Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I'm not sure if it is Malware or Virus, Babylon is the name! [


  • This topic is locked This topic is locked

#1
elenacupcake

elenacupcake

    New Member

  • Member
  • Pip
  • 8 posts
Hello,
I had to download Mozilla, Firefox for online school. I went to a training session and the lady told me type in Mozilla or firefox and download it to your computer. When I did, it was almost instantly, I had Babylon everywhere. It opens as a default tab, instead of my yahoo and google were my home pages. The computer will automatically restart all of a sudden. When I'm on it for a long period it starts not letting me type in any browser, and keeps telling me that the internet has stopped working. Which the internet is working fine in my house, an error page comes up error 404! I tried to uninstall the babylon which I did from the computer panel and it's still on their. No firefox came up on that panel either. I called our techs for school online and he sent me the correct and safe way to download firefox so that is now on my computer. But this babylon is everywhere, and the computer is running slower too!The tech at my school said babylon is malware and hard to remove. Please help me! Thank you so much!!
OTL logfile created on: 8/23/2012 6:20:44 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\mariaelena\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 43.34% Memory free
7.68 Gb Paging File | 5.08 Gb Available in Paging File | 66.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.09 Gb Total Space | 202.10 Gb Free Space | 69.67% Space Free | Partition Type: NTFS

Computer Name: MARIAELENA-VAIO | User Name: mariaelena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/23 18:17:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\mariaelena\Downloads\OTL (1).exe
PRC - [2012/08/03 12:46:18 | 000,066,160 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2012/08/03 12:46:16 | 006,530,160 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
PRC - [2012/08/02 10:23:20 | 000,534,648 | ---- | M] (ActivePath Ltd.) -- C:\ProgramData\ActivePath\ActiveMail\UpdateClient.exe
PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/19 20:11:53 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/03/09 13:44:16 | 000,869,816 | ---- | M] (CallingID Ltd.) -- C:\Program Files (x86)\xfin_portal\CIDGlobalLight.exe
PRC - [2012/02/28 20:11:19 | 000,133,944 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/07/05 10:24:06 | 000,395,528 | ---- | M] (StrikeForce Technologies Inc.) -- C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/27 09:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/11/29 22:49:30 | 000,285,296 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2009/11/11 17:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/04 01:44:18 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\ReminderApp.exe
PRC - [2009/08/26 18:11:50 | 000,173,368 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
PRC - [2009/08/26 18:11:50 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
PRC - [2009/08/26 18:11:50 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
PRC - [2009/08/26 18:11:48 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2009/07/27 17:58:40 | 000,091,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
PRC - [2009/07/27 17:58:38 | 000,427,304 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
PRC - [2009/07/27 17:58:38 | 000,075,048 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
PRC - [2009/07/27 17:58:38 | 000,070,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
PRC - [2009/07/27 17:58:36 | 000,120,104 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
PRC - [2009/07/27 17:58:36 | 000,099,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
PRC - [2009/07/23 11:39:38 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/07/23 11:39:36 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/07/22 16:03:04 | 000,642,920 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/01 12:49:34 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/07/01 12:49:34 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/06/26 15:35:04 | 000,468,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/26 10:23:14 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/09/18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/20 18:25:22 | 000,077,624 | ---- | M] () -- C:\Users\mariaelena\AppData\Local\dealcabby\ie\dealcabby_20120804035001.dll
MOD - [2012/08/03 12:46:17 | 000,104,048 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll
MOD - [2012/08/03 12:41:33 | 000,548,040 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.dll
MOD - [2012/06/19 21:00:56 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
MOD - [2012/06/19 20:58:29 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
MOD - [2012/06/18 18:29:19 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012/06/18 18:29:03 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
MOD - [2012/06/18 18:28:55 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/18 18:28:15 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/18 18:27:14 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/18 18:26:58 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/18 18:26:53 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/13 21:40:43 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
MOD - [2012/05/13 21:30:10 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll
MOD - [2012/05/13 21:30:07 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012/05/13 21:30:06 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012/05/13 21:30:03 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012/05/13 21:30:02 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012/05/13 21:27:49 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/12 13:51:11 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 13:50:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 13:50:50 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
MOD - [2012/05/12 13:50:49 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012/05/12 13:50:48 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/12 13:50:10 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
MOD - [2012/05/12 13:49:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 13:49:53 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll
MOD - [2012/05/12 13:49:50 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 13:49:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 13:49:44 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 13:49:36 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/23 16:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/03/21 16:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/03/09 13:44:12 | 000,087,512 | ---- | M] () -- C:\Program Files (x86)\xfin_portal\comcastdx.dll
MOD - [2012/01/03 20:51:03 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2011/01/31 16:29:35 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2010/11/04 19:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/04 19:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 19:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/04 19:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/04/29 01:31:01 | 000,688,128 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2010/04/29 01:31:01 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2010/04/29 01:31:00 | 000,847,872 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2010/04/29 01:31:00 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2010/04/29 01:31:00 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2010/04/29 01:30:59 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2010/04/29 01:30:59 | 001,396,736 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2010/04/29 01:30:59 | 000,782,336 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2010/04/29 01:30:59 | 000,528,384 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2010/04/29 01:30:59 | 000,462,848 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2010/04/29 01:30:58 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2010/04/29 01:30:55 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2010/04/29 01:30:54 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2010/04/29 01:30:54 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2010/04/29 01:30:53 | 000,129,536 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2010/04/29 01:30:52 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2010/04/29 01:30:52 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2010/04/29 01:30:52 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2010/04/29 01:30:51 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2010/04/29 01:30:50 | 001,564,672 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2010/04/29 01:30:50 | 000,356,352 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2010/04/29 01:30:50 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2010/04/29 01:30:50 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2010/04/29 01:30:49 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2010/04/29 01:30:49 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2010/04/29 01:30:49 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2010/04/29 01:30:48 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2010/04/29 01:30:48 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2010/04/29 01:30:47 | 000,171,520 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2010/04/29 01:30:44 | 000,152,576 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2010/04/29 01:30:40 | 011,503,616 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2010/04/29 01:30:36 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2010/04/29 01:30:30 | 000,761,856 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2010/04/29 01:30:24 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2009/09/04 01:44:22 | 000,152,864 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\en-US\ReminderApp.resources.dll
MOD - [2009/09/04 01:44:18 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\ReminderApp.exe
MOD - [2009/09/04 01:44:18 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\AddressBookCore.dll
MOD - [2009/08/26 18:11:50 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll
MOD - [2009/08/26 18:11:50 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll
MOD - [2009/08/26 18:11:50 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
MOD - [2009/08/26 18:11:50 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
MOD - [2009/08/26 18:11:50 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
MOD - [2009/08/26 18:11:50 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll
MOD - [2009/08/26 18:11:50 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
MOD - [2009/08/26 18:11:50 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
MOD - [2009/08/26 18:11:50 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
MOD - [2009/08/26 18:11:50 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll
MOD - [2009/08/26 18:11:50 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
MOD - [2009/08/26 18:11:50 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
MOD - [2009/08/26 18:11:50 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
MOD - [2009/08/26 18:11:50 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
MOD - [2009/08/26 18:11:48 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
MOD - [2009/08/26 18:11:48 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll
MOD - [2009/08/26 18:11:48 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll
MOD - [2009/08/26 18:11:48 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll
MOD - [2009/08/26 18:11:48 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SystemPowerDLL.dll
MOD - [2009/06/12 16:32:16 | 000,104,456 | ---- | M] () -- C:\Windows\SysWOW64\EasyHook32.dll
MOD - [2009/06/10 15:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/09/17 00:28:42 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV:64bit: - [2009/08/22 15:19:06 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009/07/23 22:34:31 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/26 15:56:10 | 000,357,672 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2009/06/26 15:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/06/17 19:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2012/08/03 12:46:18 | 000,066,160 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/02/28 20:11:19 | 000,133,944 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/07/31 14:09:12 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/07/27 17:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/07/27 17:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/07/27 17:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/07/27 17:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/07/27 17:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/07/23 11:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/07/23 11:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/07/23 11:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/07/22 16:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/07/01 12:49:34 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/06/26 12:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/06/26 12:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/09/18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/12/17 05:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/24 23:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2011/11/24 23:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011/10/10 20:01:22 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/07/05 10:18:38 | 000,029,288 | ---- | M] (StrikeForce Technologies, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gidv2.sys -- (GIDv2)
DRV:64bit: - [2011/04/20 19:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 21:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 21:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/14 23:11:10 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV:64bit: - [2011/03/14 20:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 00:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/15 19:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2009/08/04 19:22:40 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/08/04 19:20:51 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/03 14:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/31 14:29:11 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/31 14:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009/07/31 14:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009/07/31 14:09:12 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/07/31 14:09:08 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/07/31 14:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/27 14:27:10 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 16:06:54 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/07/24 16:06:54 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/07/23 23:24:03 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 14:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 15:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/20 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/04/16 21:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2012/08/21 20:05:05 | 000,512,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120822.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/20 21:01:11 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120823.004\ex64.sys -- (NAVEX15)
DRV - [2012/08/20 21:01:09 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120823.004\eng64.sys -- (NAVENG)
DRV - [2012/08/10 18:25:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120811.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/09 11:07:07 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/09 11:07:07 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/04/16 15:57:58 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SNNT&bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=SNNT&bmod=SNNT
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SNNT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylo...00006265ef58e2a
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SNNT&bmod=SNNT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...00006265ef58e2a
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00006265ef58e2a
IE - HKCU\..\SearchScopes\{237B1A54-4B46-FD5F-5513-533385D2EF33}: "URL" = http://search.babylo...00006265ef58e2a
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...SNNT_en___US356
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...}&o=15527&l=dis
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...m=1&toolbar=SS2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/10 14:26:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_10_1 [2012/08/23 17:56:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/21 19:34:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/21 19:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mariaelena\AppData\Roaming\Mozilla\Extensions
[2010/02/14 21:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mariaelena\AppData\Roaming\Mozilla\Firefox\extensions
[2010/02/14 21:15:35 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\mariaelena\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012/08/21 20:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/15 10:48:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/15 06:44:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/15 06:44:17 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.babylo...00006265ef58e2a
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylo...00006265ef58e2a
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.babylo...00006265ef58e2a
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\mariaelena\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Funmoods = C:\Users\mariaelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
CHR - Extension: SpeedDial = C:\Users\mariaelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\
CHR - Extension: ActiveMail = C:\Users\mariaelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.5.92_0\
CHR - Extension: DealCabby = C:\Users\mariaelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lenicmgjbmpgagkhghjmkikfoljdcbhi\4.0_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2:64bit: - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO64.dll (ActivePath Ltd.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DealCabby) - {780E957D-9057-415C-8B59-C22DFA66A44B} - C:\Users\mariaelena\AppData\Local\dealcabby\ie\dealcabby_20120804035001.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.730.1\NativeBHO.dll (WhiteSky)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O2 - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll (ActivePath Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\ReminderApp.exe ()
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe (StrikeForce Technologies Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKCU..\Run: [EPSON Stylus NX400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEGA.EXE /FU "C:\Windows\TEMP\E_S2E60.tmp" /EF "HKCU" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0392DEE3-4F2A-4EED-8133-34D4E6248495}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87DDC041-93CF-48B3-AB2E-96973E22C717}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c6e19142-79c2-11df-9666-0024be407e2d}\Shell - "" = AutoRun
O33 - MountPoints2\{c6e19142-79c2-11df-9666-0024be407e2d}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{dc0d513f-79c3-11df-9ce9-0024be407e2d}\Shell - "" = AutoRun
O33 - MountPoints2\{dc0d513f-79c3-11df-9ce9-0024be407e2d}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/23 13:12:00 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{8B38B533-C007-423E-AFDD-8641E9F7912E}
[2012/08/22 19:59:24 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{D22A0AC2-5B3F-4A41-92B5-BE4FBAB59730}
[2012/08/21 20:16:41 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\.realobjects
[2012/08/21 19:34:58 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\Mozilla
[2012/08/21 19:10:45 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{AC5A8933-699C-4DF0-AD6A-0659A1BBFA07}
[2012/08/20 19:05:29 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\VS Revo Group
[2012/08/20 19:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/08/20 18:22:31 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\Funmoods
[2012/08/20 17:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ActivePath
[2012/08/20 17:55:37 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\dealcabby
[2012/08/20 17:55:36 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Roaming\Babylon
[2012/08/20 17:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/08/20 13:03:00 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{270E41C9-0E1D-419B-A0A5-D7DE8A9B7632}
[2012/08/19 18:34:10 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{6F75C78D-B570-42F6-99C4-0841BF55FA11}
[2012/08/18 11:42:41 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{552A554A-21B7-4B27-BF01-A116A33712A5}
[2012/08/18 11:42:31 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{7D6801A6-F573-46DC-8A29-219C9C96E197}
[2012/08/17 23:42:06 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{6B904E5B-894F-4C8A-9C7C-1047885DFD12}
[2012/08/17 11:10:44 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{9D672D27-39F7-4191-A636-88FE7B05B9EF}
[2012/08/17 11:10:33 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{92F89B51-C04A-4412-9362-27D51FCD618F}
[2012/08/16 11:49:48 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{4952479F-2748-4104-8294-D605B60B5A4D}
[2012/08/16 11:49:36 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{06CC6B47-C14D-42B3-87ED-46DEAD04BCD5}
[2012/08/15 14:21:02 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{2C0CD67B-5D54-4222-BD62-4A344C6ED0E1}
[2012/08/15 14:20:26 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{3E718169-D8EE-4774-B82C-587188343F16}
[2012/08/14 21:06:06 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{F43E36D9-40E7-4FBB-8A0A-522BC536C35E}
[2012/08/14 21:05:55 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{3D636118-FCA1-473A-9137-A67015F2C9DB}
[2012/08/14 09:05:22 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{9C3AD41D-477C-4343-A1F3-C276BCCBA1CB}
[2012/08/14 09:05:09 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{707A2194-42AB-4390-AF0F-B3F2244C0ABA}
[2012/08/13 15:56:12 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{4D4FDA8F-B398-4BDE-9BFF-324F88C35E8C}
[2012/08/13 15:56:02 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{DF69CA8E-8C32-44CD-B541-7304A2F6D3C7}
[2012/08/12 12:08:34 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{3EAB13DE-788B-41F6-AD25-83ABD47DB1AE}
[2012/08/12 12:08:18 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{F3C83F4B-B3CC-4D2F-A117-7B82CCB2ACEA}
[2012/08/11 16:48:10 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{EA0AD82E-8977-4C33-A790-444D14DA9680}
[2012/08/11 16:47:49 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{AAA74A56-85EF-49C7-945B-EE43CD7EB315}
[2012/08/10 10:37:39 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{0E39AE44-1303-4F0D-874A-7E7765B20754}
[2012/08/10 10:36:35 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{D10559B1-0831-4C8E-9595-67E943E59BB6}
[2012/08/09 11:24:57 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{2C1C01C1-F29F-42A5-91DC-FCD88CE12F69}
[2012/08/09 11:24:47 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{D0AF65E8-F4CE-44D3-94E7-8B47A4941322}
[2012/08/08 22:03:08 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{D87F7202-E6E7-442C-8034-CB3809490818}
[2012/08/08 10:02:41 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{7554269C-1FA7-43A8-8F51-D638B0190A2B}
[2012/08/08 10:02:31 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{F8C0BA34-FC5A-4923-A4EB-9D6A2A7B1117}
[2012/08/07 11:16:58 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{8965F0E8-A795-462F-BD67-774CE4B6B7E3}
[2012/08/07 11:16:44 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{894C217D-8423-48FC-9EC7-60CF7066E110}
[2012/08/06 19:12:22 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{B07E107A-FC6B-4C31-912A-95B606901D3B}
[2012/08/06 19:12:12 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{6E73C64A-331D-441C-9D91-D98053D9FF94}
[2012/08/05 23:01:17 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{EF3EAFD9-5AC7-462E-989E-559F92BAEC64}
[2012/08/05 23:01:03 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{3880ECB1-3F96-4A6A-B367-169011CC7FA1}
[2012/08/03 11:56:43 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{93683A57-5E51-48F2-9ACC-35013E3691AF}
[2012/08/03 11:56:32 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{AF8E3E44-7612-420C-A1FB-A7947F8CE461}
[2012/08/02 12:49:41 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{6D9F454E-94AA-41C0-ABCE-EE94694EA97F}
[2012/08/02 12:49:29 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{B3A00D0A-9AB7-4B57-9DD0-E09AA27D8E27}
[2012/08/01 12:26:23 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{1F6054D6-7271-4F3B-ACCF-2E49A2AC134B}
[2012/08/01 12:26:13 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{CB844E55-9BF9-4985-BBE1-7336B75A5136}
[2012/07/27 14:04:11 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{0A4CE162-FE01-4AC4-951C-300E52A86F9E}
[2012/07/27 14:03:47 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{84868F5D-A574-400A-8BE5-6BAD4C570C30}
[2012/07/26 17:19:09 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{7C33C795-6A79-4A85-8FBF-97991C45C284}
[2012/07/26 17:18:54 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{6683F155-A125-4DD3-9420-9F69D36F8E41}
[2012/07/25 19:05:00 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{E6D85436-D3CE-4F88-B17F-1F21DF9F89BF}
[2012/07/25 19:04:46 | 000,000,000 | ---D | C] -- C:\Users\mariaelena\AppData\Local\{0A6E77AD-8415-4A0A-84C0-60F0617FE505}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/23 18:04:11 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/23 18:04:11 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/23 17:56:36 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\ActiveMail Chrome Watcher.job
[2012/08/23 17:56:35 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/23 17:55:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/23 17:55:50 | 3094,622,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/23 14:45:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/21 19:47:27 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/21 19:34:49 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/20 18:32:51 | 000,002,207 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2012/08/20 18:32:49 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Constant Guard.lnk
[2012/08/20 18:25:21 | 000,000,608 | ---- | M] () -- C:\user.js
[2012/08/20 18:22:31 | 000,384,844 | ---- | M] () -- C:\Users\mariaelena\AppData\Local\funmoods-speeddial.crx
[2012/08/20 18:22:31 | 000,031,465 | ---- | M] () -- C:\Users\mariaelena\AppData\Local\funmoods.crx
[2012/08/20 17:56:11 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\ActiveMail Updater.job
[2012/08/20 17:55:39 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2012/08/16 11:17:00 | 000,494,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/01 19:08:55 | 000,154,364 | ---- | M] () -- C:\test.xml
[2012/07/27 12:21:11 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/21 19:34:48 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/21 19:34:47 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/20 18:22:40 | 000,384,844 | ---- | C] () -- C:\Users\mariaelena\AppData\Local\funmoods-speeddial.crx
[2012/08/20 18:22:39 | 000,031,465 | ---- | C] () -- C:\Users\mariaelena\AppData\Local\funmoods.crx
[2012/08/20 17:55:58 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\ActiveMail Chrome Watcher.job
[2012/08/20 17:55:48 | 000,000,608 | ---- | C] () -- C:\user.js
[2012/08/20 17:55:46 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\ActiveMail Updater.job
[2012/08/20 17:55:39 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2012/04/14 23:02:16 | 000,007,680 | ---- | C] () -- C:\Users\mariaelena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/18 21:25:05 | 000,001,940 | ---- | C] () -- C:\Users\mariaelena\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/28 19:39:27 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/06/16 21:57:41 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/02 23:27:50 | 000,000,000 | ---- | C] () -- C:\Users\mariaelena\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2010/10/20 13:52:45 | 000,000,000 | ---D | M] -- C:\Users\mariaelena\AppData\Roaming\Auslogics
[2012/08/20 17:55:36 | 000,000,000 | ---D | M] -- C:\Users\mariaelena\AppData\Roaming\Babylon
[2011/11/19 04:31:00 | 000,000,000 | ---D | M] -- C:\Users\mariaelena\AppData\Roaming\canon
[2011/12/18 20:49:49 | 000,000,000 | ---D | M] -- C:\Users\mariaelena\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/14 21:32:05 | 000,000,000 | ---D | M] -- C:\Users\mariaelena\AppData\Roaming\com.cricut.Cricut-CraftRoom
[2011/10/29 21:39:21 | 000,000,000 | ---D | M] -- C:\Users\mariaelena\AppData\Roaming\Ghost Ship Studios
[2012/08/23 17:58:34 | 000,000,000 | ---D | M] -- C:\Users\mariaelena\AppData\Roaming\ID Vault
[2009/11/28 13:58:52 | 000,000,000 | ---D | M] -- C:\Users\mariaelena\AppData\Roaming\InterVideo
[2010/02/18 03:37:57 | 000,000,000 | ---D | M] -- C:\Users\mariaelena\AppData\Roaming\Netscape
[2012/04/12 21:12:47 | 000,000,000 | ---D | M] -- C:\Users\mariaelena\AppData\Roaming\Nova Development
[2012/06/20 16:01:29 | 000,000,000 | ---D | M] -- C:\Users\mariaelena\AppData\Roaming\Riverpoint Writer
[2010/04/29 01:32:18 | 000,000,000 | ---D | M] -- C:\Users\mariaelena\AppData\Roaming\Skinux
[2011/11/15 13:03:11 | 000,000,000 | ---D | M] -- C:\Users\mariaelena\AppData\Roaming\supportdotcom
[2012/02/28 13:50:07 | 000,000,000 | ---D | M] -- C:\Users\mariaelena\AppData\Roaming\Temp
[2010/10/09 16:24:45 | 000,000,000 | ---D | M] -- C:\Users\mariaelena\AppData\Roaming\Tific
[2011/03/21 21:38:49 | 000,000,000 | ---D | M] -- C:\Users\mariaelena\AppData\Roaming\Windows Live Writer
[2012/08/23 17:56:36 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\ActiveMail Chrome Watcher.job
[2012/08/20 17:56:11 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\ActiveMail Updater.job
[2012/02/16 06:47:23 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2012/04/14 21:58:07 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A819A132
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:260575F1

< End of report >

Edited by elenacupcake, 23 August 2012 - 06:53 PM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello elenacupcake and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

You have bigger problem then Babylon... Let's see what we can do.

Step 1

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply

Step 2

Download the adwCleaner

  • Run the Tool
    (Windows Vista and Windows 7 users: right click in the adwCleaner.exe and select the Run as Administrator option)
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
  • adwCleaner log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
elenacupcake

elenacupcake

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ComboFix 12-08-24.02 - mariaelena 08/24/2012 17:09:42.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.2233 [GMT -6:00]
Running from: c:\users\mariaelena\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Default\AppData\Roaming\DPInst.exe
c:\users\Default\AppData\Roaming\gacutil.exe
c:\users\Default\AppData\Roaming\PnPutil.exe
c:\windows\svchost.exe
c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-25 to 2012-08-25 )))))))))))))))))))))))))))))))
.
.
2012-08-25 00:39 . 2012-08-25 00:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-23 20:44 . 2012-08-23 20:44 122880 ----a-w- c:\programdata\Microsoft\Windows\DRM\7E64.tmp.dat
2012-08-22 02:33 . 2012-08-03 18:46 1724016 ----a-w- c:\program files (x86)\Mozilla Firefox\IdVaultCore.dll
2012-08-22 02:33 . 2012-08-03 18:46 104048 ----a-w- c:\program files (x86)\Mozilla Firefox\IdVaultCore.XmlSerializers.dll
2012-08-22 02:33 . 2012-08-03 18:46 138864 ----a-w- c:\program files (x86)\Mozilla Firefox\CommonDotNET.dll
2012-08-22 02:33 . 2012-03-30 16:15 8007680 ----a-w- c:\program files (x86)\Mozilla Firefox\Microsoft.mshtml.dll
2012-08-22 02:16 . 2012-08-22 02:16 -------- d-----w- c:\users\mariaelena\.realobjects
2012-08-21 01:05 . 2012-08-21 01:05 -------- d-----w- c:\users\mariaelena\AppData\Local\VS Revo Group
2012-08-21 01:05 . 2012-08-21 01:05 -------- d-----w- c:\program files\VS Revo Group
2012-08-21 00:22 . 2012-08-21 00:22 -------- d-----w- c:\users\mariaelena\Funmoods
2012-08-20 23:55 . 2012-08-21 00:25 608 ----a-w- C:\user.js
2012-08-20 23:55 . 2012-08-20 23:55 -------- d-----w- c:\programdata\ActivePath
2012-08-20 23:55 . 2012-08-20 23:55 -------- d-----w- c:\users\mariaelena\AppData\Local\dealcabby
2012-08-20 23:55 . 2012-08-20 23:55 -------- d-----w- c:\users\mariaelena\AppData\Roaming\Babylon
2012-08-20 23:55 . 2012-08-20 23:55 -------- d-----w- c:\programdata\Babylon
2012-08-16 05:55 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 20:29 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 20:29 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 20:29 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 20:29 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 20:29 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 20:29 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 20:29 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 20:29 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 20:29 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 20:29 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 20:29 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 20:29 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 05:45 . 2011-02-01 04:56 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-27 19:34 . 2012-06-27 19:34 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-20 02:11 . 2012-04-02 21:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-20 02:11 . 2011-09-15 02:07 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-12 15:42 . 2012-06-12 15:42 1644544 ----a-w- c:\windows\system32\EKAiO2MON.dll
2012-06-12 15:41 . 2012-06-12 15:41 177664 ----a-w- c:\windows\system32\EKAiO2COI09.dll
2012-06-09 05:43 . 2012-07-11 00:40 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 02:59 . 2012-06-07 02:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 00:40 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 00:40 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 00:40 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 00:40 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 00:40 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 00:40 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-19 00:28 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 00:28 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 00:28 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 00:28 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 00:28 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 00:28 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 00:28 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 21:19 . 2012-06-19 00:26 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 21:15 . 2012-06-19 00:26 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 00:40 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 00:40 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 00:40 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 00:40 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 00:40 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 00:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 00:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 00:40 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 00:40 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-03 17:19 325000 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2008-10-03 325000]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-08-27 79872]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2009-07-27 99624]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"AddressBookReminderApp"="c:\program files (x86)\Nova Development\Photo Explosion\4.0\ReminderApp.exe" [2009-09-04 144672]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-8-3 6530160]
Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-05 133104]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-11-25 98616]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-24 132608]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-05 133104]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-17 167424]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys [2011-03-15 10112]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-11-25 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-18 110888]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-29 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120]
S1 GIDv2;GIDv2; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120824.001\IDSvia64.sys [2012-08-22 512672]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2010-11-16 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-02-29 133944]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-08-03 66160]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-07-24 189984]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104]
S2 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048]
S2 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-08-05 139264]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 16:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-25 c:\windows\Tasks\ActiveMail Chrome Watcher.job
- c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-08-21 21:57]
.
2012-08-24 c:\windows\Tasks\ActiveMail Updater.job
- c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-08-21 21:57]
.
2012-02-16 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-05 09:05]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-05 09:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=110808&tt=3412_7&babsrc=HP_ss&mntrId=e285383700000000000006265ef58e2a
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\users\mariaelena\AppData\Roaming\Mozilla\Firefox\Profiles\iyeyhyjh.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-24 19:35:04
ComboFix-quarantined-files.txt 2012-08-25 01:34
.
Pre-Run: 217,404,538,880 bytes free
Post-Run: 216,907,309,056 bytes free
.
- - End Of File - - 928170773C19D3CDE09238AFB1DC4D5C
  • 0

#4
elenacupcake

elenacupcake

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
# AdwCleaner v1.801 - Logfile created 08/24/2012 at 19:58:38
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : mariaelena - MARIAELENA-VAIO
# Boot Mode : Normal
# Running from : C:\Users\mariaelena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IY119EMI\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\mariaelena\Funmoods
Folder Deleted : C:\Users\mariaelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\mariaelena\AppData\Roaming\Babylon
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\AskBarDis
Folder Deleted : C:\ProgramData\Partner
File Deleted : C:\Users\mariaelena\AppData\Local\funmoods.crx
File Deleted : C:\Users\mariaelena\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Program Files (x86)\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\user.js

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110808&tt=3412_7&babsrc=HP_ss&mntrId=e285383700000000000006265ef58e2a --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://search.babylon.com/?affID=110808&tt=3412_8&babsrc=HP_ss&mntrId=e285383700000000000006265ef58e2a --> hxxp://www.google.com

-\\ Mozilla Firefox v8.0.1 (en-US)

Profile name : default
File : C:\Users\mariaelena\AppData\Roaming\Mozilla\Firefox\Profiles\iyeyhyjh.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\mariaelena\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "homepage": "hxxp://search.babylon.com/?affID=110808&tt=3412_7&babsrc=HP_ss&mntrId=e2853837000[...]
Deleted : "urls_to_restore_on_startup": [ "hxxp://search.babylon.com/?affID=110808&tt=3412_7&babsrc=H[...]
Deleted : "icon_url": "hxxp://www.babylon.com/favicon.ico",
Deleted : "keyword": "babylon.com",
Deleted : "name": "Search the web (Babylon)",
Deleted : "search_url": "hxxp://search.babylon.com/?q={searchTerms}&affID=110808&tt=3412_8&babsrc=SP_ss&[...]
Deleted : "name": "Funmoods",
Deleted : "update_url": "hxxp://funmoods.com/public/download/chrome/update.xml",
Deleted : "baseUrl": "hxxp://start.funmoods.com/results.php?",
Deleted : "update_url": "hxxp://update.funmoods.com/speeddial/update.xml?bu=st",
Deleted : "homepage": "hxxp://search.babylon.com/?affID=110808&tt=3412_7&babsrc=HP_ss&mntrId=e2853837000000[...]
Deleted : "urls_to_restore_on_startup": [ "hxxp://search.babylon.com/?affID=110808&tt=3412_7&babsrc=HP_s[...]

*************************

AdwCleaner[S1].txt - [6074 octets] - [24/08/2012 19:58:38]

########## EOF - C:\AdwCleaner[S1].txt - [6202 octets] ##########
  • 0

#5
elenacupcake

elenacupcake

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hello elenacupcake and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:

  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

You have bigger problem then Babylon... Let's see what we can do.

Step 1

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply

Step 2

Download the adwCleaner

  • Run the Tool
    (Windows Vista and Windows 7 users: right click in the adwCleaner.exe and select the Run as Administrator option)
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
  • adwCleaner log
It would be helpful if you could post each log in separate post using "Add Reply" button


  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's continue.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, aswMBR will save additional file named MBR.dat. Attach it to your next reply
Step 3

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 4

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
  • New OTL scan log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#7
elenacupcake

elenacupcake

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hello,
I did the first step and there were 4 threats found my computer would not let me copy and past the log, I tried everything. What should I do? Thank you
  • 0

#8
elenacupcake

elenacupcake

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Nevermind I figured i11:27:00.0458 5528 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
11:27:01.0238 5528 ============================================================
11:27:01.0238 5528 Current date / time: 2012/08/26 11:27:01.0238
11:27:01.0238 5528 SystemInfo:
11:27:01.0238 5528
11:27:01.0238 5528 OS Version: 6.1.7601 ServicePack: 1.0
11:27:01.0238 5528 Product type: Workstation
11:27:01.0238 5528 ComputerName: MARIAELENA-VAIO
11:27:01.0238 5528 UserName: mariaelena
11:27:01.0238 5528 Windows directory: C:\Windows
11:27:01.0238 5528 System windows directory: C:\Windows
11:27:01.0238 5528 Running under WOW64
11:27:01.0238 5528 Processor architecture: Intel x64
11:27:01.0238 5528 Number of processors: 2
11:27:01.0238 5528 Page size: 0x1000
11:27:01.0238 5528 Boot type: Normal boot
11:27:01.0238 5528 ============================================================
11:27:02.0081 5528 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x1080D9, SectorsPerTrack: 0x22, TracksPerCylinder: 0x11, Type 'K0', Flags 0x00000040
11:27:02.0096 5528 ============================================================
11:27:02.0096 5528 \Device\Harddisk0\DR0:
11:27:02.0096 5528 MBR partitions:
11:27:02.0096 5528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFCF000, BlocksNum 0x32000
11:27:02.0096 5528 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1001000, BlocksNum 0x2442D2B0
11:27:02.0096 5528 ============================================================
11:27:02.0143 5528 C: <-> \Device\Harddisk0\DR0\Partition2
11:27:02.0143 5528 ============================================================
11:27:02.0143 5528 Initialize success
11:27:02.0143 5528 ============================================================
11:27:40.0160 1216 ============================================================
11:27:40.0160 1216 Scan started
11:27:40.0160 1216 Mode: Manual; SigCheck; TDLFS;
11:27:40.0160 1216 ============================================================
11:27:40.0987 1216 ================ Scan system memory ========================
11:27:40.0987 1216 System memory - ok
11:27:40.0987 1216 ================ Scan services =============================
11:27:41.0128 1216 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:27:41.0268 1216 1394ohci - ok
11:27:41.0377 1216 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
11:27:41.0408 1216 ACDaemon - ok
11:27:41.0471 1216 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:27:41.0486 1216 ACPI - ok
11:27:41.0533 1216 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:27:41.0596 1216 AcpiPmi - ok
11:27:41.0705 1216 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:27:41.0736 1216 AdobeARMservice - ok
11:27:41.0783 1216 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:27:41.0814 1216 adp94xx - ok
11:27:41.0861 1216 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:27:41.0892 1216 adpahci - ok
11:27:41.0923 1216 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:27:41.0939 1216 adpu320 - ok
11:27:41.0986 1216 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:27:42.0157 1216 AeLookupSvc - ok
11:27:42.0204 1216 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:27:42.0298 1216 AFD - ok
11:27:42.0344 1216 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:27:42.0376 1216 agp440 - ok
11:27:42.0422 1216 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:27:42.0532 1216 ALG - ok
11:27:42.0563 1216 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:27:42.0578 1216 aliide - ok
11:27:42.0610 1216 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:27:42.0625 1216 amdide - ok
11:27:42.0672 1216 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:27:42.0750 1216 AmdK8 - ok
11:27:42.0781 1216 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:27:42.0828 1216 AmdPPM - ok
11:27:42.0875 1216 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:27:42.0906 1216 amdsata - ok
11:27:42.0953 1216 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:27:42.0968 1216 amdsbs - ok
11:27:43.0000 1216 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:27:43.0015 1216 amdxata - ok
11:27:43.0031 1216 [ 56BD886820C4AEDF493CFCDF1CCFB004 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
11:27:43.0062 1216 ApfiltrService - ok
11:27:43.0109 1216 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:27:43.0312 1216 AppID - ok
11:27:43.0358 1216 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:27:43.0436 1216 AppIDSvc - ok
11:27:43.0483 1216 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:27:43.0546 1216 Appinfo - ok
11:27:43.0608 1216 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:27:43.0670 1216 arc - ok
11:27:43.0702 1216 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:27:43.0717 1216 arcsas - ok
11:27:43.0748 1216 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
11:27:43.0764 1216 ArcSoftKsUFilter - ok
11:27:43.0795 1216 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:27:43.0858 1216 AsyncMac - ok
11:27:43.0904 1216 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:27:43.0920 1216 atapi - ok
11:27:44.0014 1216 [ FCF685F3D5458121C568F268D4D90EE5 ] atashost C:\Windows\SysWOW64\atashost.exe
11:27:44.0060 1216 atashost - ok
11:27:44.0154 1216 [ 5D4529AC4156E16BEDB01441AE0CF984 ] athr C:\Windows\system32\DRIVERS\athrx.sys
11:27:44.0294 1216 athr - ok
11:27:44.0497 1216 [ DE0EDE41BC530F1759C6FFFCB8C7A0CF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:27:44.0778 1216 atikmdag - ok
11:27:44.0856 1216 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:27:44.0981 1216 AudioEndpointBuilder - ok
11:27:44.0996 1216 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:27:45.0043 1216 AudioSrv - ok
11:27:45.0090 1216 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:27:45.0184 1216 AxInstSV - ok
11:27:45.0215 1216 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:27:45.0277 1216 b06bdrv - ok
11:27:45.0308 1216 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:27:45.0340 1216 b57nd60a - ok
11:27:45.0371 1216 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:27:45.0418 1216 BDESVC - ok
11:27:45.0433 1216 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:27:45.0511 1216 Beep - ok
11:27:45.0558 1216 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:27:45.0636 1216 BFE - ok
11:27:45.0839 1216 [ E99F59342171101EE2446D0CD1A60A8D ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120811.003\BHDrvx64.sys
11:27:45.0917 1216 BHDrvx64 - ok
11:27:45.0979 1216 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
11:27:46.0120 1216 BITS - ok
11:27:46.0151 1216 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:27:46.0182 1216 blbdrive - ok
11:27:46.0244 1216 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
11:27:46.0276 1216 Bonjour Service - ok
11:27:46.0307 1216 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:27:46.0369 1216 bowser - ok
11:27:46.0400 1216 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:27:46.0478 1216 BrFiltLo - ok
11:27:46.0494 1216 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:27:46.0510 1216 BrFiltUp - ok
11:27:46.0556 1216 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:27:46.0619 1216 BridgeMP - ok
11:27:46.0697 1216 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:27:46.0744 1216 Browser - ok
11:27:46.0790 1216 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:27:46.0868 1216 Brserid - ok
11:27:46.0884 1216 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:27:46.0915 1216 BrSerWdm - ok
11:27:46.0946 1216 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:27:47.0009 1216 BrUsbMdm - ok
11:27:47.0024 1216 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:27:47.0056 1216 BrUsbSer - ok
11:27:47.0102 1216 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
11:27:47.0180 1216 BthEnum - ok
11:27:47.0196 1216 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:27:47.0305 1216 BTHMODEM - ok
11:27:47.0336 1216 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
11:27:47.0399 1216 BthPan - ok
11:27:47.0477 1216 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
11:27:47.0570 1216 BTHPORT - ok
11:27:47.0695 1216 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:27:47.0789 1216 bthserv - ok
11:27:47.0836 1216 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
11:27:47.0898 1216 BTHUSB - ok
11:27:47.0929 1216 catchme - ok
11:27:47.0960 1216 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:27:48.0023 1216 cdfs - ok
11:27:48.0070 1216 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:27:48.0116 1216 cdrom - ok
11:27:48.0194 1216 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:27:48.0257 1216 CertPropSvc - ok
11:27:48.0288 1216 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:27:48.0319 1216 circlass - ok
11:27:48.0366 1216 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:27:48.0382 1216 CLFS - ok
11:27:48.0460 1216 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:27:48.0475 1216 clr_optimization_v2.0.50727_32 - ok
11:27:48.0506 1216 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:27:48.0538 1216 clr_optimization_v2.0.50727_64 - ok
11:27:48.0616 1216 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:27:48.0647 1216 clr_optimization_v4.0.30319_32 - ok
11:27:48.0725 1216 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:27:48.0756 1216 clr_optimization_v4.0.30319_64 - ok
11:27:48.0772 1216 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:27:48.0803 1216 CmBatt - ok
11:27:48.0834 1216 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:27:48.0850 1216 cmdide - ok
11:27:48.0912 1216 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:27:49.0006 1216 CNG - ok
11:27:49.0021 1216 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:27:49.0037 1216 Compbatt - ok
11:27:49.0068 1216 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:27:49.0115 1216 CompositeBus - ok
11:27:49.0130 1216 COMSysApp - ok
11:27:49.0177 1216 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:27:49.0208 1216 crcdisk - ok
11:27:49.0271 1216 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:27:49.0318 1216 CryptSvc - ok
11:27:49.0380 1216 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:27:49.0474 1216 DcomLaunch - ok
11:27:49.0505 1216 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:27:49.0567 1216 defragsvc - ok
11:27:49.0598 1216 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:27:49.0645 1216 DfsC - ok
11:27:49.0676 1216 [ 388039F99CE8769024EE0438352ACA99 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
11:27:49.0708 1216 dg_ssudbus - ok
11:27:49.0801 1216 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:27:49.0895 1216 Dhcp - ok
11:27:49.0926 1216 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:27:49.0988 1216 discache - ok
11:27:50.0020 1216 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:27:50.0035 1216 Disk - ok
11:27:50.0066 1216 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:27:50.0144 1216 Dnscache - ok
11:27:50.0191 1216 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:27:50.0285 1216 dot3svc - ok
11:27:50.0332 1216 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:27:50.0378 1216 DPS - ok
11:27:50.0425 1216 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:27:50.0456 1216 drmkaud - ok
11:27:50.0519 1216 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:27:50.0581 1216 DXGKrnl - ok
11:27:50.0690 1216 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:27:50.0800 1216 EapHost - ok
11:27:50.0909 1216 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:27:51.0065 1216 ebdrv - ok
11:27:51.0127 1216 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:27:51.0174 1216 eeCtrl - ok
11:27:51.0205 1216 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:27:51.0268 1216 EFS - ok
11:27:51.0330 1216 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:27:51.0439 1216 ehRecvr - ok
11:27:51.0470 1216 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:27:51.0517 1216 ehSched - ok
11:27:51.0548 1216 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:27:51.0595 1216 elxstor - ok
11:27:51.0673 1216 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
11:27:51.0736 1216 EPSON_EB_RPCV4_01 - ok
11:27:51.0767 1216 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
11:27:51.0798 1216 EPSON_PM_RPCV4_01 - ok
11:27:51.0907 1216 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:27:51.0923 1216 EraserUtilRebootDrv - ok
11:27:51.0938 1216 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:27:51.0970 1216 ErrDev - ok
11:27:52.0016 1216 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:27:52.0079 1216 EventSystem - ok
11:27:52.0126 1216 [ 53913561A7089C9A4649CE4E42F6101B ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
11:27:52.0157 1216 ewusbnet - ok
11:27:52.0188 1216 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:27:52.0250 1216 exfat - ok
11:27:52.0266 1216 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:27:52.0313 1216 fastfat - ok
11:27:52.0360 1216 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:27:52.0422 1216 Fax - ok
11:27:52.0438 1216 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:27:52.0484 1216 fdc - ok
11:27:52.0500 1216 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:27:52.0562 1216 fdPHost - ok
11:27:52.0578 1216 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:27:52.0640 1216 FDResPub - ok
11:27:52.0672 1216 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:27:52.0687 1216 FileInfo - ok
11:27:52.0703 1216 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:27:52.0796 1216 Filetrace - ok
11:27:52.0812 1216 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:27:52.0828 1216 flpydisk - ok
11:27:52.0874 1216 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:27:52.0906 1216 FltMgr - ok
11:27:52.0968 1216 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:27:53.0062 1216 FontCache - ok
11:27:53.0093 1216 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:27:53.0108 1216 FontCache3.0.0.0 - ok
11:27:53.0124 1216 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:27:53.0140 1216 FsDepends - ok
11:27:53.0186 1216 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
11:27:53.0202 1216 fssfltr - ok
11:27:53.0342 1216 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
11:27:53.0436 1216 fsssvc - ok
11:27:53.0498 1216 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:27:53.0530 1216 Fs_Rec - ok
11:27:53.0576 1216 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:27:53.0608 1216 fvevol - ok
11:27:53.0639 1216 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:27:53.0654 1216 gagp30kx - ok
11:27:53.0717 1216 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:27:53.0732 1216 GEARAspiWDM - ok
11:27:53.0764 1216 [ 9BA22AEE7F531EF9CE085CC2E1112BC4 ] GIDv2 C:\Windows\system32\drivers\GIDv2.sys
11:27:53.0779 1216 GIDv2 - ok
11:27:53.0826 1216 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:27:53.0904 1216 gpsvc - ok
11:27:53.0966 1216 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:27:53.0982 1216 gupdate - ok
11:27:53.0998 1216 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:27:54.0013 1216 gupdatem - ok
11:27:54.0029 1216 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:27:54.0044 1216 gusvc - ok
11:27:54.0076 1216 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:27:54.0122 1216 hcw85cir - ok
11:27:54.0169 1216 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:27:54.0200 1216 HdAudAddService - ok
11:27:54.0232 1216 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:27:54.0263 1216 HDAudBus - ok
11:27:54.0278 1216 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:27:54.0294 1216 HidBatt - ok
11:27:54.0325 1216 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:27:54.0372 1216 HidBth - ok
11:27:54.0403 1216 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:27:54.0419 1216 HidIr - ok
11:27:54.0450 1216 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:27:54.0512 1216 hidserv - ok
11:27:54.0528 1216 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
11:27:54.0544 1216 HidUsb - ok
11:27:54.0590 1216 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:27:54.0653 1216 hkmsvc - ok
11:27:54.0684 1216 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:27:54.0746 1216 HomeGroupListener - ok
11:27:54.0793 1216 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:27:54.0840 1216 HomeGroupProvider - ok
11:27:54.0856 1216 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:27:54.0871 1216 HpSAMD - ok
11:27:54.0949 1216 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
11:27:55.0012 1216 HsfXAudioService - ok
11:27:55.0058 1216 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:27:55.0168 1216 HTTP - ok
11:27:55.0199 1216 [ D96A290F699081AE737390C0FE329D7C ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
11:27:55.0246 1216 hwdatacard - ok
11:27:55.0277 1216 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:27:55.0292 1216 hwpolicy - ok
11:27:55.0339 1216 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:27:55.0370 1216 i8042prt - ok
11:27:55.0417 1216 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:27:55.0448 1216 IAANTMON - ok
11:27:55.0495 1216 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
11:27:55.0511 1216 iaStor - ok
11:27:55.0558 1216 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:27:55.0573 1216 iaStorV - ok
11:27:55.0651 1216 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:27:55.0729 1216 idsvc - ok
11:27:55.0948 1216 [ 82AB40147567DE48C405AFE570A2266F ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120824.001\IDSvia64.sys
11:27:55.0994 1216 IDSVia64 - ok
11:27:56.0072 1216 [ 70B0763C05C18B6FA18B18631A74ECDE ] IDVaultSvc C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
11:27:56.0088 1216 IDVaultSvc - ok
11:27:56.0275 1216 [ DFEAF0A1D98D397035012C8E28D1520F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
11:27:56.0540 1216 igfx - ok
11:27:56.0556 1216 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:27:56.0587 1216 iirsp - ok
11:27:56.0696 1216 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:27:56.0790 1216 IKEEXT - ok
11:27:56.0852 1216 [ B16FC828CE7A76A8F1CE682E6EAD2627 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:27:56.0946 1216 IntcAzAudAddService - ok
11:27:56.0993 1216 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
11:27:57.0040 1216 IntcHdmiAddService - ok
11:27:57.0055 1216 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:27:57.0071 1216 intelide - ok
11:27:57.0102 1216 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:27:57.0149 1216 intelppm - ok
11:27:57.0227 1216 [ 7BDB4E00E1CB174B56E5B2C31DDE68A7 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
11:27:57.0242 1216 IntuitUpdateService - ok
11:27:57.0274 1216 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:27:57.0336 1216 IPBusEnum - ok
11:27:57.0383 1216 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:27:57.0476 1216 IpFilterDriver - ok
11:27:57.0554 1216 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:27:57.0648 1216 iphlpsvc - ok
11:27:57.0695 1216 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:27:57.0726 1216 IPMIDRV - ok
11:27:57.0788 1216 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:27:57.0835 1216 IPNAT - ok
11:27:57.0866 1216 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:27:57.0944 1216 IRENUM - ok
11:27:57.0976 1216 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:27:57.0991 1216 isapnp - ok
11:27:58.0038 1216 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:27:58.0085 1216 iScsiPrt - ok
11:27:58.0116 1216 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
11:27:58.0132 1216 IviRegMgr - ok
11:27:58.0163 1216 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
11:27:58.0178 1216 kbdclass - ok
11:27:58.0210 1216 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:27:58.0241 1216 kbdhid - ok
11:27:58.0256 1216 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:27:58.0272 1216 KeyIso - ok
11:27:58.0397 1216 [ 162A5E3A691B903111526147C8D29E6D ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
11:27:58.0428 1216 Kodak AiO Network Discovery Service - ok
11:27:58.0537 1216 [ B5E53FCA219A6491E9A1BA146A5D2452 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
11:27:58.0600 1216 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - warning
11:27:58.0600 1216 Kodak AiO Status Monitor Service - detected UnsignedFile.Multi.Generic (1)
11:27:58.0662 1216 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:27:58.0693 1216 KSecDD - ok
11:27:58.0740 1216 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:27:58.0756 1216 KSecPkg - ok
11:27:58.0787 1216 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:27:58.0834 1216 ksthunk - ok
11:27:58.0881 1216 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:27:58.0943 1216 KtmRm - ok
11:27:58.0990 1216 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:27:59.0068 1216 LanmanServer - ok
11:27:59.0099 1216 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:27:59.0177 1216 LanmanWorkstation - ok
11:27:59.0395 1216 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
11:27:59.0614 1216 LeapFrog Connect Device Service - ok
11:27:59.0692 1216 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:27:59.0770 1216 lltdio - ok
11:27:59.0801 1216 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:27:59.0863 1216 lltdsvc - ok
11:27:59.0879 1216 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:27:59.0926 1216 lmhosts - ok
11:27:59.0957 1216 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:27:59.0973 1216 LSI_FC - ok
11:27:59.0988 1216 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:28:00.0004 1216 LSI_SAS - ok
11:28:00.0035 1216 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:28:00.0051 1216 LSI_SAS2 - ok
11:28:00.0066 1216 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:28:00.0097 1216 LSI_SCSI - ok
11:28:00.0113 1216 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:28:00.0160 1216 luafv - ok
11:28:00.0191 1216 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:28:00.0222 1216 Mcx2Svc - ok
11:28:00.0238 1216 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:28:00.0269 1216 mdmxsdk - ok
11:28:00.0300 1216 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:28:00.0316 1216 megasas - ok
11:28:00.0347 1216 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:28:00.0378 1216 MegaSR - ok
11:28:00.0394 1216 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:28:00.0456 1216 MMCSS - ok
11:28:00.0487 1216 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:28:00.0534 1216 Modem - ok
11:28:00.0550 1216 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:28:00.0581 1216 monitor - ok
11:28:00.0628 1216 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
11:28:00.0675 1216 mouclass - ok
11:28:00.0706 1216 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:28:00.0753 1216 mouhid - ok
11:28:00.0784 1216 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:28:00.0799 1216 mountmgr - ok
11:28:00.0831 1216 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:28:00.0862 1216 mpio - ok
11:28:00.0893 1216 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:28:00.0924 1216 mpsdrv - ok
11:28:00.0971 1216 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:28:01.0049 1216 MpsSvc - ok
11:28:01.0096 1216 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:28:01.0127 1216 MRxDAV - ok
11:28:01.0174 1216 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:28:01.0236 1216 mrxsmb - ok
11:28:01.0283 1216 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:28:01.0330 1216 mrxsmb10 - ok
11:28:01.0377 1216 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:28:01.0408 1216 mrxsmb20 - ok
11:28:01.0455 1216 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:28:01.0486 1216 msahci - ok
11:28:01.0501 1216 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:28:01.0517 1216 msdsm - ok
11:28:01.0533 1216 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:28:01.0564 1216 MSDTC - ok
11:28:01.0595 1216 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:28:01.0626 1216 Msfs - ok
11:28:01.0642 1216 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:28:01.0689 1216 mshidkmdf - ok
11:28:01.0735 1216 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:28:01.0751 1216 msisadrv - ok
11:28:01.0782 1216 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:28:01.0829 1216 MSiSCSI - ok
11:28:01.0829 1216 msiserver - ok
11:28:01.0860 1216 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:28:01.0907 1216 MSKSSRV - ok
11:28:01.0923 1216 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:28:01.0985 1216 MSPCLOCK - ok
11:28:02.0001 1216 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:28:02.0063 1216 MSPQM - ok
11:28:02.0094 1216 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:28:02.0125 1216 MsRPC - ok
11:28:02.0141 1216 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:28:02.0157 1216 mssmbios - ok
11:28:02.0172 1216 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:28:02.0235 1216 MSTEE - ok
11:28:02.0266 1216 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:28:02.0297 1216 MTConfig - ok
11:28:02.0313 1216 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:28:02.0328 1216 Mup - ok
11:28:02.0453 1216 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
11:28:02.0469 1216 N360 - ok
11:28:02.0531 1216 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:28:02.0625 1216 napagent - ok
11:28:02.0656 1216 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:28:02.0703 1216 NativeWifiP - ok
11:28:02.0781 1216 [ 149A9AD81BB327E892FA1ACB77722442 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120825.007\ENG64.SYS
11:28:02.0812 1216 NAVENG - ok
11:28:02.0905 1216 [ 4AF8750E71B549FEC5F6D1D01398CA69 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120825.007\EX64.SYS
11:28:03.0030 1216 NAVEX15 - ok
11:28:03.0077 1216 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
11:28:03.0155 1216 NDIS - ok
11:28:03.0186 1216 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:28:03.0249 1216 NdisCap - ok
11:28:03.0264 1216 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:28:03.0311 1216 NdisTapi - ok
11:28:03.0358 1216 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:28:03.0420 1216 Ndisuio - ok
11:28:03.0451 1216 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:28:03.0514 1216 NdisWan - ok
11:28:03.0592 1216 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:28:03.0670 1216 NDProxy - ok
11:28:03.0717 1216 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:28:03.0779 1216 NetBIOS - ok
11:28:03.0841 1216 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:28:03.0919 1216 NetBT - ok
11:28:03.0935 1216 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:28:03.0951 1216 Netlogon - ok
11:28:03.0982 1216 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:28:04.0044 1216 Netman - ok
11:28:04.0075 1216 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:28:04.0138 1216 netprofm - ok
11:28:04.0185 1216 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:28:04.0200 1216 NetTcpPortSharing - ok
11:28:04.0356 1216 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
11:28:04.0590 1216 netw5v64 - ok
11:28:04.0621 1216 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:28:04.0653 1216 nfrd960 - ok
11:28:04.0699 1216 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:28:04.0762 1216 NlaSvc - ok
11:28:04.0793 1216 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:28:04.0824 1216 Npfs - ok
11:28:04.0855 1216 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:28:04.0902 1216 nsi - ok
11:28:04.0902 1216 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:28:04.0965 1216 nsiproxy - ok
11:28:05.0043 1216 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:28:05.0152 1216 Ntfs - ok
11:28:05.0152 1216 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:28:05.0214 1216 Null - ok
11:28:05.0245 1216 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:28:05.0277 1216 nvraid - ok
11:28:05.0308 1216 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:28:05.0339 1216 nvstor - ok
11:28:05.0355 1216 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:28:05.0386 1216 nv_agp - ok
11:28:05.0464 1216 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:28:05.0511 1216 odserv - ok
11:28:05.0542 1216 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:28:05.0573 1216 ohci1394 - ok
11:28:05.0620 1216 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:28:05.0635 1216 ose - ok
11:28:05.0682 1216 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:28:05.0729 1216 p2pimsvc - ok
11:28:05.0760 1216 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:28:05.0807 1216 p2psvc - ok
11:28:05.0823 1216 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:28:05.0838 1216 Parport - ok
11:28:05.0885 1216 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:28:05.0901 1216 partmgr - ok
11:28:05.0916 1216 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:28:05.0947 1216 PcaSvc - ok
11:28:05.0979 1216 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:28:05.0994 1216 pci - ok
11:28:06.0041 1216 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:28:06.0057 1216 pciide - ok
11:28:06.0103 1216 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:28:06.0119 1216 pcmcia - ok
11:28:06.0135 1216 PCTINDIS5X64 - ok
11:28:06.0166 1216 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:28:06.0181 1216 pcw - ok
11:28:06.0213 1216 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:28:06.0291 1216 PEAUTH - ok
11:28:06.0369 1216 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:28:06.0400 1216 PerfHost - ok
11:28:06.0431 1216 pfc - ok
11:28:06.0493 1216 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:28:06.0603 1216 pla - ok
11:28:06.0712 1216 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:28:06.0790 1216 PlugPlay - ok
11:28:06.0805 1216 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:28:06.0837 1216 PNRPAutoReg - ok
11:28:06.0868 1216 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:28:06.0899 1216 PNRPsvc - ok
11:28:06.0946 1216 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:28:07.0039 1216 PolicyAgent - ok
11:28:07.0086 1216 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:28:07.0149 1216 Power - ok
11:28:07.0180 1216 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:28:07.0242 1216 PptpMiniport - ok
11:28:07.0289 1216 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:28:07.0320 1216 Processor - ok
11:28:07.0383 1216 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:28:07.0445 1216 ProfSvc - ok
11:28:07.0461 1216 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:28:07.0492 1216 ProtectedStorage - ok
11:28:07.0539 1216 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:28:07.0601 1216 Psched - ok
11:28:07.0648 1216 [ AED797CCA02783296C68AA10D0CFF8A9 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
11:28:07.0679 1216 PxHlpa64 - ok
11:28:07.0773 1216 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:28:07.0866 1216 ql2300 - ok
11:28:07.0897 1216 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:28:07.0913 1216 ql40xx - ok
11:28:07.0944 1216 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:28:07.0975 1216 QWAVE - ok
11:28:08.0022 1216 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:28:08.0069 1216 QWAVEdrv - ok
11:28:08.0085 1216 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:28:08.0131 1216 RasAcd - ok
11:28:08.0178 1216 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:28:08.0209 1216 RasAgileVpn - ok
11:28:08.0241 1216 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:28:08.0287 1216 RasAuto - ok
11:28:08.0334 1216 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:28:08.0381 1216 Rasl2tp - ok
11:28:08.0428 1216 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:28:08.0475 1216 RasMan - ok
11:28:08.0506 1216 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:28:08.0553 1216 RasPppoe - ok
11:28:08.0568 1216 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:28:08.0631 1216 RasSstp - ok
11:28:08.0662 1216 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:28:08.0755 1216 rdbss - ok
11:28:08.0802 1216 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:28:08.0849 1216 rdpbus - ok
11:28:08.0865 1216 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:28:08.0927 1216 RDPCDD - ok
11:28:08.0943 1216 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:28:09.0005 1216 RDPENCDD - ok
11:28:09.0036 1216 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:28:09.0067 1216 RDPREFMP - ok
11:28:09.0114 1216 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:28:09.0177 1216 RDPWD - ok
11:28:09.0223 1216 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:28:09.0239 1216 rdyboost - ok
11:28:09.0270 1216 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\Windows\system32\drivers\regi.sys
11:28:09.0286 1216 regi - ok
11:28:09.0348 1216 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:28:09.0442 1216 RemoteAccess - ok
11:28:09.0473 1216 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:28:09.0551 1216 RemoteRegistry - ok
11:28:09.0582 1216 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
11:28:09.0629 1216 RFCOMM - ok
11:28:09.0645 1216 [ 258AADB43E3F3468B5CF8CB0F84872C2 ] rimsptsk C:\Windows\system32\DRIVERS\rimssn64.sys
11:28:09.0676 1216 rimsptsk - ok
11:28:09.0707 1216 [ 71E182A0DE1CECB3F912960716345405 ] risdptsk C:\Windows\system32\DRIVERS\risdsn64.sys
11:28:09.0754 1216 risdptsk - ok
11:28:09.0847 1216 [ D02E5A46F77C182CA1964080BCD586F7 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
11:28:09.0879 1216 Roxio UPnP Renderer 10 - ok
11:28:09.0894 1216 [ E5809597278802D09273EE07B5FC56E1 ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
11:28:09.0925 1216 Roxio Upnp Server 10 - ok
11:28:09.0957 1216 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:28:10.0003 1216 RpcEptMapper - ok
11:28:10.0035 1216 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:28:10.0066 1216 RpcLocator - ok
11:28:10.0113 1216 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
11:28:10.0159 1216 RpcSs - ok
11:28:10.0191 1216 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:28:10.0253 1216 rspndr - ok
11:28:10.0284 1216 [ 34F05C417F038FFA3BEF69B798D7D7DD ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
11:28:10.0315 1216 RTHDMIAzAudService - ok
11:28:10.0378 1216 [ 01E6A1E53E39A0B1E2B6AE62BF52E8EC ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
11:28:10.0409 1216 RtkAudioService - ok
11:28:10.0487 1216 [ 6B318F9443740A907D1C8F3460C19009 ] SampleCollector C:\Program Files\Sony\VAIO Care\collsvc.exe
11:28:10.0518 1216 SampleCollector ( UnsignedFile.Multi.Generic ) - warning
11:28:10.0518 1216 SampleCollector - detected UnsignedFile.Multi.Generic (1)
11:28:10.0534 1216 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:28:10.0565 1216 SamSs - ok
11:28:10.0596 1216 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:28:10.0612 1216 sbp2port - ok
11:28:10.0659 1216 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:28:10.0705 1216 SCardSvr - ok
11:28:10.0752 1216 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:28:10.0799 1216 scfilter - ok
11:28:10.0846 1216 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:28:10.0939 1216 Schedule - ok
11:28:10.0986 1216 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:28:11.0017 1216 SCPolicySvc - ok
11:28:11.0064 1216 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
11:28:11.0095 1216 sdbus - ok
11:28:11.0127 1216 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:28:11.0189 1216 SDRSVC - ok
11:28:11.0220 1216 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:28:11.0267 1216 secdrv - ok
11:28:11.0298 1216 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:28:11.0345 1216 seclogon - ok
11:28:11.0376 1216 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
11:28:11.0423 1216 SENS - ok
11:28:11.0439 1216 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:28:11.0485 1216 SensrSvc - ok
11:28:11.0501 1216 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:28:11.0532 1216 Serenum - ok
11:28:11.0548 1216 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:28:11.0579 1216 Serial - ok
11:28:11.0595 1216 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:28:11.0626 1216 sermouse - ok
11:28:11.0673 1216 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:28:11.0735 1216 SessionEnv - ok
11:28:11.0751 1216 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
11:28:11.0782 1216 SFEP - ok
11:28:11.0813 1216 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:28:11.0844 1216 sffdisk - ok
11:28:11.0860 1216 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:28:11.0891 1216 sffp_mmc - ok
11:28:11.0922 1216 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:28:11.0969 1216 sffp_sd - ok
11:28:12.0016 1216 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:28:12.0047 1216 sfloppy - ok
11:28:12.0109 1216 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:28:12.0172 1216 SharedAccess - ok
11:28:12.0219 1216 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:28:12.0281 1216 ShellHWDetection - ok
11:28:12.0312 1216 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:28:12.0328 1216 SiSRaid2 - ok
11:28:12.0359 1216 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:28:12.0390 1216 SiSRaid4 - ok
11:28:12.0406 1216 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:28:12.0468 1216 Smb - ok
11:28:12.0515 1216 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:28:12.0531 1216 SNMPTRAP - ok
11:28:12.0624 1216 [ 98886C88A1CB13D61672AE2C638B7E1C ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
11:28:12.0655 1216 SOHCImp - ok
11:28:12.0671 1216 [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
11:28:12.0671 1216 SOHDBSvr - ok
11:28:12.0702 1216 [ 556681BE668D71DC162391A45422B52C ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
11:28:12.0718 1216 SOHDms - ok
11:28:12.0733 1216 [ 72B46103E4111439109ACF5882627C24 ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
11:28:12.0749 1216 SOHDs - ok
11:28:12.0765 1216 [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
11:28:12.0765 1216 SOHPlMgr - ok
11:28:12.0796 1216 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:28:12.0811 1216 spldr - ok
11:28:12.0858 1216 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:28:12.0921 1216 Spooler - ok
11:28:13.0045 1216 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:28:13.0217 1216 sppsvc - ok
11:28:13.0264 1216 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:28:13.0311 1216 sppuinotify - ok
11:28:13.0404 1216 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
11:28:13.0467 1216 SRTSP - ok
11:28:13.0482 1216 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
11:28:13.0498 1216 SRTSPX - ok
11:28:13.0545 1216 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:28:13.0607 1216 srv - ok
11:28:13.0669 1216 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:28:13.0685 1216 srv2 - ok
11:28:13.0732 1216 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:28:13.0763 1216 SrvHsfHDA - ok
11:28:13.0825 1216 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:28:13.0935 1216 SrvHsfV92 - ok
11:28:13.0981 1216 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:28:14.0028 1216 SrvHsfWinac - ok
11:28:14.0059 1216 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:28:14.0091 1216 srvnet - ok
11:28:14.0153 1216 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:28:14.0215 1216 SSDPSRV - ok
11:28:14.0247 1216 [ 1100066057FBF612B573EFD3B21383F1 ] ssmirrdr C:\Windows\system32\DRIVERS\ssmirrdr.sys
11:28:14.0262 1216 ssmirrdr - ok
11:28:14.0278 1216 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:28:14.0325 1216 SstpSvc - ok
11:28:14.0356 1216 [ AD42CA614E086BCADBD53FFFC404AC24 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
11:28:14.0387 1216 ssudmdm - ok
11:28:14.0434 1216 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:28:14.0449 1216 stexstor - ok
11:28:14.0496 1216 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:28:14.0574 1216 stisvc - ok
11:28:14.0621 1216 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:28:14.0637 1216 swenum - ok
11:28:14.0652 1216 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:28:14.0715 1216 swprv - ok
11:28:14.0761 1216 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
11:28:14.0808 1216 SymDS - ok
11:28:14.0855 1216 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
11:28:14.0902 1216 SymEFA - ok
11:28:14.0949 1216 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:28:14.0964 1216 SymEvent - ok
11:28:15.0011 1216 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
11:28:15.0027 1216 SymIRON - ok
11:28:15.0042 1216 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
11:28:15.0058 1216 SymNetS - ok
11:28:15.0167 1216 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:28:15.0276 1216 SysMain - ok
11:28:15.0323 1216 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:28:15.0385 1216 TabletInputService - ok
11:28:15.0432 1216 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:28:15.0495 1216 TapiSrv - ok
11:28:15.0526 1216 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:28:15.0573 1216 TBS - ok
11:28:15.0666 1216 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:28:15.0760 1216 Tcpip - ok
11:28:15.0807 1216 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:28:15.0853 1216 TCPIP6 - ok
11:28:15.0900 1216 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:28:15.0947 1216 tcpipreg - ok
11:28:15.0978 1216 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:28:16.0041 1216 TDPIPE - ok
11:28:16.0087 1216 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:28:16.0103 1216 TDTCP - ok
11:28:16.0150 1216 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:28:16.0197 1216 tdx - ok
11:28:16.0228 1216 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:28:16.0259 1216 TermDD - ok
11:28:16.0306 1216 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:28:16.0368 1216 TermService - ok
11:28:16.0384 1216 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:28:16.0431 1216 Themes - ok
11:28:16.0462 1216 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:28:16.0493 1216 THREADORDER - ok
11:28:16.0509 1216 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:28:16.0571 1216 TrkWks - ok
11:28:16.0618 1216 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:28:16.0680 1216 TrustedInstaller - ok
11:28:16.0727 1216 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:28:16.0789 1216 tssecsrv - ok
11:28:16.0836 1216 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:28:16.0883 1216 TsUsbFlt - ok
11:28:16.0930 1216 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:28:17.0008 1216 tunnel - ok
11:28:17.0023 1216 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:28:17.0039 1216 uagp35 - ok
11:28:17.0101 1216 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
11:28:17.0117 1216 uCamMonitor - ok
11:28:17.0164 1216 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:28:17.0226 1216 udfs - ok
11:28:17.0273 1216 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:28:17.0289 1216 UI0Detect - ok
11:28:17.0335 1216 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:28:17.0367 1216 uliagpkx - ok
11:28:17.0382 1216 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
11:28:17.0413 1216 umbus - ok
11:28:17.0445 1216 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:28:17.0491 1216 UmPass - ok
11:28:17.0507 1216 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:28:17.0585 1216 upnphost - ok
11:28:17.0601 1216 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:28:17.0663 1216 usbccgp - ok
11:28:17.0710 1216 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:28:17.0725 1216 usbcir - ok
11:28:17.0741 1216 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:28:17.0772 1216 usbehci - ok
11:28:17.0803 1216 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:28:17.0850 1216 usbhub - ok
11:28:17.0866 1216 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:28:17.0897 1216 usbohci - ok
11:28:17.0928 1216 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:28:17.0959 1216 usbprint - ok
11:28:17.0991 1216 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:28:18.0037 1216 usbscan - ok
11:28:18.0053 1216 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:28:18.0115 1216 USBSTOR - ok
11:28:18.0162 1216 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:28:18.0193 1216 usbuhci - ok
11:28:18.0256 1216 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
11:28:18.0303 1216 usbvideo - ok
11:28:18.0318 1216 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:28:18.0381 1216 UxSms - ok
11:28:18.0427 1216 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
11:28:18.0459 1216 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
11:28:18.0459 1216 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
11:28:18.0568 1216 [ D4197CF0C8567046FD4AF28FF47AF528 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
11:28:18.0583 1216 VAIO Event Service - ok
11:28:18.0661 1216 [ 2D6605C1F0BBD0F71A4CB3A5B1E07240 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
11:28:18.0693 1216 VAIO Power Management - ok
11:28:18.0708 1216 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:28:18.0724 1216 VaultSvc - ok
11:28:18.0786 1216 [ 06FE5BEDDADB158D84E6DE33CBE19F3E ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
11:28:18.0833 1216 VCFw - ok
11:28:18.0927 1216 [ 34063C0B842E73662067F9B03947C55C ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
11:28:18.0958 1216 VcmIAlzMgr - ok
11:28:19.0020 1216 [ A8F5D1651A324ABC6C308891A1252EE3 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
11:28:19.0051 1216 VcmINSMgr - ok
11:28:19.0114 1216 [ DB544B487F360128DC1C383E0A6FCC2F ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
11:28:19.0129 1216 VcmXmlIfHelper - ok
11:28:19.0145 1216 Vcsw - ok
11:28:19.0161 1216 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:28:19.0176 1216 vdrvroot - ok
11:28:19.0239 1216 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:28:19.0317 1216 vds - ok
11:28:19.0348 1216 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:28:19.0363 1216 vga - ok
11:28:19.0410 1216 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:28:19.0457 1216 VgaSave - ok
11:28:19.0504 1216 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:28:19.0519 1216 vhdmp - ok
11:28:19.0566 1216 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:28:19.0582 1216 viaide - ok
11:28:19.0613 1216 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:28:19.0629 1216 volmgr - ok
11:28:19.0675 1216 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:28:19.0691 1216 volmgrx - ok
11:28:19.0722 1216 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:28:19.0738 1216 volsnap - ok
11:28:19.0785 1216 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:28:19.0800 1216 vsmraid - ok
11:28:19.0878 1216 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:28:20.0034 1216 VSS - ok
11:28:20.0081 1216 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:28:20.0112 1216 vwifibus - ok
11:28:20.0143 1216 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:28:20.0190 1216 vwififlt - ok
11:28:20.0221 1216 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
11:28:20.0253 1216 vwifimp - ok
11:28:20.0284 1216 [ D8BEF4AC1EAC809DBDBD441D6CFF6C4C ] VzCdbSvc C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
11:28:20.0315 1216 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
11:28:20.0315 1216 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
11:28:20.0346 1216 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:28:20.0393 1216 W32Time - ok
11:28:20.0424 1216 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:28:20.0455 1216 WacomPen - ok
11:28:20.0487 1216 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:28:20.0549 1216 WANARP - ok
11:28:20.0565 1216 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:28:20.0596 1216 Wanarpv6 - ok
11:28:20.0658 1216 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:28:20.0721 1216 WatAdminSvc - ok
11:28:20.0799 1216 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:28:20.0923 1216 wbengine - ok
11:28:20.0986 1216 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:28:21.0033 1216 WbioSrvc - ok
11:28:21.0079 1216 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:28:21.0126 1216 wcncsvc - ok
11:28:21.0173 1216 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:28:21.0235 1216 WcsPlugInService - ok
11:28:21.0267 1216 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:28:21.0282 1216 Wd - ok
11:28:21.0345 1216 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:28:21.0376 1216 Wdf01000 - ok
11:28:21.0407 1216 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:28:21.0516 1216 WdiServiceHost - ok
11:28:21.0516 1216 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:28:21.0547 1216 WdiSystemHost - ok
11:28:21.0594 1216 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:28:21.0625 1216 WebClient - ok
11:28:21.0657 1216 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:28:21.0719 1216 Wecsvc - ok
11:28:21.0735 1216 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:28:21.0797 1216 wercplsupport - ok
11:28:21.0828 1216 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:28:21.0875 1216 WerSvc - ok
11:28:21.0891 1216 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:28:21.0922 1216 WfpLwf - ok
11:28:21.0953 1216 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:28:21.0969 1216 WIMMount - ok
11:28:22.0000 1216 WinDefend - ok
11:28:22.0015 1216 WinHttpAutoProxySvc - ok
11:28:22.0062 1216 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:28:22.0140 1216 Winmgmt - ok
11:28:22.0234 1216 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:28:22.0374 1216 WinRM - ok
11:28:22.0452 1216 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
11:28:22.0483 1216 WinUsb - ok
11:28:22.0546 1216 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:28:22.0624 1216 Wlansvc - ok
11:28:22.0671 1216 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:28:22.0702 1216 wlcrasvc - ok
11:28:22.0873 1216 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:28:22.0983 1216 wlidsvc - ok
11:28:23.0014 1216 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:28:23.0045 1216 WmiAcpi - ok
11:28:23.0092 1216 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:28:23.0123 1216 wmiApSrv - ok
11:28:23.0154 1216 WMPNetworkSvc - ok
11:28:23.0185 1216 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:28:23.0201 1216 WPCSvc - ok
11:28:23.0248 1216 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:28:23.0263 1216 WPDBusEnum - ok
11:28:23.0310 1216 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:28:23.0357 1216 ws2ifsl - ok
11:28:23.0404 1216 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
11:28:23.0451 1216 wscsvc - ok
11:28:23.0451 1216 WSearch - ok
11:28:23.0560 1216 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:28:23.0669 1216 wuauserv - ok
11:28:23.0685 1216 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:28:23.0731 1216 WudfPf - ok
11:28:23.0778 1216 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:28:23.0825 1216 WUDFRd - ok
11:28:23.0872 1216 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:28:23.0903 1216 wudfsvc - ok
11:28:23.0950 1216 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:28:23.0997 1216 WwanSvc - ok
11:28:24.0028 1216 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
11:28:24.0059 1216 XAudio - ok
11:28:24.0106 1216 [ 6AFFD75C6807B3DD3AB018E27B88EF95 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
11:28:24.0184 1216 yukonw7 - ok
11:28:24.0231 1216 ================ Scan global ===============================
11:28:24.0309 1216 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:28:24.0355 1216 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:28:24.0371 1216 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:28:24.0402 1216 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:28:24.0433 1216 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:28:24.0449 1216 [Global] - ok
11:28:24.0449 1216 ================ Scan MBR ==================================
11:28:24.0449 1216 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:28:24.0449 1216 Suspicious mbr (Forged): \Device\Harddisk0\DR0
11:28:24.0511 1216 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:28:24.0511 1216 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:28:24.0589 1216 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:28:24.0589 1216 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:28:24.0589 1216 ================ Scan VBR ==================================
11:28:24.0589 1216 [ 2F8EF858FE244B450A54ED3B7696CFF6 ] \Device\Harddisk0\DR0\Partition1
11:28:24.0589 1216 \Device\Harddisk0\DR0\Partition1 - ok
11:28:24.0621 1216 [ 5E35D4DDE65D8B2E7201C043FC1A6AAB ] \Device\Harddisk0\DR0\Partition2
11:28:24.0621 1216 \Device\Harddisk0\DR0\Partition2 - ok
11:28:24.0621 1216 ============================================================
11:28:24.0621 1216 Scan finished
11:28:24.0621 1216 ============================================================
11:28:24.0636 6908 Detected object count: 6
11:28:24.0636 6908 Actual detected object count: 6
11:29:07.0287 6908 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:29:07.0287 6908 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:29:07.0287 6908 SampleCollector ( UnsignedFile.Multi.Generic ) - skipped by user
11:29:07.0287 6908 SampleCollector ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:29:07.0302 6908 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:29:07.0302 6908 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:29:07.0302 6908 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:29:07.0302 6908 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:29:08.0098 6908 \Device\Harddisk0\DR0\# - copied to quarantine
11:29:08.0113 6908 \Device\Harddisk0\DR0 - copied to quarantine
11:29:08.0160 6908 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:29:08.0176 6908 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:29:08.0176 6908 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
11:29:08.0191 6908 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
11:29:08.0207 6908 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:29:08.0207 6908 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:29:08.0207 6908 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:29:08.0207 6908 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:29:08.0223 6908 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:29:08.0223 6908 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:29:08.0223 6908 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:29:08.0223 6908 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:29:08.0223 6908 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:29:08.0238 6908 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:29:08.0238 6908 \Device\Harddisk0\DR0 - ok
11:29:08.0425 6908 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
11:29:08.0425 6908 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:29:08.0425 6908 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:29:16.0818 4808 Deinitialize success
t out, I'm silly with computers sometimes. Here is the first log
  • 0

#9
elenacupcake

elenacupcake

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-26 11:55:57
-----------------------------
11:55:57.896 OS Version: Windows x64 6.1.7601 Service Pack 1
11:55:57.896 Number of processors: 2 586 0x170A
11:55:57.896 ComputerName: MARIAELENA-VAIO UserName: mariaelena
11:55:59.876 Initialize success
11:57:01.745 AVAST engine defs: 12082600
11:59:21.311 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:59:21.311 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
11:59:21.311 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000074
11:59:21.327 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
11:59:21.327 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000075
11:59:21.327 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
11:59:21.342 Disk 0 MBR read successfully
11:59:21.358 Disk 0 MBR scan
11:59:21.358 Disk 0 Windows 7 default MBR code
11:59:21.389 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8093 MB offset 2048
11:59:21.405 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 16576512
11:59:21.420 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 297050 MB offset 16781312
11:59:21.452 Disk 0 scanning C:\Windows\system32\drivers
11:59:35.482 Service scanning
12:00:06.979 Modules scanning
12:00:06.979 Disk 0 trace - called modules:
12:00:07.025 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
12:00:07.041 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800578c6b0]
12:00:07.057 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa80046d7b20]
12:00:07.072 5 ACPI.sys[fffff88000fa17a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046dc050]
12:00:08.767 AVAST engine scan C:\Windows
12:00:13.564 AVAST engine scan C:\Windows\system32
12:04:22.831 AVAST engine scan C:\Windows\system32\drivers
12:04:46.266 AVAST engine scan C:\Users\mariaelena
12:05:05.995 Disk 0 MBR has been saved successfully to "C:\Users\mariaelena\Desktop\MBR.dat"
12:05:06.005 The log file has been saved successfully to "C:\Users\mariaelena\Desktop\aswMBR.txt"
  • 0

#10
elenacupcake

elenacupcake

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
The next file MBR.d9 wouldnt open on my computer, a window popped up and said windows couldn't open the file and wanted me to download some registry program and I didnt. So I don't know what to do about that. :confused:
  • 0

#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. You did it right. How is your system now? Problems?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP