Jump to content


Photo
- - - - -

PUM.UserWLoad


  • This topic is locked This topic is locked
23 replies to this topic

#1 bananaman

bananaman

    New Member

  • Members
  • Pip
  • 16 posts

Posted 29 December 2012 - 09:52 PM

Hi, I'm here because I need help getting rid of this stupid PUM.UserWLoad thing. I had that moneypack FBI virus a few weeks ago but I got rid of it. Now I'm having trouble with internet browsing (I'm using Safe Mode with Networking to make my life easier). I've been getting a ieframe.dll error page online too. I've run MB several times, and the only thing that is detected is this PUP file, which won't go away after restarting my computer!

I should also mention when I log in to my desktop I always get a .dll error message ("could not be found"), but this has been going on for a while and I haven't noticed any other problems along with it.

some more Context: I have a little Sony Vaio computer with windows 7 (starter edition). I'm using the latest internet explorer. I don't think that I have an AV but I run MB (quick scan) every week or two, and it will usually help if I have any snags/bugs. I delete myhistory/files/cookies/ every day too.

I've been following these instructions as best as I can to get here. (although I ran the dds thing in safe mode, is that okay?).

If anyone could help me out, I'd really appreciate it, and bear with me as I'm not the most tech-savvy person on earth.

Attached Files



#2 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 30 December 2012 - 01:10 AM

Hi and welcome to Malwarebytes.


In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt directly in your reply.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 bananaman

bananaman

    New Member

  • Members
  • Pip
  • 16 posts

Posted 30 December 2012 - 02:14 AM

Thanks screen317

So here's this...

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2012.12.29.03
Windows 7 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Wyatt :: WYATT-VAIO [administrator]
12/29/2012 10:52:21 PM
mbam-log-2012-12-29 (22-52-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228008
Time elapsed: 9 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Wyatt\LOCALS~1\Temp\msuquuyk.pif -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


After I rebooted, ran DDS and got this...


DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16457
Run by Wyatt at 23:03:57 on 2012-12-29
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.593 [GMT -8:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/accmeware/{E528FBF1-D27C-48FE-B374-B967816EC659}
uProxyServer = hxxp=127.0.0.1:54949
uProxyOverride = <local>;*.local
uWindows: Load = c:\users\wyatt\locals~1\temp\msuquuyk.pif
BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - c:\program files\coupon companion plugin\Coupon Companion Plugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} -
uRun: [CompHost] rundll32 "certdccw.dll",CreateProcessNotify
uRun: [Loytyd] c:\users\wyatt\appdata\roaming\mucay\okfys.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SmartWiHelper] "c:\program files\sony\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1C7094A9-AF19-464E-91A2-EEF617F124C6} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{1C7094A9-AF19-464E-91A2-EEF617F124C6}\14454583036383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{1C7094A9-AF19-464E-91A2-EEF617F124C6}\2375942554633353 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2010-6-28 789856]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-12-2 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2012-6-22 265952]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-9-14 642416]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-27 43944]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-30 29472]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-9-27 140376]
S3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\drivers\MAudioMIDISPORT.sys [2010-10-6 169224]
S3 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2010-6-30 122880]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2010-6-30 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\common files\sony shared\sohlib\SOHDBSvr.exe [2010-6-30 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2010-6-30 427304]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2010-6-30 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\common files\sony shared\sohlib\SOHPlMgr.exe [2010-6-30 91432]
S3 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2010-6-30 513392]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2010-6-30 480624]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\sony\vcm intelligent network service manager\VcmINSMgr.exe [2010-6-30 361840]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2010-6-30 83312]
S3 VUAgent;VUAgent;c:\program files\sony\vaio update common\VUAgent.exe [2012-1-13 939624]
.
=============== Created Last 30 ================
.
2012-12-30 00:52:36 -------- d-----w- c:\users\wyatt\appdata\local\Wajam
2012-12-30 00:52:26 -------- d-----w- c:\users\wyatt\appdata\local\Coupon Companion Plugin
2012-12-30 00:52:19 -------- d-----w- c:\program files\Coupon Companion Plugin
2012-12-28 22:40:00 -------- d-----w- c:\users\wyatt\appdata\roaming\Poyh
2012-12-28 22:40:00 -------- d-----w- c:\users\wyatt\appdata\roaming\Mucay
2012-12-28 22:40:00 -------- d-----w- c:\users\wyatt\appdata\roaming\Epxoak
2012-12-28 17:32:21 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fe27f9ab-a723-418b-83c2-2089070ac68e}\mpengine.dll
2012-12-21 06:29:52 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 06:29:52 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 06:32:53 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 06:32:52 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 06:32:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-09 23:59:46 -------- d-----w- c:\program files\Enigma Software Group
.
==================== Find3M ====================
.
2012-12-15 00:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-22 07:43:13 2344960 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-16 20:34:37 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 03:20:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 03:20:29 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-04 16:53:53 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-10-04 16:49:12 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-04 15:00:00 271360 ----a-w- c:\windows\system32\conhost.exe
2012-10-04 14:44:29 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:44:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:44:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:44:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 23:06:29.82 ===============



And this...


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume2
Install Date: 11/12/2010 5:20:09 PM
System Uptime: 12/29/2012 11:02:38 PM (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Atom™ CPU N470 @ 1.83GHz | N/A | 1828/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 227 GiB total, 172.344 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_197B&DEV_0260&SUBSYS_9075104D&REV_02\4&194AE453&0&05E1
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_197B&DEV_0260&SUBSYS_9075104D&REV_02\4&194AE453&0&05E1
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP312: 12/9/2012 4:11:59 PM - Removed SpyHunter
RP313: 12/9/2012 4:13:23 PM - Removed SpyHunter
RP314: 12/9/2012 4:40:01 PM - Windows Update
RP315: 12/13/2012 3:02:17 AM - Windows Update
RP316: 12/18/2012 10:13:06 AM - Windows Update
RP317: 12/20/2012 10:29:05 PM - Windows Update
RP318: 12/25/2012 12:30:45 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1.2
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 3
Armagetron Advanced 0.2.8.3.1.gcc
AstroViewer 3.1.4
Audacity 1.3.13 (Unicode)
Bonjour
Compatibility Pack for the 2007 Office system
Coupon Companion Plugin
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Intel® Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java™ 6 Update 18
JMicron Flash Media Controller Driver
Junk Mail filter update
LAME v3.98.3 for Audacity
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MilkDrop for Winamp 2x (remove only)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Next Generation Visualisations
One-click FLAC to MP3 Converter
PMB
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Setting Utility Series
SmartWi Connection Utility
Sony Home Network Library
Stop Motion Animator 1.1.XP
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VAIO Care
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Intelligent Network Service Manager
VAIO Content Metadata Manager Settings
VAIO Content Metadata XML Interface Library
VAIO Content Monitoring Settings
VAIO Control Center
VAIO Data Restore Tool
VAIO Entertainment Platform
VAIO Event Service
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Media plus
VAIO Media plus Opening Movie
VAIO OOBE and Startup Assistant
VAIO Original Function Settings
VAIO Power Management
VAIO Survey
VAIO Transfer Support
VAIO Update
VAIO Update Merge Module x86
VU5x86
WIDCOMM Bluetooth Software
Winamp
Winamp Detector Plug-in
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
12/29/2012 6:01:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
12/29/2012 4:52:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/29/2012 4:14:51 PM, Error: Service Control Manager [7022] - The VAIO Content Folder Watcher service hung on starting.
12/29/2012 3:21:14 PM, Error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The process cannot access the file because it is being used by another process.
12/29/2012 11:05:23 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/29/2012 11:03:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/29/2012 11:03:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/29/2012 11:03:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/29/2012 11:03:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/29/2012 11:03:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/29/2012 11:03:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache spldr Wanarpv6
12/28/2012 9:31:41 PM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
12/26/2012 8:43:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12/25/2012 9:33:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
12/25/2012 1:17:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
12/24/2012 3:05:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VzCdbSvc service.
12/24/2012 12:51:47 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
.
==== End Of File ===========================

#4 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 01 January 2013 - 01:28 PM

Hi,

Please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 bananaman

bananaman

    New Member

  • Members
  • Pip
  • 16 posts

Posted 01 January 2013 - 02:45 PM

Hey thanks! Here it is:

# AdwCleaner v2.104 - Logfile created 01/01/2013 at 11:43:48
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Starter (32 bits)
# User : Wyatt - WYATT-VAIO
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Wyatt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MN1JFWKD\adwcleaner.exe
# Option [Search]

***** [Services] *****
Found : Updater Service for StartNow Toolbar
***** [Files / Folders] *****
File Found : C:\Users\Wyatt\AppData\Local\Temp\Uninstall.exe
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Wyatt\AppData\Local\Wajam
Folder Found : C:\Users\Wyatt\AppData\LocalLow\FunWebProducts
Folder Found : C:\Users\Wyatt\AppData\LocalLow\MyWebSearch
Folder Found : C:\Users\Wyatt\AppData\LocalLow\Toolbar4
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/accmeware/{E528FBF1-D27C-48FE-B374-B967816EC659}
*************************
AdwCleaner[R1].txt - [4457 octets] - [01/01/2013 11:43:48]
########## EOF - C:\AdwCleaner[R1].txt - [4517 octets] ##########

#6 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 01 January 2013 - 02:48 PM

Hi,

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number

Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 bananaman

bananaman

    New Member

  • Members
  • Pip
  • 16 posts

Posted 01 January 2013 - 03:07 PM

Here ya go:

# AdwCleaner v2.104 - Logfile created 01/01/2013 at 11:51:00
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Starter (32 bits)
# User : Wyatt - WYATT-VAIO
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Wyatt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MN1JFWKD\adwcleaner.exe
# Option [Delete]

***** [Services] *****
Stopped & Deleted : Updater Service for StartNow Toolbar
***** [Files / Folders] *****
File Deleted : C:\Users\Wyatt\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Wyatt\AppData\Local\Wajam
Folder Deleted : C:\Users\Wyatt\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Wyatt\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Wyatt\AppData\LocalLow\Toolbar4
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/accmeware/{E528FBF1-D27C-48FE-B374-B967816EC659} --> hxxp://www.google.com
*************************
AdwCleaner[R1].txt - [4586 octets] - [01/01/2013 11:43:48]
AdwCleaner[S1].txt - [4672 octets] - [01/01/2013 11:51:00]
########## EOF - C:\AdwCleaner[S1].txt - [4732 octets] ##########

#8 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 01 January 2013 - 03:18 PM

  • Please double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with Yes.

How are things running now? Update MBAM, run a Quick Scan, and post its log. Are you still getting detections?
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 bananaman

bananaman

    New Member

  • Members
  • Pip
  • 16 posts

Posted 01 January 2013 - 03:36 PM

Things are running fine in safe mode- normal mode not so much.

Dang, ran a scan and it's still there. I'm going to reboot anyway

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2012.12.29.03
Windows 7 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Wyatt :: WYATT-VAIO [administrator]
1/1/2013 12:22:15 PM
mbam-log-2013-01-01 (12-22-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232163
Time elapsed: 11 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Wyatt\LOCALS~1\Temp\msuquuyk.pif -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

#10 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 01 January 2013 - 03:59 PM

Hi,


We have an advanced product in development that is now in public Beta: Malwarebytes Anti-Rootkit. This tool has been designed to address the specific type of infection(s) identified on your system. At this stage Malwarebytes Anti-Rootkit has been heavily tested and we are confident in it's capabilities and stability. That being said, this is a Beta product and certain disclaimers need to be made. All Beta versions are not final products. Malwarebytes does not guarantee the absence of errors which might lead to interruption in normal computer operations or data loss. Precautions should be taken. The types of infections targeted by Malwarebytes Anti-Rootkit can be very difficult to remove. Please be sure you have any valued data backed up before proceeding, just as a precaution.
While we encourage and invite participation, Malwarebytes Anti-Rootkit Beta users run the tool at their own risk. Malwarebytes bears no responsibility for issues that may arise during use of this tool, however all reasonable efforts will be made by Malwarebytes to assist in recovery should the need arise.
If you agree to these terms, please let us know and we will provide a download link and instructions for you.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11 bananaman

bananaman

    New Member

  • Members
  • Pip
  • 16 posts

Posted 01 January 2013 - 04:04 PM

Yes, I would like to give it a shot.

Is it absolutely necessary that I back-up my files and how would I do this?

#12 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 01 January 2013 - 04:21 PM

Simply copy and paste any documents or pictures you couldn't live without to an external hard drive or flash drive. Alternatively, burn a CD. The risk is low, but we give that disclaimer because you can never be too careful.


When you're ready, here is a link to instructions and a download link; post both logs that it creates:

http://www.malwareby.../products/mbar/
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#13 bananaman

bananaman

    New Member

  • Members
  • Pip
  • 16 posts

Posted 01 January 2013 - 04:39 PM

Ok, when I try to run it, I get an error message that says it can't load/install the "DDA driver." It gives me the option of rebooting to install it, which I click, and then I immediately get an error message that says it was unable to install DDA driver.

#14 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 01 January 2013 - 04:55 PM

Okay let's skip that for now.


Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.


If after ComboFix reboots you get a message about an "Invalid Option Registry Key Marked for Deletion," please reboot again and the error will go away.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#15 bananaman

bananaman

    New Member

  • Members
  • Pip
  • 16 posts

Posted 01 January 2013 - 05:34 PM

ComboFix 13-01-01.02 - Wyatt 01/01/2013 14:05:32.1.2 - x86 NETWORK
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.448 [GMT -8:00]
Running from: c:\users\Wyatt\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Coupon Companion Plugin\CoUPon companion plugin.dll
c:\program files\Downloaded Installers
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\programdata\4e0eaba6
c:\users\Public\Documents\~WRL2546.tmp
c:\users\Wyatt\99
c:\users\Wyatt\AppData\Roaming\Axefo
c:\users\Wyatt\AppData\Roaming\Axefo\avbe.tmp
c:\users\Wyatt\AppData\Roaming\Axefo\avbe.yni
c:\users\Wyatt\AppData\Roaming\Mucay
c:\users\Wyatt\AppData\Roaming\Mucay\okfys.exe
c:\users\Wyatt\Documents\~WRL3338.tmp
c:\users\Wyatt\Documents\~WRL3745.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-12-01 to 2013-01-01 )))))))))))))))))))))))))))))))
.
.
2013-01-01 22:20 . 2013-01-01 22:20 -------- d-----w- c:\users\Trish\AppData\Local\temp
2013-01-01 22:19 . 2013-01-01 22:22 -------- d-----w- c:\users\Wyatt\AppData\Local\temp
2013-01-01 22:19 . 2013-01-01 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-01 22:05 . 2013-01-01 22:05 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CE8D026-02BD-4DA6-987F-F08AA8F4FF18}\offreg.dll
2013-01-01 20:00 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CE8D026-02BD-4DA6-987F-F08AA8F4FF18}\mpengine.dll
2013-01-01 04:19 . 2013-01-01 04:19 -------- d-----w- c:\windows\Sun
2012-12-30 00:52 . 2012-12-30 00:52 -------- d-----w- c:\users\Wyatt\AppData\Local\Coupon Companion Plugin
2012-12-30 00:52 . 2013-01-01 22:18 -------- d-----w- c:\program files\Coupon Companion Plugin
2012-12-28 22:40 . 2012-12-31 23:29 -------- d-----w- c:\users\Wyatt\AppData\Roaming\Epxoak
2012-12-28 22:40 . 2012-12-28 22:40 -------- d-----w- c:\users\Wyatt\AppData\Roaming\Poyh
2012-12-21 06:29 . 2012-12-16 14:25 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 06:29 . 2012-12-16 14:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 06:32 . 2012-11-02 04:48 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 06:32 . 2012-09-06 16:48 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 06:32 . 2012-11-09 04:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-09 23:59 . 2012-12-09 23:59 -------- d-----w- c:\program files\Enigma Software Group
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 00:49 . 2011-02-19 19:44 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-16 20:34 . 2012-11-27 23:58 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 03:20 . 2012-10-11 03:20 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-11 03:20 . 2011-10-11 05:43 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-23 8120864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-26 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-23 1578280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SmartWiHelper"="c:\program files\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-12-15 1091432]
"Z1"="c:\users\Wyatt\Desktop\mbar-1.01.0.1011\mbar\mbar.exe" [2013-01-01 1342312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 02:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-12-15 00:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [x]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [x]
R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\DRIVERS\MAudioMIDISPORT.sys [x]
R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [x]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [x]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [x]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:54949
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-CompHost - certdccw.dll
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-01 14:26:24
ComboFix-quarantined-files.txt 2013-01-01 22:26
.
Pre-Run: 184,612,323,328 bytes free
Post-Run: 186,689,589,248 bytes free
.
- - End Of File - - A51E2845DF908A811DF040C30902390C


And here's this one..........


DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16457
Run by Wyatt at 14:30:57 on 2013-01-01
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.321 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mStart Page = hxxp://www.google.com
uProxyServer = hxxp=127.0.0.1:54949
uProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SmartWiHelper] "c:\program files\sony\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [Z1] c:\users\wyatt\desktop\mbar-1.01.0.1011\mbar\mbar.exe /cleanup /s
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1C7094A9-AF19-464E-91A2-EEF617F124C6} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{1C7094A9-AF19-464E-91A2-EEF617F124C6}\14454583036383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{1C7094A9-AF19-464E-91A2-EEF617F124C6}\2375942554633353 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2010-6-28 789856]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-12-2 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-9-14 642416]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-27 43944]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-30 29472]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-9-27 140376]
S3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\drivers\MAudioMIDISPORT.sys [2010-10-6 169224]
S3 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2010-6-30 122880]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2010-6-30 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\common files\sony shared\sohlib\SOHDBSvr.exe [2010-6-30 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2010-6-30 427304]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2010-6-30 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\common files\sony shared\sohlib\SOHPlMgr.exe [2010-6-30 91432]
S3 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2010-6-30 513392]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2010-6-30 480624]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\sony\vcm intelligent network service manager\VcmINSMgr.exe [2010-6-30 361840]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2010-6-30 83312]
S3 VUAgent;VUAgent;c:\program files\sony\vaio update common\VUAgent.exe [2012-1-13 939624]
.
=============== Created Last 30 ================
.
2013-01-01 22:26:36 -------- d-sh--w- C:\$RECYCLE.BIN
2013-01-01 22:26:28 -------- d-----w- c:\users\wyatt\appdata\local\temp
2013-01-01 22:05:24 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8ce8d026-02bd-4da6-987f-f08aa8f4ff18}\offreg.dll
2013-01-01 22:01:56 98816 ----a-w- c:\windows\sed.exe
2013-01-01 22:01:56 256000 ----a-w- c:\windows\PEV.exe
2013-01-01 22:01:56 208896 ----a-w- c:\windows\MBR.exe
2013-01-01 20:00:15 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8ce8d026-02bd-4da6-987f-f08aa8f4ff18}\mpengine.dll
2012-12-30 00:52:26 -------- d-----w- c:\users\wyatt\appdata\local\Coupon Companion Plugin
2012-12-30 00:52:19 -------- d-----w- c:\program files\Coupon Companion Plugin
2012-12-28 22:40:00 -------- d-----w- c:\users\wyatt\appdata\roaming\Poyh
2012-12-28 22:40:00 -------- d-----w- c:\users\wyatt\appdata\roaming\Epxoak
2012-12-21 06:29:52 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 06:29:52 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 06:32:53 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 06:32:52 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 06:32:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-09 23:59:46 -------- d-----w- c:\program files\Enigma Software Group
.
==================== Find3M ====================
.
2012-12-15 00:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-22 07:43:13 2344960 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-16 20:34:37 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 03:20:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 03:20:29 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-04 16:53:53 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-10-04 16:49:12 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-04 15:00:00 271360 ----a-w- c:\windows\system32\conhost.exe
2012-10-04 14:44:29 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:44:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:44:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:44:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 14:31:21.52 ===============

#16 bananaman

bananaman

    New Member

  • Members
  • Pip
  • 16 posts

Posted 01 January 2013 - 06:15 PM

Hey good news: I just ran a quick MBAM scan for the heck of it and nothing was detected.

I'm going to restart in normal mode and see if it has gotten any better.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2012.12.29.03
Windows 7 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Wyatt :: WYATT-VAIO [administrator]
1/1/2013 3:06:54 PM
mbam-log-2013-01-01 (15-06-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226529
Time elapsed: 5 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

#17 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 01 January 2013 - 07:07 PM

Hi,

Great!

Please zip up and attach this folder:

C:\qoobox


Run TFC by OldTimer to clear temporary files:
  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.



  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).
The log is like UtilityName.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.



Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Export the threats found (if any), and post them here.


Next, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.



Next, download my Security Check from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#18 bananaman

bananaman

    New Member

  • Members
  • Pip
  • 16 posts

Posted 01 January 2013 - 09:46 PM

Qoobox.zip is attached

Ran TCF (it deleted about ten MB of stuff I think), then rebooted


Ran TDSSkiller. (It didn't detect anything, or ask me to reboot. I think this is the right log)

17:04:08.0353 4840 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:04:08.0852 4840 ============================================================
17:04:08.0852 4840 Current date / time: 2013/01/01 17:04:08.0852
17:04:08.0852 4840 SystemInfo:
17:04:08.0852 4840
17:04:08.0852 4840 OS Version: 6.1.7600 ServicePack: 0.0
17:04:08.0852 4840 Product type: Workstation
17:04:08.0852 4840 ComputerName: WYATT-VAIO
17:04:08.0852 4840 UserName: Wyatt
17:04:08.0852 4840 Windows directory: C:\Windows
17:04:08.0852 4840 System windows directory: C:\Windows
17:04:08.0852 4840 Processor architecture: Intel x86
17:04:08.0852 4840 Number of processors: 2
17:04:08.0852 4840 Page size: 0x1000
17:04:08.0852 4840 Boot type: Normal boot
17:04:08.0852 4840 ============================================================
17:04:10.0460 4840 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:04:10.0475 4840 ============================================================
17:04:10.0475 4840 \Device\Harddisk0\DR0:
17:04:10.0475 4840 MBR partitions:
17:04:10.0475 4840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xACC800, BlocksNum 0x32000
17:04:10.0475 4840 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAFE800, BlocksNum 0x1C6C6970
17:04:10.0475 4840 ============================================================
17:04:10.0506 4840 C: <-> \Device\Harddisk0\DR0\Partition2
17:04:10.0506 4840 ============================================================
17:04:10.0506 4840 Initialize success
17:04:10.0506 4840 ============================================================
17:04:13.0517 2980 ============================================================
17:04:13.0517 2980 Scan started
17:04:13.0517 2980 Mode: Manual;
17:04:13.0517 2980 ============================================================
17:04:14.0204 2980 ================ Scan system memory ========================
17:04:14.0204 2980 System memory - ok
17:04:14.0219 2980 ================ Scan services =============================
17:04:14.0391 2980 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:04:14.0391 2980 1394ohci - ok
17:04:14.0484 2980 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:04:14.0484 2980 ACDaemon - ok
17:04:14.0547 2980 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:04:14.0547 2980 ACPI - ok
17:04:14.0594 2980 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:04:14.0594 2980 AcpiPmi - ok
17:04:14.0640 2980 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:04:14.0656 2980 adp94xx - ok
17:04:14.0687 2980 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:04:14.0687 2980 adpahci - ok
17:04:14.0734 2980 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:04:14.0750 2980 adpu320 - ok
17:04:14.0812 2980 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:04:14.0812 2980 AeLookupSvc - ok
17:04:14.0874 2980 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
17:04:14.0890 2980 AFD - ok
17:04:14.0921 2980 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
17:04:14.0921 2980 agp440 - ok
17:04:14.0984 2980 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:04:14.0984 2980 aic78xx - ok
17:04:15.0030 2980 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
17:04:15.0030 2980 ALG - ok
17:04:15.0062 2980 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
17:04:15.0062 2980 aliide - ok
17:04:15.0093 2980 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:04:15.0093 2980 amdagp - ok
17:04:15.0124 2980 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
17:04:15.0124 2980 amdide - ok
17:04:15.0171 2980 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:04:15.0171 2980 AmdK8 - ok
17:04:15.0186 2980 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
17:04:15.0186 2980 AmdPPM - ok
17:04:15.0249 2980 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:04:15.0249 2980 amdsata - ok
17:04:15.0280 2980 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:04:15.0280 2980 amdsbs - ok
17:04:15.0311 2980 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:04:15.0311 2980 amdxata - ok
17:04:15.0342 2980 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
17:04:15.0342 2980 AppID - ok
17:04:15.0389 2980 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:04:15.0389 2980 AppIDSvc - ok
17:04:15.0420 2980 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
17:04:15.0420 2980 Appinfo - ok
17:04:15.0514 2980 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:04:15.0530 2980 Apple Mobile Device - ok
17:04:15.0623 2980 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
17:04:15.0623 2980 arc - ok
17:04:15.0654 2980 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:04:15.0654 2980 arcsas - ok
17:04:15.0717 2980 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:04:15.0717 2980 AsyncMac - ok
17:04:15.0732 2980 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
17:04:15.0748 2980 atapi - ok
17:04:15.0810 2980 [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr C:\Windows\system32\DRIVERS\athr.sys
17:04:15.0826 2980 athr - ok
17:04:15.0904 2980 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:04:15.0904 2980 AudioEndpointBuilder - ok
17:04:15.0951 2980 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:04:15.0966 2980 Audiosrv - ok
17:04:15.0998 2980 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:04:15.0998 2980 AxInstSV - ok
17:04:16.0076 2980 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
17:04:16.0076 2980 b06bdrv - ok
17:04:16.0138 2980 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:04:16.0154 2980 b57nd60x - ok
17:04:16.0216 2980 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
17:04:16.0216 2980 BDESVC - ok
17:04:16.0232 2980 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
17:04:16.0232 2980 Beep - ok
17:04:16.0278 2980 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
17:04:16.0294 2980 BFE - ok
17:04:16.0341 2980 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll
17:04:16.0356 2980 BITS - ok
17:04:16.0403 2980 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:04:16.0403 2980 blbdrive - ok
17:04:16.0497 2980 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:04:16.0512 2980 Bonjour Service - ok
17:04:16.0559 2980 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:04:16.0559 2980 bowser - ok
17:04:16.0590 2980 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:04:16.0590 2980 BrFiltLo - ok
17:04:16.0637 2980 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:04:16.0637 2980 BrFiltUp - ok
17:04:16.0715 2980 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:04:16.0715 2980 BridgeMP - ok
17:04:16.0856 2980 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
17:04:16.0856 2980 Browser - ok
17:04:16.0980 2980 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:04:16.0980 2980 Brserid - ok
17:04:17.0012 2980 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:04:17.0012 2980 BrSerWdm - ok
17:04:17.0055 2980 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:04:17.0056 2980 BrUsbMdm - ok
17:04:17.0078 2980 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:04:17.0078 2980 BrUsbSer - ok
17:04:17.0156 2980 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:04:17.0156 2980 BthEnum - ok
17:04:17.0187 2980 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:04:17.0187 2980 BTHMODEM - ok
17:04:17.0218 2980 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:04:17.0218 2980 BthPan - ok
17:04:17.0281 2980 [ 04CEDA17A195924070B01174CB1F9AF8 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:04:17.0281 2980 BTHPORT - ok
17:04:17.0327 2980 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
17:04:17.0327 2980 bthserv - ok
17:04:17.0374 2980 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:04:17.0374 2980 BTHUSB - ok
17:04:17.0421 2980 [ 92C5B845803F3662637EB691AC0B250F ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
17:04:17.0421 2980 btusbflt - ok
17:04:17.0499 2980 [ CE5833C144CA6623BCBDE93B188AA850 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
17:04:17.0499 2980 btwaudio - ok
17:04:17.0577 2980 [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
17:04:17.0577 2980 btwavdt - ok
17:04:17.0671 2980 [ F55C99818FD1EACFC7784958A8592536 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:04:17.0686 2980 btwdins - ok
17:04:17.0733 2980 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
17:04:17.0733 2980 btwl2cap - ok
17:04:17.0795 2980 [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
17:04:17.0795 2980 btwrchid - ok
17:04:17.0889 2980 catchme - ok
17:04:17.0951 2980 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:04:17.0951 2980 cdfs - ok
17:04:18.0014 2980 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:04:18.0014 2980 cdrom - ok
17:04:18.0061 2980 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
17:04:18.0076 2980 CertPropSvc - ok
17:04:18.0107 2980 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
17:04:18.0107 2980 circlass - ok
17:04:18.0139 2980 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
17:04:18.0139 2980 CLFS - ok
17:04:18.0217 2980 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:04:18.0217 2980 clr_optimization_v2.0.50727_32 - ok
17:04:18.0295 2980 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:04:18.0295 2980 clr_optimization_v4.0.30319_32 - ok
17:04:18.0326 2980 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
17:04:18.0326 2980 CmBatt - ok
17:04:18.0373 2980 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:04:18.0373 2980 cmdide - ok
17:04:18.0419 2980 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
17:04:18.0419 2980 CNG - ok
17:04:18.0466 2980 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:04:18.0466 2980 Compbatt - ok
17:04:18.0529 2980 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:04:18.0544 2980 CompositeBus - ok
17:04:18.0560 2980 COMSysApp - ok
17:04:18.0622 2980 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:04:18.0622 2980 crcdisk - ok
17:04:18.0700 2980 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:04:18.0716 2980 CryptSvc - ok
17:04:18.0778 2980 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
17:04:18.0794 2980 DcomLaunch - ok
17:04:18.0825 2980 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:04:18.0841 2980 defragsvc - ok
17:04:18.0903 2980 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:04:18.0903 2980 DfsC - ok
17:04:18.0965 2980 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:04:18.0981 2980 Dhcp - ok
17:04:19.0028 2980 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
17:04:19.0028 2980 discache - ok
17:04:19.0090 2980 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
17:04:19.0090 2980 Disk - ok
17:04:19.0121 2980 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:04:19.0137 2980 Dnscache - ok
17:04:19.0184 2980 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
17:04:19.0184 2980 dot3svc - ok
17:04:19.0215 2980 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
17:04:19.0231 2980 DPS - ok
17:04:19.0262 2980 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:04:19.0262 2980 drmkaud - ok
17:04:19.0340 2980 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:04:19.0340 2980 DXGKrnl - ok
17:04:19.0371 2980 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
17:04:19.0387 2980 EapHost - ok
17:04:19.0511 2980 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
17:04:19.0543 2980 ebdrv - ok
17:04:19.0605 2980 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
17:04:19.0605 2980 EFS - ok
17:04:19.0683 2980 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:04:19.0683 2980 elxstor - ok
17:04:19.0714 2980 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:04:19.0714 2980 ErrDev - ok
17:04:19.0777 2980 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
17:04:19.0792 2980 EventSystem - ok
17:04:19.0808 2980 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
17:04:19.0808 2980 exfat - ok
17:04:19.0839 2980 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:04:19.0839 2980 fastfat - ok
17:04:19.0886 2980 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
17:04:19.0886 2980 Fax - ok
17:04:19.0917 2980 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
17:04:19.0917 2980 fdc - ok
17:04:19.0948 2980 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
17:04:19.0948 2980 fdPHost - ok
17:04:19.0964 2980 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
17:04:19.0979 2980 FDResPub - ok
17:04:20.0011 2980 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:04:20.0011 2980 FileInfo - ok
17:04:20.0026 2980 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:04:20.0026 2980 Filetrace - ok
17:04:20.0073 2980 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:04:20.0073 2980 flpydisk - ok
17:04:20.0104 2980 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:04:20.0104 2980 FltMgr - ok
17:04:20.0167 2980 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
17:04:20.0182 2980 FontCache - ok
17:04:20.0229 2980 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:04:20.0229 2980 FontCache3.0.0.0 - ok
17:04:20.0260 2980 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:04:20.0260 2980 FsDepends - ok
17:04:20.0307 2980 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:04:20.0307 2980 Fs_Rec - ok
17:04:20.0354 2980 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:04:20.0354 2980 fvevol - ok
17:04:20.0385 2980 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:04:20.0385 2980 gagp30kx - ok
17:04:20.0432 2980 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:04:20.0432 2980 GEARAspiWDM - ok
17:04:20.0479 2980 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
17:04:20.0494 2980 gpsvc - ok
17:04:20.0541 2980 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:04:20.0541 2980 hcw85cir - ok
17:04:20.0588 2980 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:04:20.0588 2980 HdAudAddService - ok
17:04:20.0619 2980 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:04:20.0619 2980 HDAudBus - ok
17:04:20.0650 2980 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:04:20.0650 2980 HidBatt - ok
17:04:20.0681 2980 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:04:20.0681 2980 HidBth - ok
17:04:20.0697 2980 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
17:04:20.0697 2980 HidIr - ok
17:04:20.0728 2980 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
17:04:20.0728 2980 hidserv - ok
17:04:20.0759 2980 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:04:20.0759 2980 HidUsb - ok
17:04:20.0791 2980 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:04:20.0806 2980 hkmsvc - ok
17:04:20.0837 2980 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:04:20.0837 2980 HomeGroupListener - ok
17:04:20.0869 2980 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:04:20.0884 2980 HomeGroupProvider - ok
17:04:20.0915 2980 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:04:20.0915 2980 HpSAMD - ok
17:04:20.0962 2980 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:04:20.0993 2980 HTTP - ok
17:04:21.0009 2980 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:04:21.0009 2980 hwpolicy - ok
17:04:21.0071 2980 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:04:21.0071 2980 i8042prt - ok
17:04:21.0134 2980 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:04:21.0134 2980 iaStorV - ok
17:04:21.0213 2980 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:04:21.0244 2980 idsvc - ok
17:04:21.0400 2980 [ E21A74A91F7AA3BB2E985C4CDDCA63F2 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
17:04:21.0447 2980 igfx - ok
17:04:21.0494 2980 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:04:21.0494 2980 iirsp - ok
17:04:21.0556 2980 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
17:04:21.0587 2980 IKEEXT - ok
17:04:21.0712 2980 [ 0B7E398549ACEC7A6F8BD755C2CE40B5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:04:21.0743 2980 IntcAzAudAddService - ok
17:04:21.0774 2980 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
17:04:21.0774 2980 intelide - ok
17:04:21.0806 2980 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
17:04:21.0806 2980 intelppm - ok
17:04:21.0837 2980 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:04:21.0852 2980 IPBusEnum - ok
17:04:21.0868 2980 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:04:21.0868 2980 IpFilterDriver - ok
17:04:21.0915 2980 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:04:21.0946 2980 iphlpsvc - ok
17:04:21.0977 2980 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:04:21.0977 2980 IPMIDRV - ok
17:04:22.0008 2980 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:04:22.0071 2980 IPNAT - ok
17:04:22.0149 2980 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:04:22.0180 2980 iPod Service - ok
17:04:22.0227 2980 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:04:22.0227 2980 IRENUM - ok
17:04:22.0274 2980 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:04:22.0274 2980 isapnp - ok
17:04:22.0289 2980 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:04:22.0305 2980 iScsiPrt - ok
17:04:22.0336 2980 [ EC176CC42D17B160F8A57F62BB1E7E92 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
17:04:22.0336 2980 JMCR - ok
17:04:22.0352 2980 JME - ok
17:04:22.0383 2980 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:04:22.0383 2980 kbdclass - ok
17:04:22.0414 2980 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:04:22.0414 2980 kbdhid - ok
17:04:22.0445 2980 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
17:04:22.0445 2980 KeyIso - ok
17:04:22.0492 2980 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:04:22.0492 2980 KSecDD - ok
17:04:22.0523 2980 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:04:22.0539 2980 KSecPkg - ok
17:04:22.0570 2980 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
17:04:22.0586 2980 KtmRm - ok
17:04:22.0617 2980 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll
17:04:22.0632 2980 LanmanServer - ok
17:04:22.0679 2980 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:04:22.0679 2980 LanmanWorkstation - ok
17:04:22.0726 2980 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:04:22.0726 2980 lltdio - ok
17:04:22.0773 2980 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:04:22.0773 2980 lltdsvc - ok
17:04:22.0804 2980 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
17:04:22.0804 2980 lmhosts - ok
17:04:22.0866 2980 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:04:22.0866 2980 LSI_FC - ok
17:04:22.0882 2980 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:04:22.0898 2980 LSI_SAS - ok
17:04:22.0913 2980 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:04:22.0913 2980 LSI_SAS2 - ok
17:04:22.0944 2980 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:04:22.0944 2980 LSI_SCSI - ok
17:04:22.0976 2980 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
17:04:22.0976 2980 luafv - ok
17:04:23.0038 2980 [ B6E1CCD6572984ADCAE68439AFD07011 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
17:04:23.0038 2980 LVRS - ok
17:04:23.0225 2980 [ 6C42815DD57E397F0CD988304B5EB4B3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
17:04:23.0381 2980 LVUVC - ok
17:04:23.0428 2980 [ EA664E3AC4E285C831362971B3F6505F ] MAUSBMIDISPORT C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys
17:04:23.0428 2980 MAUSBMIDISPORT - ok
17:04:23.0459 2980 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
17:04:23.0459 2980 megasas - ok
17:04:23.0506 2980 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:04:23.0506 2980 MegaSR - ok
17:04:23.0584 2980 Microsoft SharePoint Workspace Audit Service - ok
17:04:23.0631 2980 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
17:04:23.0646 2980 MMCSS - ok
17:04:23.0678 2980 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
17:04:23.0678 2980 Modem - ok
17:04:23.0724 2980 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:04:23.0724 2980 monitor - ok
17:04:23.0756 2980 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
17:04:23.0756 2980 mouclass - ok
17:04:23.0771 2980 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\drivers\mouhid.sys
17:04:23.0787 2980 mouhid - ok
17:04:23.0802 2980 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:04:23.0802 2980 mountmgr - ok
17:04:23.0834 2980 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\drivers\mpio.sys
17:04:23.0834 2980 mpio - ok
17:04:23.0849 2980 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:04:23.0865 2980 mpsdrv - ok
17:04:23.0896 2980 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
17:04:23.0927 2980 MpsSvc - ok
17:04:23.0943 2980 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:04:23.0943 2980 MRxDAV - ok
17:04:23.0990 2980 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:04:23.0990 2980 mrxsmb - ok
17:04:24.0036 2980 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:04:24.0036 2980 mrxsmb10 - ok
17:04:24.0052 2980 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:04:24.0068 2980 mrxsmb20 - ok
17:04:24.0083 2980 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\drivers\msahci.sys
17:04:24.0083 2980 msahci - ok
17:04:24.0114 2980 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:04:24.0114 2980 msdsm - ok
17:04:24.0161 2980 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
17:04:24.0161 2980 MSDTC - ok
17:04:24.0224 2980 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:04:24.0224 2980 Msfs - ok
17:04:24.0255 2980 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:04:24.0255 2980 mshidkmdf - ok
17:04:24.0270 2980 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:04:24.0270 2980 msisadrv - ok
17:04:24.0317 2980 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:04:24.0317 2980 MSiSCSI - ok
17:04:24.0333 2980 msiserver - ok
17:04:24.0380 2980 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:04:24.0380 2980 MSKSSRV - ok
17:04:24.0395 2980 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:04:24.0411 2980 MSPCLOCK - ok
17:04:24.0426 2980 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:04:24.0426 2980 MSPQM - ok
17:04:24.0458 2980 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:04:24.0458 2980 MsRPC - ok
17:04:24.0504 2980 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:04:24.0504 2980 mssmbios - ok
17:04:24.0536 2980 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:04:24.0536 2980 MSTEE - ok
17:04:24.0551 2980 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:04:24.0551 2980 MTConfig - ok
17:04:24.0582 2980 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
17:04:24.0582 2980 Mup - ok
17:04:24.0629 2980 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
17:04:24.0660 2980 napagent - ok
17:04:24.0707 2980 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:04:24.0707 2980 NativeWifiP - ok
17:04:24.0754 2980 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:04:24.0785 2980 NDIS - ok
17:04:24.0816 2980 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:04:24.0816 2980 NdisCap - ok
17:04:24.0848 2980 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:04:24.0863 2980 NdisTapi - ok
17:04:24.0879 2980 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:04:24.0879 2980 Ndisuio - ok
17:04:24.0894 2980 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:04:24.0910 2980 NdisWan - ok
17:04:24.0926 2980 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:04:24.0926 2980 NDProxy - ok
17:04:24.0957 2980 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:04:24.0957 2980 NetBIOS - ok
17:04:24.0972 2980 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:04:24.0972 2980 NetBT - ok
17:04:24.0988 2980 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
17:04:25.0004 2980 Netlogon - ok
17:04:25.0050 2980 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
17:04:25.0066 2980 Netman - ok
17:04:25.0082 2980 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
17:04:25.0097 2980 netprofm - ok
17:04:25.0144 2980 [ C340A607BA9D7FB82D39B12F0E829BDB ] netr28 C:\Windows\system32\DRIVERS\netr28.sys
17:04:25.0175 2980 netr28 - ok
17:04:25.0206 2980 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:04:25.0206 2980 NetTcpPortSharing - ok
17:04:25.0238 2980 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:04:25.0238 2980 nfrd960 - ok
17:04:25.0284 2980 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
17:04:25.0300 2980 NlaSvc - ok
17:04:25.0316 2980 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:04:25.0316 2980 Npfs - ok
17:04:25.0347 2980 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
17:04:25.0347 2980 nsi - ok
17:04:25.0362 2980 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:04:25.0362 2980 nsiproxy - ok
17:04:25.0440 2980 [ 5126C5402C730C2A953275D8497A4715 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:04:25.0472 2980 Ntfs - ok
17:04:25.0503 2980 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
17:04:25.0503 2980 Null - ok
17:04:25.0565 2980 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:04:25.0565 2980 nvraid - ok
17:04:25.0612 2980 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:04:25.0612 2980 nvstor - ok
17:04:25.0643 2980 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:04:25.0659 2980 nv_agp - ok
17:04:25.0706 2980 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:04:25.0706 2980 ohci1394 - ok
17:04:25.0768 2980 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:04:25.0768 2980 ose - ok
17:04:25.0955 2980 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:04:26.0080 2980 osppsvc - ok
17:04:26.0142 2980 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:04:26.0158 2980 p2pimsvc - ok
17:04:26.0189 2980 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
17:04:26.0205 2980 p2psvc - ok
17:04:26.0236 2980 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
17:04:26.0236 2980 Parport - ok
17:04:26.0267 2980 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:04:26.0283 2980 partmgr - ok
17:04:26.0298 2980 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
17:04:26.0298 2980 Parvdm - ok
17:04:26.0330 2980 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:04:26.0330 2980 PcaSvc - ok
17:04:26.0376 2980 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\drivers\pci.sys
17:04:26.0376 2980 pci - ok
17:04:26.0408 2980 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
17:04:26.0408 2980 pciide - ok
17:04:26.0439 2980 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:04:26.0439 2980 pcmcia - ok
17:04:26.0470 2980 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
17:04:26.0470 2980 pcw - ok
17:04:26.0517 2980 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:04:26.0548 2980 PEAUTH - ok
17:04:26.0642 2980 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
17:04:26.0688 2980 pla - ok
17:04:26.0735 2980 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:04:26.0751 2980 PlugPlay - ok
17:04:26.0813 2980 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
17:04:26.0829 2980 PMBDeviceInfoProvider - ok
17:04:26.0860 2980 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:04:26.0876 2980 PNRPAutoReg - ok
17:04:26.0907 2980 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:04:26.0907 2980 PNRPsvc - ok
17:04:26.0954 2980 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:04:26.0954 2980 PolicyAgent - ok
17:04:27.0000 2980 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
17:04:27.0016 2980 Power - ok
17:04:27.0047 2980 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:04:27.0047 2980 PptpMiniport - ok
17:04:27.0078 2980 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
17:04:27.0094 2980 Processor - ok
17:04:27.0141 2980 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
17:04:27.0141 2980 ProfSvc - ok
17:04:27.0156 2980 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:04:27.0172 2980 ProtectedStorage - ok
17:04:27.0188 2980 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:04:27.0188 2980 Psched - ok
17:04:27.0250 2980 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:04:27.0297 2980 ql2300 - ok
17:04:27.0328 2980 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:04:27.0328 2980 ql40xx - ok
17:04:27.0359 2980 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
17:04:27.0375 2980 QWAVE - ok
17:04:27.0406 2980 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:04:27.0406 2980 QWAVEdrv - ok
17:04:27.0422 2980 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:04:27.0422 2980 RasAcd - ok
17:04:27.0468 2980 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:04:27.0468 2980 RasAgileVpn - ok
17:04:27.0500 2980 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
17:04:27.0515 2980 RasAuto - ok
17:04:27.0531 2980 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:04:27.0531 2980 Rasl2tp - ok
17:04:27.0578 2980 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
17:04:27.0578 2980 RasMan - ok
17:04:27.0609 2980 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:04:27.0609 2980 RasPppoe - ok
17:04:27.0640 2980 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:04:27.0640 2980 RasSstp - ok
17:04:27.0656 2980 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:04:27.0671 2980 rdbss - ok
17:04:27.0702 2980 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
17:04:27.0702 2980 rdpbus - ok
17:04:27.0718 2980 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:04:27.0734 2980 RDPCDD - ok
17:04:27.0765 2980 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:04:27.0765 2980 RDPENCDD - ok
17:04:27.0796 2980 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:04:27.0796 2980 RDPREFMP - ok
17:04:27.0827 2980 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:04:27.0843 2980 RDPWD - ok
17:04:27.0874 2980 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:04:27.0874 2980 rdyboost - ok
17:04:27.0905 2980 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
17:04:27.0921 2980 RemoteAccess - ok
17:04:27.0936 2980 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:04:27.0952 2980 RemoteRegistry - ok
17:04:27.0999 2980 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:04:27.0999 2980 RFCOMM - ok
17:04:28.0014 2980 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:04:28.0030 2980 RpcEptMapper - ok
17:04:28.0046 2980 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
17:04:28.0061 2980 RpcLocator - ok
17:04:28.0077 2980 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
17:04:28.0092 2980 RpcSs - ok
17:04:28.0139 2980 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:04:28.0155 2980 rspndr - ok
17:04:28.0186 2980 [ 5B33F64111F626A28026211DA65E6547 ] SampleCollector C:\Program Files\Sony\VAIO Care\collsvc.exe
17:04:28.0202 2980 SampleCollector - ok
17:04:28.0217 2980 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
17:04:28.0217 2980 SamSs - ok
17:04:28.0264 2980 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:04:28.0264 2980 sbp2port - ok
17:04:28.0311 2980 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:04:28.0311 2980 SCardSvr - ok
17:04:28.0342 2980 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:04:28.0358 2980 scfilter - ok
17:04:28.0404 2980 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
17:04:28.0436 2980 Schedule - ok
17:04:28.0467 2980 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:04:28.0467 2980 SCPolicySvc - ok
17:04:28.0498 2980 [ AA826E35F6D28A8E5D1EFEB337F24BA2 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
17:04:28.0498 2980 sdbus - ok
17:04:28.0545 2980 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:04:28.0560 2980 SDRSVC - ok
17:04:28.0592 2980 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:04:28.0592 2980 secdrv - ok
17:04:28.0607 2980 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
17:04:28.0623 2980 seclogon - ok
17:04:28.0654 2980 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
17:04:28.0654 2980 SENS - ok
17:04:28.0685 2980 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:04:28.0701 2980 Serenum - ok
17:04:28.0732 2980 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
17:04:28.0748 2980 Serial - ok
17:04:28.0779 2980 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:04:28.0779 2980 sermouse - ok
17:04:28.0857 2980 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
17:04:28.0872 2980 SessionEnv - ok
17:04:28.0919 2980 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\drivers\SFEP.sys
17:04:28.0919 2980 SFEP - ok
17:04:28.0935 2980 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:04:28.0950 2980 sffdisk - ok
17:04:28.0950 2980 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:04:28.0966 2980 sffp_mmc - ok
17:04:28.0997 2980 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:04:28.0997 2980 sffp_sd - ok
17:04:29.0028 2980 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:04:29.0028 2980 sfloppy - ok
17:04:29.0075 2980 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:04:29.0091 2980 SharedAccess - ok
17:04:29.0138 2980 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:04:29.0153 2980 ShellHWDetection - ok
17:04:29.0216 2980 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:04:29.0216 2980 sisagp - ok
17:04:29.0247 2980 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:04:29.0247 2980 SiSRaid2 - ok
17:04:29.0278 2980 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:04:29.0278 2980 SiSRaid4 - ok
17:04:29.0325 2980 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:04:29.0340 2980 Smb - ok
17:04:29.0387 2980 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:04:29.0387 2980 SNMPTRAP - ok
17:04:29.0481 2980 [ 98886C88A1CB13D61672AE2C638B7E1C ] SOHCImp C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
17:04:29.0496 2980 SOHCImp - ok
17:04:29.0512 2980 [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
17:04:29.0512 2980 SOHDBSvr - ok
17:04:29.0559 2980 [ 556681BE668D71DC162391A45422B52C ] SOHDms C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
17:04:29.0559 2980 SOHDms - ok
17:04:29.0590 2980 [ 72B46103E4111439109ACF5882627C24 ] SOHDs C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
17:04:29.0590 2980 SOHDs - ok
17:04:29.0606 2980 [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
17:04:29.0621 2980 SOHPlMgr - ok
17:04:29.0652 2980 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
17:04:29.0652 2980 spldr - ok
17:04:29.0715 2980 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
17:04:29.0730 2980 Spooler - ok
17:04:29.0855 2980 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
17:04:29.0964 2980 sppsvc - ok
17:04:29.0996 2980 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:04:30.0011 2980 sppuinotify - ok
17:04:30.0058 2980 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:04:30.0058 2980 srv - ok
17:04:30.0089 2980 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:04:30.0105 2980 srv2 - ok
17:04:30.0120 2980 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:04:30.0136 2980 srvnet - ok
17:04:30.0167 2980 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:04:30.0167 2980 SSDPSRV - ok
17:04:30.0198 2980 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:04:30.0198 2980 SstpSvc - ok
17:04:30.0230 2980 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:04:30.0230 2980 stexstor - ok
17:04:30.0276 2980 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
17:04:30.0308 2980 StiSvc - ok
17:04:30.0339 2980 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
17:04:30.0339 2980 swenum - ok
17:04:30.0386 2980 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
17:04:30.0417 2980 swprv - ok
17:04:30.0464 2980 [ 215A45246C6E2D0A9C263CE1786C8D8A ] SynTP C:\Windows\system32\drivers\SynTP.sys
17:04:30.0479 2980 SynTP - ok
17:04:30.0526 2980 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
17:04:30.0557 2980 SysMain - ok
17:04:30.0588 2980 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:04:30.0604 2980 TabletInputService - ok
17:04:30.0620 2980 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
17:04:30.0651 2980 TapiSrv - ok
17:04:30.0666 2980 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
17:04:30.0666 2980 TBS - ok
17:04:30.0760 2980 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:04:30.0791 2980 Tcpip - ok
17:04:30.0854 2980 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:04:30.0869 2980 TCPIP6 - ok
17:04:30.0900 2980 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:04:30.0900 2980 tcpipreg - ok
17:04:30.0932 2980 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:04:30.0932 2980 TDPIPE - ok
17:04:30.0978 2980 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:04:30.0978 2980 TDTCP - ok
17:04:31.0010 2980 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:04:31.0010 2980 tdx - ok
17:04:31.0041 2980 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:04:31.0041 2980 TermDD - ok
17:04:31.0088 2980 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
17:04:31.0103 2980 TermService - ok
17:04:31.0134 2980 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
17:04:31.0150 2980 Themes - ok
17:04:31.0166 2980 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
17:04:31.0166 2980 THREADORDER - ok
17:04:31.0197 2980 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
17:04:31.0212 2980 TrkWks - ok
17:04:31.0259 2980 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:04:31.0275 2980 TrustedInstaller - ok
17:04:31.0306 2980 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:04:31.0306 2980 tssecsrv - ok
17:04:31.0353 2980 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:04:31.0353 2980 tunnel - ok
17:04:31.0368 2980 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:04:31.0384 2980 uagp35 - ok
17:04:31.0400 2980 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:04:31.0415 2980 udfs - ok
17:04:31.0478 2980 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:04:31.0478 2980 UI0Detect - ok
17:04:31.0524 2980 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:04:31.0524 2980 uliagpkx - ok
17:04:31.0556 2980 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:04:31.0556 2980 umbus - ok
17:04:31.0587 2980 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
17:04:31.0587 2980 UmPass - ok
17:04:31.0618 2980 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
17:04:31.0649 2980 upnphost - ok
17:04:31.0696 2980 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
17:04:31.0696 2980 USBAAPL - ok
17:04:31.0758 2980 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:04:31.0758 2980 usbaudio - ok
17:04:31.0790 2980 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:04:31.0805 2980 usbccgp - ok
17:04:31.0836 2980 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:04:31.0836 2980 usbcir - ok
17:04:31.0883 2980 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:04:31.0883 2980 usbehci - ok
17:04:31.0946 2980 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:04:31.0946 2980 usbhub - ok
17:04:31.0992 2980 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:04:31.0992 2980 usbohci - ok
17:04:32.0008 2980 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
17:04:32.0008 2980 usbprint - ok
17:04:32.0039 2980 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:04:32.0055 2980 USBSTOR - ok
17:04:32.0070 2980 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:04:32.0070 2980 usbuhci - ok
17:04:32.0117 2980 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:04:32.0117 2980 usbvideo - ok
17:04:32.0164 2980 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
17:04:32.0164 2980 UxSms - ok
17:04:32.0211 2980 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
17:04:32.0211 2980 VAIO Entertainment TV Device Arbitration Service - ok
17:04:32.0273 2980 [ D4197CF0C8567046FD4AF28FF47AF528 ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
17:04:32.0273 2980 VAIO Event Service - ok
17:04:32.0352 2980 [ 49A7C107D51D5F481F702FE75548CE8F ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
17:04:32.0368 2980 VAIO Power Management - ok
17:04:32.0383 2980 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
17:04:32.0399 2980 VaultSvc - ok
17:04:32.0446 2980 [ 6A740F5FF3246C3BE3DD317299EFC88E ] VCFw C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
17:04:32.0461 2980 VCFw - ok
17:04:32.0524 2980 [ FD03AC6CD1571AA8B2FF56D3C600E26E ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
17:04:32.0555 2980 VcmIAlzMgr - ok
17:04:32.0602 2980 [ 9D9B34B430B4DC683112F59C80D20AB8 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
17:04:32.0617 2980 VcmINSMgr - ok
17:04:32.0649 2980 [ B56CD01F36EEF2967EF18D8DF0E5C285 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
17:04:32.0664 2980 VcmXmlIfHelper - ok
17:04:32.0695 2980 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:04:32.0695 2980 vdrvroot - ok
17:04:32.0742 2980 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
17:04:32.0758 2980 vds - ok
17:04:32.0805 2980 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:04:32.0805 2980 vga - ok
17:04:32.0836 2980 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:04:32.0836 2980 VgaSave - ok
17:04:32.0867 2980 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:04:32.0867 2980 vhdmp - ok
17:04:32.0898 2980 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:04:32.0898 2980 viaagp - ok
17:04:32.0929 2980 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
17:04:32.0929 2980 ViaC7 - ok
17:04:32.0945 2980 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
17:04:32.0945 2980 viaide - ok
17:04:32.0976 2980 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:04:32.0976 2980 volmgr - ok
17:04:33.0007 2980 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:04:33.0007 2980 volmgrx - ok
17:04:33.0070 2980 [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:04:33.0070 2980 volsnap - ok
17:04:33.0101 2980 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:04:33.0117 2980 vsmraid - ok
17:04:33.0179 2980 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
17:04:33.0226 2980 VSS - ok
17:04:33.0319 2980 [ BDB755F9B3E01BF33993C10C007202DF ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
17:04:33.0351 2980 VUAgent - ok
17:04:33.0397 2980 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:04:33.0397 2980 vwifibus - ok
17:04:33.0429 2980 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:04:33.0429 2980 vwififlt - ok
17:04:33.0460 2980 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:04:33.0460 2980 vwifimp - ok
17:04:33.0491 2980 [ D8BEF4AC1EAC809DBDBD441D6CFF6C4C ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
17:04:33.0507 2980 VzCdbSvc - ok
17:04:33.0538 2980 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
17:04:33.0553 2980 W32Time - ok
17:04:33.0600 2980 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:04:33.0600 2980 WacomPen - ok
17:04:33.0631 2980 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:04:33.0631 2980 WANARP - ok
17:04:33.0647 2980 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:04:33.0647 2980 Wanarpv6 - ok
17:04:33.0709 2980 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
17:04:33.0756 2980 wbengine - ok
17:04:33.0772 2980 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:04:33.0787 2980 WbioSrvc - ok
17:04:33.0819 2980 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:04:33.0850 2980 wcncsvc - ok
17:04:33.0865 2980 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:04:33.0881 2980 WcsPlugInService - ok
17:04:33.0897 2980 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
17:04:33.0897 2980 Wd - ok
17:04:33.0959 2980 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:04:33.0975 2980 Wdf01000 - ok
17:04:34.0021 2980 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:04:34.0021 2980 WdiServiceHost - ok
17:04:34.0037 2980 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:04:34.0053 2980 WdiSystemHost - ok
17:04:34.0099 2980 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
17:04:34.0115 2980 WebClient - ok
17:04:34.0146 2980 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:04:34.0177 2980 Wecsvc - ok
17:04:34.0193 2980 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:04:34.0209 2980 wercplsupport - ok
17:04:34.0240 2980 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
17:04:34.0240 2980 WerSvc - ok
17:04:34.0271 2980 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:04:34.0287 2980 WfpLwf - ok
17:04:34.0302 2980 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:04:34.0302 2980 WIMMount - ok
17:04:34.0365 2980 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:04:34.0380 2980 WinDefend - ok
17:04:34.0396 2980 WinHttpAutoProxySvc - ok
17:04:34.0458 2980 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:04:34.0458 2980 Winmgmt - ok
17:04:34.0536 2980 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
17:04:34.0583 2980 WinRM - ok
17:04:34.0645 2980 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:04:34.0645 2980 WinUsb - ok
17:04:34.0708 2980 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:04:34.0739 2980 Wlansvc - ok
17:04:34.0755 2980 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:04:34.0755 2980 WmiAcpi - ok
17:04:34.0801 2980 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:04:34.0817 2980 wmiApSrv - ok
17:04:34.0864 2980 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:04:34.0911 2980 WMPNetworkSvc - ok
17:04:34.0942 2980 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:04:34.0957 2980 WPCSvc - ok
17:04:34.0973 2980 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:04:34.0989 2980 WPDBusEnum - ok
17:04:35.0004 2980 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:04:35.0020 2980 ws2ifsl - ok
17:04:35.0051 2980 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\system32\wscsvc.dll
17:04:35.0067 2980 wscsvc - ok
17:04:35.0082 2980 WSearch - ok
17:04:35.0191 2980 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:04:35.0285 2980 wuauserv - ok
17:04:35.0316 2980 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:04:35.0332 2980 WudfPf - ok
17:04:35.0363 2980 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:04:35.0363 2980 WUDFRd - ok
17:04:35.0425 2980 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:04:35.0425 2980 wudfsvc - ok
17:04:35.0472 2980 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:04:35.0488 2980 WwanSvc - ok
17:04:35.0535 2980 ================ Scan global ===============================
17:04:35.0566 2980 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
17:04:35.0597 2980 [ A9E43C040F405DB689FC29534EF0389B ] C:\Windows\system32\winsrv.dll
17:04:35.0628 2980 [ A9E43C040F405DB689FC29534EF0389B ] C:\Windows\system32\winsrv.dll
17:04:35.0659 2980 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:04:35.0691 2980 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:04:35.0706 2980 [Global] - ok
17:04:35.0706 2980 ================ Scan MBR ==================================
17:04:35.0722 2980 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:04:35.0987 2980 \Device\Harddisk0\DR0 - ok
17:04:35.0987 2980 ================ Scan VBR ==================================
17:04:36.0003 2980 [ 93111972AFD75B6589D889D96E18D884 ] \Device\Harddisk0\DR0\Partition1
17:04:36.0003 2980 \Device\Harddisk0\DR0\Partition1 - ok
17:04:36.0018 2980 [ 66ED05668AB34D3192B892B3E448AE1B ] \Device\Harddisk0\DR0\Partition2
17:04:36.0018 2980 \Device\Harddisk0\DR0\Partition2 - ok
17:04:36.0018 2980 ============================================================
17:04:36.0018 2980 Scan finished
17:04:36.0018 2980 ============================================================
17:04:36.0049 1236 Detected object count: 0
17:04:36.0049 1236 Actual detected object count: 0
17:04:38.0889 0724 Deinitialize success

Here's what ESET found (sorry, it took about an hour to complete)


C:\Qoobox\Quarantine\C\Program Files\Coupon Companion Plugin\CoUPon companion plugin.dll.vir a variant of Win32/Toolbar.CrossRider.A application unable to clean
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application unable to clean
C:\Qoobox\Quarantine\C\Users\Wyatt\AppData\Roaming\Mucay\okfys.exe.vir a variant of Win32/Injector.AARB trojan unable to clean

AdwCleaner:

# AdwCleaner v2.104 - Logfile created 01/01/2013 at 18:28:07
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Starter (32 bits)
# User : Wyatt - WYATT-VAIO
# Boot Mode : Normal
# Running from : C:\Users\Wyatt\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [556 octets] - [01/01/2013 18:28:07]
########## EOF - C:\AdwCleaner[R1].txt - [615 octets] ##########

And finally, the results of your Security Check:

Results of screen317's Security Check version 0.99.56
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 18
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Attached Files



#19 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 02 January 2013 - 08:34 PM

Hi,




Run TFC by OldTimer to clear temporary files:
  • Open TFC.exe if you already have it. If not, please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.


  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number



Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck and TDSSKiller.



After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java™ 6 Update 18
Adobe Reader 9
Adobe Flash Player 10



Restart your computer.


Get the latest version of Java and Adobe Reader.


Open Firefox, click Help --> About, and ensure that it updates to version 17.

Click Start, type in Windows Update, and click on Windows Update when it appears. Install all available updates, including Service Pack 1. Reboot.
Let me know what issues remain.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#20 bananaman

bananaman

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 January 2013 - 12:41 AM

Ok I did all that stuff and everything seems to be working great! Do you know if I need an AV and if so can you recommend a good free one? I've just been using MBAM, but it's sometimes tricky (like this PUM.UserWload) because I have to do it after I get infected.

Here's the adwcleaner results:

# AdwCleaner v2.104 - Logfile created 01/02/2013 at 19:37:17
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Starter (32 bits)
# User : Wyatt - WYATT-VAIO
# Boot Mode : Normal
# Running from : C:\Users\Wyatt\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [683 octets] - [01/01/2013 18:28:07]
AdwCleaner[R2].txt - [742 octets] - [01/01/2013 19:07:37]
AdwCleaner[S1].txt - [676 octets] - [01/01/2013 19:08:10]
########## EOF - C:\AdwCleaner[S1].txt - [735 octets] ##########




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users