bananaman

It's all good now

Hold on a sec, MBAM quick scan just detected two things Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.29.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Wyatt :: WYATT-VAIO [administrator] 1/2/2013 9:33:02 PM mbam-log-2013-01-02 (21-33-02).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 228188 Time elapsed: 18 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Wyatt\AppData\Local\temp\DNS.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Wyatt\Local Settings\Temporary Internet Files\Content.IE5\TXMEUA3W\DNS[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully. (end) Let me reboot, run another scan and give you an update

Ok I did all that stuff and everything seems to be working great! Do you know if I need an AV and if so can you recommend a good free one? I've just been using MBAM, but it's sometimes tricky (like this PUM.UserWload) because I have to do it after I get infected. Here's the adwcleaner results: # AdwCleaner v2.104 - Logfile created 01/02/2013 at 19:37:17 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Starter (32 bits) # User : Wyatt - WYATT-VAIO # Boot Mode : Normal # Running from : C:\Users\Wyatt\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [683 octets] - [01/01/2013 18:28:07] AdwCleaner[R2].txt - [742 octets] - [01/01/2013 19:07:37] AdwCleaner[s1].txt - [676 octets] - [01/01/2013 19:08:10] ########## EOF - C:\AdwCleaner[s1].txt - [735 octets] ##########

Qoobox.zip is attached Ran TCF (it deleted about ten MB of stuff I think), then rebooted Ran TDSSkiller. (It didn't detect anything, or ask me to reboot. I think this is the right log) 17:04:08.0353 4840 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 17:04:08.0852 4840 ============================================================ 17:04:08.0852 4840 Current date / time: 2013/01/01 17:04:08.0852 17:04:08.0852 4840 SystemInfo: 17:04:08.0852 4840 17:04:08.0852 4840 OS Version: 6.1.7600 ServicePack: 0.0 17:04:08.0852 4840 Product type: Workstation 17:04:08.0852 4840 ComputerName: WYATT-VAIO 17:04:08.0852 4840 UserName: Wyatt 17:04:08.0852 4840 Windows directory: C:\Windows 17:04:08.0852 4840 System windows directory: C:\Windows 17:04:08.0852 4840 Processor architecture: Intel x86 17:04:08.0852 4840 Number of processors: 2 17:04:08.0852 4840 Page size: 0x1000 17:04:08.0852 4840 Boot type: Normal boot 17:04:08.0852 4840 ============================================================ 17:04:10.0460 4840 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 17:04:10.0475 4840 ============================================================ 17:04:10.0475 4840 \Device\Harddisk0\DR0: 17:04:10.0475 4840 MBR partitions: 17:04:10.0475 4840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xACC800, BlocksNum 0x32000 17:04:10.0475 4840 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAFE800, BlocksNum 0x1C6C6970 17:04:10.0475 4840 ============================================================ 17:04:10.0506 4840 C: <-> \Device\Harddisk0\DR0\Partition2 17:04:10.0506 4840 ============================================================ 17:04:10.0506 4840 Initialize success 17:04:10.0506 4840 ============================================================ 17:04:13.0517 2980 ============================================================ 17:04:13.0517 2980 Scan started 17:04:13.0517 2980 Mode: Manual; 17:04:13.0517 2980 ============================================================ 17:04:14.0204 2980 ================ Scan system memory ======================== 17:04:14.0204 2980 System memory - ok 17:04:14.0219 2980 ================ Scan services ============================= 17:04:14.0391 2980 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 17:04:14.0391 2980 1394ohci - ok 17:04:14.0484 2980 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 17:04:14.0484 2980 ACDaemon - ok 17:04:14.0547 2980 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\drivers\ACPI.sys 17:04:14.0547 2980 ACPI - ok 17:04:14.0594 2980 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 17:04:14.0594 2980 AcpiPmi - ok 17:04:14.0640 2980 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 17:04:14.0656 2980 adp94xx - ok 17:04:14.0687 2980 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys 17:04:14.0687 2980 adpahci - ok 17:04:14.0734 2980 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 17:04:14.0750 2980 adpu320 - ok 17:04:14.0812 2980 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:04:14.0812 2980 AeLookupSvc - ok 17:04:14.0874 2980 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys 17:04:14.0890 2980 AFD - ok 17:04:14.0921 2980 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 17:04:14.0921 2980 agp440 - ok 17:04:14.0984 2980 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 17:04:14.0984 2980 aic78xx - ok 17:04:15.0030 2980 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 17:04:15.0030 2980 ALG - ok 17:04:15.0062 2980 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 17:04:15.0062 2980 aliide - ok 17:04:15.0093 2980 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 17:04:15.0093 2980 amdagp - ok 17:04:15.0124 2980 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 17:04:15.0124 2980 amdide - ok 17:04:15.0171 2980 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 17:04:15.0171 2980 AmdK8 - ok 17:04:15.0186 2980 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 17:04:15.0186 2980 AmdPPM - ok 17:04:15.0249 2980 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys 17:04:15.0249 2980 amdsata - ok 17:04:15.0280 2980 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 17:04:15.0280 2980 amdsbs - ok 17:04:15.0311 2980 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys 17:04:15.0311 2980 amdxata - ok 17:04:15.0342 2980 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys 17:04:15.0342 2980 AppID - ok 17:04:15.0389 2980 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 17:04:15.0389 2980 AppIDSvc - ok 17:04:15.0420 2980 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll 17:04:15.0420 2980 Appinfo - ok 17:04:15.0514 2980 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 17:04:15.0530 2980 Apple Mobile Device - ok 17:04:15.0623 2980 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys 17:04:15.0623 2980 arc - ok 17:04:15.0654 2980 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys 17:04:15.0654 2980 arcsas - ok 17:04:15.0717 2980 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 17:04:15.0717 2980 AsyncMac - ok 17:04:15.0732 2980 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 17:04:15.0748 2980 atapi - ok 17:04:15.0810 2980 [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr C:\Windows\system32\DRIVERS\athr.sys 17:04:15.0826 2980 athr - ok 17:04:15.0904 2980 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 17:04:15.0904 2980 AudioEndpointBuilder - ok 17:04:15.0951 2980 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll 17:04:15.0966 2980 Audiosrv - ok 17:04:15.0998 2980 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll 17:04:15.0998 2980 AxInstSV - ok 17:04:16.0076 2980 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys 17:04:16.0076 2980 b06bdrv - ok 17:04:16.0138 2980 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 17:04:16.0154 2980 b57nd60x - ok 17:04:16.0216 2980 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 17:04:16.0216 2980 BDESVC - ok 17:04:16.0232 2980 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 17:04:16.0232 2980 Beep - ok 17:04:16.0278 2980 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll 17:04:16.0294 2980 BFE - ok 17:04:16.0341 2980 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll 17:04:16.0356 2980 BITS - ok 17:04:16.0403 2980 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 17:04:16.0403 2980 blbdrive - ok 17:04:16.0497 2980 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 17:04:16.0512 2980 Bonjour Service - ok 17:04:16.0559 2980 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 17:04:16.0559 2980 bowser - ok 17:04:16.0590 2980 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 17:04:16.0590 2980 BrFiltLo - ok 17:04:16.0637 2980 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 17:04:16.0637 2980 BrFiltUp - ok 17:04:16.0715 2980 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 17:04:16.0715 2980 BridgeMP - ok 17:04:16.0856 2980 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll 17:04:16.0856 2980 Browser - ok 17:04:16.0980 2980 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 17:04:16.0980 2980 Brserid - ok 17:04:17.0012 2980 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 17:04:17.0012 2980 BrSerWdm - ok 17:04:17.0055 2980 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 17:04:17.0056 2980 BrUsbMdm - ok 17:04:17.0078 2980 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 17:04:17.0078 2980 BrUsbSer - ok 17:04:17.0156 2980 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 17:04:17.0156 2980 BthEnum - ok 17:04:17.0187 2980 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 17:04:17.0187 2980 BTHMODEM - ok 17:04:17.0218 2980 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 17:04:17.0218 2980 BthPan - ok 17:04:17.0281 2980 [ 04CEDA17A195924070B01174CB1F9AF8 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 17:04:17.0281 2980 BTHPORT - ok 17:04:17.0327 2980 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 17:04:17.0327 2980 bthserv - ok 17:04:17.0374 2980 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 17:04:17.0374 2980 BTHUSB - ok 17:04:17.0421 2980 [ 92C5B845803F3662637EB691AC0B250F ] btusbflt C:\Windows\system32\drivers\btusbflt.sys 17:04:17.0421 2980 btusbflt - ok 17:04:17.0499 2980 [ CE5833C144CA6623BCBDE93B188AA850 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 17:04:17.0499 2980 btwaudio - ok 17:04:17.0577 2980 [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys 17:04:17.0577 2980 btwavdt - ok 17:04:17.0671 2980 [ F55C99818FD1EACFC7784958A8592536 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 17:04:17.0686 2980 btwdins - ok 17:04:17.0733 2980 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 17:04:17.0733 2980 btwl2cap - ok 17:04:17.0795 2980 [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 17:04:17.0795 2980 btwrchid - ok 17:04:17.0889 2980 catchme - ok 17:04:17.0951 2980 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 17:04:17.0951 2980 cdfs - ok 17:04:18.0014 2980 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\drivers\cdrom.sys 17:04:18.0014 2980 cdrom - ok 17:04:18.0061 2980 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll 17:04:18.0076 2980 CertPropSvc - ok 17:04:18.0107 2980 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys 17:04:18.0107 2980 circlass - ok 17:04:18.0139 2980 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 17:04:18.0139 2980 CLFS - ok 17:04:18.0217 2980 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:04:18.0217 2980 clr_optimization_v2.0.50727_32 - ok 17:04:18.0295 2980 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:04:18.0295 2980 clr_optimization_v4.0.30319_32 - ok 17:04:18.0326 2980 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 17:04:18.0326 2980 CmBatt - ok 17:04:18.0373 2980 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 17:04:18.0373 2980 cmdide - ok 17:04:18.0419 2980 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys 17:04:18.0419 2980 CNG - ok 17:04:18.0466 2980 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys 17:04:18.0466 2980 Compbatt - ok 17:04:18.0529 2980 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 17:04:18.0544 2980 CompositeBus - ok 17:04:18.0560 2980 COMSysApp - ok 17:04:18.0622 2980 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 17:04:18.0622 2980 crcdisk - ok 17:04:18.0700 2980 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll 17:04:18.0716 2980 CryptSvc - ok 17:04:18.0778 2980 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll 17:04:18.0794 2980 DcomLaunch - ok 17:04:18.0825 2980 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 17:04:18.0841 2980 defragsvc - ok 17:04:18.0903 2980 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 17:04:18.0903 2980 DfsC - ok 17:04:18.0965 2980 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll 17:04:18.0981 2980 Dhcp - ok 17:04:19.0028 2980 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 17:04:19.0028 2980 discache - ok 17:04:19.0090 2980 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys 17:04:19.0090 2980 Disk - ok 17:04:19.0121 2980 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll 17:04:19.0137 2980 Dnscache - ok 17:04:19.0184 2980 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll 17:04:19.0184 2980 dot3svc - ok 17:04:19.0215 2980 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll 17:04:19.0231 2980 DPS - ok 17:04:19.0262 2980 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 17:04:19.0262 2980 drmkaud - ok 17:04:19.0340 2980 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 17:04:19.0340 2980 DXGKrnl - ok 17:04:19.0371 2980 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 17:04:19.0387 2980 EapHost - ok 17:04:19.0511 2980 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys 17:04:19.0543 2980 ebdrv - ok 17:04:19.0605 2980 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe 17:04:19.0605 2980 EFS - ok 17:04:19.0683 2980 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys 17:04:19.0683 2980 elxstor - ok 17:04:19.0714 2980 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 17:04:19.0714 2980 ErrDev - ok 17:04:19.0777 2980 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 17:04:19.0792 2980 EventSystem - ok 17:04:19.0808 2980 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 17:04:19.0808 2980 exfat - ok 17:04:19.0839 2980 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 17:04:19.0839 2980 fastfat - ok 17:04:19.0886 2980 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe 17:04:19.0886 2980 Fax - ok 17:04:19.0917 2980 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys 17:04:19.0917 2980 fdc - ok 17:04:19.0948 2980 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 17:04:19.0948 2980 fdPHost - ok 17:04:19.0964 2980 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 17:04:19.0979 2980 FDResPub - ok 17:04:20.0011 2980 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 17:04:20.0011 2980 FileInfo - ok 17:04:20.0026 2980 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 17:04:20.0026 2980 Filetrace - ok 17:04:20.0073 2980 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 17:04:20.0073 2980 flpydisk - ok 17:04:20.0104 2980 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 17:04:20.0104 2980 FltMgr - ok 17:04:20.0167 2980 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll 17:04:20.0182 2980 FontCache - ok 17:04:20.0229 2980 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 17:04:20.0229 2980 FontCache3.0.0.0 - ok 17:04:20.0260 2980 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 17:04:20.0260 2980 FsDepends - ok 17:04:20.0307 2980 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 17:04:20.0307 2980 Fs_Rec - ok 17:04:20.0354 2980 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 17:04:20.0354 2980 fvevol - ok 17:04:20.0385 2980 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 17:04:20.0385 2980 gagp30kx - ok 17:04:20.0432 2980 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 17:04:20.0432 2980 GEARAspiWDM - ok 17:04:20.0479 2980 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll 17:04:20.0494 2980 gpsvc - ok 17:04:20.0541 2980 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 17:04:20.0541 2980 hcw85cir - ok 17:04:20.0588 2980 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 17:04:20.0588 2980 HdAudAddService - ok 17:04:20.0619 2980 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 17:04:20.0619 2980 HDAudBus - ok 17:04:20.0650 2980 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 17:04:20.0650 2980 HidBatt - ok 17:04:20.0681 2980 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys 17:04:20.0681 2980 HidBth - ok 17:04:20.0697 2980 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys 17:04:20.0697 2980 HidIr - ok 17:04:20.0728 2980 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll 17:04:20.0728 2980 hidserv - ok 17:04:20.0759 2980 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 17:04:20.0759 2980 HidUsb - ok 17:04:20.0791 2980 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll 17:04:20.0806 2980 hkmsvc - ok 17:04:20.0837 2980 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 17:04:20.0837 2980 HomeGroupListener - ok 17:04:20.0869 2980 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 17:04:20.0884 2980 HomeGroupProvider - ok 17:04:20.0915 2980 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 17:04:20.0915 2980 HpSAMD - ok 17:04:20.0962 2980 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys 17:04:20.0993 2980 HTTP - ok 17:04:21.0009 2980 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 17:04:21.0009 2980 hwpolicy - ok 17:04:21.0071 2980 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 17:04:21.0071 2980 i8042prt - ok 17:04:21.0134 2980 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 17:04:21.0134 2980 iaStorV - ok 17:04:21.0213 2980 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 17:04:21.0244 2980 idsvc - ok 17:04:21.0400 2980 [ E21A74A91F7AA3BB2E985C4CDDCA63F2 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 17:04:21.0447 2980 igfx - ok 17:04:21.0494 2980 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys 17:04:21.0494 2980 iirsp - ok 17:04:21.0556 2980 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll 17:04:21.0587 2980 IKEEXT - ok 17:04:21.0712 2980 [ 0B7E398549ACEC7A6F8BD755C2CE40B5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 17:04:21.0743 2980 IntcAzAudAddService - ok 17:04:21.0774 2980 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 17:04:21.0774 2980 intelide - ok 17:04:21.0806 2980 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys 17:04:21.0806 2980 intelppm - ok 17:04:21.0837 2980 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 17:04:21.0852 2980 IPBusEnum - ok 17:04:21.0868 2980 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:04:21.0868 2980 IpFilterDriver - ok 17:04:21.0915 2980 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 17:04:21.0946 2980 iphlpsvc - ok 17:04:21.0977 2980 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 17:04:21.0977 2980 IPMIDRV - ok 17:04:22.0008 2980 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 17:04:22.0071 2980 IPNAT - ok 17:04:22.0149 2980 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 17:04:22.0180 2980 iPod Service - ok 17:04:22.0227 2980 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 17:04:22.0227 2980 IRENUM - ok 17:04:22.0274 2980 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 17:04:22.0274 2980 isapnp - ok 17:04:22.0289 2980 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 17:04:22.0305 2980 iScsiPrt - ok 17:04:22.0336 2980 [ EC176CC42D17B160F8A57F62BB1E7E92 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys 17:04:22.0336 2980 JMCR - ok 17:04:22.0352 2980 JME - ok 17:04:22.0383 2980 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 17:04:22.0383 2980 kbdclass - ok 17:04:22.0414 2980 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 17:04:22.0414 2980 kbdhid - ok 17:04:22.0445 2980 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe 17:04:22.0445 2980 KeyIso - ok 17:04:22.0492 2980 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 17:04:22.0492 2980 KSecDD - ok 17:04:22.0523 2980 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 17:04:22.0539 2980 KSecPkg - ok 17:04:22.0570 2980 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 17:04:22.0586 2980 KtmRm - ok 17:04:22.0617 2980 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll 17:04:22.0632 2980 LanmanServer - ok 17:04:22.0679 2980 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 17:04:22.0679 2980 LanmanWorkstation - ok 17:04:22.0726 2980 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 17:04:22.0726 2980 lltdio - ok 17:04:22.0773 2980 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 17:04:22.0773 2980 lltdsvc - ok 17:04:22.0804 2980 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 17:04:22.0804 2980 lmhosts - ok 17:04:22.0866 2980 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 17:04:22.0866 2980 LSI_FC - ok 17:04:22.0882 2980 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 17:04:22.0898 2980 LSI_SAS - ok 17:04:22.0913 2980 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 17:04:22.0913 2980 LSI_SAS2 - ok 17:04:22.0944 2980 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 17:04:22.0944 2980 LSI_SCSI - ok 17:04:22.0976 2980 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 17:04:22.0976 2980 luafv - ok 17:04:23.0038 2980 [ B6E1CCD6572984ADCAE68439AFD07011 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys 17:04:23.0038 2980 LVRS - ok 17:04:23.0225 2980 [ 6C42815DD57E397F0CD988304B5EB4B3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys 17:04:23.0381 2980 LVUVC - ok 17:04:23.0428 2980 [ EA664E3AC4E285C831362971B3F6505F ] MAUSBMIDISPORT C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys 17:04:23.0428 2980 MAUSBMIDISPORT - ok 17:04:23.0459 2980 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys 17:04:23.0459 2980 megasas - ok 17:04:23.0506 2980 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 17:04:23.0506 2980 MegaSR - ok 17:04:23.0584 2980 Microsoft SharePoint Workspace Audit Service - ok 17:04:23.0631 2980 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 17:04:23.0646 2980 MMCSS - ok 17:04:23.0678 2980 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 17:04:23.0678 2980 Modem - ok 17:04:23.0724 2980 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 17:04:23.0724 2980 monitor - ok 17:04:23.0756 2980 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys 17:04:23.0756 2980 mouclass - ok 17:04:23.0771 2980 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\drivers\mouhid.sys 17:04:23.0787 2980 mouhid - ok 17:04:23.0802 2980 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 17:04:23.0802 2980 mountmgr - ok 17:04:23.0834 2980 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\drivers\mpio.sys 17:04:23.0834 2980 mpio - ok 17:04:23.0849 2980 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 17:04:23.0865 2980 mpsdrv - ok 17:04:23.0896 2980 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll 17:04:23.0927 2980 MpsSvc - ok 17:04:23.0943 2980 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 17:04:23.0943 2980 MRxDAV - ok 17:04:23.0990 2980 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 17:04:23.0990 2980 mrxsmb - ok 17:04:24.0036 2980 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:04:24.0036 2980 mrxsmb10 - ok 17:04:24.0052 2980 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:04:24.0068 2980 mrxsmb20 - ok 17:04:24.0083 2980 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\drivers\msahci.sys 17:04:24.0083 2980 msahci - ok 17:04:24.0114 2980 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\drivers\msdsm.sys 17:04:24.0114 2980 msdsm - ok 17:04:24.0161 2980 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 17:04:24.0161 2980 MSDTC - ok 17:04:24.0224 2980 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 17:04:24.0224 2980 Msfs - ok 17:04:24.0255 2980 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 17:04:24.0255 2980 mshidkmdf - ok 17:04:24.0270 2980 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 17:04:24.0270 2980 msisadrv - ok 17:04:24.0317 2980 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 17:04:24.0317 2980 MSiSCSI - ok 17:04:24.0333 2980 msiserver - ok 17:04:24.0380 2980 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 17:04:24.0380 2980 MSKSSRV - ok 17:04:24.0395 2980 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 17:04:24.0411 2980 MSPCLOCK - ok 17:04:24.0426 2980 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 17:04:24.0426 2980 MSPQM - ok 17:04:24.0458 2980 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 17:04:24.0458 2980 MsRPC - ok 17:04:24.0504 2980 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 17:04:24.0504 2980 mssmbios - ok 17:04:24.0536 2980 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 17:04:24.0536 2980 MSTEE - ok 17:04:24.0551 2980 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 17:04:24.0551 2980 MTConfig - ok 17:04:24.0582 2980 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 17:04:24.0582 2980 Mup - ok 17:04:24.0629 2980 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll 17:04:24.0660 2980 napagent - ok 17:04:24.0707 2980 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 17:04:24.0707 2980 NativeWifiP - ok 17:04:24.0754 2980 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys 17:04:24.0785 2980 NDIS - ok 17:04:24.0816 2980 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 17:04:24.0816 2980 NdisCap - ok 17:04:24.0848 2980 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 17:04:24.0863 2980 NdisTapi - ok 17:04:24.0879 2980 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 17:04:24.0879 2980 Ndisuio - ok 17:04:24.0894 2980 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 17:04:24.0910 2980 NdisWan - ok 17:04:24.0926 2980 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 17:04:24.0926 2980 NDProxy - ok 17:04:24.0957 2980 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 17:04:24.0957 2980 NetBIOS - ok 17:04:24.0972 2980 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 17:04:24.0972 2980 NetBT - ok 17:04:24.0988 2980 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe 17:04:25.0004 2980 Netlogon - ok 17:04:25.0050 2980 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 17:04:25.0066 2980 Netman - ok 17:04:25.0082 2980 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 17:04:25.0097 2980 netprofm - ok 17:04:25.0144 2980 [ C340A607BA9D7FB82D39B12F0E829BDB ] netr28 C:\Windows\system32\DRIVERS\netr28.sys 17:04:25.0175 2980 netr28 - ok 17:04:25.0206 2980 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:04:25.0206 2980 NetTcpPortSharing - ok 17:04:25.0238 2980 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 17:04:25.0238 2980 nfrd960 - ok 17:04:25.0284 2980 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll 17:04:25.0300 2980 NlaSvc - ok 17:04:25.0316 2980 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 17:04:25.0316 2980 Npfs - ok 17:04:25.0347 2980 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 17:04:25.0347 2980 nsi - ok 17:04:25.0362 2980 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 17:04:25.0362 2980 nsiproxy - ok 17:04:25.0440 2980 [ 5126C5402C730C2A953275D8497A4715 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 17:04:25.0472 2980 Ntfs - ok 17:04:25.0503 2980 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 17:04:25.0503 2980 Null - ok 17:04:25.0565 2980 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys 17:04:25.0565 2980 nvraid - ok 17:04:25.0612 2980 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys 17:04:25.0612 2980 nvstor - ok 17:04:25.0643 2980 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 17:04:25.0659 2980 nv_agp - ok 17:04:25.0706 2980 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 17:04:25.0706 2980 ohci1394 - ok 17:04:25.0768 2980 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:04:25.0768 2980 ose - ok 17:04:25.0955 2980 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 17:04:26.0080 2980 osppsvc - ok 17:04:26.0142 2980 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 17:04:26.0158 2980 p2pimsvc - ok 17:04:26.0189 2980 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 17:04:26.0205 2980 p2psvc - ok 17:04:26.0236 2980 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys 17:04:26.0236 2980 Parport - ok 17:04:26.0267 2980 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys 17:04:26.0283 2980 partmgr - ok 17:04:26.0298 2980 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys 17:04:26.0298 2980 Parvdm - ok 17:04:26.0330 2980 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 17:04:26.0330 2980 PcaSvc - ok 17:04:26.0376 2980 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\drivers\pci.sys 17:04:26.0376 2980 pci - ok 17:04:26.0408 2980 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 17:04:26.0408 2980 pciide - ok 17:04:26.0439 2980 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 17:04:26.0439 2980 pcmcia - ok 17:04:26.0470 2980 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 17:04:26.0470 2980 pcw - ok 17:04:26.0517 2980 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 17:04:26.0548 2980 PEAUTH - ok 17:04:26.0642 2980 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll 17:04:26.0688 2980 pla - ok 17:04:26.0735 2980 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 17:04:26.0751 2980 PlugPlay - ok 17:04:26.0813 2980 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe 17:04:26.0829 2980 PMBDeviceInfoProvider - ok 17:04:26.0860 2980 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 17:04:26.0876 2980 PNRPAutoReg - ok 17:04:26.0907 2980 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 17:04:26.0907 2980 PNRPsvc - ok 17:04:26.0954 2980 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 17:04:26.0954 2980 PolicyAgent - ok 17:04:27.0000 2980 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll 17:04:27.0016 2980 Power - ok 17:04:27.0047 2980 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 17:04:27.0047 2980 PptpMiniport - ok 17:04:27.0078 2980 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys 17:04:27.0094 2980 Processor - ok 17:04:27.0141 2980 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll 17:04:27.0141 2980 ProfSvc - ok 17:04:27.0156 2980 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe 17:04:27.0172 2980 ProtectedStorage - ok 17:04:27.0188 2980 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 17:04:27.0188 2980 Psched - ok 17:04:27.0250 2980 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 17:04:27.0297 2980 ql2300 - ok 17:04:27.0328 2980 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 17:04:27.0328 2980 ql40xx - ok 17:04:27.0359 2980 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 17:04:27.0375 2980 QWAVE - ok 17:04:27.0406 2980 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 17:04:27.0406 2980 QWAVEdrv - ok 17:04:27.0422 2980 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 17:04:27.0422 2980 RasAcd - ok 17:04:27.0468 2980 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 17:04:27.0468 2980 RasAgileVpn - ok 17:04:27.0500 2980 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 17:04:27.0515 2980 RasAuto - ok 17:04:27.0531 2980 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 17:04:27.0531 2980 Rasl2tp - ok 17:04:27.0578 2980 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll 17:04:27.0578 2980 RasMan - ok 17:04:27.0609 2980 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 17:04:27.0609 2980 RasPppoe - ok 17:04:27.0640 2980 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 17:04:27.0640 2980 RasSstp - ok 17:04:27.0656 2980 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 17:04:27.0671 2980 rdbss - ok 17:04:27.0702 2980 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 17:04:27.0702 2980 rdpbus - ok 17:04:27.0718 2980 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 17:04:27.0734 2980 RDPCDD - ok 17:04:27.0765 2980 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 17:04:27.0765 2980 RDPENCDD - ok 17:04:27.0796 2980 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 17:04:27.0796 2980 RDPREFMP - ok 17:04:27.0827 2980 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 17:04:27.0843 2980 RDPWD - ok 17:04:27.0874 2980 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 17:04:27.0874 2980 rdyboost - ok 17:04:27.0905 2980 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 17:04:27.0921 2980 RemoteAccess - ok 17:04:27.0936 2980 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 17:04:27.0952 2980 RemoteRegistry - ok 17:04:27.0999 2980 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 17:04:27.0999 2980 RFCOMM - ok 17:04:28.0014 2980 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 17:04:28.0030 2980 RpcEptMapper - ok 17:04:28.0046 2980 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 17:04:28.0061 2980 RpcLocator - ok 17:04:28.0077 2980 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll 17:04:28.0092 2980 RpcSs - ok 17:04:28.0139 2980 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 17:04:28.0155 2980 rspndr - ok 17:04:28.0186 2980 [ 5B33F64111F626A28026211DA65E6547 ] SampleCollector C:\Program Files\Sony\VAIO Care\collsvc.exe 17:04:28.0202 2980 SampleCollector - ok 17:04:28.0217 2980 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe 17:04:28.0217 2980 SamSs - ok 17:04:28.0264 2980 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 17:04:28.0264 2980 sbp2port - ok 17:04:28.0311 2980 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 17:04:28.0311 2980 SCardSvr - ok 17:04:28.0342 2980 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 17:04:28.0358 2980 scfilter - ok 17:04:28.0404 2980 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll 17:04:28.0436 2980 Schedule - ok 17:04:28.0467 2980 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll 17:04:28.0467 2980 SCPolicySvc - ok 17:04:28.0498 2980 [ AA826E35F6D28A8E5D1EFEB337F24BA2 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 17:04:28.0498 2980 sdbus - ok 17:04:28.0545 2980 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll 17:04:28.0560 2980 SDRSVC - ok 17:04:28.0592 2980 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 17:04:28.0592 2980 secdrv - ok 17:04:28.0607 2980 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 17:04:28.0623 2980 seclogon - ok 17:04:28.0654 2980 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll 17:04:28.0654 2980 SENS - ok 17:04:28.0685 2980 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys 17:04:28.0701 2980 Serenum - ok 17:04:28.0732 2980 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys 17:04:28.0748 2980 Serial - ok 17:04:28.0779 2980 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys 17:04:28.0779 2980 sermouse - ok 17:04:28.0857 2980 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll 17:04:28.0872 2980 SessionEnv - ok 17:04:28.0919 2980 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\drivers\SFEP.sys 17:04:28.0919 2980 SFEP - ok 17:04:28.0935 2980 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 17:04:28.0950 2980 sffdisk - ok 17:04:28.0950 2980 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 17:04:28.0966 2980 sffp_mmc - ok 17:04:28.0997 2980 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 17:04:28.0997 2980 sffp_sd - ok 17:04:29.0028 2980 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 17:04:29.0028 2980 sfloppy - ok 17:04:29.0075 2980 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 17:04:29.0091 2980 SharedAccess - ok 17:04:29.0138 2980 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 17:04:29.0153 2980 ShellHWDetection - ok 17:04:29.0216 2980 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 17:04:29.0216 2980 sisagp - ok 17:04:29.0247 2980 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 17:04:29.0247 2980 SiSRaid2 - ok 17:04:29.0278 2980 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 17:04:29.0278 2980 SiSRaid4 - ok 17:04:29.0325 2980 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 17:04:29.0340 2980 Smb - ok 17:04:29.0387 2980 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 17:04:29.0387 2980 SNMPTRAP - ok 17:04:29.0481 2980 [ 98886C88A1CB13D61672AE2C638B7E1C ] SOHCImp C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe 17:04:29.0496 2980 SOHCImp - ok 17:04:29.0512 2980 [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe 17:04:29.0512 2980 SOHDBSvr - ok 17:04:29.0559 2980 [ 556681BE668D71DC162391A45422B52C ] SOHDms C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe 17:04:29.0559 2980 SOHDms - ok 17:04:29.0590 2980 [ 72B46103E4111439109ACF5882627C24 ] SOHDs C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe 17:04:29.0590 2980 SOHDs - ok 17:04:29.0606 2980 [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe 17:04:29.0621 2980 SOHPlMgr - ok 17:04:29.0652 2980 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 17:04:29.0652 2980 spldr - ok 17:04:29.0715 2980 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe 17:04:29.0730 2980 Spooler - ok 17:04:29.0855 2980 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe 17:04:29.0964 2980 sppsvc - ok 17:04:29.0996 2980 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll 17:04:30.0011 2980 sppuinotify - ok 17:04:30.0058 2980 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys 17:04:30.0058 2980 srv - ok 17:04:30.0089 2980 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 17:04:30.0105 2980 srv2 - ok 17:04:30.0120 2980 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 17:04:30.0136 2980 srvnet - ok 17:04:30.0167 2980 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 17:04:30.0167 2980 SSDPSRV - ok 17:04:30.0198 2980 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 17:04:30.0198 2980 SstpSvc - ok 17:04:30.0230 2980 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys 17:04:30.0230 2980 stexstor - ok 17:04:30.0276 2980 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll 17:04:30.0308 2980 StiSvc - ok 17:04:30.0339 2980 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys 17:04:30.0339 2980 swenum - ok 17:04:30.0386 2980 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 17:04:30.0417 2980 swprv - ok 17:04:30.0464 2980 [ 215A45246C6E2D0A9C263CE1786C8D8A ] SynTP C:\Windows\system32\drivers\SynTP.sys 17:04:30.0479 2980 SynTP - ok 17:04:30.0526 2980 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll 17:04:30.0557 2980 SysMain - ok 17:04:30.0588 2980 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll 17:04:30.0604 2980 TabletInputService - ok 17:04:30.0620 2980 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll 17:04:30.0651 2980 TapiSrv - ok 17:04:30.0666 2980 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 17:04:30.0666 2980 TBS - ok 17:04:30.0760 2980 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys 17:04:30.0791 2980 Tcpip - ok 17:04:30.0854 2980 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 17:04:30.0869 2980 TCPIP6 - ok 17:04:30.0900 2980 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 17:04:30.0900 2980 tcpipreg - ok 17:04:30.0932 2980 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 17:04:30.0932 2980 TDPIPE - ok 17:04:30.0978 2980 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 17:04:30.0978 2980 TDTCP - ok 17:04:31.0010 2980 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 17:04:31.0010 2980 tdx - ok 17:04:31.0041 2980 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\drivers\termdd.sys 17:04:31.0041 2980 TermDD - ok 17:04:31.0088 2980 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll 17:04:31.0103 2980 TermService - ok 17:04:31.0134 2980 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 17:04:31.0150 2980 Themes - ok 17:04:31.0166 2980 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 17:04:31.0166 2980 THREADORDER - ok 17:04:31.0197 2980 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 17:04:31.0212 2980 TrkWks - ok 17:04:31.0259 2980 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 17:04:31.0275 2980 TrustedInstaller - ok 17:04:31.0306 2980 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 17:04:31.0306 2980 tssecsrv - ok 17:04:31.0353 2980 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 17:04:31.0353 2980 tunnel - ok 17:04:31.0368 2980 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys 17:04:31.0384 2980 uagp35 - ok 17:04:31.0400 2980 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys 17:04:31.0415 2980 udfs - ok 17:04:31.0478 2980 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 17:04:31.0478 2980 UI0Detect - ok 17:04:31.0524 2980 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 17:04:31.0524 2980 uliagpkx - ok 17:04:31.0556 2980 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys 17:04:31.0556 2980 umbus - ok 17:04:31.0587 2980 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys 17:04:31.0587 2980 UmPass - ok 17:04:31.0618 2980 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 17:04:31.0649 2980 upnphost - ok 17:04:31.0696 2980 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 17:04:31.0696 2980 USBAAPL - ok 17:04:31.0758 2980 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 17:04:31.0758 2980 usbaudio - ok 17:04:31.0790 2980 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 17:04:31.0805 2980 usbccgp - ok 17:04:31.0836 2980 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 17:04:31.0836 2980 usbcir - ok 17:04:31.0883 2980 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 17:04:31.0883 2980 usbehci - ok 17:04:31.0946 2980 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 17:04:31.0946 2980 usbhub - ok 17:04:31.0992 2980 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys 17:04:31.0992 2980 usbohci - ok 17:04:32.0008 2980 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys 17:04:32.0008 2980 usbprint - ok 17:04:32.0039 2980 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:04:32.0055 2980 USBSTOR - ok 17:04:32.0070 2980 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 17:04:32.0070 2980 usbuhci - ok 17:04:32.0117 2980 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 17:04:32.0117 2980 usbvideo - ok 17:04:32.0164 2980 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 17:04:32.0164 2980 UxSms - ok 17:04:32.0211 2980 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe 17:04:32.0211 2980 VAIO Entertainment TV Device Arbitration Service - ok 17:04:32.0273 2980 [ D4197CF0C8567046FD4AF28FF47AF528 ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe 17:04:32.0273 2980 VAIO Event Service - ok 17:04:32.0352 2980 [ 49A7C107D51D5F481F702FE75548CE8F ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe 17:04:32.0368 2980 VAIO Power Management - ok 17:04:32.0383 2980 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe 17:04:32.0399 2980 VaultSvc - ok 17:04:32.0446 2980 [ 6A740F5FF3246C3BE3DD317299EFC88E ] VCFw C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe 17:04:32.0461 2980 VCFw - ok 17:04:32.0524 2980 [ FD03AC6CD1571AA8B2FF56D3C600E26E ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe 17:04:32.0555 2980 VcmIAlzMgr - ok 17:04:32.0602 2980 [ 9D9B34B430B4DC683112F59C80D20AB8 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe 17:04:32.0617 2980 VcmINSMgr - ok 17:04:32.0649 2980 [ B56CD01F36EEF2967EF18D8DF0E5C285 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe 17:04:32.0664 2980 VcmXmlIfHelper - ok 17:04:32.0695 2980 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 17:04:32.0695 2980 vdrvroot - ok 17:04:32.0742 2980 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe 17:04:32.0758 2980 vds - ok 17:04:32.0805 2980 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 17:04:32.0805 2980 vga - ok 17:04:32.0836 2980 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 17:04:32.0836 2980 VgaSave - ok 17:04:32.0867 2980 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 17:04:32.0867 2980 vhdmp - ok 17:04:32.0898 2980 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 17:04:32.0898 2980 viaagp - ok 17:04:32.0929 2980 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 17:04:32.0929 2980 ViaC7 - ok 17:04:32.0945 2980 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 17:04:32.0945 2980 viaide - ok 17:04:32.0976 2980 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\drivers\volmgr.sys 17:04:32.0976 2980 volmgr - ok 17:04:33.0007 2980 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 17:04:33.0007 2980 volmgrx - ok 17:04:33.0070 2980 [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap C:\Windows\system32\drivers\volsnap.sys 17:04:33.0070 2980 volsnap - ok 17:04:33.0101 2980 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 17:04:33.0117 2980 vsmraid - ok 17:04:33.0179 2980 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe 17:04:33.0226 2980 VSS - ok 17:04:33.0319 2980 [ BDB755F9B3E01BF33993C10C007202DF ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe 17:04:33.0351 2980 VUAgent - ok 17:04:33.0397 2980 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 17:04:33.0397 2980 vwifibus - ok 17:04:33.0429 2980 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 17:04:33.0429 2980 vwififlt - ok 17:04:33.0460 2980 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 17:04:33.0460 2980 vwifimp - ok 17:04:33.0491 2980 [ D8BEF4AC1EAC809DBDBD441D6CFF6C4C ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe 17:04:33.0507 2980 VzCdbSvc - ok 17:04:33.0538 2980 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 17:04:33.0553 2980 W32Time - ok 17:04:33.0600 2980 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 17:04:33.0600 2980 WacomPen - ok 17:04:33.0631 2980 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 17:04:33.0631 2980 WANARP - ok 17:04:33.0647 2980 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 17:04:33.0647 2980 Wanarpv6 - ok 17:04:33.0709 2980 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe 17:04:33.0756 2980 wbengine - ok 17:04:33.0772 2980 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 17:04:33.0787 2980 WbioSrvc - ok 17:04:33.0819 2980 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll 17:04:33.0850 2980 wcncsvc - ok 17:04:33.0865 2980 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 17:04:33.0881 2980 WcsPlugInService - ok 17:04:33.0897 2980 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys 17:04:33.0897 2980 Wd - ok 17:04:33.0959 2980 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 17:04:33.0975 2980 Wdf01000 - ok 17:04:34.0021 2980 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 17:04:34.0021 2980 WdiServiceHost - ok 17:04:34.0037 2980 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 17:04:34.0053 2980 WdiSystemHost - ok 17:04:34.0099 2980 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll 17:04:34.0115 2980 WebClient - ok 17:04:34.0146 2980 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 17:04:34.0177 2980 Wecsvc - ok 17:04:34.0193 2980 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 17:04:34.0209 2980 wercplsupport - ok 17:04:34.0240 2980 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 17:04:34.0240 2980 WerSvc - ok 17:04:34.0271 2980 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 17:04:34.0287 2980 WfpLwf - ok 17:04:34.0302 2980 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 17:04:34.0302 2980 WIMMount - ok 17:04:34.0365 2980 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 17:04:34.0380 2980 WinDefend - ok 17:04:34.0396 2980 WinHttpAutoProxySvc - ok 17:04:34.0458 2980 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 17:04:34.0458 2980 Winmgmt - ok 17:04:34.0536 2980 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll 17:04:34.0583 2980 WinRM - ok 17:04:34.0645 2980 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 17:04:34.0645 2980 WinUsb - ok 17:04:34.0708 2980 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 17:04:34.0739 2980 Wlansvc - ok 17:04:34.0755 2980 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 17:04:34.0755 2980 WmiAcpi - ok 17:04:34.0801 2980 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 17:04:34.0817 2980 wmiApSrv - ok 17:04:34.0864 2980 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 17:04:34.0911 2980 WMPNetworkSvc - ok 17:04:34.0942 2980 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 17:04:34.0957 2980 WPCSvc - ok 17:04:34.0973 2980 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 17:04:34.0989 2980 WPDBusEnum - ok 17:04:35.0004 2980 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 17:04:35.0020 2980 ws2ifsl - ok 17:04:35.0051 2980 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\system32\wscsvc.dll 17:04:35.0067 2980 wscsvc - ok 17:04:35.0082 2980 WSearch - ok 17:04:35.0191 2980 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 17:04:35.0285 2980 wuauserv - ok 17:04:35.0316 2980 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 17:04:35.0332 2980 WudfPf - ok 17:04:35.0363 2980 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 17:04:35.0363 2980 WUDFRd - ok 17:04:35.0425 2980 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 17:04:35.0425 2980 wudfsvc - ok 17:04:35.0472 2980 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 17:04:35.0488 2980 WwanSvc - ok 17:04:35.0535 2980 ================ Scan global =============================== 17:04:35.0566 2980 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll 17:04:35.0597 2980 [ A9E43C040F405DB689FC29534EF0389B ] C:\Windows\system32\winsrv.dll 17:04:35.0628 2980 [ A9E43C040F405DB689FC29534EF0389B ] C:\Windows\system32\winsrv.dll 17:04:35.0659 2980 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 17:04:35.0691 2980 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 17:04:35.0706 2980 [Global] - ok 17:04:35.0706 2980 ================ Scan MBR ================================== 17:04:35.0722 2980 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 17:04:35.0987 2980 \Device\Harddisk0\DR0 - ok 17:04:35.0987 2980 ================ Scan VBR ================================== 17:04:36.0003 2980 [ 93111972AFD75B6589D889D96E18D884 ] \Device\Harddisk0\DR0\Partition1 17:04:36.0003 2980 \Device\Harddisk0\DR0\Partition1 - ok 17:04:36.0018 2980 [ 66ED05668AB34D3192B892B3E448AE1B ] \Device\Harddisk0\DR0\Partition2 17:04:36.0018 2980 \Device\Harddisk0\DR0\Partition2 - ok 17:04:36.0018 2980 ============================================================ 17:04:36.0018 2980 Scan finished 17:04:36.0018 2980 ============================================================ 17:04:36.0049 1236 Detected object count: 0 17:04:36.0049 1236 Actual detected object count: 0 17:04:38.0889 0724 Deinitialize success Here's what ESET found (sorry, it took about an hour to complete) C:\Qoobox\Quarantine\C\Program Files\Coupon Companion Plugin\CoUPon companion plugin.dll.vir a variant of Win32/Toolbar.CrossRider.A application unable to clean C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application unable to clean C:\Qoobox\Quarantine\C\Users\Wyatt\AppData\Roaming\Mucay\okfys.exe.vir a variant of Win32/Injector.AARB trojan unable to clean AdwCleaner: # AdwCleaner v2.104 - Logfile created 01/01/2013 at 18:28:07 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Starter (32 bits) # User : Wyatt - WYATT-VAIO # Boot Mode : Normal # Running from : C:\Users\Wyatt\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Crossrider ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [556 octets] - [01/01/2013 18:28:07] ########## EOF - C:\AdwCleaner[R1].txt - [615 octets] ########## And finally, the results of your Security Check: Results of screen317's Security Check version 0.99.56 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 18 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` Qoobox.zip

Hey good news: I just ran a quick MBAM scan for the heck of it and nothing was detected. I'm going to restart in normal mode and see if it has gotten any better. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.29.03 Windows 7 x86 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Wyatt :: WYATT-VAIO [administrator] 1/1/2013 3:06:54 PM mbam-log-2013-01-01 (15-06-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 226529 Time elapsed: 5 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

ComboFix 13-01-01.02 - Wyatt 01/01/2013 14:05:32.1.2 - x86 NETWORK Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.448 [GMT -8:00] Running from: c:\users\Wyatt\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Coupon Companion Plugin\CoUPon companion plugin.dll c:\program files\Downloaded Installers c:\program files\StartNow Toolbar c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe c:\programdata\4e0eaba6 c:\users\Public\Documents\~WRL2546.tmp c:\users\Wyatt\99 c:\users\Wyatt\AppData\Roaming\Axefo c:\users\Wyatt\AppData\Roaming\Axefo\avbe.tmp c:\users\Wyatt\AppData\Roaming\Axefo\avbe.yni c:\users\Wyatt\AppData\Roaming\Mucay c:\users\Wyatt\AppData\Roaming\Mucay\okfys.exe c:\users\Wyatt\Documents\~WRL3338.tmp c:\users\Wyatt\Documents\~WRL3745.tmp . . ((((((((((((((((((((((((( Files Created from 2012-12-01 to 2013-01-01 ))))))))))))))))))))))))))))))) . . 2013-01-01 22:20 . 2013-01-01 22:20 -------- d-----w- c:\users\Trish\AppData\Local\temp 2013-01-01 22:19 . 2013-01-01 22:22 -------- d-----w- c:\users\Wyatt\AppData\Local\temp 2013-01-01 22:19 . 2013-01-01 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-01 22:05 . 2013-01-01 22:05 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CE8D026-02BD-4DA6-987F-F08AA8F4FF18}\offreg.dll 2013-01-01 20:00 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CE8D026-02BD-4DA6-987F-F08AA8F4FF18}\mpengine.dll 2013-01-01 04:19 . 2013-01-01 04:19 -------- d-----w- c:\windows\Sun 2012-12-30 00:52 . 2012-12-30 00:52 -------- d-----w- c:\users\Wyatt\AppData\Local\Coupon Companion Plugin 2012-12-30 00:52 . 2013-01-01 22:18 -------- d-----w- c:\program files\Coupon Companion Plugin 2012-12-28 22:40 . 2012-12-31 23:29 -------- d-----w- c:\users\Wyatt\AppData\Roaming\Epxoak 2012-12-28 22:40 . 2012-12-28 22:40 -------- d-----w- c:\users\Wyatt\AppData\Roaming\Poyh 2012-12-21 06:29 . 2012-12-16 14:25 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 06:29 . 2012-12-16 14:25 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-13 06:32 . 2012-11-02 04:48 376832 ----a-w- c:\windows\system32\dpnet.dll 2012-12-13 06:32 . 2012-09-06 16:48 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-13 06:32 . 2012-11-09 04:49 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-09 23:59 . 2012-12-09 23:59 -------- d-----w- c:\program files\Enigma Software Group . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-15 00:49 . 2011-02-19 19:44 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-16 20:34 . 2012-11-27 23:58 559104 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-11 03:20 . 2012-10-11 03:20 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-11 03:20 . 2011-10-11 05:43 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-23 8120864] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-26 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-26 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-26 150552] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-23 1578280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "SmartWiHelper"="c:\program files\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880] "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-12-15 1091432] "Z1"="c:\users\Wyatt\Desktop\mbar-1.01.0.1011\mbar\mbar.exe" [2013-01-01 1342312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-12-01 02:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2012-12-15 00:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [x] R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [x] R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\DRIVERS\MAudioMIDISPORT.sys [x] R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [x] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x] R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [x] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [x] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [x] R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [x] R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [x] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [x] R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [x] S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc . . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = <local>;*.local uInternet Settings,ProxyServer = http=127.0.0.1:54949 TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKCU-Run-CompHost - certdccw.dll MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\"" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-01 14:26:24 ComboFix-quarantined-files.txt 2013-01-01 22:26 . Pre-Run: 184,612,323,328 bytes free Post-Run: 186,689,589,248 bytes free . - - End Of File - - A51E2845DF908A811DF040C30902390C And here's this one.......... DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK Internet Explorer: 9.0.8112.16457 Run by Wyatt at 14:30:57 on 2013-01-01 Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.321 [GMT -8:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\ctfmon.exe C:\Windows\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k secsvcs . ============== Pseudo HJT Report =============== . uStart Page = hxxps://www.google.com/ mStart Page = hxxp://www.google.com uProxyServer = hxxp=127.0.0.1:54949 uProxyOverride = <local>;*.local BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [smartWiHelper] "c:\program files\sony\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe" mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript mRunOnce: [Z1] c:\users\wyatt\desktop\mbar-1.01.0.1011\mbar\mbar.exe /cleanup /s uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{1C7094A9-AF19-464E-91A2-EEF617F124C6} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{1C7094A9-AF19-464E-91A2-EEF617F124C6}\14454583036383 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{1C7094A9-AF19-464E-91A2-EEF617F124C6}\2375942554633353 : DHCPNameServer = 192.168.1.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Notify: igfxcui - igfxdev.dll Notify: VESWinlogon - VESWinlogon.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2010-6-28 789856] R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-12-2 9344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224] S2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-9-14 642416] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-27 43944] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-30 29472] S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-9-27 140376] S3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\drivers\MAudioMIDISPORT.sys [2010-10-6 169224] S3 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2010-6-30 122880] S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2010-6-30 120104] S3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\common files\sony shared\sohlib\SOHDBSvr.exe [2010-6-30 70952] S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2010-6-30 427304] S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2010-6-30 75048] S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\common files\sony shared\sohlib\SOHPlMgr.exe [2010-6-30 91432] S3 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2010-6-30 513392] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2010-6-30 480624] S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\sony\vcm intelligent network service manager\VcmINSMgr.exe [2010-6-30 361840] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2010-6-30 83312] S3 VUAgent;VUAgent;c:\program files\sony\vaio update common\VUAgent.exe [2012-1-13 939624] . =============== Created Last 30 ================ . 2013-01-01 22:26:36 -------- d-sh--w- C:\$RECYCLE.BIN 2013-01-01 22:26:28 -------- d-----w- c:\users\wyatt\appdata\local\temp 2013-01-01 22:05:24 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8ce8d026-02bd-4da6-987f-f08aa8f4ff18}\offreg.dll 2013-01-01 22:01:56 98816 ----a-w- c:\windows\sed.exe 2013-01-01 22:01:56 256000 ----a-w- c:\windows\PEV.exe 2013-01-01 22:01:56 208896 ----a-w- c:\windows\MBR.exe 2013-01-01 20:00:15 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8ce8d026-02bd-4da6-987f-f08aa8f4ff18}\mpengine.dll 2012-12-30 00:52:26 -------- d-----w- c:\users\wyatt\appdata\local\Coupon Companion Plugin 2012-12-30 00:52:19 -------- d-----w- c:\program files\Coupon Companion Plugin 2012-12-28 22:40:00 -------- d-----w- c:\users\wyatt\appdata\roaming\Poyh 2012-12-28 22:40:00 -------- d-----w- c:\users\wyatt\appdata\roaming\Epxoak 2012-12-21 06:29:52 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 06:29:52 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-13 06:32:53 376832 ----a-w- c:\windows\system32\dpnet.dll 2012-12-13 06:32:52 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-13 06:32:42 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-09 23:59:46 -------- d-----w- c:\program files\Enigma Software Group . ==================== Find3M ==================== . 2012-12-15 00:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-22 07:43:13 2344960 ----a-w- c:\windows\system32\win32k.sys 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-10-16 20:34:37 559104 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-11 03:20:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-11 03:20:29 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-04 16:53:53 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-10-04 16:49:12 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-10-04 15:00:00 271360 ----a-w- c:\windows\system32\conhost.exe 2012-10-04 14:44:29 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:44:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:44:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:44:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 14:31:21.52 ===============

Ok, when I try to run it, I get an error message that says it can't load/install the "DDA driver." It gives me the option of rebooting to install it, which I click, and then I immediately get an error message that says it was unable to install DDA driver.

Yes, I would like to give it a shot. Is it absolutely necessary that I back-up my files and how would I do this?

Things are running fine in safe mode- normal mode not so much. Dang, ran a scan and it's still there. I'm going to reboot anyway Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.29.03 Windows 7 x86 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Wyatt :: WYATT-VAIO [administrator] 1/1/2013 12:22:15 PM mbam-log-2013-01-01 (12-22-15).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 232163 Time elapsed: 11 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Wyatt\LOCALS~1\Temp\msuquuyk.pif -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Here ya go: # AdwCleaner v2.104 - Logfile created 01/01/2013 at 11:51:00 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Starter (32 bits) # User : Wyatt - WYATT-VAIO # Boot Mode : Safe mode with networking # Running from : C:\Users\Wyatt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MN1JFWKD\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Updater Service for StartNow Toolbar ***** [Files / Folders] ***** File Deleted : C:\Users\Wyatt\AppData\Local\Temp\Uninstall.exe Folder Deleted : C:\ProgramData\Trymedia Folder Deleted : C:\Users\Wyatt\AppData\Local\Wajam Folder Deleted : C:\Users\Wyatt\AppData\LocalLow\FunWebProducts Folder Deleted : C:\Users\Wyatt\AppData\LocalLow\MyWebSearch Folder Deleted : C:\Users\Wyatt\AppData\LocalLow\Toolbar4 ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Zugo Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1 Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/accmeware/{E528FBF1-D27C-48FE-B374-B967816EC659} --> hxxp://www.google.com ************************* AdwCleaner[R1].txt - [4586 octets] - [01/01/2013 11:43:48] AdwCleaner[s1].txt - [4672 octets] - [01/01/2013 11:51:00] ########## EOF - C:\AdwCleaner[s1].txt - [4732 octets] ##########

Hey thanks! Here it is: # AdwCleaner v2.104 - Logfile created 01/01/2013 at 11:43:48 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Starter (32 bits) # User : Wyatt - WYATT-VAIO # Boot Mode : Safe mode with networking # Running from : C:\Users\Wyatt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MN1JFWKD\adwcleaner.exe # Option [search] ***** [services] ***** Found : Updater Service for StartNow Toolbar ***** [Files / Folders] ***** File Found : C:\Users\Wyatt\AppData\Local\Temp\Uninstall.exe Folder Found : C:\ProgramData\Trymedia Folder Found : C:\Users\Wyatt\AppData\Local\Wajam Folder Found : C:\Users\Wyatt\AppData\LocalLow\FunWebProducts Folder Found : C:\Users\Wyatt\AppData\LocalLow\MyWebSearch Folder Found : C:\Users\Wyatt\AppData\LocalLow\Toolbar4 ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts Key Found : HKCU\Software\Cr_Installer Key Found : HKCU\Software\InstalledBrowserExtensions Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\Zugo Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Found : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1 Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1 Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1 Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/accmeware/{E528FBF1-D27C-48FE-B374-B967816EC659} ************************* AdwCleaner[R1].txt - [4457 octets] - [01/01/2013 11:43:48] ########## EOF - C:\AdwCleaner[R1].txt - [4517 octets] ##########

I know you guys are ultra-busy and I appreciate the fact you guys even exist, but I think my last post died. I just really need some help Google gives me a 404 error when I try to access this site normally, but I am in Safe Mode right now, and I absolutely hate Safe Mode. Here it is if anyone thinks that they can help. Sorry for my re-posting; I'm just eager to regain my sanity.

Thanks screen317 So here's this... Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.29.03 Windows 7 x86 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Wyatt :: WYATT-VAIO [administrator] 12/29/2012 10:52:21 PM mbam-log-2012-12-29 (22-52-21).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 228008 Time elapsed: 9 minute(s), 5 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Wyatt\LOCALS~1\Temp\msuquuyk.pif -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) After I rebooted, ran DDS and got this... DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK Internet Explorer: 9.0.8112.16457 Run by Wyatt at 23:03:57 on 2012-12-29 Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.593 [GMT -8:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork . ============== Pseudo HJT Report =============== . uStart Page = hxxps://www.google.com/ mStart Page = hxxp://www.bigseekpro.com/accmeware/{E528FBF1-D27C-48FE-B374-B967816EC659} uProxyServer = hxxp=127.0.0.1:54949 uProxyOverride = <local>;*.local uWindows: Load = c:\users\wyatt\locals~1\temp\msuquuyk.pif BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - c:\program files\coupon companion plugin\Coupon Companion Plugin.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - uRun: [CompHost] rundll32 "certdccw.dll",CreateProcessNotify uRun: [Loytyd] c:\users\wyatt\appdata\roaming\mucay\okfys.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [smartWiHelper] "c:\program files\sony\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe" mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{1C7094A9-AF19-464E-91A2-EEF617F124C6} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{1C7094A9-AF19-464E-91A2-EEF617F124C6}\14454583036383 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{1C7094A9-AF19-464E-91A2-EEF617F124C6}\2375942554633353 : DHCPNameServer = 192.168.1.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Notify: igfxcui - igfxdev.dll Notify: VESWinlogon - VESWinlogon.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2010-6-28 789856] R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-12-2 9344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224] S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2012-6-22 265952] S2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-9-14 642416] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-27 43944] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-30 29472] S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-9-27 140376] S3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\drivers\MAudioMIDISPORT.sys [2010-10-6 169224] S3 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2010-6-30 122880] S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2010-6-30 120104] S3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\common files\sony shared\sohlib\SOHDBSvr.exe [2010-6-30 70952] S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2010-6-30 427304] S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2010-6-30 75048] S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\common files\sony shared\sohlib\SOHPlMgr.exe [2010-6-30 91432] S3 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2010-6-30 513392] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2010-6-30 480624] S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\sony\vcm intelligent network service manager\VcmINSMgr.exe [2010-6-30 361840] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2010-6-30 83312] S3 VUAgent;VUAgent;c:\program files\sony\vaio update common\VUAgent.exe [2012-1-13 939624] . =============== Created Last 30 ================ . 2012-12-30 00:52:36 -------- d-----w- c:\users\wyatt\appdata\local\Wajam 2012-12-30 00:52:26 -------- d-----w- c:\users\wyatt\appdata\local\Coupon Companion Plugin 2012-12-30 00:52:19 -------- d-----w- c:\program files\Coupon Companion Plugin 2012-12-28 22:40:00 -------- d-----w- c:\users\wyatt\appdata\roaming\Poyh 2012-12-28 22:40:00 -------- d-----w- c:\users\wyatt\appdata\roaming\Mucay 2012-12-28 22:40:00 -------- d-----w- c:\users\wyatt\appdata\roaming\Epxoak 2012-12-28 17:32:21 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fe27f9ab-a723-418b-83c2-2089070ac68e}\mpengine.dll 2012-12-21 06:29:52 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 06:29:52 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-13 06:32:53 376832 ----a-w- c:\windows\system32\dpnet.dll 2012-12-13 06:32:52 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-13 06:32:42 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-09 23:59:46 -------- d-----w- c:\program files\Enigma Software Group . ==================== Find3M ==================== . 2012-12-15 00:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-22 07:43:13 2344960 ----a-w- c:\windows\system32\win32k.sys 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-10-16 20:34:37 559104 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-11 03:20:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-11 03:20:29 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-04 16:53:53 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-10-04 16:49:12 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-10-04 15:00:00 271360 ----a-w- c:\windows\system32\conhost.exe 2012-10-04 14:44:29 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:44:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:44:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:44:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 23:06:29.82 =============== And this... . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Starter Boot Device: \Device\HarddiskVolume2 Install Date: 11/12/2010 5:20:09 PM System Uptime: 12/29/2012 11:02:38 PM (0 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Atom CPU N470 @ 1.83GHz | N/A | 1828/667mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 227 GiB total, 172.344 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: Description: Ethernet Controller Device ID: PCI\VEN_197B&DEV_0260&SUBSYS_9075104D&REV_02\4&194AE453&0&05E1 Manufacturer: Name: Ethernet Controller PNP Device ID: PCI\VEN_197B&DEV_0260&SUBSYS_9075104D&REV_02\4&194AE453&0&05E1 Service: . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . ==== System Restore Points =================== . RP312: 12/9/2012 4:11:59 PM - Removed SpyHunter RP313: 12/9/2012 4:13:23 PM - Removed SpyHunter RP314: 12/9/2012 4:40:01 PM - Windows Update RP315: 12/13/2012 3:02:17 AM - Windows Update RP316: 12/18/2012 10:13:06 AM - Windows Update RP317: 12/20/2012 10:29:05 PM - Windows Update RP318: 12/25/2012 12:30:45 PM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader 9.1.2 Adobe Shockwave Player 11.5 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft WebCam Companion 3 Armagetron Advanced 0.2.8.3.1.gcc AstroViewer 3.1.4 Audacity 1.3.13 (Unicode) Bonjour Compatibility Pack for the 2007 Office system Coupon Companion Plugin Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Intel® Graphics Media Accelerator Driver iTunes Java Auto Updater Java 6 Update 18 JMicron Flash Media Controller Driver Junk Mail filter update LAME v3.98.3 for Audacity Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Works Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 MilkDrop for Winamp 2x (remove only) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Next Generation Visualisations One-click FLAC to MP3 Converter PMB QuickTime Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Setting Utility Series SmartWi Connection Utility Sony Home Network Library Stop Motion Animator 1.1.XP Synaptics Pointing Device Driver Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition VAIO Care VAIO Content Metadata Intelligent Analyzing Manager VAIO Content Metadata Intelligent Network Service Manager VAIO Content Metadata Manager Settings VAIO Content Metadata XML Interface Library VAIO Content Monitoring Settings VAIO Control Center VAIO Data Restore Tool VAIO Entertainment Platform VAIO Event Service VAIO Hardware Diagnostics VAIO Help and Support VAIO Media plus VAIO Media plus Opening Movie VAIO OOBE and Startup Assistant VAIO Original Function Settings VAIO Power Management VAIO Survey VAIO Transfer Support VAIO Update VAIO Update Merge Module x86 VU5x86 WIDCOMM Bluetooth Software Winamp Winamp Detector Plug-in Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 12/29/2012 6:01:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom 12/29/2012 4:52:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 12/29/2012 4:14:51 PM, Error: Service Control Manager [7022] - The VAIO Content Folder Watcher service hung on starting. 12/29/2012 3:21:14 PM, Error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The process cannot access the file because it is being used by another process. 12/29/2012 11:05:23 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 12/29/2012 11:03:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 12/29/2012 11:03:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 12/29/2012 11:03:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 12/29/2012 11:03:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12/29/2012 11:03:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 12/29/2012 11:03:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache spldr Wanarpv6 12/28/2012 9:31:41 PM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831 12/26/2012 8:43:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 12/25/2012 9:33:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 12/25/2012 1:17:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 12/24/2012 3:05:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VzCdbSvc service. 12/24/2012 12:51:47 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization. . ==== End Of File ===========================

Hi, I'm here because I need help getting rid of this stupid PUM.UserWLoad thing. I had that moneypack FBI virus a few weeks ago but I got rid of it. Now I'm having trouble with internet browsing (I'm using Safe Mode with Networking to make my life easier). I've been getting a ieframe.dll error page online too. I've run MB several times, and the only thing that is detected is this PUP file, which won't go away after restarting my computer! I should also mention when I log in to my desktop I always get a .dll error message ("could not be found"), but this has been going on for a while and I haven't noticed any other problems along with it. some more Context: I have a little Sony Vaio computer with windows 7 (starter edition). I'm using the latest internet explorer. I don't think that I have an AV but I run MB (quick scan) every week or two, and it will usually help if I have any snags/bugs. I delete myhistory/files/cookies/ every day too. I've been following these instructions as best as I can to get here. (although I ran the dds thing in safe mode, is that okay?). If anyone could help me out, I'd really appreciate it, and bear with me as I'm not the most tech-savvy person on earth. dds.txt attach.txt

Ahhh Thank you, daledoc1. No I don't think I have an AV running, I just run MB every week or so and haven't had any snags until lately. I'll head over to the Malware removal subforum