hichactoe
-
Posts
10 -
Joined
-
Last visited
-
infected by Funmoods can you help
hichactoe replied to hichactoe's topic in Resolved Malware Removal Logs
No problems at all . Thank you very much for helping me out in resolving this issue. hichactoe Have a great day -
infected by Funmoods can you help
hichactoe replied to hichactoe's topic in Resolved Malware Removal Logs
Finished running ESET and there were no threats found. Next step ? -
infected by Funmoods can you help
hichactoe replied to hichactoe's topic in Resolved Malware Removal Logs
Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.06.01 Windows XP Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.18702 Tom :: NJS-7392FF1A179 [administrator] Protection: Enabled 1/5/2013 11:57:24 PM mbam-log-2013-01-05 (23-57-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 190408 Time elapsed: 3 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) -
infected by Funmoods can you help
hichactoe replied to hichactoe's topic in Resolved Malware Removal Logs
# AdwCleaner v2.104 - Logfile created 01/05/2013 at 23:47:06 # Updated 29/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 2 (32 bits) # User : Tom - NJS-7392FF1A179 # Boot Mode : Normal # Running from : C:\Documents and Settings\Tom\My Documents\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Documents and Settings\Tom\Desktop\Search The Web.url File Deleted : C:\Documents and Settings\Tom\Desktop\sweetpcfix.url Folder Deleted : C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\SweetPacksToolbarData Folder Deleted : C:\Documents and Settings\Tom\Local Settings\Application Data\APN ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKCU\Software\StartSearch Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Key Deleted : HKLM\Software\iLividSRTB ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\prefs.js [OK] File is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Deleted [l.18] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y[...] Deleted [l.2186] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1[...] ************************* AdwCleaner[s1].txt - [2139 octets] - [05/01/2013 23:47:06] ########## EOF - C:\AdwCleaner[s1].txt - [2199 octets] ########## -
infected by Funmoods can you help
hichactoe replied to hichactoe's topic in Resolved Malware Removal Logs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.3.8 (01.03.2013:2) OS: Microsoft Windows XP x86 Ran by Tom on Sat 01/05/2013 at 23:24:50.75 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\S-1-5-21-57989841-1606980848-682003330-1003\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\datamngr_toolbar Successfully deleted: [Registry Key] hkey_current_user\software\ilivid Successfully deleted: [Registry Key] hkey_current_user\software\installedbrowserextensions Successfully deleted: [Registry Key] hkey_current_user\software\sweetim Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetup.exe Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406} Successfully deleted: [Registry Key] "hkey_current_user\software\apn" Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com" Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar" ~~~ Files Successfully deleted: [File] "C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job" ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess" Successfully deleted: [Folder] "C:\Documents and Settings\Tom\Application Data\comcasttb" Successfully deleted: [Folder] "C:\Documents and Settings\Tom\Local Settings\Application Data\torch" Successfully deleted: [Folder] "C:\Program Files\sweetim" Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask" Successfully deleted: [Folder] "C:\Program Files\ask.com" Successfully deleted: [Folder] "C:\Documents and Settings\Tom\local settings\application data\asktoolbar" Successfully deleted: [Folder] "C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}" ~~~ FireFox Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\search_results.xml" Successfully deleted: [File] C:\Documents and Settings\Tom\Application Data\mozilla\firefox\profiles\6cycggh8.default\user.js Successfully deleted: [File] C:\Documents and Settings\Tom\Application Data\mozilla\firefox\profiles\6cycggh8.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi Successfully deleted: [File] C:\Documents and Settings\Tom\Application Data\mozilla\firefox\profiles\6cycggh8.default\searchplugins\askcom.xml Successfully deleted: [File] C:\Documents and Settings\Tom\Application Data\mozilla\firefox\profiles\6cycggh8.default\searchplugins\funmoods.xml Successfully deleted: [File] C:\Documents and Settings\Tom\Application Data\mozilla\firefox\profiles\6cycggh8.default\searchplugins\search_results.xml Successfully deleted: [File] C:\Documents and Settings\Tom\Application Data\mozilla\firefox\profiles\6cycggh8.default\searchplugins\sweetim.xml Successfully deleted: [Folder] C:\Documents and Settings\Tom\Application Data\mozilla\firefox\profiles\6cycggh8.default\extensions\crossriderapp3491@crossrider.com Successfully deleted: [Folder] C:\Documents and Settings\Tom\Application Data\mozilla\firefox\profiles\6cycggh8.default\extensions\toolbar@ask.com Successfully deleted the following from C:\Documents and Settings\Tom\Application Data\mozilla\firefox\profiles\6cycggh8.default\prefs.js user_pref("browser.newtab.url", "http://home.sweetim.com/?src=97&barid={796D5449-3892-11E2-8040-5CAC4CE8713A}"); user_pref("browser.search.defaultengine", "Ask.com"); user_pref("browser.search.defaultenginename", "Funmoods"); user_pref("browser.search.order.1", "Search Results"); user_pref("browser.search.selectedEngine", "Funmoods"); user_pref("extensions.asktb.ff-original-keyword-url", "http://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q="); user_pref("extensions.crossrider.bic", "13b324220a37fa092b983c20ce0dc133"); user_pref("extensions.crossriderapp3491.3491.InstallationTime", 1353757893); user_pref("extensions.crossriderapp3491.3491.active", true); user_pref("extensions.crossriderapp3491.3491.addressbar", ""); user_pref("extensions.crossriderapp3491.3491.addressbarenhanced", ""); user_pref("extensions.crossriderapp3491.3491.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit() user_pref("extensions.crossriderapp3491.3491.backgroundver", 12); user_pref("extensions.crossriderapp3491.3491.can_run_bg_code", true); user_pref("extensions.crossriderapp3491.3491.certdomaininstaller", ""); user_pref("extensions.crossriderapp3491.3491.changeprevious", false); user_pref("extensions.crossriderapp3491.3491.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.cookie.InstallationTime.value", "1353757893"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_aoi.value", "1353757893"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_blocklist.expiration", "Sat Jan 05 2013 21:14:02 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_country_code.expiration", "Tue Jan 08 2013 07:50:34 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_country_code.value", "%22US%22"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_crr.value", "1357438204"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_currenttime.value", "%221356061408%22"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_hotfix20111102645.value", "%221%22"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_parent_zoneid.value", "%2214019%22"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_pc_20120828.value", "1353758000841"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_product_id.value", "%221140%22"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_sr[hulu.com].expiration", "Wed Dec 26 2012 10:42:22 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_sr[hulu.com].value", "1356450142"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.cookie._GPL_zoneid.value", "%22110731%22"); user_pref("extensions.crossriderapp3491.3491.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.cookie.dbtest.value", "1353757894661"); user_pref("extensions.crossriderapp3491.3491.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.cookie.lastrequest.value", "%7B%22path%22%3A%22/interfaces/sso/login.php%22%2C%22host%22%3A%22mail.nilesjanitorsupply.com%22%2C%22 user_pref("extensions.crossriderapp3491.3491.description", "Vid-Saver allows you to download your favorite streaming videos!"); user_pref("extensions.crossriderapp3491.3491.domain", ""); user_pref("extensions.crossriderapp3491.3491.enablesearch", false); user_pref("extensions.crossriderapp3491.3491.fbremoteurl", ""); user_pref("extensions.crossriderapp3491.3491.group", 0); user_pref("extensions.crossriderapp3491.3491.homepage", ""); user_pref("extensions.crossriderapp3491.3491.iframe", false); user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_appVer.value", "65"); user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_lastVersion.value", "0"); user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_meta.value", "%7B%7D"); user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_nextCheck.expiration", "Sun Jan 06 2013 03:10:04 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_nextCheck.value", "true"); user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_queue.value", "%7B%7D"); user_pref("extensions.crossriderapp3491.3491.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1140,baseCDN:\" user_pref("extensions.crossriderapp3491.3491.manifesturl", ""); user_pref("extensions.crossriderapp3491.3491.name", "Vid-Saver"); user_pref("extensions.crossriderapp3491.3491.newtab", ""); user_pref("extensions.crossriderapp3491.3491.opensearch", ""); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw n user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000014.ver", 10); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function( user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000015.name", "GPL Background (BG)"); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000015.ver", 4); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelectio user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.name", "CrossriderAppUtils"); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.ver", 2); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"& user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.name", "CrossriderUtils"); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.ver", 2); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*9999999999999 user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.name", "FacebookFFIE"); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.ver", 1); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!=true)&&(typeof _firefoxVersion!==\"undefined\"&&_ user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.name", "FFAppAPIWrapper"); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.ver", 4); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * http://jquery.com/\n *\ user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.name", "jQuery"); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.ver", 3); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(fu user_pref("extensions.crossriderapp3491.3491.plugins.plugin_47.name", "resources_background"); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_47.ver", 1); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};v user_pref("extensions.crossriderapp3491.3491.plugins.plugin_64.name", "appApiMessage"); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_64.ver", 1); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var j={};var e=appAPI.appInfo.name;var k=fu user_pref("extensions.crossriderapp3491.3491.plugins.plugin_72.name", "appApiValidation"); user_pref("extensions.crossriderapp3491.3491.plugins.plugin_72.ver", 1); user_pref("extensions.crossriderapp3491.3491.plugins_lists.plugins_0", "17,14,16,64,72,47,1000015"); user_pref("extensions.crossriderapp3491.3491.plugins_lists.plugins_1", "17,14,13,16,15,64,72,1000014"); user_pref("extensions.crossriderapp3491.3491.pluginsurl", "http://app-static.crossrider.com/plugin/apps/3491/plugins/086/ff/plugins.json"); user_pref("extensions.crossriderapp3491.3491.pluginsversion", 22); user_pref("extensions.crossriderapp3491.3491.publisher", "215 Apps"); user_pref("extensions.crossriderapp3491.3491.searchstatus", 0); user_pref("extensions.crossriderapp3491.3491.setnewtab", false); user_pref("extensions.crossriderapp3491.3491.settingsurl", ""); user_pref("extensions.crossriderapp3491.3491.thankyou", "http://vid-saver.com/thankyou.html"); user_pref("extensions.crossriderapp3491.3491.updateinterval", 360); user_pref("extensions.crossriderapp3491.3491.ver", 65); user_pref("extensions.crossriderapp3491.adsOldValue", -1); user_pref("extensions.crossriderapp3491.apps", "3491"); user_pref("extensions.crossriderapp3491.bic", "13b324220a37fa092b983c20ce0dc133"); user_pref("extensions.crossriderapp3491.cid", 3491); user_pref("extensions.crossriderapp3491.firstrun", false); user_pref("extensions.crossriderapp3491.hadappinstalled", true); user_pref("extensions.crossriderapp3491.installationdate", 1353757893); user_pref("extensions.crossriderapp3491.lastcheck", 22623969); user_pref("extensions.crossriderapp3491.lastcheckitem", 22623970); user_pref("extensions.crossriderapp3491.modetype", "production"); user_pref("extensions.crossriderapp3491.reportInstall", true); user_pref("extensions.funmoods.aflt", "orgnl"); user_pref("extensions.funmoods.autoRvrt", false); user_pref("extensions.funmoods.dfltLng", ""); user_pref("extensions.funmoods.dfltSrch", true); user_pref("extensions.funmoods.dnsErr", true); user_pref("extensions.funmoods.envrmnt", "production"); user_pref("extensions.funmoods.excTlbr", false); user_pref("extensions.funmoods.hmpg", true); user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzyzz0E0E0B0FtBzzyCyCtN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtDtFt user_pref("extensions.funmoods.id", "F04DA298EEBF2866"); user_pref("extensions.funmoods.instlDay", "15682"); user_pref("extensions.funmoods.instlRef", ""); user_pref("extensions.funmoods.isdcmntcmplt", true); user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzyzz0E0E0B0FtBzzyCyCtN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtDt user_pref("extensions.funmoods.prdct", "funmoods"); user_pref("extensions.funmoods.prtnrId", "funmoods"); user_pref("extensions.funmoods.srchPrvdr", "Search"); user_pref("extensions.funmoods.tlbrId", "base"); user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzyzz0E0E0B0FtBzzyCyCtN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFt user_pref("extensions.funmoods.vrsn", "1.5.23.22"); user_pref("extensions.funmoods.vrsni", "1.5.23.22"); user_pref("extensions.funmoods_i.newTab", true); user_pref("extensions.funmoods_i.smplGrp", "none"); user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:38:2"); user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true"); user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0"); user_pref("sweetim.toolbar.Visibility.enable", "true"); user_pref("sweetim.toolbar.Visibility.intervaldays", "7"); user_pref("sweetim.toolbar.cargo", "3.1010000.10005"); user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true"); user_pref("sweetim.toolbar.cda.HideOveride.enable", "true"); user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true"); user_pref("sweetim.toolbar.cda.returnValue", "hide"); user_pref("sweetim.toolbar.dialogs.0.enable", "true"); user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js"); user_pref("sweetim.toolbar.dialogs.0.height", "335"); user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog"); user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;"); user_pref("sweetim.toolbar.dialogs.0.url", "http://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;"); user_pref("sweetim.toolbar.dialogs.0.width", "761"); user_pref("sweetim.toolbar.dialogs.1.enable", "true"); user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js"); user_pref("sweetim.toolbar.dialogs.1.height", "300"); user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog"); user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog"); user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"); user_pref("sweetim.toolbar.dialogs.1.width", "500"); user_pref("sweetim.toolbar.dialogs.2.enable", "true"); user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js"); user_pref("sweetim.toolbar.dialogs.2.height", "150"); user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove"); user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog"); user_pref("sweetim.toolbar.dialogs.2.url", "http://www.sweetim.com/simffbar/simcdadialog.asp"); user_pref("sweetim.toolbar.dialogs.2.width", "530"); user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false"); user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); user_pref("sweetim.toolbar.mode.debug", "false"); user_pref("sweetim.toolbar.newtab.created", "true"); user_pref("sweetim.toolbar.newtab.enable", "true"); user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab"); user_pref("sweetim.toolbar.previous.keyword.URL", ""); user_pref("sweetim.toolbar.rc.url", "http://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;"); user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true"); user_pref("sweetim.toolbar.scripts.0.callback", "simVerification"); user_pref("sweetim.toolbar.scripts.0.domain-blacklist", ""); user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "http://(www.|apps.)?facebook\\.com.*"); user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb"); user_pref("sweetim.toolbar.scripts.0.enable", "true"); user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb"); user_pref("sweetim.toolbar.scripts.0.url", "http://sc.sweetim.com/apps/in/fb/infb.js"); user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true"); user_pref("sweetim.toolbar.scripts.1.callback", "simVerification"); user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "https://(www.|apps.)?facebook\\.com.*"); user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb"); user_pref("sweetim.toolbar.scripts.1.enable", "false"); user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_httpS"); user_pref("sweetim.toolbar.scripts.1.url", "https://sc.sweetim.com/apps/in/fb/infb.js"); user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false"); user_pref("sweetim.toolbar.scripts.2.callback", ""); user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*"); user_pref("sweetim.toolbar.scripts.2.domain-whitelist", ""); user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script"); user_pref("sweetim.toolbar.scripts.2.enable", "false"); user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad"); user_pref("sweetim.toolbar.scripts.2.url", "http://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1"); user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://sear user_pref("sweetim.toolbar.search.history", ""); user_pref("sweetim.toolbar.search.history.capacity", "10"); user_pref("sweetim.toolbar.searchguard.enable", "false"); user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true"); user_pref("sweetim.toolbar.simapp_id", "{796D5449-3892-11E2-8040-5CAC4CE8713A}"); user_pref("sweetim.toolbar.version", "1.7.0.3"); ~~~ Chrome Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pgmfkblbflahhponhjmkcnpjinenhlnc ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 01/05/2013 at 23:29:28.46 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -
infected by Funmoods can you help
hichactoe replied to hichactoe's topic in Resolved Malware Removal Logs
Need help on ESET online scanner , getting unexpected error 2002. What should I do next. -
infected by Funmoods can you help
hichactoe replied to hichactoe's topic in Resolved Malware Removal Logs
ComboFix 13-01-05.01 - Tom 01/05/2013 18:28:43.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3063.2117 [GMT -5:00] Running from: c:\documents and settings\Tom\My Documents\Downloads\ComboFix.exe AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\chrome.manifest c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\loader.xul c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\install.rdf c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf c:\documents and settings\Tom\GoToAssistDownloadHelper.exe c:\documents and settings\Tom\Local Settings\Application Data\Vid-Saver c:\documents and settings\Tom\Local Settings\Application Data\Vid-Saver\Chrome\Vid-Saver.crx c:\program files\Internet Explorer\SET43.tmp c:\program files\Internet Explorer\SET47.tmp c:\program files\Internet Explorer\SET48.tmp c:\program files\Vid-Saver c:\program files\Vid-Saver\ButtonUtil.dll c:\program files\Vid-Saver\Uninstall.exe c:\program files\Vid-Saver\Vid-Saver-bg.exe c:\program files\Vid-Saver\Vid-Saver.exe c:\windows\jestertb.dll c:\windows\klog633.lg c:\windows\system32\_000003_.tmp.dll c:\windows\system32\SET5E.tmp c:\windows\system32\SET5F.tmp c:\windows\system32\SET60.tmp c:\windows\system32\SET61.tmp c:\windows\system32\SET62.tmp c:\windows\system32\SET63.tmp c:\windows\system32\SET64.tmp c:\windows\system32\SET65.tmp c:\windows\system32\SET66.tmp c:\windows\system32\SET69.tmp c:\windows\system32\SET6A.tmp c:\windows\system32\SET6B.tmp c:\windows\system32\SET6C.tmp c:\windows\system32\SET6D.tmp c:\windows\system32\SET6E.tmp c:\windows\system32\SET70.tmp c:\windows\system32\SET71.tmp c:\windows\system32\SET72.tmp c:\windows\system32\SET73.tmp c:\windows\system32\SET74.tmp c:\windows\system32\SET75.tmp c:\windows\system32\SET76.tmp c:\windows\system32\SET78.tmp c:\windows\system32\SET79.tmp c:\windows\system32\SET7A.tmp c:\windows\system32\SET7B.tmp c:\windows\system32\SET7C.tmp c:\windows\system32\SET7D.tmp c:\windows\system32\SET7E.tmp c:\windows\system32\SET7F.tmp c:\windows\system32\SET80.tmp c:\windows\system32\SET81.tmp c:\windows\system32\SET83.tmp c:\windows\system32\SET84.tmp c:\windows\system32\SET85.tmp c:\windows\system32\SET86.tmp c:\windows\system32\SET87.tmp c:\windows\system32\SET88.tmp c:\windows\system32\SET8A.tmp c:\windows\system32\SET8B.tmp c:\windows\system32\SET8C.tmp c:\windows\system32\SET8D.tmp c:\windows\system32\SET8E.tmp c:\windows\system32\SET8F.tmp c:\windows\system32\SET90.tmp c:\windows\system32\SET91.tmp c:\windows\system32\SET92.tmp c:\windows\system32\SET93.tmp c:\windows\system32\SETC.tmp . . ((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 ))))))))))))))))))))))))))))))) . . 2012-12-27 23:57 . 2012-12-27 23:57 -------- d-----w- c:\documents and settings\Tom\Application Data\Malwarebytes 2012-12-27 23:57 . 2012-12-27 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-12-27 23:57 . 2012-12-27 23:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-12-27 23:57 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-22 03:37 . 2012-12-22 04:32 -------- d--h--w- c:\windows\PIF 2012-12-21 22:43 . 2012-12-21 22:43 -------- d-----w- C:\N360_BACKUP 2012-12-10 01:19 . 2012-12-10 01:19 -------- d-----w- c:\program files\Easeware 2012-12-10 01:19 . 2012-12-10 01:19 -------- d-----w- c:\documents and settings\Tom\Application Data\Easeware 2012-12-08 23:05 . 2012-12-28 00:17 -------- d-----w- c:\documents and settings\Tom\Application Data\Skype 2012-12-08 23:05 . 2012-12-08 23:05 -------- d-----w- c:\program files\Common Files\Skype 2012-12-08 23:05 . 2012-12-08 23:05 -------- d-----r- c:\program files\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-13 04:07 . 2012-09-28 02:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-13 04:07 . 2012-09-28 02:10 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-23 04:22 . 2012-11-23 04:22 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-11-23 04:22 . 2012-11-23 04:22 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-23 04:22 . 2012-11-23 04:22 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-11-23 04:22 . 2012-11-23 04:22 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-11-21 14:20 . 2012-11-21 14:20 22328 ----a-w- c:\documents and settings\Tom\Application Data\PnkBstrK.sys 2012-10-15 23:19 . 2012-10-15 23:19 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2012-10-15 23:19 . 2012-10-15 23:19 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-10-08 14:05 . 2012-10-26 13:02 604672 ----a-w- c:\windows\system32\EKIJ5000MON.dll 2012-10-08 14:05 . 2012-10-26 13:02 225792 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll 2012-10-08 14:05 . 2012-10-26 13:02 118784 ----a-w- c:\windows\system32\EKIJCOINST13.dll 2012-12-01 13:26 . 2012-12-01 13:26 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PrivitizeVPNInstaller"="c:\documents and settings\Tom\Local Settings\Application Data\PrivitizeVPNInstaller\PrivitizeVPN_1.0.0.2_install_config.exe" [2012-11-24 1274472] "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224] "Conime"="c:\windows\system32\conime.exe" [2004-08-04 27648] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Constant Guard.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Constant Guard.lnk backup=c:\windows\pss\Constant Guard.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr] 2008-12-17 09:41 729088 ----a-w- c:\windows\system32\AESTFltr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2012-09-28 03:44 2670592 ----a-w- c:\windows\system32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime] 2004-08-04 12:00 27648 ----a-w- c:\windows\system32\conime.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor] 2012-10-08 14:05 2804224 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKStatusMonitor] 2012-10-15 15:58 2844608 ----a-w- c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeFallProtection] 2010-10-01 13:48 727664 ----a-w- c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2010-02-19 17:02 13803520 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey] 2010-02-19 17:02 86016 ----a-w- c:\windows\system32\nvhotkey.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2010-02-19 17:02 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2010-02-19 17:03 1657448 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-11-09 16:27 17877168 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp] 2010-04-07 08:35 495708 ------w- c:\program files\IDT\WDM\sttray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Anywhere Backup] 2008-11-07 19:20 197856 ----a-w- c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager] 2008-07-24 19:22 450560 ----a-w- c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"= "c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"= "c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"= "c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:UDP"= 5353:UDP:Bonjour Port 5353 "9322:TCP"= 9322:TCP:EKDiscovery . R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [9/27/2012 10:46 PM 17648] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604000.009\symds.sys [10/15/2012 7:21 PM 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604000.009\symefa.sys [10/15/2012 7:21 PM 924320] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121130.005\BHDrvx86.sys [12/3/2012 10:00 PM 995488] R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360\0604000.009\ccsetx86.sys [10/15/2012 7:21 PM 132768] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604000.009\ironx86.sys [10/15/2012 7:21 PM 149624] R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [10/16/2012 1:19 PM 61552] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [10/19/2012 1:51 PM 395200] R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [10/15/2012 10:58 AM 779200] R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [11/7/2008 2:20 PM 25824] R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\6.4.0.9\ccsvchst.exe [10/15/2012 7:21 PM 138272] R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [9/27/2012 9:40 PM 2320920] R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [6/3/2010 2:40 PM 1664304] R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 2:22 PM 102400] R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [9/27/2012 10:46 PM 43888] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9/27/2012 10:38 PM 112512] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/15/2012 6:41 PM 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130104.001\IDSXpx86.sys [1/4/2013 6:44 PM 373728] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [9/27/2012 10:54 PM 125696] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/27/2012 6:57 PM 398184] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/27/2012 6:57 PM 682344] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 11:21 AM 160944] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/27/2012 6:57 PM 21104] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [9/27/2012 10:51 PM 171520] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 12793247 *NewlyCreated* - FFADIPOB *Deregistered* - 12793247 *Deregistered* - ffadipob . Contents of the 'Scheduled Tasks' folder . 2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-28 04:07] . 2012-12-10 c:\windows\Tasks\DriverNavigator Scheduled Scan.job - c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2012-12-10 20:09] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-24 17:41] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-24 17:41] . 2013-01-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2012-10-17 05:46] . 2013-01-05 c:\windows\Tasks\User_Feed_Synchronization-{5C0642A4-63DD-49BD-8329-13BC0EC29F72}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 FF - ProfilePath - c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\ FF - prefs.js: browser.search.selectedEngine - Funmoods FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q= FF - ExtSQL: 2012-11-22 23:33; toolbar@ask.com; c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\toolbar@ask.com FF - ExtSQL: 2012-11-23 23:30; crossriderapp3491@crossrider.com; c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\crossriderapp3491@crossrider.com FF - ExtSQL: 2012-11-27 08:32; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF - ExtSQL: 2012-12-08 17:38; ffxtlbr@funmoods.com; c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzyzz0E0E0B0FtBzzyCyCtN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=511266012 FF - user.js: extensions.funmoods.dfltSrch - true FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzyzz0E0E0B0FtBzzyCyCtN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=511266012 FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzyzz0E0E0B0FtBzzyCyCtN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=511266012&q= FF - user.js: extensions.funmoods.id - F04DA298EEBF2866 FF - user.js: extensions.funmoods.instlDay - 15682 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:38:2 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - orgnl FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) Toolbar-Locked - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-05 18:31 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\6.4.0.9\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(892) c:\windows\System32\BCMLogon.dll . Completion time: 2013-01-05 18:32:15 ComboFix-quarantined-files.txt 2013-01-05 23:32 . Pre-Run: 425,588,326,400 bytes free Post-Run: 425,540,382,720 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 5E29D4FDE6ECA6ABC733DE7AFE153DCE -
infected by Funmoods can you help
hichactoe replied to hichactoe's topic in Resolved Malware Removal Logs
17:10:28.0156 3936 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 17:10:28.0703 3936 ============================================================ 17:10:28.0703 3936 Current date / time: 2013/01/05 17:10:28.0703 17:10:28.0703 3936 SystemInfo: 17:10:28.0703 3936 17:10:28.0703 3936 OS Version: 5.1.2600 ServicePack: 2.0 17:10:28.0703 3936 Product type: Workstation 17:10:28.0703 3936 ComputerName: NJS-7392FF1A179 17:10:28.0703 3936 UserName: Tom 17:10:28.0703 3936 Windows directory: C:\WINDOWS 17:10:28.0703 3936 System windows directory: C:\WINDOWS 17:10:28.0703 3936 Processor architecture: Intel x86 17:10:28.0703 3936 Number of processors: 4 17:10:28.0703 3936 Page size: 0x1000 17:10:28.0703 3936 Boot type: Normal boot 17:10:28.0703 3936 ============================================================ 17:10:30.0343 3936 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 17:10:30.0343 3936 ============================================================ 17:10:30.0343 3936 \Device\Harddisk0\DR0: 17:10:30.0343 3936 MBR partitions: 17:10:30.0343 3936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41 17:10:30.0343 3936 ============================================================ 17:10:30.0375 3936 C: <-> \Device\Harddisk0\DR0\Partition1 17:10:30.0375 3936 ============================================================ 17:10:30.0375 3936 Initialize success 17:10:30.0375 3936 ============================================================ 17:10:52.0234 2620 ============================================================ 17:10:52.0234 2620 Scan started 17:10:52.0234 2620 Mode: Manual; SigCheck; TDLFS; 17:10:52.0234 2620 ============================================================ 17:10:52.0468 2620 ================ Scan system memory ======================== 17:10:53.0968 2620 System memory - ok 17:10:53.0968 2620 ================ Scan services ============================= 17:10:54.0078 2620 Abiosdsk - ok 17:10:54.0078 2620 abp480n5 - ok 17:10:54.0125 2620 [ C351EB0DEB102D7EC67CDDEE6513DDF5 ] Acceler C:\WINDOWS\system32\DRIVERS\Accelern.sys 17:10:54.0171 2620 Acceler - ok 17:10:54.0218 2620 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 17:10:55.0156 2620 ACPI - ok 17:10:55.0171 2620 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 17:10:55.0281 2620 ACPIEC - ok 17:10:55.0343 2620 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 17:10:55.0359 2620 AdobeFlashPlayerUpdateSvc - ok 17:10:55.0359 2620 adpu160m - ok 17:10:55.0406 2620 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys 17:10:55.0500 2620 aec - ok 17:10:55.0531 2620 [ F21D5E93A94514BE9F5B6EBF74A696B2 ] AESTAud C:\WINDOWS\system32\drivers\AESTAud.sys 17:10:55.0578 2620 AESTAud - ok 17:10:55.0609 2620 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys 17:10:55.0750 2620 AFD - ok 17:10:55.0750 2620 Aha154x - ok 17:10:55.0750 2620 aic78u2 - ok 17:10:55.0765 2620 aic78xx - ok 17:10:55.0796 2620 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll 17:10:55.0875 2620 Alerter - ok 17:10:55.0890 2620 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe 17:10:55.0953 2620 ALG - ok 17:10:55.0968 2620 AliIde - ok 17:10:55.0968 2620 amsint - ok 17:10:55.0984 2620 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 17:10:56.0046 2620 AppMgmt - ok 17:10:56.0046 2620 asc - ok 17:10:56.0046 2620 asc3350p - ok 17:10:56.0046 2620 asc3550 - ok 17:10:56.0125 2620 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 17:10:56.0140 2620 aspnet_state - ok 17:10:56.0156 2620 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 17:10:56.0265 2620 AsyncMac - ok 17:10:56.0296 2620 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 17:10:56.0390 2620 atapi - ok 17:10:56.0390 2620 Atdisk - ok 17:10:56.0390 2620 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 17:10:56.0468 2620 Atmarpc - ok 17:10:56.0515 2620 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 17:10:56.0578 2620 AudioSrv - ok 17:10:56.0625 2620 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 17:10:56.0703 2620 audstub - ok 17:10:56.0781 2620 [ 5D4893633B7161FA25500EB7AEABEC94 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 17:10:56.0890 2620 BCM43XX - ok 17:10:56.0953 2620 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 17:10:57.0015 2620 Beep - ok 17:10:57.0125 2620 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121130.005\BHDrvx86.sys 17:10:57.0171 2620 BHDrvx86 - ok 17:10:57.0218 2620 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll 17:10:57.0375 2620 BITS - ok 17:10:57.0453 2620 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 17:10:57.0468 2620 Bonjour Service - ok 17:10:57.0515 2620 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll 17:10:57.0640 2620 Browser - ok 17:10:57.0703 2620 [ 9E8CF88D340E32FCB3C53955B2DF388F ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys 17:10:57.0718 2620 btaudio - ok 17:10:57.0750 2620 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys 17:10:57.0765 2620 BTDriver - ok 17:10:57.0796 2620 [ 9F704F40CD50AE05BBFC492C0342E765 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys 17:10:57.0828 2620 BTKRNL - ok 17:10:57.0875 2620 [ 8487071731230D3D40807E0B28F64725 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 17:10:57.0890 2620 btwdins - ok 17:10:57.0921 2620 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys 17:10:57.0937 2620 BTWDNDIS - ok 17:10:57.0937 2620 [ C51D50CF24DA69A9C499E65B0EDB3BB7 ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys 17:10:57.0937 2620 btwhid - ok 17:10:57.0937 2620 [ 581CA1A9B6F8CBA92E3BC8460C14FAAB ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys 17:10:57.0953 2620 BTWUSB - ok 17:10:57.0968 2620 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 17:10:58.0078 2620 cbidf2k - ok 17:10:58.0109 2620 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 17:10:58.0187 2620 CCDECODE - ok 17:10:58.0265 2620 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\WINDOWS\system32\drivers\N360\0604000.009\ccSetx86.sys 17:10:58.0281 2620 ccSet_N360 - ok 17:10:58.0281 2620 cd20xrnt - ok 17:10:58.0312 2620 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 17:10:58.0406 2620 Cdaudio - ok 17:10:58.0437 2620 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 17:10:58.0500 2620 Cdfs - ok 17:10:58.0531 2620 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 17:10:58.0609 2620 Cdrom - ok 17:10:58.0625 2620 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys 17:10:58.0640 2620 cercsr6 ( UnsignedFile.Multi.Generic ) - warning 17:10:58.0640 2620 cercsr6 - detected UnsignedFile.Multi.Generic (1) 17:10:58.0640 2620 Changer - ok 17:10:58.0640 2620 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe 17:10:58.0718 2620 CiSvc - ok 17:10:58.0718 2620 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 17:10:58.0796 2620 ClipSrv - ok 17:10:58.0828 2620 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:10:58.0859 2620 clr_optimization_v2.0.50727_32 - ok 17:10:58.0890 2620 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 17:10:58.0968 2620 CmBatt - ok 17:10:58.0968 2620 CmdIde - ok 17:10:58.0968 2620 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 17:10:59.0031 2620 Compbatt - ok 17:10:59.0046 2620 COMSysApp - ok 17:10:59.0046 2620 Cpqarray - ok 17:10:59.0078 2620 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 17:10:59.0156 2620 CryptSvc - ok 17:10:59.0171 2620 dac2w2k - ok 17:10:59.0171 2620 dac960nt - ok 17:10:59.0203 2620 [ 5C83A4408604F737717AB96371201680 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 17:10:59.0296 2620 DcomLaunch - ok 17:10:59.0312 2620 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 17:10:59.0421 2620 Dhcp - ok 17:10:59.0468 2620 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 17:10:59.0562 2620 Disk - ok 17:10:59.0562 2620 dmadmin - ok 17:10:59.0593 2620 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 17:10:59.0718 2620 dmboot - ok 17:10:59.0718 2620 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys 17:10:59.0843 2620 dmio - ok 17:10:59.0859 2620 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 17:10:59.0968 2620 dmload - ok 17:10:59.0984 2620 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll 17:11:00.0109 2620 dmserver - ok 17:11:00.0140 2620 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 17:11:00.0265 2620 DMusic - ok 17:11:00.0281 2620 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 17:11:00.0406 2620 Dnscache - ok 17:11:00.0406 2620 dpti2o - ok 17:11:00.0437 2620 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 17:11:00.0546 2620 drmkaud - ok 17:11:00.0625 2620 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 17:11:00.0656 2620 eeCtrl - ok 17:11:00.0671 2620 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 17:11:00.0687 2620 EraserUtilRebootDrv - ok 17:11:00.0703 2620 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll 17:11:00.0812 2620 ERSvc - ok 17:11:00.0843 2620 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe 17:11:00.0984 2620 Eventlog - ok 17:11:01.0015 2620 [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem C:\WINDOWS\system32\es.dll 17:11:01.0156 2620 EventSystem - ok 17:11:01.0187 2620 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 17:11:01.0312 2620 Fastfat - ok 17:11:01.0359 2620 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 17:11:01.0484 2620 FastUserSwitchingCompatibility - ok 17:11:01.0531 2620 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 17:11:01.0687 2620 Fdc - ok 17:11:01.0703 2620 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys 17:11:01.0859 2620 Fips - ok 17:11:01.0859 2620 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 17:11:01.0937 2620 Flpydisk - ok 17:11:01.0968 2620 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys 17:11:02.0031 2620 FltMgr - ok 17:11:02.0109 2620 [ FACECF3F75BAF3775A879D1168402270 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 17:11:02.0140 2620 FontCache3.0.0.0 - ok 17:11:02.0156 2620 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 17:11:02.0218 2620 Fs_Rec - ok 17:11:02.0218 2620 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 17:11:02.0281 2620 Ftdisk - ok 17:11:02.0296 2620 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 17:11:02.0359 2620 Gpc - ok 17:11:02.0406 2620 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 17:11:02.0421 2620 gupdate - ok 17:11:02.0421 2620 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 17:11:02.0437 2620 gupdatem - ok 17:11:02.0468 2620 [ E31363D186B3E1D7C4E9117884A6AEE5 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 17:11:02.0500 2620 HDAudBus - ok 17:11:02.0515 2620 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys 17:11:02.0546 2620 HECI - ok 17:11:02.0578 2620 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 17:11:02.0703 2620 helpsvc - ok 17:11:02.0718 2620 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll 17:11:02.0843 2620 HidServ - ok 17:11:02.0875 2620 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys 17:11:02.0984 2620 hidusb - ok 17:11:02.0984 2620 hpn - ok 17:11:03.0031 2620 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 17:11:03.0140 2620 HTTP - ok 17:11:03.0187 2620 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 17:11:03.0312 2620 HTTPFilter - ok 17:11:03.0312 2620 i2omgmt - ok 17:11:03.0312 2620 i2omp - ok 17:11:03.0343 2620 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 17:11:03.0421 2620 i8042prt - ok 17:11:03.0468 2620 [ EA7267505149B3A10DF32506A4E4E412 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 17:11:03.0515 2620 idsvc ( UnsignedFile.Multi.Generic ) - warning 17:11:03.0515 2620 idsvc - detected UnsignedFile.Multi.Generic (1) 17:11:03.0609 2620 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130104.001\IDSxpx86.sys 17:11:03.0625 2620 IDSxpx86 - ok 17:11:03.0687 2620 [ 9995160D6F69A603FA5B8DA9A42E8F9F ] IDVaultSvc C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe 17:11:03.0687 2620 IDVaultSvc - ok 17:11:03.0718 2620 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 17:11:03.0781 2620 Imapi - ok 17:11:03.0812 2620 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe 17:11:03.0875 2620 ImapiService - ok 17:11:03.0906 2620 [ 2DB41BA61D5E44D0667CF126D35DCF34 ] Impcd C:\WINDOWS\system32\DRIVERS\Impcd.sys 17:11:03.0921 2620 Impcd - ok 17:11:03.0937 2620 ini910u - ok 17:11:03.0937 2620 IntelIde - ok 17:11:03.0968 2620 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 17:11:04.0062 2620 intelppm - ok 17:11:04.0078 2620 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 17:11:04.0171 2620 Ip6Fw - ok 17:11:04.0203 2620 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 17:11:04.0265 2620 IpFilterDriver - ok 17:11:04.0265 2620 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 17:11:04.0328 2620 IpInIp - ok 17:11:04.0343 2620 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 17:11:04.0421 2620 IpNat - ok 17:11:04.0437 2620 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 17:11:04.0500 2620 IPSec - ok 17:11:04.0531 2620 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 17:11:04.0562 2620 IRENUM - ok 17:11:04.0609 2620 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 17:11:04.0671 2620 isapnp - ok 17:11:04.0750 2620 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe 17:11:04.0765 2620 JavaQuickStarterService - ok 17:11:04.0796 2620 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 17:11:04.0890 2620 Kbdclass - ok 17:11:04.0906 2620 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 17:11:04.0968 2620 kbdhid - ok 17:11:04.0984 2620 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 17:11:05.0046 2620 kmixer - ok 17:11:05.0171 2620 [ 775C6D5D60146D7DB08A01CB596D7EC6 ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe 17:11:05.0187 2620 Kodak AiO Network Discovery Service - ok 17:11:05.0234 2620 [ 17AFF68AB32F8671BC46612D35351099 ] Kodak AiO Status Monitor Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe 17:11:05.0265 2620 Kodak AiO Status Monitor Service - ok 17:11:05.0265 2620 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 17:11:05.0375 2620 KSecDD - ok 17:11:05.0390 2620 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 17:11:05.0468 2620 lanmanserver - ok 17:11:05.0500 2620 [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 17:11:05.0578 2620 lanmanworkstation - ok 17:11:05.0578 2620 lbrtfdc - ok 17:11:05.0593 2620 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 17:11:05.0687 2620 LmHosts - ok 17:11:05.0734 2620 [ 5460828F8951D310B42B442877603B8D ] LMS C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe 17:11:05.0750 2620 LMS - ok 17:11:05.0781 2620 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys 17:11:05.0781 2620 MBAMProtector - ok 17:11:05.0796 2620 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 17:11:05.0812 2620 MBAMScheduler - ok 17:11:05.0875 2620 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 17:11:05.0890 2620 MBAMService - ok 17:11:05.0937 2620 [ ED6235C93981D8658FA433092A809303 ] MemeoBackgroundService C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe 17:11:05.0937 2620 MemeoBackgroundService - ok 17:11:05.0968 2620 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll 17:11:06.0078 2620 Messenger - ok 17:11:06.0109 2620 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 17:11:06.0171 2620 mnmdd - ok 17:11:06.0203 2620 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 17:11:06.0265 2620 mnmsrvc - ok 17:11:06.0281 2620 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 17:11:06.0343 2620 Modem - ok 17:11:06.0359 2620 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 17:11:06.0421 2620 Mouclass - ok 17:11:06.0453 2620 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 17:11:06.0531 2620 mouhid - ok 17:11:06.0546 2620 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 17:11:06.0640 2620 MountMgr - ok 17:11:06.0687 2620 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 17:11:06.0687 2620 MozillaMaintenance - ok 17:11:06.0687 2620 mraid35x - ok 17:11:06.0703 2620 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 17:11:06.0781 2620 MRxDAV - ok 17:11:06.0781 2620 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 17:11:06.0843 2620 MRxSmb - ok 17:11:06.0875 2620 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe 17:11:06.0953 2620 MSDTC - ok 17:11:06.0953 2620 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 17:11:07.0015 2620 Msfs - ok 17:11:07.0015 2620 MSIServer - ok 17:11:07.0031 2620 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 17:11:07.0109 2620 MSKSSRV - ok 17:11:07.0109 2620 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 17:11:07.0171 2620 MSPCLOCK - ok 17:11:07.0171 2620 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 17:11:07.0234 2620 MSPQM - ok 17:11:07.0265 2620 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 17:11:07.0328 2620 mssmbios - ok 17:11:07.0359 2620 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 17:11:07.0421 2620 MSTEE - ok 17:11:07.0437 2620 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 17:11:07.0531 2620 Mup - ok 17:11:07.0562 2620 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe 17:11:07.0578 2620 N360 - ok 17:11:07.0609 2620 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 17:11:07.0687 2620 NABTSFEC - ok 17:11:07.0750 2620 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130104.032\NAVENG.SYS 17:11:07.0765 2620 NAVENG - ok 17:11:07.0828 2620 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130104.032\NAVEX15.SYS 17:11:07.0875 2620 NAVEX15 - ok 17:11:07.0906 2620 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 17:11:08.0000 2620 NDIS - ok 17:11:08.0031 2620 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 17:11:08.0140 2620 NdisIP - ok 17:11:08.0187 2620 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 17:11:08.0296 2620 NdisTapi - ok 17:11:08.0328 2620 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 17:11:08.0437 2620 Ndisuio - ok 17:11:08.0453 2620 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 17:11:08.0562 2620 NdisWan - ok 17:11:08.0593 2620 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 17:11:08.0687 2620 NDProxy - ok 17:11:08.0687 2620 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 17:11:08.0812 2620 NetBIOS - ok 17:11:08.0843 2620 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 17:11:08.0953 2620 NetBT - ok 17:11:08.0984 2620 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe 17:11:09.0078 2620 NetDDE - ok 17:11:09.0093 2620 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 17:11:09.0203 2620 NetDDEdsdm - ok 17:11:09.0218 2620 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe 17:11:09.0281 2620 Netlogon - ok 17:11:09.0296 2620 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll 17:11:09.0375 2620 Netman - ok 17:11:09.0406 2620 [ 8070BB07FE06DE8B9ACB29B07016A273 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:11:09.0421 2620 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - warning 17:11:09.0421 2620 NetTcpPortSharing - detected UnsignedFile.Multi.Generic (1) 17:11:09.0453 2620 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll 17:11:09.0500 2620 Nla - ok 17:11:09.0546 2620 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 17:11:09.0593 2620 Npfs - ok 17:11:09.0625 2620 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 17:11:09.0703 2620 Ntfs - ok 17:11:09.0703 2620 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 17:11:09.0765 2620 NtLmSsp - ok 17:11:09.0781 2620 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 17:11:09.0843 2620 NtmsSvc - ok 17:11:09.0859 2620 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 17:11:09.0937 2620 Null - ok 17:11:10.0109 2620 [ 5868D9602CBC3D41896B8750744664C9 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 17:11:10.0375 2620 nv - ok 17:11:10.0406 2620 [ 2D2B7B3AD297C659EFA1D02852CA9860 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys 17:11:10.0406 2620 NVHDA - ok 17:11:10.0453 2620 [ FCD5A42D241E23A90785A0864DDD0428 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe 17:11:10.0468 2620 nvsvc ( UnsignedFile.Multi.Generic ) - warning 17:11:10.0468 2620 nvsvc - detected UnsignedFile.Multi.Generic (1) 17:11:10.0500 2620 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 17:11:10.0625 2620 NwlnkFlt - ok 17:11:10.0625 2620 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 17:11:10.0687 2620 NwlnkFwd - ok 17:11:10.0750 2620 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 17:11:10.0765 2620 odserv - ok 17:11:10.0765 2620 OMCI - ok 17:11:10.0796 2620 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:11:10.0796 2620 ose - ok 17:11:10.0812 2620 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 17:11:10.0875 2620 Parport - ok 17:11:10.0890 2620 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 17:11:10.0953 2620 PartMgr - ok 17:11:10.0984 2620 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 17:11:11.0046 2620 ParVdm - ok 17:11:11.0062 2620 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 17:11:11.0109 2620 PCI - ok 17:11:11.0109 2620 PCIDump - ok 17:11:11.0125 2620 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 17:11:11.0171 2620 PCIIde - ok 17:11:11.0187 2620 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 17:11:11.0312 2620 Pcmcia - ok 17:11:11.0312 2620 PDCOMP - ok 17:11:11.0328 2620 PDFRAME - ok 17:11:11.0328 2620 PDRELI - ok 17:11:11.0328 2620 PDRFRAME - ok 17:11:11.0343 2620 perc2 - ok 17:11:11.0343 2620 perc2hib - ok 17:11:11.0390 2620 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe 17:11:11.0484 2620 PlugPlay - ok 17:11:11.0484 2620 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 17:11:11.0578 2620 PolicyAgent - ok 17:11:11.0578 2620 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 17:11:11.0687 2620 PptpMiniport - ok 17:11:11.0687 2620 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 17:11:11.0765 2620 ProtectedStorage - ok 17:11:11.0765 2620 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 17:11:11.0828 2620 PSched - ok 17:11:11.0843 2620 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 17:11:11.0906 2620 Ptilink - ok 17:11:11.0906 2620 ql1080 - ok 17:11:11.0906 2620 Ql10wnt - ok 17:11:11.0921 2620 ql12160 - ok 17:11:11.0921 2620 ql1240 - ok 17:11:11.0921 2620 ql1280 - ok 17:11:11.0953 2620 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 17:11:12.0000 2620 RasAcd - ok 17:11:12.0031 2620 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll 17:11:12.0078 2620 RasAuto - ok 17:11:12.0109 2620 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 17:11:12.0156 2620 Rasl2tp - ok 17:11:12.0187 2620 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll 17:11:12.0234 2620 RasMan - ok 17:11:12.0250 2620 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 17:11:12.0296 2620 RasPppoe - ok 17:11:12.0296 2620 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 17:11:12.0375 2620 Raspti - ok 17:11:12.0390 2620 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 17:11:12.0468 2620 Rdbss - ok 17:11:12.0484 2620 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 17:11:12.0546 2620 RDPCDD - ok 17:11:12.0562 2620 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 17:11:12.0656 2620 rdpdr - ok 17:11:12.0687 2620 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 17:11:12.0765 2620 RDPWD - ok 17:11:12.0781 2620 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 17:11:12.0843 2620 RDSessMgr - ok 17:11:12.0875 2620 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 17:11:12.0953 2620 redbook - ok 17:11:12.0984 2620 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 17:11:13.0062 2620 RemoteAccess - ok 17:11:13.0078 2620 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 17:11:13.0156 2620 RemoteRegistry - ok 17:11:13.0187 2620 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe 17:11:13.0250 2620 RpcLocator - ok 17:11:13.0281 2620 [ 5C83A4408604F737717AB96371201680 ] RpcSs C:\WINDOWS\system32\rpcss.dll 17:11:13.0375 2620 RpcSs - ok 17:11:13.0390 2620 [ 31D45ECA63884FF5F7AECC50F7D1BAE0 ] RSUSBSTOR C:\WINDOWS\system32\Drivers\RtsUStor.sys 17:11:13.0437 2620 RSUSBSTOR - ok 17:11:13.0453 2620 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe 17:11:13.0531 2620 RSVP - ok 17:11:13.0546 2620 [ A1AD65718870DBF2BCB81E3C1406469E ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 17:11:13.0562 2620 RTLE8023xp - ok 17:11:13.0578 2620 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe 17:11:13.0640 2620 SamSs - ok 17:11:13.0671 2620 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 17:11:13.0734 2620 SCardSvr - ok 17:11:13.0765 2620 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll 17:11:13.0843 2620 Schedule - ok 17:11:13.0859 2620 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 17:11:13.0906 2620 Secdrv - ok 17:11:13.0937 2620 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll 17:11:14.0031 2620 seclogon - ok 17:11:14.0046 2620 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll 17:11:14.0109 2620 SENS - ok 17:11:14.0125 2620 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\drivers\Serial.sys 17:11:14.0187 2620 Serial - ok 17:11:14.0218 2620 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 17:11:14.0281 2620 Sfloppy - ok 17:11:14.0296 2620 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 17:11:14.0375 2620 SharedAccess - ok 17:11:14.0390 2620 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 17:11:14.0453 2620 ShellHWDetection - ok 17:11:14.0453 2620 Simbad - ok 17:11:14.0500 2620 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 17:11:14.0500 2620 SkypeUpdate - ok 17:11:14.0531 2620 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 17:11:14.0593 2620 SLIP - ok 17:11:14.0593 2620 Sparrow - ok 17:11:14.0625 2620 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys 17:11:14.0687 2620 splitter - ok 17:11:14.0718 2620 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe 17:11:14.0765 2620 Spooler - ok 17:11:14.0812 2620 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 17:11:14.0859 2620 sr - ok 17:11:14.0875 2620 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll 17:11:14.0921 2620 srservice - ok 17:11:14.0937 2620 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\N360\0604000.009\SRTSP.SYS 17:11:14.0953 2620 SRTSP - ok 17:11:14.0984 2620 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\N360\0604000.009\SRTSPX.SYS 17:11:14.0984 2620 SRTSPX - ok 17:11:15.0000 2620 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 17:11:15.0078 2620 Srv - ok 17:11:15.0093 2620 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 17:11:15.0125 2620 SSDPSRV - ok 17:11:15.0171 2620 [ FBAA145C28074C853529050914D405C6 ] STacSV c:\program files\idt\wdm\stacsv.exe 17:11:15.0187 2620 STacSV - ok 17:11:15.0203 2620 [ 1E72739A30A0D3E3FC95EBB07F83912D ] stdcfltn C:\WINDOWS\system32\DRIVERS\stdcfltn.sys 17:11:15.0203 2620 stdcfltn - ok 17:11:15.0250 2620 [ 9BFDE0E43834495E501A9E3AB3B88062 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys 17:11:15.0312 2620 STHDA - ok 17:11:15.0375 2620 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll 17:11:15.0515 2620 stisvc - ok 17:11:15.0546 2620 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 17:11:15.0656 2620 streamip - ok 17:11:15.0687 2620 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 17:11:15.0796 2620 swenum - ok 17:11:15.0812 2620 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 17:11:15.0890 2620 swmidi - ok 17:11:15.0906 2620 SwPrv - ok 17:11:15.0906 2620 symc810 - ok 17:11:15.0906 2620 symc8xx - ok 17:11:15.0953 2620 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\N360\0604000.009\SYMDS.SYS 17:11:15.0968 2620 SymDS - ok 17:11:16.0000 2620 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\N360\0604000.009\SYMEFA.SYS 17:11:16.0046 2620 SymEFA - ok 17:11:16.0078 2620 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 17:11:16.0078 2620 SymEvent - ok 17:11:16.0093 2620 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\N360\0604000.009\Ironx86.SYS 17:11:16.0093 2620 SymIRON - ok 17:11:16.0109 2620 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0604000.009\SYMTDI.SYS 17:11:16.0125 2620 SYMTDI - ok 17:11:16.0125 2620 sym_hi - ok 17:11:16.0125 2620 sym_u3 - ok 17:11:16.0156 2620 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 17:11:16.0234 2620 sysaudio - ok 17:11:16.0265 2620 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 17:11:16.0343 2620 SysmonLog - ok 17:11:16.0359 2620 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 17:11:16.0421 2620 TapiSrv - ok 17:11:16.0437 2620 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 17:11:16.0531 2620 Tcpip - ok 17:11:16.0546 2620 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 17:11:16.0640 2620 TDPIPE - ok 17:11:16.0656 2620 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 17:11:16.0750 2620 TDTCP - ok 17:11:16.0765 2620 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 17:11:16.0828 2620 TermDD - ok 17:11:16.0875 2620 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll 17:11:16.0937 2620 TermService - ok 17:11:16.0953 2620 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll 17:11:17.0015 2620 Themes - ok 17:11:17.0031 2620 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 17:11:17.0062 2620 TlntSvr - ok 17:11:17.0062 2620 TosIde - ok 17:11:17.0093 2620 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll 17:11:17.0156 2620 TrkWks - ok 17:11:17.0171 2620 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 17:11:17.0281 2620 Udfs - ok 17:11:17.0281 2620 ultra - ok 17:11:17.0375 2620 [ 9E89C2D6945389270DE067CE51FF7425 ] UNS C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe 17:11:17.0468 2620 UNS - ok 17:11:17.0500 2620 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 17:11:17.0609 2620 Update - ok 17:11:17.0625 2620 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll 17:11:17.0671 2620 upnphost - ok 17:11:17.0671 2620 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe 17:11:17.0765 2620 UPS - ok 17:11:17.0796 2620 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 17:11:17.0906 2620 usbaudio - ok 17:11:17.0953 2620 [ 77B3C8F166A6E6F2E834737AB8CAC1CA ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 17:11:17.0984 2620 usbccgp - ok 17:11:18.0015 2620 [ 4FFAEA1BD071A72DFB76519F5B1DA956 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 17:11:18.0062 2620 usbehci - ok 17:11:18.0062 2620 [ ACE960E54148821E8E48F5D191562C28 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 17:11:18.0109 2620 usbhub - ok 17:11:18.0156 2620 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 17:11:18.0250 2620 usbprint - ok 17:11:18.0281 2620 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 17:11:18.0406 2620 usbscan - ok 17:11:18.0437 2620 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 17:11:18.0546 2620 USBSTOR - ok 17:11:18.0562 2620 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys 17:11:18.0656 2620 usbvideo - ok 17:11:18.0718 2620 [ F44970C4137B57A5D5BD632B46113366 ] vcsFPService C:\WINDOWS\system32\vcsFPService.exe 17:11:18.0781 2620 vcsFPService - ok 17:11:18.0796 2620 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 17:11:18.0906 2620 VgaSave - ok 17:11:18.0906 2620 ViaIde - ok 17:11:18.0937 2620 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 17:11:19.0046 2620 VolSnap - ok 17:11:19.0078 2620 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe 17:11:19.0140 2620 VSS - ok 17:11:19.0171 2620 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll 17:11:19.0281 2620 W32Time - ok 17:11:19.0296 2620 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 17:11:19.0390 2620 Wanarp - ok 17:11:19.0437 2620 [ A1A36682DF22777834E1C37F3C79AEC2 ] WDBtnMgrSvc.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe 17:11:19.0437 2620 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - warning 17:11:19.0437 2620 WDBtnMgrSvc.exe - detected UnsignedFile.Multi.Generic (1) 17:11:19.0484 2620 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys 17:11:19.0515 2620 Wdf01000 - ok 17:11:19.0515 2620 WDICA - ok 17:11:19.0531 2620 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 17:11:19.0609 2620 wdmaud - ok 17:11:19.0625 2620 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll 17:11:19.0718 2620 WebClient - ok 17:11:19.0812 2620 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 17:11:19.0906 2620 winmgmt - ok 17:11:19.0921 2620 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys 17:11:19.0921 2620 WinUSB - ok 17:11:19.0937 2620 wltrysvc - ok 17:11:19.0953 2620 [ C086483E3DBA8C1C0A687EC8D5B3D4C1 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll 17:11:20.0078 2620 WmdmPmSN - ok 17:11:20.0093 2620 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll 17:11:20.0234 2620 Wmi - ok 17:11:20.0265 2620 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 17:11:20.0328 2620 WmiAcpi - ok 17:11:20.0359 2620 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 17:11:20.0406 2620 WmiApSrv - ok 17:11:20.0437 2620 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll 17:11:20.0515 2620 wscsvc - ok 17:11:20.0531 2620 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 17:11:20.0578 2620 WSTCODEC - ok 17:11:20.0609 2620 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 17:11:20.0671 2620 wuauserv - ok 17:11:20.0687 2620 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 17:11:20.0750 2620 WZCSVC - ok 17:11:20.0765 2620 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 17:11:20.0859 2620 xmlprov - ok 17:11:20.0859 2620 ================ Scan global =============================== 17:11:20.0890 2620 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll 17:11:20.0906 2620 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll 17:11:20.0906 2620 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll 17:11:20.0921 2620 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe 17:11:20.0921 2620 [Global] - ok 17:11:20.0921 2620 ================ Scan MBR ================================== 17:11:20.0937 2620 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 17:11:21.0234 2620 \Device\Harddisk0\DR0 - ok 17:11:21.0234 2620 ================ Scan VBR ================================== 17:11:21.0234 2620 [ D8073073BA2D2F071A5FB7BFAE8EBBD3 ] \Device\Harddisk0\DR0\Partition1 17:11:21.0234 2620 \Device\Harddisk0\DR0\Partition1 - ok 17:11:21.0234 2620 ============================================================ 17:11:21.0234 2620 Scan finished 17:11:21.0234 2620 ============================================================ 17:11:21.0343 2236 Detected object count: 5 17:11:21.0343 2236 Actual detected object count: 5 18:01:25.0687 2236 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user 18:01:25.0687 2236 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:01:25.0687 2236 idsvc ( UnsignedFile.Multi.Generic ) - skipped by user 18:01:25.0687 2236 idsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:01:25.0703 2236 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - skipped by user 18:01:25.0703 2236 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:01:25.0703 2236 nvsvc ( UnsignedFile.Multi.Generic ) - skipped by user 18:01:25.0703 2236 nvsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:01:25.0703 2236 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - skipped by user 18:01:25.0703 2236 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:02:09.0906 3696 ============================================================ 18:02:09.0906 3696 Scan started 18:02:09.0906 3696 Mode: Manual; SigCheck; TDLFS; 18:02:09.0906 3696 ============================================================ 18:02:10.0109 3696 ================ Scan system memory ======================== 18:02:11.0046 3696 System memory - ok 18:02:11.0046 3696 ================ Scan services ============================= 18:02:11.0234 3696 Abiosdsk - ok 18:02:11.0250 3696 abp480n5 - ok 18:02:11.0281 3696 [ C351EB0DEB102D7EC67CDDEE6513DDF5 ] Acceler C:\WINDOWS\system32\DRIVERS\Accelern.sys 18:02:11.0296 3696 Acceler - ok 18:02:11.0343 3696 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 18:02:11.0531 3696 ACPI - ok 18:02:11.0562 3696 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 18:02:11.0687 3696 ACPIEC - ok 18:02:11.0765 3696 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 18:02:11.0781 3696 AdobeFlashPlayerUpdateSvc - ok 18:02:11.0796 3696 adpu160m - ok 18:02:11.0828 3696 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys 18:02:11.0953 3696 aec - ok 18:02:12.0000 3696 [ F21D5E93A94514BE9F5B6EBF74A696B2 ] AESTAud C:\WINDOWS\system32\drivers\AESTAud.sys 18:02:12.0015 3696 AESTAud - ok 18:02:12.0046 3696 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys 18:02:12.0187 3696 AFD - ok 18:02:12.0203 3696 Aha154x - ok 18:02:12.0203 3696 aic78u2 - ok 18:02:12.0203 3696 aic78xx - ok 18:02:12.0234 3696 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll 18:02:12.0328 3696 Alerter - ok 18:02:12.0343 3696 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe 18:02:12.0390 3696 ALG - ok 18:02:12.0390 3696 AliIde - ok 18:02:12.0390 3696 amsint - ok 18:02:12.0421 3696 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 18:02:12.0468 3696 AppMgmt - ok 18:02:12.0468 3696 asc - ok 18:02:12.0468 3696 asc3350p - ok 18:02:12.0484 3696 asc3550 - ok 18:02:12.0546 3696 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 18:02:12.0546 3696 aspnet_state - ok 18:02:12.0562 3696 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 18:02:12.0625 3696 AsyncMac - ok 18:02:12.0671 3696 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 18:02:12.0781 3696 atapi - ok 18:02:12.0796 3696 Atdisk - ok 18:02:12.0796 3696 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 18:02:12.0859 3696 Atmarpc - ok 18:02:12.0906 3696 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 18:02:12.0953 3696 AudioSrv - ok 18:02:13.0000 3696 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 18:02:13.0062 3696 audstub - ok 18:02:13.0156 3696 [ 5D4893633B7161FA25500EB7AEABEC94 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 18:02:13.0250 3696 BCM43XX - ok 18:02:13.0281 3696 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 18:02:13.0343 3696 Beep - ok 18:02:13.0437 3696 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121130.005\BHDrvx86.sys 18:02:13.0484 3696 BHDrvx86 - ok 18:02:13.0515 3696 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll 18:02:13.0656 3696 BITS - ok 18:02:13.0734 3696 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 18:02:13.0750 3696 Bonjour Service - ok 18:02:13.0781 3696 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll 18:02:13.0875 3696 Browser - ok 18:02:14.0031 3696 [ 9E8CF88D340E32FCB3C53955B2DF388F ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys 18:02:14.0093 3696 btaudio - ok 18:02:14.0218 3696 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys 18:02:14.0234 3696 BTDriver - ok 18:02:14.0296 3696 [ 9F704F40CD50AE05BBFC492C0342E765 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys 18:02:14.0343 3696 BTKRNL - ok 18:02:14.0406 3696 [ 8487071731230D3D40807E0B28F64725 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 18:02:14.0437 3696 btwdins - ok 18:02:14.0437 3696 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys 18:02:14.0453 3696 BTWDNDIS - ok 18:02:14.0484 3696 [ C51D50CF24DA69A9C499E65B0EDB3BB7 ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys 18:02:14.0484 3696 btwhid - ok 18:02:14.0500 3696 [ 581CA1A9B6F8CBA92E3BC8460C14FAAB ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys 18:02:14.0500 3696 BTWUSB - ok 18:02:14.0531 3696 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 18:02:14.0656 3696 cbidf2k - ok 18:02:14.0671 3696 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 18:02:14.0796 3696 CCDECODE - ok 18:02:14.0875 3696 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\WINDOWS\system32\drivers\N360\0604000.009\ccSetx86.sys 18:02:14.0890 3696 ccSet_N360 - ok 18:02:14.0890 3696 cd20xrnt - ok 18:02:14.0937 3696 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 18:02:15.0062 3696 Cdaudio - ok 18:02:15.0093 3696 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 18:02:15.0218 3696 Cdfs - ok 18:02:15.0250 3696 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 18:02:15.0359 3696 Cdrom - ok 18:02:15.0390 3696 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys 18:02:15.0406 3696 cercsr6 ( UnsignedFile.Multi.Generic ) - warning 18:02:15.0406 3696 cercsr6 - detected UnsignedFile.Multi.Generic (1) 18:02:15.0406 3696 Changer - ok 18:02:15.0421 3696 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe 18:02:15.0546 3696 CiSvc - ok 18:02:15.0546 3696 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 18:02:15.0609 3696 ClipSrv - ok 18:02:15.0640 3696 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:02:15.0640 3696 clr_optimization_v2.0.50727_32 - ok 18:02:15.0656 3696 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 18:02:15.0703 3696 CmBatt - ok 18:02:15.0718 3696 CmdIde - ok 18:02:15.0718 3696 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 18:02:15.0765 3696 Compbatt - ok 18:02:15.0765 3696 COMSysApp - ok 18:02:15.0781 3696 Cpqarray - ok 18:02:15.0796 3696 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 18:02:15.0859 3696 CryptSvc - ok 18:02:15.0875 3696 dac2w2k - ok 18:02:15.0875 3696 dac960nt - ok 18:02:15.0890 3696 [ 5C83A4408604F737717AB96371201680 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 18:02:15.0953 3696 DcomLaunch - ok 18:02:15.0968 3696 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 18:02:16.0031 3696 Dhcp - ok 18:02:16.0062 3696 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 18:02:16.0125 3696 Disk - ok 18:02:16.0125 3696 dmadmin - ok 18:02:16.0171 3696 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 18:02:16.0281 3696 dmboot - ok 18:02:16.0312 3696 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys 18:02:16.0390 3696 dmio - ok 18:02:16.0406 3696 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 18:02:16.0500 3696 dmload - ok 18:02:16.0500 3696 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll 18:02:16.0562 3696 dmserver - ok 18:02:16.0593 3696 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 18:02:16.0671 3696 DMusic - ok 18:02:16.0703 3696 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 18:02:16.0812 3696 Dnscache - ok 18:02:16.0812 3696 dpti2o - ok 18:02:16.0828 3696 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 18:02:16.0937 3696 drmkaud - ok 18:02:17.0015 3696 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 18:02:17.0046 3696 eeCtrl - ok 18:02:17.0046 3696 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 18:02:17.0062 3696 EraserUtilRebootDrv - ok 18:02:17.0093 3696 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll 18:02:17.0187 3696 ERSvc - ok 18:02:17.0203 3696 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe 18:02:17.0328 3696 Eventlog - ok 18:02:17.0343 3696 [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem C:\WINDOWS\system32\es.dll 18:02:17.0468 3696 EventSystem - ok 18:02:17.0484 3696 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 18:02:17.0609 3696 Fastfat - ok 18:02:17.0656 3696 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 18:02:17.0765 3696 FastUserSwitchingCompatibility - ok 18:02:17.0781 3696 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 18:02:17.0859 3696 Fdc - ok 18:02:17.0875 3696 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys 18:02:17.0937 3696 Fips - ok 18:02:17.0937 3696 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 18:02:18.0000 3696 Flpydisk - ok 18:02:18.0015 3696 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys 18:02:18.0078 3696 FltMgr - ok 18:02:18.0156 3696 [ FACECF3F75BAF3775A879D1168402270 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 18:02:18.0156 3696 FontCache3.0.0.0 - ok 18:02:18.0187 3696 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 18:02:18.0250 3696 Fs_Rec - ok 18:02:18.0250 3696 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 18:02:18.0296 3696 Ftdisk - ok 18:02:18.0328 3696 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 18:02:18.0375 3696 Gpc - ok 18:02:18.0421 3696 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 18:02:18.0437 3696 gupdate - ok 18:02:18.0437 3696 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 18:02:18.0453 3696 gupdatem - ok 18:02:18.0484 3696 [ E31363D186B3E1D7C4E9117884A6AEE5 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 18:02:18.0500 3696 HDAudBus - ok 18:02:18.0531 3696 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys 18:02:18.0546 3696 HECI - ok 18:02:18.0562 3696 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 18:02:18.0640 3696 helpsvc - ok 18:02:18.0656 3696 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll 18:02:18.0765 3696 HidServ - ok 18:02:18.0796 3696 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys 18:02:18.0890 3696 hidusb - ok 18:02:18.0890 3696 hpn - ok 18:02:18.0937 3696 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 18:02:19.0046 3696 HTTP - ok 18:02:19.0078 3696 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 18:02:19.0187 3696 HTTPFilter - ok 18:02:19.0187 3696 i2omgmt - ok 18:02:19.0187 3696 i2omp - ok 18:02:19.0218 3696 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 18:02:19.0312 3696 i8042prt - ok 18:02:19.0375 3696 [ EA7267505149B3A10DF32506A4E4E412 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 18:02:19.0421 3696 idsvc ( UnsignedFile.Multi.Generic ) - warning 18:02:19.0421 3696 idsvc - detected UnsignedFile.Multi.Generic (1) 18:02:19.0500 3696 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130104.001\IDSxpx86.sys 18:02:19.0515 3696 IDSxpx86 - ok 18:02:19.0578 3696 [ 9995160D6F69A603FA5B8DA9A42E8F9F ] IDVaultSvc C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe 18:02:19.0593 3696 IDVaultSvc - ok 18:02:19.0609 3696 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 18:02:19.0718 3696 Imapi - ok 18:02:19.0750 3696 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe 18:02:19.0875 3696 ImapiService - ok 18:02:19.0906 3696 [ 2DB41BA61D5E44D0667CF126D35DCF34 ] Impcd C:\WINDOWS\system32\DRIVERS\Impcd.sys 18:02:19.0921 3696 Impcd - ok 18:02:19.0921 3696 ini910u - ok 18:02:19.0937 3696 IntelIde - ok 18:02:19.0937 3696 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 18:02:20.0062 3696 intelppm - ok 18:02:20.0062 3696 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 18:02:20.0125 3696 Ip6Fw - ok 18:02:20.0156 3696 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 18:02:20.0203 3696 IpFilterDriver - ok 18:02:20.0203 3696 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 18:02:20.0265 3696 IpInIp - ok 18:02:20.0281 3696 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 18:02:20.0359 3696 IpNat - ok 18:02:20.0375 3696 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 18:02:20.0437 3696 IPSec - ok 18:02:20.0453 3696 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 18:02:20.0484 3696 IRENUM - ok 18:02:20.0531 3696 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 18:02:20.0593 3696 isapnp - ok 18:02:20.0656 3696 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe 18:02:20.0671 3696 JavaQuickStarterService - ok 18:02:20.0703 3696 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 18:02:20.0812 3696 Kbdclass - ok 18:02:20.0812 3696 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 18:02:20.0921 3696 kbdhid - ok 18:02:20.0937 3696 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 18:02:21.0000 3696 kmixer - ok 18:02:21.0093 3696 [ 775C6D5D60146D7DB08A01CB596D7EC6 ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe 18:02:21.0109 3696 Kodak AiO Network Discovery Service - ok 18:02:21.0156 3696 [ 17AFF68AB32F8671BC46612D35351099 ] Kodak AiO Status Monitor Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe 18:02:21.0187 3696 Kodak AiO Status Monitor Service - ok 18:02:21.0218 3696 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 18:02:21.0312 3696 KSecDD - ok 18:02:21.0343 3696 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 18:02:21.0406 3696 lanmanserver - ok 18:02:21.0421 3696 [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 18:02:21.0468 3696 lanmanworkstation - ok 18:02:21.0484 3696 lbrtfdc - ok 18:02:21.0500 3696 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 18:02:21.0625 3696 LmHosts - ok 18:02:21.0671 3696 [ 5460828F8951D310B42B442877603B8D ] LMS C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe 18:02:21.0687 3696 LMS - ok 18:02:21.0734 3696 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys 18:02:21.0750 3696 MBAMProtector - ok 18:02:21.0765 3696 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 18:02:21.0796 3696 MBAMScheduler - ok 18:02:21.0828 3696 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 18:02:21.0859 3696 MBAMService - ok 18:02:21.0906 3696 [ ED6235C93981D8658FA433092A809303 ] MemeoBackgroundService C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe 18:02:21.0921 3696 MemeoBackgroundService - ok 18:02:21.0937 3696 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll 18:02:22.0046 3696 Messenger - ok 18:02:22.0078 3696 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 18:02:22.0187 3696 mnmdd - ok 18:02:22.0218 3696 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 18:02:22.0343 3696 mnmsrvc - ok 18:02:22.0359 3696 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 18:02:22.0484 3696 Modem - ok 18:02:22.0500 3696 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 18:02:22.0609 3696 Mouclass - ok 18:02:22.0656 3696 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 18:02:22.0781 3696 mouhid - ok 18:02:22.0796 3696 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 18:02:22.0921 3696 MountMgr - ok 18:02:22.0968 3696 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 18:02:22.0984 3696 MozillaMaintenance - ok 18:02:22.0984 3696 mraid35x - ok 18:02:22.0984 3696 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 18:02:23.0125 3696 MRxDAV - ok 18:02:23.0140 3696 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 18:02:23.0218 3696 MRxSmb - ok 18:02:23.0234 3696 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe 18:02:23.0281 3696 MSDTC - ok 18:02:23.0296 3696 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 18:02:23.0343 3696 Msfs - ok 18:02:23.0343 3696 MSIServer - ok 18:02:23.0359 3696 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 18:02:23.0437 3696 MSKSSRV - ok 18:02:23.0437 3696 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 18:02:23.0484 3696 MSPCLOCK - ok 18:02:23.0484 3696 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 18:02:23.0546 3696 MSPQM - ok 18:02:23.0578 3696 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 18:02:23.0625 3696 mssmbios - ok 18:02:23.0656 3696 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 18:02:23.0703 3696 MSTEE - ok 18:02:23.0734 3696 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 18:02:23.0781 3696 Mup - ok 18:02:23.0843 3696 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe 18:02:23.0843 3696 N360 - ok 18:02:23.0875 3696 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 18:02:23.0921 3696 NABTSFEC - ok 18:02:24.0000 3696 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130104.032\NAVENG.SYS 18:02:24.0000 3696 NAVENG - ok 18:02:24.0062 3696 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130104.032\NAVEX15.SYS 18:02:24.0093 3696 NAVEX15 - ok 18:02:24.0125 3696 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 18:02:24.0171 3696 NDIS - ok 18:02:24.0187 3696 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 18:02:24.0265 3696 NdisIP - ok 18:02:24.0296 3696 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 18:02:24.0359 3696 NdisTapi - ok 18:02:24.0406 3696 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 18:02:24.0468 3696 Ndisuio - ok 18:02:24.0484 3696 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 18:02:24.0546 3696 NdisWan - ok 18:02:24.0562 3696 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 18:02:24.0625 3696 NDProxy - ok 18:02:24.0625 3696 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 18:02:24.0703 3696 NetBIOS - ok 18:02:24.0718 3696 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 18:02:24.0781 3696 NetBT - ok 18:02:24.0796 3696 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe 18:02:24.0859 3696 NetDDE - ok 18:02:24.0859 3696 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 18:02:24.0921 3696 NetDDEdsdm - ok 18:02:24.0937 3696 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe 18:02:25.0031 3696 Netlogon - ok 18:02:25.0046 3696 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll 18:02:25.0125 3696 Netman - ok 18:02:25.0140 3696 [ 8070BB07FE06DE8B9ACB29B07016A273 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:02:25.0156 3696 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - warning 18:02:25.0156 3696 NetTcpPortSharing - detected UnsignedFile.Multi.Generic (1) 18:02:25.0171 3696 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll 18:02:25.0250 3696 Nla - ok 18:02:25.0265 3696 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 18:02:25.0328 3696 Npfs - ok 18:02:25.0359 3696 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 18:02:25.0453 3696 Ntfs - ok 18:02:25.0453 3696 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 18:02:25.0500 3696 NtLmSsp - ok 18:02:25.0531 3696 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 18:02:25.0593 3696 NtmsSvc - ok 18:02:25.0609 3696 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 18:02:25.0671 3696 Null - ok 18:02:25.0828 3696 [ 5868D9602CBC3D41896B8750744664C9 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 18:02:25.0984 3696 nv - ok 18:02:26.0031 3696 [ 2D2B7B3AD297C659EFA1D02852CA9860 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys 18:02:26.0031 3696 NVHDA - ok 18:02:26.0078 3696 [ FCD5A42D241E23A90785A0864DDD0428 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe 18:02:26.0093 3696 nvsvc ( UnsignedFile.Multi.Generic ) - warning 18:02:26.0093 3696 nvsvc - detected UnsignedFile.Multi.Generic (1) 18:02:26.0125 3696 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 18:02:26.0250 3696 NwlnkFlt - ok 18:02:26.0250 3696 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 18:02:26.0359 3696 NwlnkFwd - ok 18:02:26.0421 3696 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 18:02:26.0437 3696 odserv - ok 18:02:26.0437 3696 OMCI - ok 18:02:26.0468 3696 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:02:26.0468 3696 ose - ok 18:02:26.0484 3696 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 18:02:26.0562 3696 Parport - ok 18:02:26.0578 3696 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 18:02:26.0625 3696 PartMgr - ok 18:02:26.0671 3696 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 18:02:26.0718 3696 ParVdm - ok 18:02:26.0734 3696 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 18:02:26.0781 3696 PCI - ok 18:02:26.0781 3696 PCIDump - ok 18:02:26.0781 3696 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 18:02:26.0843 3696 PCIIde - ok 18:02:26.0859 3696 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 18:02:26.0953 3696 Pcmcia - ok 18:02:26.0953 3696 PDCOMP - ok 18:02:26.0953 3696 PDFRAME - ok 18:02:26.0953 3696 PDRELI - ok 18:02:26.0968 3696 PDRFRAME - ok 18:02:26.0968 3696 perc2 - ok 18:02:26.0968 3696 perc2hib - ok 18:02:27.0015 3696 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe 18:02:27.0078 3696 PlugPlay - ok 18:02:27.0109 3696 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 18:02:27.0171 3696 PolicyAgent - ok 18:02:27.0187 3696 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 18:02:27.0250 3696 PptpMiniport - ok 18:02:27.0250 3696 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 18:02:27.0312 3696 ProtectedStorage - ok 18:02:27.0312 3696 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 18:02:27.0421 3696 PSched - ok 18:02:27.0421 3696 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 18:02:27.0500 3696 Ptilink - ok 18:02:27.0500 3696 ql1080 - ok 18:02:27.0500 3696 Ql10wnt - ok 18:02:27.0500 3696 ql12160 - ok 18:02:27.0515 3696 ql1240 - ok 18:02:27.0515 3696 ql1280 - ok 18:02:27.0546 3696 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 18:02:27.0593 3696 RasAcd - ok 18:02:27.0609 3696 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll 18:02:27.0671 3696 RasAuto - ok 18:02:27.0687 3696 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 18:02:27.0750 3696 Rasl2tp - ok 18:02:27.0750 3696 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll 18:02:27.0812 3696 RasMan - ok 18:02:27.0812 3696 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 18:02:27.0859 3696 RasPppoe - ok 18:02:27.0875 3696 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 18:02:27.0937 3696 Raspti - ok 18:02:27.0968 3696 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 18:02:28.0031 3696 Rdbss - ok 18:02:28.0031 3696 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 18:02:28.0109 3696 RDPCDD - ok 18:02:28.0109 3696 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 18:02:28.0187 3696 rdpdr - ok 18:02:28.0203 3696 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 18:02:28.0265 3696 RDPWD - ok 18:02:28.0281 3696 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 18:02:28.0343 3696 RDSessMgr - ok 18:02:28.0375 3696 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 18:02:28.0421 3696 redbook - ok 18:02:28.0453 3696 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 18:02:28.0531 3696 RemoteAccess - ok 18:02:28.0562 3696 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 18:02:28.0640 3696 RemoteRegistry - ok 18:02:28.0656 3696 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe 18:02:28.0718 3696 RpcLocator - ok 18:02:28.0734 3696 [ 5C83A4408604F737717AB96371201680 ] RpcSs C:\WINDOWS\system32\rpcss.dll 18:02:28.0812 3696 RpcSs - ok 18:02:28.0828 3696 [ 31D45ECA63884FF5F7AECC50F7D1BAE0 ] RSUSBSTOR C:\WINDOWS\system32\Drivers\RtsUStor.sys 18:02:28.0843 3696 RSUSBSTOR - ok 18:02:28.0859 3696 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe 18:02:28.0921 3696 RSVP - ok 18:02:28.0953 3696 [ A1AD65718870DBF2BCB81E3C1406469E ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 18:02:28.0968 3696 RTLE8023xp - ok 18:02:28.0984 3696 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe 18:02:29.0031 3696 SamSs - ok 18:02:29.0062 3696 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 18:02:29.0125 3696 SCardSvr - ok 18:02:29.0156 3696 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll 18:02:29.0218 3696 Schedule - ok 18:02:29.0234 3696 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 18:02:29.0281 3696 Secdrv - ok 18:02:29.0296 3696 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll 18:02:29.0375 3696 seclogon - ok 18:02:29.0375 3696 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll 18:02:29.0484 3696 SENS - ok 18:02:29.0484 3696 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\drivers\Serial.sys 18:02:29.0593 3696 Serial - ok 18:02:29.0640 3696 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 18:02:29.0703 3696 Sfloppy - ok 18:02:29.0718 3696 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 18:02:29.0796 3696 SharedAccess - ok 18:02:29.0828 3696 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 18:02:29.0875 3696 ShellHWDetection - ok 18:02:29.0875 3696 Simbad - ok 18:02:29.0921 3696 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 18:02:29.0921 3696 SkypeUpdate - ok 18:02:29.0953 3696 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 18:02:30.0000 3696 SLIP - ok 18:02:30.0000 3696 Sparrow - ok 18:02:30.0031 3696 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys 18:02:30.0093 3696 splitter - ok 18:02:30.0125 3696 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe 18:02:30.0234 3696 Spooler - ok 18:02:30.0265 3696 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 18:02:30.0328 3696 sr - ok 18:02:30.0328 3696 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll 18:02:30.0390 3696 srservice - ok 18:02:30.0437 3696 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\N360\0604000.009\SRTSP.SYS 18:02:30.0468 3696 SRTSP - ok 18:02:30.0484 3696 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\N360\0604000.009\SRTSPX.SYS 18:02:30.0500 3696 SRTSPX - ok 18:02:30.0500 3696 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 18:02:30.0609 3696 Srv - ok 18:02:30.0640 3696 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 18:02:30.0703 3696 SSDPSRV - ok 18:02:30.0750 3696 [ FBAA145C28074C853529050914D405C6 ] STacSV c:\program files\idt\wdm\stacsv.exe 18:02:30.0765 3696 STacSV - ok 18:02:30.0781 3696 [ 1E72739A30A0D3E3FC95EBB07F83912D ] stdcfltn C:\WINDOWS\system32\DRIVERS\stdcfltn.sys 18:02:30.0796 3696 stdcfltn - ok 18:02:30.0843 3696 [ 9BFDE0E43834495E501A9E3AB3B88062 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys 18:02:30.0921 3696 STHDA - ok 18:02:30.0937 3696 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll 18:02:31.0046 3696 stisvc - ok 18:02:31.0046 3696 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 18:02:31.0156 3696 streamip - ok 18:02:31.0171 3696 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 18:02:31.0281 3696 swenum - ok 18:02:31.0296 3696 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 18:02:31.0359 3696 swmidi - ok 18:02:31.0359 3696 SwPrv - ok 18:02:31.0375 3696 symc810 - ok 18:02:31.0375 3696 symc8xx - ok 18:02:31.0421 3696 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\N360\0604000.009\SYMDS.SYS 18:02:31.0437 3696 SymDS - ok 18:02:31.0468 3696 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\N360\0604000.009\SYMEFA.SYS 18:02:31.0500 3696 SymEFA - ok 18:02:31.0531 3696 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 18:02:31.0531 3696 SymEvent - ok 18:02:31.0546 3696 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\N360\0604000.009\Ironx86.SYS 18:02:31.0546 3696 SymIRON - ok 18:02:31.0562 3696 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0604000.009\SYMTDI.SYS 18:02:31.0578 3696 SYMTDI - ok 18:02:31.0578 3696 sym_hi - ok 18:02:31.0578 3696 sym_u3 - ok 18:02:31.0609 3696 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 18:02:31.0687 3696 sysaudio - ok 18:02:31.0703 3696 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 18:02:31.0765 3696 SysmonLog - ok 18:02:31.0781 3696 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 18:02:31.0843 3696 TapiSrv - ok 18:02:31.0859 3696 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 18:02:31.0937 3696 Tcpip - ok 18:02:31.0953 3696 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 18:02:32.0015 3696 TDPIPE - ok 18:02:32.0015 3696 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 18:02:32.0109 3696 TDTCP - ok 18:02:32.0125 3696 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 18:02:32.0203 3696 TermDD - ok 18:02:32.0250 3696 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll 18:02:32.0312 3696 TermService - ok 18:02:32.0328 3696 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll 18:02:32.0375 3696 Themes - ok 18:02:32.0406 3696 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 18:02:32.0437 3696 TlntSvr - ok 18:02:32.0437 3696 TosIde - ok 18:02:32.0468 3696 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll 18:02:32.0515 3696 TrkWks - ok 18:02:32.0531 3696 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 18:02:32.0609 3696 Udfs - ok 18:02:32.0609 3696 ultra - ok 18:02:32.0687 3696 [ 9E89C2D6945389270DE067CE51FF7425 ] UNS C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe 18:02:32.0750 3696 UNS - ok 18:02:32.0781 3696 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 18:02:32.0906 3696 Update - ok 18:02:32.0921 3696 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll 18:02:32.0968 3696 upnphost - ok 18:02:32.0968 3696 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe 18:02:33.0093 3696 UPS - ok 18:02:33.0125 3696 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 18:02:33.0234 3696 usbaudio - ok 18:02:33.0250 3696 [ 77B3C8F166A6E6F2E834737AB8CAC1CA ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 18:02:33.0265 3696 usbccgp - ok 18:02:33.0312 3696 [ 4FFAEA1BD071A72DFB76519F5B1DA956 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 18:02:33.0328 3696 usbehci - ok 18:02:33.0328 3696 [ ACE960E54148821E8E48F5D191562C28 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 18:02:33.0359 3696 usbhub - ok 18:02:33.0390 3696 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 18:02:33.0484 3696 usbprint - ok 18:02:33.0515 3696 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 18:02:33.0625 3696 usbscan - ok 18:02:33.0640 3696 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 18:02:33.0734 3696 USBSTOR - ok 18:02:33.0750 3696 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys 18:02:33.0843 3696 usbvideo - ok 18:02:33.0906 3696 [ F44970C4137B57A5D5BD632B46113366 ] vcsFPService C:\WINDOWS\system32\vcsFPService.exe 18:02:33.0953 3696 vcsFPService - ok 18:02:33.0968 3696 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 18:02:34.0015 3696 VgaSave - ok 18:02:34.0015 3696 ViaIde - ok 18:02:34.0031 3696 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 18:02:34.0093 3696 VolSnap - ok 18:02:34.0125 3696 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe 18:02:34.0156 3696 VSS - ok 18:02:34.0187 3696 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll 18:02:34.0234 3696 W32Time - ok 18:02:34.0250 3696 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 18:02:34.0312 3696 Wanarp - ok 18:02:34.0359 3696 [ A1A36682DF22777834E1C37F3C79AEC2 ] WDBtnMgrSvc.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe 18:02:34.0375 3696 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - warning 18:02:34.0375 3696 WDBtnMgrSvc.exe - detected UnsignedFile.Multi.Generic (1) 18:02:34.0406 3696 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys 18:02:34.0421 3696 Wdf01000 - ok 18:02:34.0421 3696 WDICA - ok 18:02:34.0453 3696 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 18:02:34.0500 3696 wdmaud - ok 18:02:34.0515 3696 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll 18:02:34.0562 3696 WebClient - ok 18:02:34.0656 3696 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 18:02:34.0718 3696 winmgmt - ok 18:02:34.0718 3696 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys 18:02:34.0734 3696 WinUSB - ok 18:02:34.0734 3696 wltrysvc - ok 18:02:34.0765 3696 [ C086483E3DBA8C1C0A687EC8D5B3D4C1 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll 18:02:34.0828 3696 WmdmPmSN - ok 18:02:34.0859 3696 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll 18:02:35.0015 3696 Wmi - ok 18:02:35.0031 3696 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 18:02:35.0156 3696 WmiAcpi - ok 18:02:35.0171 3696 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 18:02:35.0281 3696 WmiApSrv - ok 18:02:35.0312 3696 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll 18:02:35.0453 3696 wscsvc - ok 18:02:35.0453 3696 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 18:02:35.0546 3696 WSTCODEC - ok 18:02:35.0578 3696 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 18:02:35.0640 3696 wuauserv - ok 18:02:35.0656 3696 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 18:02:35.0718 3696 WZCSVC - ok 18:02:35.0734 3696 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 18:02:35.0796 3696 xmlprov - ok 18:02:35.0812 3696 ================ Scan global =============================== 18:02:35.0843 3696 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll 18:02:35.0843 3696 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll 18:02:35.0859 3696 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll 18:02:35.0859 3696 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe 18:02:35.0859 3696 [Global] - ok 18:02:35.0859 3696 ================ Scan MBR ================================== 18:02:35.0890 3696 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 18:02:36.0171 3696 \Device\Harddisk0\DR0 - ok 18:02:36.0171 3696 ================ Scan VBR ================================== 18:02:36.0171 3696 [ D8073073BA2D2F071A5FB7BFAE8EBBD3 ] \Device\Harddisk0\DR0\Partition1 18:02:36.0171 3696 \Device\Harddisk0\DR0\Partition1 - ok 18:02:36.0171 3696 ============================================================ 18:02:36.0171 3696 Scan finished 18:02:36.0171 3696 ============================================================ 18:02:36.0187 3656 Detected object count: 5 18:02:36.0187 3656 Actual detected object count: 5 18:03:50.0953 3656 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user 18:03:50.0953 3656 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:03:50.0953 3656 idsvc ( UnsignedFile.Multi.Generic ) - skipped by user 18:03:50.0953 3656 idsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:03:50.0953 3656 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - skipped by user 18:03:50.0953 3656 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:03:50.0968 3656 nvsvc ( UnsignedFile.Multi.Generic ) - skipped by user 18:03:50.0968 3656 nvsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:03:50.0968 3656 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - skipped by user 18:03:50.0968 3656 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip -
infected by Funmoods can you help
hichactoe replied to hichactoe's topic in Resolved Malware Removal Logs
Hope this is the post section. Here are the results GMER 2.0.18327 - http://www.gmer.net Rootkit scan 2013-01-05 12:59:04 Windows 5.1.2600 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK5061GSYN rev.MH000D 465.76GB Running: 0vwqqj18.exe; Driver: C:\DOCUME~1\Tom\LOCALS~1\Temp\ffadipob.sys ---- System - GMER 2.0 ---- SSDT 8A2F0CE8 ZwAlertResumeThread SSDT 8A2F0DA8 ZwAlertThread SSDT 89919388 ZwAllocateVirtualMemory SSDT 8A3632B8 ZwAssignProcessToJobObject SSDT 8A37D248 ZwConnectPort SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB5AB2D40] SSDT 8A2FCD38 ZwCreateMutant SSDT 8A2774C8 ZwCreateSymbolicLinkObject SSDT 8A3C37A0 ZwCreateThread SSDT 8A2F9D68 ZwDebugActiveProcess SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB5AB2FC0] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB5AB3680] SSDT 89858D98 ZwDuplicateObject SSDT 8A2F6500 ZwFreeVirtualMemory SSDT 8A271D20 ZwImpersonateAnonymousToken SSDT 8A0AB2A0 ZwImpersonateThread SSDT 89F8B430 ZwLoadDriver SSDT 8A2BDD88 ZwMapViewOfSection SSDT 8A2F4B88 ZwOpenEvent SSDT 8A355D58 ZwOpenProcess SSDT 89858CD8 ZwOpenProcessToken SSDT 8A398C70 ZwOpenSection SSDT 8A363D98 ZwOpenThread SSDT 8A12C388 ZwProtectVirtualMemory SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwRenameKey [0xB5AB3BF0] SSDT 8A35CDA8 ZwResumeThread SSDT 8A327858 ZwSetContextThread SSDT 8A257308 ZwSetInformationProcess SSDT 89899D68 ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB5AB3910] SSDT 8A27DD68 ZwSuspendProcess SSDT 8996AD68 ZwSuspendThread SSDT 8A35C3F0 ZwTerminateProcess SSDT 8A14AB58 ZwTerminateThread SSDT 8A2BDD08 ZwUnmapViewOfSection SSDT 898F5430 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2BBC 80503970 8 Bytes [E8, 0C, 2F, 8A, A8, 0D, 2F, ...] ? SYMDS.SYS The system cannot find the file specified. ! ? SYMEFA.SYS The system cannot find the file specified. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7486380, 0x3E5D05, 0xE8000020] ---- EOF - GMER 2.0 ---- -
Funmoods shows up on Firefox,Internet Explore,Google with Funmoods tool bar and ads. Will not let delete Funmoods. dds.txt attach.txt