Slow computer, possible infection

Bergamot · Feb 12, 2013

Hi there,

I wonder if anyone could offer some advice. My computer is slowing down - takes a while to open file and folders, and I've also noticed high memory usage by Explorer. I suspect I may have spyware/malware. I've generated a Hijack This report (attached) that I would be grateful if someone could take a look. Also any other reports I should generate to identify the issue??

I use AVG anti-virus software by the way.

Cheers!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:36:15, on 12/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00
Boot mode: Normal

Running processes:
C:\Users\AppData\Roaming\CoSoSys\HDDtoGO\HDDtoGOLaunch.exe
C:\Users\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Tech\Wheel Mouse Software\4.0\ACQTMAPP.exe
C:\Program Files (x86)\TextBridge Pro 9.0\Bin\InstantAccess.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Tech\Wheel Mouse Software\4.0\ACQHIDCL.DAT
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.timesonline.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [ACQTMOUSE] "C:\Program Files (x86)\Tech\Wheel Mouse Software\4.0\ACQTMAPP.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files (x86)\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~2\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~2\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [HDDtoGOLaunch] C:\Users\AppData\Roaming\CoSoSys\HDDtoGO\HDDtoGOLaunch.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab
O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} (RSClientPrint 2008 Class) - O16 - DPF: {8100D56A-5661-482C-BE...09.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\VUAgent.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15337 bytes

johnb35 · Feb 12, 2013

First thing to do would be to do the following.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Then post a fresh hijackthis log but do not attach it, just copy and paste it in your reply.

Bergamot · Feb 12, 2013

Hi Johnb35,

Thanks for responding.

This is what Malwarebytes picked up

Files Detected: 1
C:\Windows\Installer\{84eba990-5a5f-9d52-cb9e-a223623e9900}\U\80000000.@ (Rootkit.0Access.64) -> Quarantined and deleted successfully.

And here's my latest Hijack This log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:32:39, on 12/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Tech\Wheel Mouse Software\4.0\ACQTMAPP.exe
C:\Program Files (x86)\TextBridge Pro 9.0\Bin\InstantAccess.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Tech\Wheel Mouse Software\4.0\ACQHIDCL.DAT
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.timesonline.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ACQTMOUSE] "C:\Program Files (x86)\Tech\Wheel Mouse Software\4.0\ACQTMAPP.exe"
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~2\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab
O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} (RSClientPrint 2008 Class) - https://www.venloc.co.uk/sainsburys...&UICulture=1033&ReportStack=1&OpType=PrintCab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\VUAgent.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13797 bytes

johnb35 · Feb 12, 2013

Since you have the zero access rootkit lets gets some more scans in.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.

2.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file here :

Combofix
When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
Please click on yes in the next window to continue scanning for malware.
ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running

Bergamot · Feb 13, 2013

TDSSKiller didn't find anything on default parameter settings, however found several files when I checked 'Verify File signatures'. Decided to ignore threats detected (signatures could not be verified) as many were files/programs I recognised but let me know if I should post here.

Here are the ComboFix and latest Hijack This logs. Computer still running slow, but will try rebooting and see what happens.

ComboFix 13-02-13.01 - 13/02/2013 9:16.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3758.2383 [GMT 0:00]
Running from: c:\users\Desktop\PC Trouble Shoot\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\Installer\{84eba990-5a5f-9d52-cb9e-a223623e9900}\@
c:\windows\Installer\{84eba990-5a5f-9d52-cb9e-a223623e9900}\U\00000001.@
c:\windows\Installer\{84eba990-5a5f-9d52-cb9e-a223623e9900}\U\800000cb.@
c:\windows\SysWow64\spool\prtprocs\w32x86\ppbiPr.dll
c:\windows\SysWow64\system
.
.
((((((((((((((((((((((((( Files Created from 2013-01-13 to 2013-02-13 )))))))))))))))))))))))))))))))
.
.
2013-02-13 09:22 . 2013-02-13 09:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-13 09:22 . 2013-02-13 09:22 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-02-12 22:03 . 2013-02-12 22:03 -------- d-----w- c:\users\AppData\Roaming\Malwarebytes
2013-02-12 22:02 . 2013-02-12 22:02 -------- d-----w- c:\programdata\Malwarebytes
2013-02-12 22:02 . 2013-02-12 22:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-12 22:02 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-19 20:10 . 2013-01-19 20:10 -------- d-----w- c:\programdata\MobileBrServ
2013-01-14 20:02 . 2013-01-14 20:02 -------- d-----w- c:\users\AppData\Roaming\EuroTalk
2013-01-14 20:02 . 2013-01-14 20:02 -------- d-----w- c:\program files (x86)\EuroTalk Interactive
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-15 23:33 . 2012-11-15 23:33 111968 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"ACQTMOUSE"="c:\program files (x86)\Tech\Wheel Mouse Software\4.0\ACQTMAPP.exe" [2007-07-09 501760]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 22:03 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R3 ACRUSBTM;ACRUSBTM;c:\windows\system32\drivers\ACRUSBTM.SYS [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-14 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [2012-06-28 233344]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-19 529776]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-01-29 822784]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-12-14 56344]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-11-13 151936]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-12-16 244736]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-12 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 08:34]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-22 10:20]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-22 10:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-16 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-16 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-16 410136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-07 171520]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.timesonline.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://www.venloc.co.uk/sainsburys/Reserved.ReportViewerWebControl.axd?ReportSession=ohrki4551pexm43mvaab1fjn&ControlID=0baa4cd30951479d8859da6d09df5a38&Culture=2057&UICulture=1033&ReportStack=1&OpType=PrintCab
FF - ProfilePath - c:\users\AppData\Roaming\Mozilla\Firefox\Profiles\sabtlbo3.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.timesonline.co.uk/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-50401699.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-Spotify - c:\users\AppData\Roaming\Spotify\Spotify.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\SONY\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\TextBridge Pro 9.0\Bin\InstantAccess.exe
c:\program files (x86)\Tech\Wheel Mouse Software\4.0\ACQHIDCL.DAT
.
**************************************************************************
.
Completion time: 2013-02-13 09:38:23 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-13 09:38
.
Pre-Run: 114,527,498,240 bytes free
Post-Run: 115,302,678,528 bytes free
.
- - End Of File - - 8CF0DDE8CEBD0A6455088597EB9BBF23

Logfile of Trend Micro HijackThis[/B][/B] v2.0.4
Scan saved at 09:45:08, on 13/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Tech\Wheel Mouse Software\4.0\ACQTMAPP.exe
C:\Program Files (x86)\TextBridge Pro 9.0\Bin\InstantAccess.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Tech\Wheel Mouse Software\4.0\ACQHIDCL.DAT
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.timesonline.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ACQTMOUSE] "C:\Program Files (x86)\Tech\Wheel Mouse Software\4.0\ACQTMAPP.exe"
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~2\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab
O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} (RSClientPrint 2008 Class) -
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\VUAgent.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13394 bytes

Many thanks

johnb35 · Feb 13, 2013

Can you post the log from tdsskiller please.

Also would like for you to post a log from combofix that it didn't show you. Please navigate to c:\Qoobox and in that folder will be a file named add-remove programs.txt Open that file and copy and paste the contents back here.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code:

Reglock::

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Bergamot · Feb 15, 2013

Here is the ComboFix log you requested:

ComboFix 13-02-13.02 - Saveria 14/02/2013 6:34.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3758.2172 [GMT 0:00]
Running from: c:\users\Saveria\Desktop\PC Trouble Shoot\ComboFix.exe
Command switches used :: c:\users\Saveria\Desktop\PC Trouble Shoot\CFScript.txt.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-01-14 to 2013-02-14 )))))))))))))))))))))))))))))))
.
.
2013-02-14 06:40 . 2013-02-14 06:40 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-02-14 06:40 . 2013-02-14 06:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-13 14:54 . 2013-01-18 12:15 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8887FCD-E463-4625-8AE4-43FA3EB60646}\mpengine.dll
2013-02-13 14:54 . 2013-01-17 01:28 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-02-13 11:53 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-02-13 11:53 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-02-13 11:53 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-02-13 11:53 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-02-13 11:49 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 11:49 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 11:42 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-02-13 11:42 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-02-13 11:42 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-02-13 11:42 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-02-13 11:41 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-02-13 11:41 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-02-13 11:41 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-02-13 11:41 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-02-13 11:41 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-02-13 11:41 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-02-13 11:41 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-02-13 11:40 . 2013-02-13 11:40 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-13 11:40 . 2013-02-13 11:40 -------- d-----r- c:\program files (x86)\Skype
2013-02-13 09:54 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-02-13 09:54 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 09:54 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 09:54 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 09:54 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-02-13 09:54 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-02-13 09:52 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-02-13 09:51 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2013-02-13 09:50 . 2012-11-30 05:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-02-12 22:03 . 2013-02-12 22:03 -------- d-----w- c:\users\Saveria\AppData\Roaming\Malwarebytes
2013-02-12 22:02 . 2013-02-12 22:02 -------- d-----w- c:\programdata\Malwarebytes
2013-02-12 22:02 . 2013-02-12 22:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-12 22:02 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-19 20:10 . 2013-01-19 20:10 -------- d-----w- c:\programdata\MobileBrServ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 14:57 . 2012-07-19 19:31 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-13 14:56 . 2012-07-19 19:31 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-04 22:49 . 2010-03-15 21:55 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-04 04:43 . 2013-02-13 09:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Saveria\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Saveria\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Saveria\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Saveria\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-01-18 969104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"ACQTMOUSE"="c:\program files (x86)\Tech\Wheel Mouse Software\4.0\ACQTMAPP.exe" [2007-07-09 501760]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 22:03 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R3 ACRUSBTM;ACRUSBTM;c:\windows\system32\drivers\ACRUSBTM.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-14 1255736]
R4 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [2012-06-28 233344]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R4 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]
R4 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]
R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]
R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]
R4 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]
R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-19 529776]
R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]
R4 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
R4 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-01-29 822784]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-12-14 56344]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-11-13 151936]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-12-16 244736]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-12 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 08:34]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-22 10:20]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-22 10:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Saveria\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Saveria\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Saveria\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Saveria\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-16 410136]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-16 390680]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-16 166424]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.timesonline.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://www.venloc.co.uk/sainsburys/Reserved.ReportViewerWebControl.axd?ReportSession=ohrki4551pexm43mvaab1fjn&ControlID=0baa4cd30951479d8859da6d09df5a38&Culture=2057&UICulture=1033&ReportStack=1&OpType=PrintCab
FF - ProfilePath - c:\users\Saveria\AppData\Roaming\Mozilla\Firefox\Profiles\sabtlbo3.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.timesonline.co.uk/
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-02-14 06:42:56
ComboFix-quarantined-files.txt 2013-02-14 06:42
ComboFix2.txt 2013-02-13 09:38
.
Pre-Run: 116,442,165,248 bytes free
Post-Run: 116,274,843,648 bytes free
.
- - End Of File - - E33497065EF7DFF5A3BF10F872223A4F

Bergamot · Feb 15, 2013

....and here is the TDSSKiller Log in two parts, as it exceeds the text limit per Computer Forum post:

065530.0040 3880 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 185042
065530.0913 3880 ============================================================
065530.0913 3880 Current date time 20130214 065530.0913
065530.0913 3880 SystemInfo
065530.0913 3880
065530.0913 3880 OS Version 6.1.7601 ServicePack 1.0
065530.0913 3880 Product type Workstation
065530.0913 3880 ComputerName -VAIO
065530.0913 3880 UserName
065530.0913 3880 Windows directory CWindows
065530.0913 3880 System windows directory CWindows
065530.0913 3880 Running under WOW64
065530.0913 3880 Processor architecture Intel x64
065530.0913 3880 Number of processors 4
065530.0913 3880 Page size 0x1000
065530.0913 3880 Boot type Normal boot
065530.0913 3880 ============================================================
065531.0553 3880 Drive DeviceHarddisk0DR0 - Size 0x4A85D56000 (298.09 Gb), SectorSize 0x200, Cylinders 0x9801, SectorsPerTrack 0x3F, TracksPerCylinder 0xFF, Type 'K0', Flags 0x00000040
065531.0569 3880 ============================================================
065531.0569 3880 DeviceHarddisk0DR0
065531.0569 3880 MBR partitions
065531.0569 3880 DeviceHarddisk0DR0Partition1 MBR, Type 0x7, StartLBA 0x11AF000, BlocksNum 0x32000
065531.0569 3880 DeviceHarddisk0DR0Partition2 MBR, Type 0x7, StartLBA 0x11E1000, BlocksNum 0x2424D2B0
065531.0569 3880 ============================================================
065531.0631 3880 C - DeviceHarddisk0DR0Partition2
065531.0631 3880 ============================================================
065531.0631 3880 Initialize success
065531.0631 3880 ============================================================
065536.0405 1552 ============================================================
065536.0405 1552 Scan started
065536.0405 1552 Mode Manual;
065536.0405 1552 ============================================================
065537.0013 1552 ================ Scan system memory ========================
065537.0013 1552 System memory - ok
065537.0029 1552 ================ Scan services =============================
065537.0294 1552 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci CWindowssystem32drivers1394ohci.sys
065537.0294 1552 1394ohci - ok
065537.0434 1552 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon CProgram Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe
065537.0450 1552 ACDaemon - ok
065537.0512 1552 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI CWindowssystem32driversACPI.sys
065537.0512 1552 ACPI - ok
065537.0621 1552 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi CWindowssystem32driversacpipmi.sys
065537.0621 1552 AcpiPmi - ok
065537.0653 1552 ACRUSBTM - ok
065537.0746 1552 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice CProgram Files (x86)Common FilesAdobeARM1.0armsvc.exe
065537.0746 1552 AdobeARMservice - ok
065537.0980 1552 [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc CWindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
065537.0996 1552 AdobeFlashPlayerUpdateSvc - ok
065538.0058 1552 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx CWindowssystem32driversadp94xx.sys
065538.0058 1552 adp94xx - ok
065538.0136 1552 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci CWindowssystem32driversadpahci.sys
065538.0136 1552 adpahci - ok
065538.0167 1552 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 CWindowssystem32driversadpu320.sys
065538.0167 1552 adpu320 - ok
065538.0199 1552 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc CWindowsSystem32aelupsvc.dll
065538.0214 1552 AeLookupSvc - ok
065538.0277 1552 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD CWindowssystem32driversafd.sys
065538.0292 1552 AFD - ok
065538.0339 1552 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 CWindowssystem32driversagp440.sys
065538.0339 1552 agp440 - ok
065538.0402 1552 [ 3290D6946B5E30E70414990574883DDB ] ALG CWindowsSystem32alg.exe
065538.0417 1552 ALG - ok
065538.0480 1552 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide CWindowssystem32driversaliide.sys
065538.0480 1552 aliide - ok
065538.0495 1552 [ 1FF8B4431C353CE385C875F194924C0C ] amdide CWindowssystem32driversamdide.sys
065538.0495 1552 amdide - ok
065538.0542 1552 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 CWindowssystem32driversamdk8.sys
065538.0542 1552 AmdK8 - ok
065538.0558 1552 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM CWindowssystem32driversamdppm.sys
065538.0573 1552 AmdPPM - ok
065538.0620 1552 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata CWindowssystem32driversamdsata.sys
065538.0636 1552 amdsata - ok
065538.0667 1552 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs CWindowssystem32driversamdsbs.sys
065538.0667 1552 amdsbs - ok
065538.0729 1552 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata CWindowssystem32driversamdxata.sys
065538.0729 1552 amdxata - ok
065538.0792 1552 [ 1661F9C9E4B0049FA0A5E30264375A87 ] ApfiltrService CWindowssystem32DRIVERSApfiltr.sys
065538.0792 1552 ApfiltrService - ok
065538.0854 1552 [ 89A69C3F2F319B43379399547526D952 ] AppID CWindowssystem32driversappid.sys
065538.0870 1552 AppID - ok
065538.0916 1552 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc CWindowsSystem32appidsvc.dll
065538.0916 1552 AppIDSvc - ok
065538.0979 1552 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo CWindowsSystem32appinfo.dll
065538.0979 1552 Appinfo - ok
065539.0072 1552 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device CProgram Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
065539.0072 1552 Apple Mobile Device - ok
065539.0135 1552 [ C484F8CEB1717C540242531DB7845C4E ] arc CWindowssystem32driversarc.sys
065539.0135 1552 arc - ok
065539.0150 1552 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas CWindowssystem32driversarcsas.sys
065539.0166 1552 arcsas - ok
065539.0213 1552 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter CWindowssystem32DRIVERSArcSoftKsUFilter.sys
065539.0213 1552 ArcSoftKsUFilter - ok
065539.0260 1552 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac CWindowssystem32DRIVERSasyncmac.sys
065539.0260 1552 AsyncMac - ok
065539.0306 1552 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi CWindowssystem32driversatapi.sys
065539.0306 1552 atapi - ok
065539.0431 1552 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr CWindowssystem32DRIVERSathrx.sys
065539.0447 1552 athr - ok
065539.0806 1552 [ 89A3D56CE4044F35B9D08DD37193BBFC ] atikmdag CWindowssystem32DRIVERSatikmdag.sys
065539.0962 1552 atikmdag - ok
065540.0086 1552 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder CWindowsSystem32Audiosrv.dll
065540.0102 1552 AudioEndpointBuilder - ok
065540.0118 1552 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv CWindowsSystem32Audiosrv.dll
065540.0118 1552 AudioSrv - ok
065540.0539 1552 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent CProgram Files (x86)AVGAVG2013avgidsagent.exe
065540.0679 1552 AVGIDSAgent - ok
065540.0757 1552 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver CWindowssystem32DRIVERSavgidsdrivera.sys
065540.0773 1552 AVGIDSDriver - ok
065540.0851 1552 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA CWindowssystem32DRIVERSavgidsha.sys
065540.0851 1552 AVGIDSHA - ok
065540.0929 1552 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 CWindowssystem32DRIVERSavgldx64.sys
065540.0929 1552 Avgldx64 - ok
065541.0007 1552 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga CWindowssystem32DRIVERSavgloga.sys
065541.0022 1552 Avgloga - ok
065541.0116 1552 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 CWindowssystem32DRIVERSavgmfx64.sys
065541.0116 1552 Avgmfx64 - ok
065541.0178 1552 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 CWindowssystem32DRIVERSavgrkx64.sys
065541.0178 1552 Avgrkx64 - ok
065541.0225 1552 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia CWindowssystem32DRIVERSavgtdia.sys
065541.0225 1552 Avgtdia - ok
065541.0272 1552 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd CProgram Files (x86)AVGAVG2013avgwdsvc.exe
065541.0272 1552 avgwd - ok
065541.0350 1552 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV CWindowsSystem32AxInstSV.dll
065541.0350 1552 AxInstSV - ok
065541.0381 1552 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv CWindowssystem32driversbxvbda.sys
065541.0397 1552 b06bdrv - ok
065541.0428 1552 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a CWindowssystem32DRIVERSb57nd60a.sys
065541.0428 1552 b57nd60a - ok
065541.0490 1552 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC CWindowsSystem32bdesvc.dll
065541.0490 1552 BDESVC - ok
065541.0506 1552 [ 16A47CE2DECC9B099349A5F840654746 ] Beep CWindowssystem32driversBeep.sys
065541.0506 1552 Beep - ok
065541.0600 1552 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE CWindowsSystem32bfe.dll
065541.0615 1552 BFE - ok
065541.0709 1552 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS CWindowssystem32qmgr.dll
065541.0724 1552 BITS - ok
065541.0756 1552 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive CWindowssystem32driversblbdrive.sys
065541.0756 1552 blbdrive - ok
065541.0834 1552 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service CProgram FilesBonjourmDNSResponder.exe
065541.0834 1552 Bonjour Service - ok
065541.0880 1552 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser CWindowssystem32DRIVERSbowser.sys
065541.0896 1552 bowser - ok
065541.0927 1552 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo CWindowssystem32driversBrFiltLo.sys
065541.0927 1552 BrFiltLo - ok
065541.0927 1552 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp CWindowssystem32driversBrFiltUp.sys
065541.0943 1552 BrFiltUp - ok
065541.0974 1552 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP CWindowssystem32DRIVERSbridge.sys
065541.0990 1552 BridgeMP - ok
065542.0021 1552 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser CWindowsSystem32browser.dll
065542.0021 1552 Browser - ok
065542.0052 1552 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid CWindowsSystem32DriversBrserid.sys
065542.0052 1552 Brserid - ok
065542.0083 1552 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm CWindowsSystem32DriversBrSerWdm.sys
065542.0083 1552 BrSerWdm - ok
065542.0114 1552 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm CWindowsSystem32DriversBrUsbMdm.sys
065542.0114 1552 BrUsbMdm - ok
065542.0130 1552 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer CWindowsSystem32DriversBrUsbSer.sys
065542.0130 1552 BrUsbSer - ok
065542.0208 1552 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum CWindowssystem32driversBthEnum.sys
065542.0208 1552 BthEnum - ok
065542.0239 1552 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM CWindowssystem32driversbthmodem.sys
065542.0239 1552 BTHMODEM - ok
065542.0286 1552 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan CWindowssystem32DRIVERSbthpan.sys
065542.0286 1552 BthPan - ok
065542.0348 1552 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT CWindowsSystem32DriversBTHport.sys
065542.0364 1552 BTHPORT - ok
065542.0426 1552 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv CWindowssystem32bthserv.dll
065542.0426 1552 bthserv - ok
065542.0489 1552 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB CWindowsSystem32DriversBTHUSB.sys
065542.0536 1552 BTHUSB - ok
065542.0582 1552 [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt CWindowssystem32driversbtusbflt.sys
065542.0582 1552 btusbflt - ok
065542.0614 1552 [ 4BDBDB86ABBA924E029FB2683BE7C505 ] btwaudio CWindowssystem32driversbtwaudio.sys
065542.0629 1552 btwaudio - ok
065542.0645 1552 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt CWindowssystem32driversbtwavdt.sys
065542.0645 1552 btwavdt - ok
065542.0770 1552 [ 31DA517946FFE416442E864592548F8A ] btwdins CProgram FilesWIDCOMMBluetooth Softwarebtwdins.exe
065542.0785 1552 btwdins - ok
065542.0785 1552 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap CWindowssystem32DRIVERSbtwl2cap.sys
065542.0801 1552 btwl2cap - ok
065542.0816 1552 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid CWindowssystem32DRIVERSbtwrchid.sys
065542.0816 1552 btwrchid - ok
065542.0863 1552 catchme - ok
065542.0910 1552 [ B8BD2BB284668C84865658C77574381A ] cdfs CWindowssystem32DRIVERScdfs.sys
065542.0910 1552 cdfs - ok
065542.0972 1552 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom CWindowssystem32DRIVERScdrom.sys
065542.0972 1552 cdrom - ok
065543.0035 1552 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc CWindowsSystem32certprop.dll
065543.0050 1552 CertPropSvc - ok
065543.0082 1552 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass CWindowssystem32driverscirclass.sys
065543.0082 1552 circlass - ok
065543.0128 1552 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS CWindowssystem32CLFS.sys
065543.0144 1552 CLFS - ok
065543.0238 1552 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 CWindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe
065543.0253 1552 clr_optimization_v2.0.50727_32 - ok
065543.0284 1552 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 CWindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe
065543.0284 1552 clr_optimization_v2.0.50727_64 - ok
065543.0394 1552 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 CWindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe
065543.0394 1552 clr_optimization_v4.0.30319_32 - ok
065543.0472 1552 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 CWindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe
065543.0472 1552 clr_optimization_v4.0.30319_64 - ok
065543.0503 1552 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt CWindowssystem32driversCmBatt.sys
065543.0518 1552 CmBatt - ok
065543.0534 1552 [ E19D3F095812725D88F9001985B94EDD ] cmdide CWindowssystem32driverscmdide.sys
065543.0534 1552 cmdide - ok
065543.0628 1552 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG CWindowssystem32Driverscng.sys
065543.0643 1552 CNG - ok
065543.0674 1552 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt CWindowssystem32driverscompbatt.sys
065543.0674 1552 Compbatt - ok
065543.0752 1552 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus CWindowssystem32driversCompositeBus.sys
065543.0752 1552 CompositeBus - ok
065543.0768 1552 COMSysApp - ok
065543.0830 1552 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk CWindowssystem32driverscrcdisk.sys
065543.0830 1552 crcdisk - ok
065543.0893 1552 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc CWindowssystem32cryptsvc.dll
065543.0893 1552 CryptSvc - ok
065543.0955 1552 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA CWindowssystem32DRIVERSCVirtA64.sys
065543.0971 1552 CVirtA - ok
065544.0033 1552 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch CWindowssystem32rpcss.dll
065544.0049 1552 DcomLaunch - ok
065544.0111 1552 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc CWindowsSystem32defragsvc.dll
065544.0111 1552 defragsvc - ok
065544.0142 1552 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC CWindowssystem32Driversdfsc.sys
065544.0158 1552 DfsC - ok
065544.0220 1552 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp CWindowssystem32dhcpcore.dll
065544.0220 1552 Dhcp - ok
065544.0252 1552 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache CWindowssystem32driversdiscache.sys
065544.0267 1552 discache - ok
065544.0314 1552 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk CWindowssystem32driversdisk.sys
065544.0314 1552 Disk - ok
065544.0361 1552 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE CWindowssystem32DRIVERSdne64x.sys
065544.0376 1552 DNE - ok
065544.0439 1552 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache CWindowsSystem32dnsrslvr.dll
065544.0439 1552 Dnscache - ok
065544.0486 1552 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc CWindowsSystem32dot3svc.dll
065544.0501 1552 dot3svc - ok
065544.0517 1552 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS CWindowssystem32dps.dll
065544.0532 1552 DPS - ok
065544.0564 1552 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud CWindowssystem32driversdrmkaud.sys
065544.0579 1552 drmkaud - ok
065544.0626 1552 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl CWindowsSystem32driversdxgkrnl.sys
065544.0642 1552 DXGKrnl - ok
065544.0688 1552 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost CWindowsSystem32eapsvc.dll
065544.0688 1552 EapHost - ok
065544.0860 1552 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv CWindowssystem32driversevbda.sys
065544.0938 1552 ebdrv - ok
065545.0000 1552 [ C118A82CD78818C29AB228366EBF81C3 ] EFS CWindowsSystem32lsass.exe
065545.0016 1552 EFS - ok
065545.0094 1552 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr CWindowsehomeehRecvr.exe
065545.0110 1552 ehRecvr - ok
065545.0156 1552 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched CWindowsehomeehsched.exe
065545.0156 1552 ehSched - ok
065545.0203 1552 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor CWindowssystem32driverselxstor.sys
065545.0219 1552 elxstor - ok
065545.0219 1552 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev CWindowssystem32driverserrdev.sys
065545.0219 1552 ErrDev - ok
065545.0281 1552 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem CWindowssystem32es.dll
065545.0281 1552 EventSystem - ok
065545.0312 1552 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat CWindowssystem32driversexfat.sys
065545.0312 1552 exfat - ok
065545.0328 1552 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat CWindowssystem32driversfastfat.sys
065545.0328 1552 fastfat - ok
065545.0390 1552 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax CWindowssystem32fxssvc.exe
065545.0406 1552 Fax - ok
065545.0453 1552 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc CWindowssystem32driversfdc.sys
065545.0453 1552 fdc - ok
065545.0484 1552 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost CWindowssystem32fdPHost.dll
065545.0484 1552 fdPHost - ok
065545.0484 1552 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub CWindowssystem32fdrespub.dll
065545.0500 1552 FDResPub - ok
065545.0531 1552 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo CWindowssystem32driversfileinfo.sys
065545.0531 1552 FileInfo - ok
065545.0546 1552 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace CWindowssystem32driversfiletrace.sys
065545.0546 1552 Filetrace - ok
065545.0593 1552 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk CWindowssystem32driversflpydisk.sys
065545.0593 1552 flpydisk - ok
065545.0624 1552 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr CWindowssystem32driversfltmgr.sys
065545.0640 1552 FltMgr - ok
065545.0734 1552 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache CWindowssystem32FntCache.dll
065545.0749 1552 FontCache - ok
065545.0812 1552 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 CWindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe
065545.0812 1552 FontCache3.0.0.0 - ok
065545.0843 1552 [ D43703496149971890703B4B1B723EAC ] FsDepends CWindowssystem32driversFsDepends.sys
065545.0858 1552 FsDepends - ok
065545.0921 1552 [ 53DAB1791917A72738539AD25C4EED7F ] fssfltr CWindowssystem32DRIVERSfssfltr.sys
065545.0921 1552 fssfltr - ok
065545.0999 1552 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc CProgram Files (x86)Windows LiveFamily Safetyfsssvc.exe
065546.0014 1552 fsssvc - ok
065546.0061 1552 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec CWindowssystem32driversFs_Rec.sys
065546.0061 1552 Fs_Rec - ok
065546.0108 1552 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol CWindowssystem32DRIVERSfvevol.sys
065546.0108 1552 fvevol - ok
065546.0155 1552 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx CWindowssystem32driversgagp30kx.sys
065546.0155 1552 gagp30kx - ok
065546.0202 1552 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM CWindowssystem32DRIVERSGEARAspiWDM.sys
065546.0217 1552 GEARAspiWDM - ok
065546.0264 1552 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc CWindowsSystem32gpsvc.dll
065546.0280 1552 gpsvc - ok
065546.0373 1552 [ F02A533F517EB38333CB12A9E8963773 ] gupdate CProgram Files (x86)GoogleUpdateGoogleUpdate.exe
065546.0373 1552 gupdate - ok
065546.0389 1552 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem CProgram Files (x86)GoogleUpdateGoogleUpdate.exe
065546.0389 1552 gupdatem - ok
065546.0420 1552 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir CWindowssystem32drivershcw85cir.sys
065546.0420 1552 hcw85cir - ok
065546.0498 1552 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService CWindowssystem32driversHdAudio.sys
065546.0514 1552 HdAudAddService - ok
065546.0545 1552 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus CWindowssystem32driversHDAudBus.sys
065546.0545 1552 HDAudBus - ok
065546.0592 1552 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 CWindowssystem32driversHECIx64.sys
065546.0592 1552 HECIx64 - ok
065546.0607 1552 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt CWindowssystem32driversHidBatt.sys
065546.0607 1552 HidBatt - ok
065546.0638 1552 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth CWindowssystem32drivershidbth.sys
065546.0638 1552 HidBth - ok
065546.0685 1552 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr CWindowssystem32drivershidir.sys
065546.0685 1552 HidIr - ok
065546.0716 1552 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv CWindowsSystem32hidserv.dll
065546.0716 1552 hidserv - ok
065546.0779 1552 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb CWindowssystem32drivershidusb.sys
065546.0779 1552 HidUsb - ok
065546.0826 1552 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc CWindowssystem32kmsvc.dll
065546.0841 1552 hkmsvc - ok
065546.0888 1552 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener CWindowssystem32ListSvc.dll
065546.0888 1552 HomeGroupListener - ok
065546.0919 1552 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider CWindowssystem32provsvc.dll
065546.0935 1552 HomeGroupProvider - ok
065546.0982 1552 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD CWindowssystem32driversHpSAMD.sys
065546.0982 1552 HpSAMD - ok
065547.0044 1552 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP CWindowssystem32driversHTTP.sys
065547.0060 1552 HTTP - ok
065547.0122 1552 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy CWindowssystem32drivershwpolicy.sys
065547.0122 1552 hwpolicy - ok
065547.0184 1552 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt CWindowssystem32driversi8042prt.sys
065547.0184 1552 i8042prt - ok
065547.0216 1552 [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor CWindowssystem32driversiaStor.sys
065547.0216 1552 iaStor - ok
065547.0294 1552 [ CC800D2D9FD467542BAC7C186C4774AD ] IAStorDataMgrSvc CProgram Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
065547.0294 1552 IAStorDataMgrSvc - ok
065547.0356 1552 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV CWindowssystem32driversiaStorV.sys
065547.0356 1552 iaStorV - ok
065547.0465 1552 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc CWindowsMicrosoft.NETFramework64v3.0Windows Communication Foundationinfocard.exe
065547.0481 1552 idsvc - ok
065547.0777 1552 [ 31D1AFF484D8A0906CF8D44251EC390F ] igfx CWindowssystem32DRIVERSigdkmd64.sys
065547.0933 1552 igfx - ok
065547.0964 1552 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp CWindowssystem32driversiirsp.sys
065547.0980 1552 iirsp - ok
065548.0027 1552 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT CWindowsSystem32ikeext.dll
065548.0042 1552 IKEEXT - ok
065548.0089 1552 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd CWindowssystem32driversImpcd.sys
065548.0105 1552 Impcd - ok
065548.0198 1552 [ 0F144E5F46CB9043004B5E84AA4BCA6A ] IntcAzAudAddService CWindowssystem32driversRTKVHD64.sys
065548.0230 1552 IntcAzAudAddService - ok
065548.0261 1552 [ 408B401CD7CDB075C7470B0FF7BA8D0B ] IntcDAud CWindowssystem32DRIVERSIntcDAud.sys
065548.0261 1552 IntcDAud - ok
065548.0308 1552 [ F00F20E70C6EC3AA366910083A0518AA ] intelide CWindowssystem32driversintelide.sys
065548.0308 1552 intelide - ok
065548.0401 1552 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm CWindowssystem32DRIVERSintelppm.sys
065548.0401 1552 intelppm - ok
065548.0432 1552 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum CWindowssystem32ipbusenum.dll
065548.0432 1552 IPBusEnum - ok
065548.0479 1552 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver CWindowssystem32DRIVERSipfltdrv.sys
065548.0479 1552 IpFilterDriver - ok
065548.0557 1552 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc CWindowsSystem32iphlpsvc.dll
065548.0573 1552 iphlpsvc - ok
065548.0635 1552 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV CWindowssystem32driversIPMIDrv.sys
065548.0635 1552 IPMIDRV - ok
065548.0666 1552 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT CWindowssystem32driversipnat.sys
065548.0666 1552 IPNAT - ok
065548.0760 1552 [ B474C756C13960793C7583B766F904C4 ] iPod Service CProgram FilesiPodbiniPodService.exe
065548.0776 1552 iPod Service - ok
065548.0807 1552 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM CWindowssystem32driversirenum.sys
065548.0807 1552 IRENUM - ok
065548.0854 1552 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp CWindowssystem32driversisapnp.sys
065548.0854 1552 isapnp - ok
065548.0900 1552 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt CWindowssystem32driversmsiscsi.sys
065548.0900 1552 iScsiPrt - ok
065548.0932 1552 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass CWindowssystem32driverskbdclass.sys
065548.0932 1552 kbdclass - ok
065548.0978 1552 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid CWindowssystem32driverskbdhid.sys
065548.0978 1552 kbdhid - ok
065548.0994 1552 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso CWindowssystem32lsass.exe
065548.0994 1552 KeyIso - ok
065549.0041 1552 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD CWindowssystem32Driversksecdd.sys
065549.0041 1552 KSecDD - ok
065549.0103 1552 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg CWindowssystem32Driversksecpkg.sys
065549.0119 1552 KSecPkg - ok
065549.0134 1552 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk CWindowssystem32driversksthunk.sys
065549.0134 1552 ksthunk - ok
065549.0197 1552 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm CWindowssystem32msdtckrm.dll
065549.0212 1552 KtmRm - ok
065549.0275 1552 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer CWindowsSystem32srvsvc.dll
065549.0275 1552 LanmanServer - ok
065549.0322 1552 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation CWindowsSystem32wkssvc.dll
065549.0337 1552 LanmanWorkstation - ok
065549.0368 1552 [ 1538831CF8AD2979A04C423779465827 ] lltdio CWindowssystem32DRIVERSlltdio.sys
065549.0368 1552 lltdio - ok
065549.0415 1552 [ C1185803384AB3FEED115F79F109427F ] lltdsvc CWindowsSystem32lltdsvc.dll
065549.0415 1552 lltdsvc - ok
065549.0431 1552 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts CWindowsSystem32lmhsvc.dll
065549.0431 1552 lmhosts - ok
065549.0493 1552 [ 5460828F8951D310B42B442877603B8D ] LMS CProgram Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
065549.0493 1552 LMS - ok
065549.0556 1552 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC CWindowssystem32driverslsi_fc.sys
065549.0556 1552 LSI_FC - ok
065549.0587 1552 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS CWindowssystem32driverslsi_sas.sys
065549.0587 1552 LSI_SAS - ok
065549.0602 1552 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 CWindowssystem32driverslsi_sas2.sys
065549.0602 1552 LSI_SAS2 - ok
065549.0634 1552 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI CWindowssystem32driverslsi_scsi.sys
065549.0634 1552 LSI_SCSI - ok
065549.0680 1552 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv CWindowssystem32driversluafv.sys
065549.0680 1552 luafv - ok
065549.0727 1552 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc CWindowssystem32Mcx2Svc.dll
065549.0743 1552 Mcx2Svc - ok
065549.0758 1552 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas CWindowssystem32driversmegasas.sys
065549.0774 1552 megasas - ok
065549.0805 1552 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR CWindowssystem32driversMegaSR.sys
065549.0805 1552 MegaSR - ok
065549.0852 1552 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS CWindowssystem32mmcss.dll
065549.0868 1552 MMCSS - ok
065549.0992 1552 [ 24CFF4697702785872313159EC2434A2 ] Mobile Broadband HL Service CProgramDataMobileBrServmbbservice.exe
065549.0992 1552 Mobile Broadband HL Service - ok
065550.0039 1552 [ 800BA92F7010378B09F9ED9270F07137 ] Modem CWindowssystem32driversmodem.sys
065550.0039 1552 Modem - ok
065550.0055 1552 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor CWindowssystem32DRIVERSmonitor.sys
065550.0055 1552 monitor - ok
065550.0086 1552 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass CWindowssystem32driversmouclass.sys
065550.0086 1552 mouclass - ok
065550.0133 1552 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid CWindowssystem32DRIVERSmouhid.sys
065550.0133 1552 mouhid - ok
065550.0164 1552 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr CWindowssystem32driversmountmgr.sys
065550.0180 1552 mountmgr - ok
065550.0258 1552 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance CProgram Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
065550.0289 1552 MozillaMaintenance - ok
065550.0304 1552 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio CWindowssystem32driversmpio.sys
065550.0304 1552 mpio - ok
065550.0336 1552 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv CWindowssystem32driversmpsdrv.sys
065550.0351 1552 mpsdrv - ok
065550.0445 1552 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc CWindowssystem32mpssvc.dll
065550.0460 1552 MpsSvc - ok
065550.0476 1552 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV CWindowssystem32driversmrxdav.sys
065550.0476 1552 MRxDAV - ok
065550.0523 1552 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb CWindowssystem32DRIVERSmrxsmb.sys
065550.0523 1552 mrxsmb - ok
065550.0570 1552 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 CWindowssystem32DRIVERSmrxsmb10.sys
065550.0585 1552 mrxsmb10 - ok
065550.0632 1552 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 CWindowssystem32DRIVERSmrxsmb20.sys
065550.0632 1552 mrxsmb20 - ok
065550.0679 1552 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci CWindowssystem32driversmsahci.sys
065550.0679 1552 msahci - ok
065550.0741 1552 [ DB801A638D011B9633829EB6F663C900 ] msdsm CWindowssystem32driversmsdsm.sys
065550.0757 1552 msdsm - ok
065550.0772 1552 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC CWindowsSystem32msdtc.exe
065550.0772 1552 MSDTC - ok
065550.0819 1552 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs CWindowssystem32driversMsfs.sys
065550.0819 1552 Msfs - ok
065550.0850 1552 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf CWindowsSystem32driversmshidkmdf.sys
065550.0850 1552 mshidkmdf - ok
065550.0897 1552 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv CWindowssystem32driversmsisadrv.sys
065550.0897 1552 msisadrv - ok
065550.0928 1552 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI CWindowssystem32iscsiexe.dll
065550.0944 1552 MSiSCSI - ok
065550.0944 1552 msiserver - ok
065550.0975 1552 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV CWindowssystem32driversMSKSSRV.sys
065550.0975 1552 MSKSSRV - ok
065550.0991 1552 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK CWindowssystem32driversMSPCLOCK.sys
065551.0006 1552 MSPCLOCK - ok
065551.0022 1552 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM CWindowssystem32driversMSPQM.sys
065551.0038 1552 MSPQM - ok
065551.0084 1552 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC CWindowssystem32driversMsRPC.sys
065551.0084 1552 MsRPC - ok
065551.0131 1552 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios CWindowssystem32driversmssmbios.sys
065551.0131 1552 mssmbios - ok
065551.0162 1552 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE CWindowssystem32driversMSTEE.sys
065551.0178 1552 MSTEE - ok
065551.0194 1552 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig CWindowssystem32driversMTConfig.sys
065551.0194 1552 MTConfig - ok
065551.0209 1552 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup CWindowssystem32Driversmup.sys
065551.0209 1552 Mup - ok
065551.0256 1552 [ 582AC6D9873E31DFA28A4547270862DD ] napagent CWindowssystem32qagentRT.dll
065551.0256 1552 napagent - ok
065551.0287 1552 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP CWindowssystem32DRIVERSnwifi.sys
065551.0303 1552 NativeWifiP - ok
065551.0365 1552 [ 760E38053BF56E501D562B70AD796B88 ] NDIS CWindowssystem32driversndis.sys
065551.0365 1552 NDIS - ok
065551.0396 1552 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap CWindowssystem32DRIVERSndiscap.sys
065551.0412 1552 NdisCap - ok
065551.0428 1552 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi CWindowssystem32DRIVERSndistapi.sys
065551.0428 1552 NdisTapi - ok
065551.0490 1552 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio CWindowssystem32DRIVERSndisuio.sys
065551.0490 1552 Ndisuio - ok
065551.0537 1552 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan CWindowssystem32DRIVERSndiswan.sys
065551.0537 1552 NdisWan - ok
065551.0584 1552 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy CWindowssystem32driversNDProxy.sys
065551.0599 1552 NDProxy - ok
065551.0646 1552 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS CWindowssystem32DRIVERSnetbios.sys
065551.0646 1552 NetBIOS - ok
065551.0693 1552 [ 09594D1089C523423B32A4229263F068 ] NetBT CWindowssystem32DRIVERSnetbt.sys
065551.0693 1552 NetBT - ok
065551.0724 1552 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon CWindowssystem32lsass.exe
065551.0740 1552 Netlogon - ok
065551.0771 1552 [ 847D3AE376C0817161A14A82C8922A9E ] Netman CWindowsSystem32netman.dll
065551.0771 1552 Netman - ok
065551.0786 1552 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm CWindowsSystem32netprofm.dll
065551.0802 1552 netprofm - ok
065551.0818 1552 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing CWindowsMicrosoft.NETFramework64v3.0Windows Communication FoundationSMSvcHost.exe
065551.0818 1552 NetTcpPortSharing - ok
065551.0864 1552 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 CWindowssystem32driversnfrd960.sys
065551.0864 1552 nfrd960 - ok
065551.0927 1552 [ 8AD77806D336673F270DB31645267293 ] NlaSvc CWindowsSystem32nlasvc.dll
065551.0942 1552 NlaSvc - ok
065551.0974 1552 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs CWindowssystem32driversNpfs.sys
065551.0974 1552 Npfs - ok

Bergamot · Feb 15, 2013

the rest of the TDDSKiller log....

065552.0005 1552 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi CWindowssystem32nsisvc.dll
065552.0005 1552 nsi - ok
065552.0005 1552 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy CWindowssystem32driversnsiproxy.sys
065552.0020 1552 nsiproxy - ok
065552.0083 1552 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs CWindowssystem32driversNtfs.sys
065552.0114 1552 Ntfs - ok
065552.0145 1552 [ 9899284589F75FA8724FF3D16AED75C1 ] Null CWindowssystem32driversNull.sys
065552.0145 1552 Null - ok
065552.0192 1552 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid CWindowssystem32driversnvraid.sys
065552.0192 1552 nvraid - ok
065552.0223 1552 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor CWindowssystem32driversnvstor.sys
065552.0223 1552 nvstor - ok
065552.0270 1552 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp CWindowssystem32driversnv_agp.sys
065552.0270 1552 nv_agp - ok
065552.0426 1552 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv CProgram Files (x86)Common FilesMicrosoft SharedOFFICE12ODSERV.EXE
065552.0442 1552 odserv - ok
065552.0488 1552 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 CWindowssystem32driversohci1394.sys
065552.0488 1552 ohci1394 - ok
065552.0566 1552 [ 27FBB64E75B928C4235CCC0513E7D5F4 ] OneTouch 4.0 Monitor CProgram FilesVisioneerOneTouch 4.0OtService.exe
065552.0566 1552 OneTouch 4.0 Monitor - ok
065552.0598 1552 [ 5A432A042DAE460ABE7199B758E8606C ] ose CProgram Files (x86)Common FilesMicrosoft SharedSource EngineOSE.EXE
065552.0598 1552 ose - ok
065552.0660 1552 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc CWindowssystem32pnrpsvc.dll
065552.0676 1552 p2pimsvc - ok
065552.0691 1552 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc CWindowssystem32p2psvc.dll
065552.0707 1552 p2psvc - ok
065552.0722 1552 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport CWindowssystem32driversparport.sys
065552.0722 1552 Parport - ok
065552.0754 1552 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr CWindowssystem32driverspartmgr.sys
065552.0754 1552 partmgr - ok
065552.0800 1552 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc CWindowsSystem32pcasvc.dll
065552.0800 1552 PcaSvc - ok
065552.0847 1552 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci CWindowssystem32driverspci.sys
065552.0847 1552 pci - ok
065552.0910 1552 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide CWindowssystem32driverspciide.sys
065552.0910 1552 pciide - ok
065552.0956 1552 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia CWindowssystem32driverspcmcia.sys
065552.0956 1552 pcmcia - ok
065552.0972 1552 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw CWindowssystem32driverspcw.sys
065552.0972 1552 pcw - ok
065553.0003 1552 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH CWindowssystem32driverspeauth.sys
065553.0019 1552 PEAUTH - ok
065553.0097 1552 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost CWindowsSysWow64perfhost.exe
065553.0112 1552 PerfHost - ok
065553.0175 1552 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla CWindowssystem32pla.dll
065553.0206 1552 pla - ok
065553.0253 1552 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay CWindowssystem32umpnpmgr.dll
065553.0253 1552 PlugPlay - ok
065553.0362 1552 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider CProgram Files (x86)SonyPMBPMBDeviceInfoProvider.exe
065553.0378 1552 PMBDeviceInfoProvider - ok
065553.0378 1552 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg CWindowssystem32pnrpauto.dll
065553.0393 1552 PNRPAutoReg - ok
065553.0409 1552 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc CWindowssystem32pnrpsvc.dll
065553.0409 1552 PNRPsvc - ok
065553.0471 1552 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent CWindowsSystem32ipsecsvc.dll
065553.0471 1552 PolicyAgent - ok
065553.0534 1552 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power CWindowssystem32umpo.dll
065553.0534 1552 Power - ok
065553.0596 1552 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport CWindowssystem32DRIVERSraspptp.sys
065553.0596 1552 PptpMiniport - ok
065553.0627 1552 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor CWindowssystem32driversprocessr.sys
065553.0627 1552 Processor - ok
065553.0674 1552 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc CWindowssystem32profsvc.dll
065553.0690 1552 ProfSvc - ok
065553.0721 1552 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage CWindowssystem32lsass.exe
065553.0721 1552 ProtectedStorage - ok
065553.0768 1552 [ 0557CF5A2556BD58E26384169D72438D ] Psched CWindowssystem32DRIVERSpacer.sys
065553.0768 1552 Psched - ok
065553.0799 1552 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 CWindowssystem32DriversPxHlpa64.sys
065553.0799 1552 PxHlpa64 - ok
065553.0846 1552 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 CWindowssystem32driversql2300.sys
065553.0861 1552 ql2300 - ok
065553.0908 1552 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx CWindowssystem32driversql40xx.sys
065553.0908 1552 ql40xx - ok
065553.0939 1552 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE CWindowssystem32qwave.dll
065553.0955 1552 QWAVE - ok
065553.0970 1552 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv CWindowssystem32driversqwavedrv.sys
065553.0970 1552 QWAVEdrv - ok
065554.0002 1552 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd CWindowssystem32DRIVERSrasacd.sys
065554.0002 1552 RasAcd - ok
065554.0033 1552 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn CWindowssystem32DRIVERSAgileVpn.sys
065554.0033 1552 RasAgileVpn - ok
065554.0064 1552 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto CWindowsSystem32rasauto.dll
065554.0064 1552 RasAuto - ok
065554.0111 1552 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp CWindowssystem32DRIVERSrasl2tp.sys
065554.0111 1552 Rasl2tp - ok
065554.0204 1552 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan CWindowsSystem32rasmans.dll
065554.0220 1552 RasMan - ok
065554.0251 1552 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe CWindowssystem32DRIVERSraspppoe.sys
065554.0251 1552 RasPppoe - ok
065554.0267 1552 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp CWindowssystem32DRIVERSrassstp.sys
065554.0267 1552 RasSstp - ok
065554.0314 1552 [ 77F665941019A1594D887A74F301FA2F ] rdbss CWindowssystem32DRIVERSrdbss.sys
065554.0314 1552 rdbss - ok
065554.0345 1552 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus CWindowssystem32driversrdpbus.sys
065554.0345 1552 rdpbus - ok
065554.0376 1552 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD CWindowssystem32DRIVERSRDPCDD.sys
065554.0376 1552 RDPCDD - ok
065554.0392 1552 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD CWindowssystem32driversrdpencdd.sys
065554.0392 1552 RDPENCDD - ok
065554.0407 1552 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP CWindowssystem32driversrdprefmp.sys
065554.0407 1552 RDPREFMP - ok
065554.0454 1552 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD CWindowssystem32driversRDPWD.sys
065554.0454 1552 RDPWD - ok
065554.0532 1552 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost CWindowssystem32driversrdyboost.sys
065554.0532 1552 rdyboost - ok
065554.0579 1552 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess CWindowsSystem32mprdim.dll
065554.0579 1552 RemoteAccess - ok
065554.0610 1552 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry CWindowssystem32regsvc.dll
065554.0610 1552 RemoteRegistry - ok
065554.0641 1552 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM CWindowssystem32DRIVERSrfcomm.sys
065554.0641 1552 RFCOMM - ok
065554.0688 1552 [ 5CA4ABD888B602551B59BAA26941C167 ] rimspci CWindowssystem32driversrimssne64.sys
065554.0688 1552 rimspci - ok
065554.0735 1552 [ AD42432D22940B4215177BE113E4919C ] RimUsb CWindowssystem32DriversRimUsb_AMD64.sys
065554.0750 1552 RimUsb - ok
065554.0782 1552 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort CWindowssystem32DRIVERSRimSerial_AMD64.sys
065554.0797 1552 RimVSerPort - ok
065554.0828 1552 [ BB6E138AEB351728959DA5E2731D8140 ] risdsnpe CWindowssystem32driversrisdsne64.sys
065554.0828 1552 risdsnpe - ok
065554.0875 1552 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM CWindowssystem32DriversRootMdm.sys
065554.0875 1552 ROOTMODEM - ok
065554.0922 1552 [ D151224BC11078895A60FA970728FF59 ] Roxio UPnP Renderer 10 CProgram Files (x86)RoxioDigital Home 10RoxioUPnPRenderer10.exe
065554.0938 1552 Roxio UPnP Renderer 10 - ok
065554.0953 1552 [ 5022A927944878BD750960BD21E751AF ] Roxio Upnp Server 10 CProgram Files (x86)RoxioDigital Home 10RoxioUpnpService10.exe
065554.0969 1552 Roxio Upnp Server 10 - ok
065555.0000 1552 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper CWindowsSystem32RpcEpMap.dll
065555.0000 1552 RpcEptMapper - ok
065555.0047 1552 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator CWindowssystem32locator.exe
065555.0047 1552 RpcLocator - ok
065555.0109 1552 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs CWindowssystem32rpcss.dll
065555.0109 1552 RpcSs - ok
065555.0156 1552 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr CWindowssystem32DRIVERSrspndr.sys
065555.0156 1552 rspndr - ok
065555.0203 1552 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs CWindowssystem32lsass.exe
065555.0203 1552 SamSs - ok
065555.0250 1552 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port CWindowssystem32driverssbp2port.sys
065555.0250 1552 sbp2port - ok
065555.0281 1552 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr CWindowsSystem32SCardSvr.dll
065555.0281 1552 SCardSvr - ok
065555.0328 1552 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter CWindowssystem32DRIVERSscfilter.sys
065555.0328 1552 scfilter - ok
065555.0406 1552 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule CWindowssystem32schedsvc.dll
065555.0421 1552 Schedule - ok
065555.0468 1552 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc CWindowsSystem32certprop.dll
065555.0468 1552 SCPolicySvc - ok
065555.0530 1552 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus CWindowssystem32driverssdbus.sys
065555.0530 1552 sdbus - ok
065555.0577 1552 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC CWindowsSystem32SDRSVC.dll
065555.0577 1552 SDRSVC - ok
065555.0640 1552 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv CWindowssystem32driverssecdrv.sys
065555.0640 1552 secdrv - ok
065555.0686 1552 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon CWindowssystem32seclogon.dll
065555.0686 1552 seclogon - ok
065555.0718 1552 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS CWindowssystem32sens.dll
065555.0718 1552 SENS - ok
065555.0749 1552 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc CWindowssystem32sensrsvc.dll
065555.0749 1552 SensrSvc - ok
065555.0780 1552 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum CWindowssystem32driversserenum.sys
065555.0796 1552 Serenum - ok
065555.0827 1552 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial CWindowssystem32driversserial.sys
065555.0827 1552 Serial - ok
065555.0874 1552 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse CWindowssystem32driverssermouse.sys
065555.0889 1552 sermouse - ok
065555.0952 1552 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv CWindowssystem32sessenv.dll
065555.0952 1552 SessionEnv - ok
065555.0998 1552 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP CWindowssystem32driversSFEP.sys
065555.0998 1552 SFEP - ok
065556.0061 1552 [ A554811BCD09279536440C964AE35BBF ] sffdisk CWindowssystem32driverssffdisk.sys
065556.0061 1552 sffdisk - ok
065556.0076 1552 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc CWindowssystem32driverssffp_mmc.sys
065556.0076 1552 sffp_mmc - ok
065556.0092 1552 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd CWindowssystem32driverssffp_sd.sys
065556.0092 1552 sffp_sd - ok
065556.0123 1552 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy CWindowssystem32driverssfloppy.sys
065556.0123 1552 sfloppy - ok
065556.0201 1552 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess CWindowsSystem32ipnathlp.dll
065556.0217 1552 SharedAccess - ok
065556.0264 1552 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection CWindowsSystem32shsvcs.dll
065556.0264 1552 ShellHWDetection - ok
065556.0295 1552 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 CWindowssystem32driversSiSRaid2.sys
065556.0295 1552 SiSRaid2 - ok
065556.0326 1552 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 CWindowssystem32driverssisraid4.sys
065556.0326 1552 SiSRaid4 - ok
065556.0404 1552 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate CProgram Files (x86)SkypeUpdaterUpdater.exe
065556.0404 1552 SkypeUpdate - ok
065556.0420 1552 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb CWindowssystem32DRIVERSsmb.sys
065556.0420 1552 Smb - ok
065556.0466 1552 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP CWindowsSystem32snmptrap.exe
065556.0466 1552 SNMPTRAP - ok
065556.0513 1552 [ 98886C88A1CB13D61672AE2C638B7E1C ] SOHCImp CProgram Files (x86)Common FilesSony SharedSOHLibSOHCImp.exe
065556.0529 1552 SOHCImp - ok
065556.0529 1552 [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr CProgram Files (x86)Common FilesSony SharedSOHLibSOHDBSvr.exe
065556.0544 1552 SOHDBSvr - ok
065556.0560 1552 [ 556681BE668D71DC162391A45422B52C ] SOHDms CProgram Files (x86)Common FilesSony SharedSOHLibSOHDms.exe
065556.0576 1552 SOHDms - ok
065556.0576 1552 [ 72B46103E4111439109ACF5882627C24 ] SOHDs CProgram Files (x86)Common FilesSony SharedSOHLibSOHDs.exe
065556.0576 1552 SOHDs - ok
065556.0607 1552 [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr CProgram Files (x86)Common FilesSony SharedSOHLibSOHPlMgr.exe
065556.0607 1552 SOHPlMgr - ok
065556.0638 1552 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr CWindowssystem32driversspldr.sys
065556.0638 1552 spldr - ok
065556.0685 1552 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler CWindowsSystem32spoolsv.exe
065556.0700 1552 Spooler - ok
065556.0810 1552 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc CWindowssystem32sppsvc.exe
065556.0856 1552 sppsvc - ok
065556.0888 1552 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify CWindowssystem32sppuinotify.dll
065556.0888 1552 sppuinotify - ok
065556.0919 1552 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv CWindowssystem32DRIVERSsrv.sys
065556.0934 1552 srv - ok
065556.0950 1552 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 CWindowssystem32DRIVERSsrv2.sys
065556.0966 1552 srv2 - ok
065556.0981 1552 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet CWindowssystem32DRIVERSsrvnet.sys
065556.0981 1552 srvnet - ok
065557.0012 1552 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV CWindowsSystem32ssdpsrv.dll
065557.0028 1552 SSDPSRV - ok
065557.0044 1552 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc CWindowssystem32sstpsvc.dll
065557.0044 1552 SstpSvc - ok
065557.0090 1552 [ F3817967ED533D08327DC73BC4D5542A ] stexstor CWindowssystem32driversstexstor.sys
065557.0090 1552 stexstor - ok
065557.0153 1552 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc CWindowsSystem32wiaservc.dll
065557.0168 1552 stisvc - ok
065557.0200 1552 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum CWindowssystem32driversswenum.sys
065557.0200 1552 swenum - ok
065557.0246 1552 [ E08E46FDD841B7184194011CA1955A0B ] swprv CWindowsSystem32swprv.dll
065557.0262 1552 swprv - ok
065557.0324 1552 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain CWindowssystem32sysmain.dll
065557.0356 1552 SysMain - ok
065557.0402 1552 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService CWindowsSystem32TabSvc.dll
065557.0402 1552 TabletInputService - ok
065557.0434 1552 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv CWindowsSystem32tapisrv.dll
065557.0434 1552 TapiSrv - ok
065557.0465 1552 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS CWindowsSystem32tbssvc.dll
065557.0465 1552 TBS - ok
065557.0558 1552 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip CWindowssystem32driverstcpip.sys
065557.0574 1552 Tcpip - ok
065557.0683 1552 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 CWindowssystem32DRIVERStcpip.sys
065557.0699 1552 TCPIP6 - ok
065557.0730 1552 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg CWindowssystem32driverstcpipreg.sys
065557.0746 1552 tcpipreg - ok
065557.0761 1552 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE CWindowssystem32driverstdpipe.sys
065557.0777 1552 TDPIPE - ok
065557.0808 1552 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP CWindowssystem32driverstdtcp.sys
065557.0808 1552 TDTCP - ok
065557.0870 1552 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx CWindowssystem32DRIVERStdx.sys
065557.0870 1552 tdx - ok
065557.0886 1552 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD CWindowssystem32driverstermdd.sys
065557.0886 1552 TermDD - ok
065557.0948 1552 [ 2E648163254233755035B46DD7B89123 ] TermService CWindowsSystem32termsrv.dll
065557.0964 1552 TermService - ok
065557.0995 1552 [ F0344071948D1A1FA732231785A0664C ] Themes CWindowssystem32themeservice.dll
065557.0995 1552 Themes - ok
065558.0026 1552 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER CWindowssystem32mmcss.dll
065558.0026 1552 THREADORDER - ok
065558.0073 1552 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks CWindowsSystem32trkwks.dll
065558.0089 1552 TrkWks - ok
065558.0167 1552 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller CWindowsservicingTrustedInstaller.exe
065558.0167 1552 TrustedInstaller - ok
065558.0214 1552 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv CWindowssystem32DRIVERStssecsrv.sys
065558.0214 1552 tssecsrv - ok
065558.0260 1552 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt CWindowssystem32driverstsusbflt.sys
065558.0260 1552 TsUsbFlt - ok
065558.0307 1552 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel CWindowssystem32DRIVERStunnel.sys
065558.0307 1552 tunnel - ok
065558.0354 1552 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 CWindowssystem32driversuagp35.sys
065558.0354 1552 uagp35 - ok
065558.0401 1552 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor CProgram Files (x86)ArcSoftMagic-i Visual Effects 2uCamMonitor.exe
065558.0401 1552 uCamMonitor - ok
065558.0463 1552 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs CWindowssystem32DRIVERSudfs.sys
065558.0463 1552 udfs - ok
065558.0494 1552 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect CWindowssystem32UI0Detect.exe
065558.0494 1552 UI0Detect - ok
065558.0541 1552 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx CWindowssystem32driversuliagpkx.sys
065558.0541 1552 uliagpkx - ok
065558.0604 1552 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus CWindowssystem32driversumbus.sys
065558.0604 1552 umbus - ok
065558.0619 1552 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass CWindowssystem32driversumpass.sys
065558.0619 1552 UmPass - ok
065558.0791 1552 [ 9E89C2D6945389270DE067CE51FF7425 ] UNS CProgram Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
065558.0853 1552 UNS - ok
065558.0884 1552 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost CWindowsSystem32upnphost.dll
065558.0884 1552 upnphost - ok
065558.0947 1552 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 CWindowssystem32Driversusbaapl64.sys
065558.0947 1552 USBAAPL64 - ok
065559.0025 1552 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp CWindowssystem32DRIVERSusbccgp.sys
065559.0025 1552 usbccgp - ok
065559.0087 1552 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir CWindowssystem32driversusbcir.sys
065559.0087 1552 usbcir - ok
065559.0150 1552 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci CWindowssystem32driversusbehci.sys
065559.0150 1552 usbehci - ok
065559.0181 1552 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub CWindowssystem32DRIVERSusbhub.sys
065559.0181 1552 usbhub - ok
065559.0243 1552 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci CWindowssystem32driversusbohci.sys
065559.0243 1552 usbohci - ok
065559.0274 1552 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint CWindowssystem32DRIVERSusbprint.sys
065559.0274 1552 usbprint - ok
065559.0321 1552 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan CWindowssystem32DRIVERSusbscan.sys
065559.0321 1552 usbscan - ok
065559.0368 1552 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR CWindowssystem32DRIVERSUSBSTOR.SYS
065559.0368 1552 USBSTOR - ok
065559.0399 1552 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci CWindowssystem32driversusbuhci.sys
065559.0415 1552 usbuhci - ok
065559.0446 1552 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo CWindowsSystem32Driversusbvideo.sys
065559.0446 1552 usbvideo - ok
065559.0508 1552 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx CWindowssystem32driversusb8023x.sys
065559.0540 1552 usb_rndisx - ok
065559.0571 1552 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms CWindowsSystem32uxsms.dll
065559.0571 1552 UxSms - ok
065559.0633 1552 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service CProgram Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzHardwareResourceManagerVzHardwareResourceManagerVzHardwareResourceManager.exe
065559.0633 1552 VAIO Entertainment TV Device Arbitration Service - ok
065559.0711 1552 [ 6B31C9CB94927DBEEB62E15275F4CC54 ] VAIO Event Service CProgram Files (x86)SONYVAIO Event ServiceVESMgr.exe
065559.0727 1552 VAIO Event Service - ok
065559.0852 1552 [ B8C9A7010AFD5CBBE194CB9EF7C4FD14 ] VAIO Power Management CProgram FilesSonyVAIO Power ManagementSPMService.exe
065559.0852 1552 VAIO Power Management - ok
065559.0883 1552 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc CWindowssystem32lsass.exe
065559.0883 1552 VaultSvc - ok
065600.0070 1552 [ 6A740F5FF3246C3BE3DD317299EFC88E ] VCFw CProgram Files (x86)Common FilesSony SharedVAIO Content Folder WatcherVCFw.exe
065600.0101 1552 VCFw - ok
065600.0382 1552 [ 10E212BFB7EAB152A64C1AAEC2F7F4E0 ] VcmIAlzMgr CProgram FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe
065600.0382 1552 VcmIAlzMgr - ok
065600.0444 1552 [ 9D9B34B430B4DC683112F59C80D20AB8 ] VcmINSMgr CProgram FilesSonyVCM Intelligent Network Service ManagerVcmINSMgr.exe
065600.0444 1552 VcmINSMgr - ok
065600.0600 1552 [ 8EFAACCC7BFA1E9031EFDFB01A1B0D69 ] VcmXmlIfHelper CProgram FilesCommon FilesSony SharedVcmXmlVcmXmlIfHelper64.exe
065600.0600 1552 VcmXmlIfHelper - ok
065600.0725 1552 [ D347D3ABE070AA09C22FC37121555D52 ] VCService CProgram FilesSonyVAIO CareVCService.exe
065600.0725 1552 VCService - ok
065600.0803 1552 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot CWindowssystem32driversvdrvroot.sys
065600.0819 1552 vdrvroot - ok
065600.0866 1552 [ 8D6B481601D01A456E75C3210F1830BE ] vds CWindowsSystem32vds.exe
065600.0881 1552 vds - ok
065600.0897 1552 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga CWindowssystem32DRIVERSvgapnp.sys
065600.0897 1552 vga - ok
065600.0944 1552 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave CWindowsSystem32driversvga.sys
065600.0944 1552 VgaSave - ok
065600.0975 1552 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp CWindowssystem32driversvhdmp.sys
065600.0975 1552 vhdmp - ok
065601.0022 1552 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide CWindowssystem32driversviaide.sys
065601.0022 1552 viaide - ok
065601.0037 1552 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr CWindowssystem32driversvolmgr.sys
065601.0037 1552 volmgr - ok
065601.0100 1552 [ A255814907C89BE58B79EF2F189B843B ] volmgrx CWindowssystem32driversvolmgrx.sys
065601.0100 1552 volmgrx - ok
065601.0162 1552 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap CWindowssystem32driversvolsnap.sys
065601.0162 1552 volsnap - ok
065601.0209 1552 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid CWindowssystem32driversvsmraid.sys
065601.0209 1552 vsmraid - ok
065601.0271 1552 [ 0C6486B4DD55D137DEADF27295C10818 ] VSNService CProgram FilesSonyVAIO Smart NetworkVSNService.exe
065601.0287 1552 VSNService - ok
065601.0349 1552 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS CWindowssystem32vssvc.exe
065601.0365 1552 VSS - ok
065601.0490 1552 [ D2D646D4D686C6996BA1FF96E11BE570 ] VUAgent CProgram FilesSonyVAIO UpdateVUAgent.exe
065601.0505 1552 VUAgent - ok
065601.0536 1552 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus CWindowssystem32DRIVERSvwifibus.sys
065601.0536 1552 vwifibus - ok
065601.0599 1552 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt CWindowssystem32DRIVERSvwififlt.sys
065601.0599 1552 vwififlt - ok
065601.0614 1552 [ D8BEF4AC1EAC809DBDBD441D6CFF6C4C ] VzCdbSvc CProgram Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe
065601.0614 1552 VzCdbSvc - ok
065601.0661 1552 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time CWindowssystem32w32time.dll
065601.0661 1552 W32Time - ok
065601.0708 1552 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen CWindowssystem32driverswacompen.sys
065601.0708 1552 WacomPen - ok
065601.0770 1552 [ 356AFD78A6ED4457169241AC3965230C ] WANARP CWindowssystem32DRIVERSwanarp.sys
065601.0770 1552 WANARP - ok
065601.0786 1552 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 CWindowssystem32DRIVERSwanarp.sys
065601.0786 1552 Wanarpv6 - ok
065601.0880 1552 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc CWindowssystem32WatWatAdminSvc.exe
065601.0895 1552 WatAdminSvc - ok
065602.0004 1552 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine CWindowssystem32wbengine.exe
065602.0036 1552 wbengine - ok
065602.0082 1552 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc CWindowsSystem32wbiosrvc.dll
065602.0082 1552 WbioSrvc - ok
065602.0129 1552 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc CWindowsSystem32wcncsvc.dll
065602.0145 1552 wcncsvc - ok
065602.0160 1552 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService CWindowsSystem32WcsPlugInService.dll
065602.0176 1552 WcsPlugInService - ok
065602.0207 1552 [ 72889E16FF12BA0F235467D6091B17DC ] Wd CWindowssystem32driverswd.sys
065602.0207 1552 Wd - ok
065602.0301 1552 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 CWindowssystem32driversWdf01000.sys
065602.0301 1552 Wdf01000 - ok
065602.0348 1552 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost CWindowssystem32wdi.dll
065602.0348 1552 WdiServiceHost - ok
065602.0348 1552 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost CWindowssystem32wdi.dll
065602.0363 1552 WdiSystemHost - ok
065602.0410 1552 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient CWindowsSystem32webclnt.dll
065602.0410 1552 WebClient - ok
065602.0441 1552 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc CWindowssystem32wecsvc.dll
065602.0441 1552 Wecsvc - ok
065602.0457 1552 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport CWindowsSystem32wercplsupport.dll
065602.0472 1552 wercplsupport - ok
065602.0519 1552 [ 6D137963730144698CBD10F202E9F251 ] WerSvc CWindowsSystem32WerSvc.dll
065602.0519 1552 WerSvc - ok
065602.0550 1552 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf CWindowssystem32DRIVERSwfplwf.sys
065602.0550 1552 WfpLwf - ok
065602.0566 1552 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount CWindowssystem32driverswimmount.sys
065602.0566 1552 WIMMount - ok
065602.0597 1552 WinDefend - ok
065602.0597 1552 WinHttpAutoProxySvc - ok
065602.0660 1552 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt CWindowssystem32wbemWMIsvc.dll
065602.0675 1552 Winmgmt - ok
065602.0800 1552 [ BCB1310604AA415C4508708975B3931E ] WinRM CWindowssystem32WsmSvc.dll
065602.0847 1552 WinRM - ok
065602.0909 1552 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb CWindowssystem32DRIVERSWinUsb.sys
065602.0909 1552 WinUsb - ok
065602.0956 1552 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc CWindowsSystem32wlansvc.dll
065602.0972 1552 Wlansvc - ok
065603.0018 1552 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi CWindowssystem32driverswmiacpi.sys
065603.0018 1552 WmiAcpi - ok
065603.0050 1552 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv CWindowssystem32wbemWmiApSrv.exe
065603.0050 1552 wmiApSrv - ok
065603.0065 1552 WMPNetworkSvc - ok
065603.0096 1552 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc CWindowsSystem32wpcsvc.dll
065603.0096 1552 WPCSvc - ok
065603.0128 1552 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum CWindowssystem32wpdbusenum.dll
065603.0143 1552 WPDBusEnum - ok
065603.0174 1552 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl CWindowssystem32driversws2ifsl.sys
065603.0174 1552 ws2ifsl - ok
065603.0221 1552 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc CWindowssystem32wscsvc.dll
065603.0221 1552 wscsvc - ok
065603.0237 1552 WSearch - ok
065603.0346 1552 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv CWindowssystem32wuaueng.dll
065603.0377 1552 wuauserv - ok
065603.0424 1552 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf CWindowssystem32driversWudfPf.sys
065603.0424 1552 WudfPf - ok
065603.0455 1552 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd CWindowssystem32DRIVERSWUDFRd.sys
065603.0471 1552 WUDFRd - ok
065603.0502 1552 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc CWindowsSystem32WUDFSvc.dll
065603.0518 1552 wudfsvc - ok
065603.0549 1552 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc CWindowsSystem32wwansvc.dll
065603.0564 1552 WwanSvc - ok
065603.0611 1552 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 CWindowssystem32DRIVERSyk62x64.sys
065603.0611 1552 yukonw7 - ok
065603.0674 1552 ================ Scan global ===============================
065603.0689 1552 [ BA0CD8C393E8C9F83354106093832C7B ] CWindowssystem32basesrv.dll
065603.0720 1552 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] CWindowssystem32winsrv.dll
065603.0736 1552 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] CWindowssystem32winsrv.dll
065603.0767 1552 [ D6160F9D869BA3AF0B787F971DB56368 ] CWindowssystem32sxssrv.dll
065603.0798 1552 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] CWindowssystem32services.exe
065603.0798 1552 [Global] - ok
065603.0798 1552 ================ Scan MBR ==================================
065603.0814 1552 [ A36C5E4F47E84449FF07ED3517B43A31 ] DeviceHarddisk0DR0
065604.0110 1552 DeviceHarddisk0DR0 - ok
065604.0110 1552 ================ Scan VBR ==================================
065604.0142 1552 [ C80F5B282D4F3DEF31A9AE93A7756F1E ] DeviceHarddisk0DR0Partition1
065604.0142 1552 DeviceHarddisk0DR0Partition1 - ok
065604.0173 1552 [ 4AB764E1335735CC041E226B504813E0 ] DeviceHarddisk0DR0Partition2
065604.0173 1552 DeviceHarddisk0DR0Partition2 - ok
065604.0173 1552 ============================================================
065604.0173 1552 Scan finished
065604.0173 1552 ============================================================
065604.0188 4748 Detected object count 0
065604.0188 4748 Actual detected object count 0

johnb35 · Feb 16, 2013

johnb35 said:
Also would like for you to post a log from combofix that it didn't show you. Please navigate to c:\Qoobox and in that folder will be a file named add-remove programs.txt Open that file and copy and paste the contents back here.

Still waiting on this log.

Slow computer, possible infection

Bergamot

New Member

Attachments

johnb35

Administrator

Bergamot

New Member

johnb35

Administrator

Bergamot

New Member

johnb35

Administrator

Bergamot

New Member

Bergamot

New Member

Bergamot

New Member

johnb35

Administrator