FD03AC6CD1571AA8B2FF56D3C600E26E ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

17:04:32.0555 2980 VcmIAlzMgr - ok

17:04:32.0602 2980 [ 9D9B34B430B4DC683112F59C80D20AB8 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe

17:04:32.0617 2980 VcmINSMgr - ok

17:04:32.0649 2980 [ B56CD01F36EEF2967EF18D8DF0E5C285 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe

17:04:32.0664 2980 VcmXmlIfHelper - ok

17:04:32.0695 2980 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

17:04:32.0695 2980 vdrvroot - ok

17:04:32.0742 2980 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe

17:04:32.0758 2980 vds - ok

17:04:32.0805 2980 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

17:04:32.0805 2980 vga - ok

17:04:32.0836 2980 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys

17:04:32.0836 2980 VgaSave - ok

17:04:32.0867 2980 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

17:04:32.0867 2980 vhdmp - ok

17:04:32.0898 2980 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys

17:04:32.0898 2980 viaagp - ok

17:04:32.0929 2980 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys

17:04:32.0929 2980 ViaC7 - ok

17:04:32.0945 2980 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys

17:04:32.0945 2980 viaide - ok

17:04:32.0976 2980 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\drivers\volmgr.sys

17:04:32.0976 2980 volmgr - ok

17:04:33.0007 2980 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

17:04:33.0007 2980 volmgrx - ok

17:04:33.0070 2980 [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap C:\Windows\system32\drivers\volsnap.sys

17:04:33.0070 2980 volsnap - ok

17:04:33.0101 2980 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

17:04:33.0117 2980 vsmraid - ok

17:04:33.0179 2980 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe

17:04:33.0226 2980 VSS - ok

17:04:33.0319 2980 [ BDB755F9B3E01BF33993C10C007202DF ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

17:04:33.0351 2980 VUAgent - ok

17:04:33.0397 2980 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

17:04:33.0397 2980 vwifibus - ok

17:04:33.0429 2980 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

17:04:33.0429 2980 vwififlt - ok

17:04:33.0460 2980 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

17:04:33.0460 2980 vwifimp - ok

17:04:33.0491 2980 [ D8BEF4AC1EAC809DBDBD441D6CFF6C4C ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

17:04:33.0507 2980 VzCdbSvc - ok

17:04:33.0538 2980 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll

17:04:33.0553 2980 W32Time - ok

17:04:33.0600 2980 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

17:04:33.0600 2980 WacomPen - ok

17:04:33.0631 2980 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

17:04:33.0631 2980 WANARP - ok

17:04:33.0647 2980 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

17:04:33.0647 2980 Wanarpv6 - ok

17:04:33.0709 2980 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe

17:04:33.0756 2980 wbengine - ok

17:04:33.0772 2980 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

17:04:33.0787 2980 WbioSrvc - ok

17:04:33.0819 2980 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll

17:04:33.0850 2980 wcncsvc - ok

17:04:33.0865 2980 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

17:04:33.0881 2980 WcsPlugInService - ok

17:04:33.0897 2980 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys

17:04:33.0897 2980 Wd - ok

17:04:33.0959 2980 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

17:04:33.0975 2980 Wdf01000 - ok

17:04:34.0021 2980 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll

17:04:34.0021 2980 WdiServiceHost - ok

17:04:34.0037 2980 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll

17:04:34.0053 2980 WdiSystemHost - ok

17:04:34.0099 2980 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll

17:04:34.0115 2980 WebClient - ok

17:04:34.0146 2980 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll

17:04:34.0177 2980 Wecsvc - ok

17:04:34.0193 2980 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll

17:04:34.0209 2980 wercplsupport - ok

17:04:34.0240 2980 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll

17:04:34.0240 2980 WerSvc - ok

17:04:34.0271 2980 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

17:04:34.0287 2980 WfpLwf - ok

17:04:34.0302 2980 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys

17:04:34.0302 2980 WIMMount - ok

17:04:34.0365 2980 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

17:04:34.0380 2980 WinDefend - ok

17:04:34.0396 2980 WinHttpAutoProxySvc - ok

17:04:34.0458 2980 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

17:04:34.0458 2980 Winmgmt - ok

17:04:34.0536 2980 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll

17:04:34.0583 2980 WinRM - ok

17:04:34.0645 2980 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

17:04:34.0645 2980 WinUsb - ok

17:04:34.0708 2980 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll

17:04:34.0739 2980 Wlansvc - ok

17:04:34.0755 2980 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

17:04:34.0755 2980 WmiAcpi - ok

17:04:34.0801 2980 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

17:04:34.0817 2980 wmiApSrv - ok

17:04:34.0864 2980 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

17:04:34.0911 2980 WMPNetworkSvc - ok

17:04:34.0942 2980 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll

17:04:34.0957 2980 WPCSvc - ok

17:04:34.0973 2980 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

17:04:34.0989 2980 WPDBusEnum - ok

17:04:35.0004 2980 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

17:04:35.0020 2980 ws2ifsl - ok

17:04:35.0051 2980 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\system32\wscsvc.dll

17:04:35.0067 2980 wscsvc - ok

17:04:35.0082 2980 WSearch - ok

17:04:35.0191 2980 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

17:04:35.0285 2980 wuauserv - ok

17:04:35.0316 2980 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

17:04:35.0332 2980 WudfPf - ok

17:04:35.0363 2980 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

17:04:35.0363 2980 WUDFRd - ok

17:04:35.0425 2980 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

17:04:35.0425 2980 wudfsvc - ok

17:04:35.0472 2980 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll

17:04:35.0488 2980 WwanSvc - ok

17:04:35.0535 2980 ================ Scan global ===============================

17:04:35.0566 2980 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll

17:04:35.0597 2980 [ A9E43C040F405DB689FC29534EF0389B ] C:\Windows\system32\winsrv.dll

17:04:35.0628 2980 [ A9E43C040F405DB689FC29534EF0389B ] C:\Windows\system32\winsrv.dll

17:04:35.0659 2980 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

17:04:35.0691 2980 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

17:04:35.0706 2980 [Global] - ok

17:04:35.0706 2980 ================ Scan MBR ==================================

17:04:35.0722 2980 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

17:04:35.0987 2980 \Device\Harddisk0\DR0 - ok

17:04:35.0987 2980 ================ Scan VBR ==================================

17:04:36.0003 2980 [ 93111972AFD75B6589D889D96E18D884 ] \Device\Harddisk0\DR0\Partition1

17:04:36.0003 2980 \Device\Harddisk0\DR0\Partition1 - ok

17:04:36.0018 2980 [ 66ED05668AB34D3192B892B3E448AE1B ] \Device\Harddisk0\DR0\Partition2

17:04:36.0018 2980 \Device\Harddisk0\DR0\Partition2 - ok

17:04:36.0018 2980 ============================================================

17:04:36.0018 2980 Scan finished

17:04:36.0018 2980 ============================================================

17:04:36.0049 1236 Detected object count: 0

17:04:36.0049 1236 Actual detected object count: 0

17:04:38.0889 0724 Deinitialize success

Here's what ESET found (sorry, it took about an hour to complete)

C:\Qoobox\Quarantine\C\Program Files\Coupon Companion Plugin\CoUPon companion plugin.dll.vir a variant of Win32/Toolbar.CrossRider.A application unable to clean

C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application unable to clean

C:\Qoobox\Quarantine\C\Users\Wyatt\AppData\Roaming\Mucay\okfys.exe.vir a variant of Win32/Injector.AARB trojan unable to clean

AdwCleaner:

# AdwCleaner v2.104 - Logfile created 01/01/2013 at 18:28:07

# Updated 29/12/2012 by Xplode

# Operating system : Windows 7 Starter (32 bits)

# User : Wyatt - WYATT-VAIO

# Boot Mode : Normal

# Running from : C:\Users\Wyatt\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [556 octets] - [01/01/2013 18:28:07]

########## EOF - C:\AdwCleaner[R1].txt - [615 octets] ##########

And finally, the results of your Security Check:

Results of screen317's Security Check version 0.99.56

Windows 7 x86 (UAC is enabled)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 6 Update 18

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

Qoobox.zip

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Open TFC.exe if you already have it. If not, please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck and TDSSKiller.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java™ 6 Update 18

Adobe Reader 9

Adobe Flash Player 10

Restart your computer.

Get the latest version of Java and Adobe Reader.

Open Firefox, click Help --> About, and ensure that it updates to version 17.

Click Start, type in Windows Update, and click on Windows Update when it appears. Install all available updates, including Service Pack 1. Reboot.

Let me know what issues remain.

Link to post
Share on other sites

Ok I did all that stuff and everything seems to be working great! Do you know if I need an AV and if so can you recommend a good free one? I've just been using MBAM, but it's sometimes tricky (like this PUM.UserWload) because I have to do it after I get infected.

Here's the adwcleaner results:

# AdwCleaner v2.104 - Logfile created 01/02/2013 at 19:37:17

# Updated 29/12/2012 by Xplode

# Operating system : Windows 7 Starter (32 bits)

# User : Wyatt - WYATT-VAIO

# Boot Mode : Normal

# Running from : C:\Users\Wyatt\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [683 octets] - [01/01/2013 18:28:07]

AdwCleaner[R2].txt - [742 octets] - [01/01/2013 19:07:37]

AdwCleaner[s1].txt - [676 octets] - [01/01/2013 19:08:10]

########## EOF - C:\AdwCleaner[s1].txt - [735 octets] ##########

Link to post
Share on other sites

Hold on a sec, MBAM quick scan just detected two things

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2012.12.29.03

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Wyatt :: WYATT-VAIO [administrator]

1/2/2013 9:33:02 PM

mbam-log-2013-01-02 (21-33-02).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 228188

Time elapsed: 18 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\Wyatt\AppData\Local\temp\DNS.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Wyatt\Local Settings\Temporary Internet Files\Content.IE5\TXMEUA3W\DNS[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

(end)

Let me reboot, run another scan and give you an update

Link to post
Share on other sites

  • Staff

Great. :)

  • Please double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with Yes.

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 2 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.