Jump to content

infected by Funmoods can you help


Recommended Posts

  • Staff

Please run the following:

Running GMER on 32 and 64 bit Systems

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror which will download a randomly named file
  • Zipped Mirror - Unzip the file to its own folder such as C:\gmer
  • Disconnect from the Internet and close all running programs
  • Temporarily disable any real-time active protection
  • It is very important you do not use your computer while GMER is running
  • Double-click on the randomly named GMER gmericon_zps951fd5aa.jpg icon
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  • Please check in the Quick scan box
  • Please uncheck the following:
    • IAT/EAT
    • Show All <<< Important

    GMER2new_zpsdd936679.jpg

    [*]Click Scan

    [*]If you see a rootkit warning window click OK

    [*]When the scan is finished, Save the results to your desktop as gmer.log

    [*]Click Copy then paste the results in your reply

    [*]Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled

Note:

  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning

Link to post
Share on other sites

Hope this is the post section. Here are the results

GMER 2.0.18327 - http://www.gmer.net

Rootkit scan 2013-01-05 12:59:04

Windows 5.1.2600 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK5061GSYN rev.MH000D 465.76GB

Running: 0vwqqj18.exe; Driver: C:\DOCUME~1\Tom\LOCALS~1\Temp\ffadipob.sys

---- System - GMER 2.0 ----

SSDT 8A2F0CE8 ZwAlertResumeThread

SSDT 8A2F0DA8 ZwAlertThread

SSDT 89919388 ZwAllocateVirtualMemory

SSDT 8A3632B8 ZwAssignProcessToJobObject

SSDT 8A37D248 ZwConnectPort

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB5AB2D40]

SSDT 8A2FCD38 ZwCreateMutant

SSDT 8A2774C8 ZwCreateSymbolicLinkObject

SSDT 8A3C37A0 ZwCreateThread

SSDT 8A2F9D68 ZwDebugActiveProcess

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB5AB2FC0]

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB5AB3680]

SSDT 89858D98 ZwDuplicateObject

SSDT 8A2F6500 ZwFreeVirtualMemory

SSDT 8A271D20 ZwImpersonateAnonymousToken

SSDT 8A0AB2A0 ZwImpersonateThread

SSDT 89F8B430 ZwLoadDriver

SSDT 8A2BDD88 ZwMapViewOfSection

SSDT 8A2F4B88 ZwOpenEvent

SSDT 8A355D58 ZwOpenProcess

SSDT 89858CD8 ZwOpenProcessToken

SSDT 8A398C70 ZwOpenSection

SSDT 8A363D98 ZwOpenThread

SSDT 8A12C388 ZwProtectVirtualMemory

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwRenameKey [0xB5AB3BF0]

SSDT 8A35CDA8 ZwResumeThread

SSDT 8A327858 ZwSetContextThread

SSDT 8A257308 ZwSetInformationProcess

SSDT 89899D68 ZwSetSystemInformation

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB5AB3910]

SSDT 8A27DD68 ZwSuspendProcess

SSDT 8996AD68 ZwSuspendThread

SSDT 8A35C3F0 ZwTerminateProcess

SSDT 8A14AB58 ZwTerminateThread

SSDT 8A2BDD08 ZwUnmapViewOfSection

SSDT 898F5430 ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.0 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2BBC 80503970 8 Bytes [E8, 0C, 2F, 8A, A8, 0D, 2F, ...]

? SYMDS.SYS The system cannot find the file specified. !

? SYMEFA.SYS The system cannot find the file specified. !

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7486380, 0x3E5D05, 0xE8000020]

---- EOF - GMER 2.0 ----

Link to post
Share on other sites

  • Staff

Please do the following:

Please download TDSSKiller.zip

  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Cure is selected (if Cure is not available, select Skip)
    • Then click Continue > Reboot now

    [*]Copy and paste the log in your next reply

    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

NEXT

Download ComboFix from the following location:

Link 1

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

CF_RC_notice.png

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

cfRC_screen_2.png

  • Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Link to post
Share on other sites

17:10:28.0156 3936 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

17:10:28.0703 3936 ============================================================

17:10:28.0703 3936 Current date / time: 2013/01/05 17:10:28.0703

17:10:28.0703 3936 SystemInfo:

17:10:28.0703 3936

17:10:28.0703 3936 OS Version: 5.1.2600 ServicePack: 2.0

17:10:28.0703 3936 Product type: Workstation

17:10:28.0703 3936 ComputerName: NJS-7392FF1A179

17:10:28.0703 3936 UserName: Tom

17:10:28.0703 3936 Windows directory: C:\WINDOWS

17:10:28.0703 3936 System windows directory: C:\WINDOWS

17:10:28.0703 3936 Processor architecture: Intel x86

17:10:28.0703 3936 Number of processors: 4

17:10:28.0703 3936 Page size: 0x1000

17:10:28.0703 3936 Boot type: Normal boot

17:10:28.0703 3936 ============================================================

17:10:30.0343 3936 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

17:10:30.0343 3936 ============================================================

17:10:30.0343 3936 \Device\Harddisk0\DR0:

17:10:30.0343 3936 MBR partitions:

17:10:30.0343 3936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41

17:10:30.0343 3936 ============================================================

17:10:30.0375 3936 C: <-> \Device\Harddisk0\DR0\Partition1

17:10:30.0375 3936 ============================================================

17:10:30.0375 3936 Initialize success

17:10:30.0375 3936 ============================================================

17:10:52.0234 2620 ============================================================

17:10:52.0234 2620 Scan started

17:10:52.0234 2620 Mode: Manual; SigCheck; TDLFS;

17:10:52.0234 2620 ============================================================

17:10:52.0468 2620 ================ Scan system memory ========================

17:10:53.0968 2620 System memory - ok

17:10:53.0968 2620 ================ Scan services =============================

17:10:54.0078 2620 Abiosdsk - ok

17:10:54.0078 2620 abp480n5 - ok

17:10:54.0125 2620 [ C351EB0DEB102D7EC67CDDEE6513DDF5 ] Acceler C:\WINDOWS\system32\DRIVERS\Accelern.sys

17:10:54.0171 2620 Acceler - ok

17:10:54.0218 2620 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:10:55.0156 2620 ACPI - ok

17:10:55.0171 2620 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

17:10:55.0281 2620 ACPIEC - ok

17:10:55.0343 2620 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

17:10:55.0359 2620 AdobeFlashPlayerUpdateSvc - ok

17:10:55.0359 2620 adpu160m - ok

17:10:55.0406 2620 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys

17:10:55.0500 2620 aec - ok

17:10:55.0531 2620 [ F21D5E93A94514BE9F5B6EBF74A696B2 ] AESTAud C:\WINDOWS\system32\drivers\AESTAud.sys

17:10:55.0578 2620 AESTAud - ok

17:10:55.0609 2620 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys

17:10:55.0750 2620 AFD - ok

17:10:55.0750 2620 Aha154x - ok

17:10:55.0750 2620 aic78u2 - ok

17:10:55.0765 2620 aic78xx - ok

17:10:55.0796 2620 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll

17:10:55.0875 2620 Alerter - ok

17:10:55.0890 2620 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe

17:10:55.0953 2620 ALG - ok

17:10:55.0968 2620 AliIde - ok

17:10:55.0968 2620 amsint - ok

17:10:55.0984 2620 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

17:10:56.0046 2620 AppMgmt - ok

17:10:56.0046 2620 asc - ok

17:10:56.0046 2620 asc3350p - ok

17:10:56.0046 2620 asc3550 - ok

17:10:56.0125 2620 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

17:10:56.0140 2620 aspnet_state - ok

17:10:56.0156 2620 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:10:56.0265 2620 AsyncMac - ok

17:10:56.0296 2620 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

17:10:56.0390 2620 atapi - ok

17:10:56.0390 2620 Atdisk - ok

17:10:56.0390 2620 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:10:56.0468 2620 Atmarpc - ok

17:10:56.0515 2620 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

17:10:56.0578 2620 AudioSrv - ok

17:10:56.0625 2620 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

17:10:56.0703 2620 audstub - ok

17:10:56.0781 2620 [ 5D4893633B7161FA25500EB7AEABEC94 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

17:10:56.0890 2620 BCM43XX - ok

17:10:56.0953 2620 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

17:10:57.0015 2620 Beep - ok

17:10:57.0125 2620 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121130.005\BHDrvx86.sys

17:10:57.0171 2620 BHDrvx86 - ok

17:10:57.0218 2620 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll

17:10:57.0375 2620 BITS - ok

17:10:57.0453 2620 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

17:10:57.0468 2620 Bonjour Service - ok

17:10:57.0515 2620 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll

17:10:57.0640 2620 Browser - ok

17:10:57.0703 2620 [ 9E8CF88D340E32FCB3C53955B2DF388F ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys

17:10:57.0718 2620 btaudio - ok

17:10:57.0750 2620 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys

17:10:57.0765 2620 BTDriver - ok

17:10:57.0796 2620 [ 9F704F40CD50AE05BBFC492C0342E765 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys

17:10:57.0828 2620 BTKRNL - ok

17:10:57.0875 2620 [ 8487071731230D3D40807E0B28F64725 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

17:10:57.0890 2620 btwdins - ok

17:10:57.0921 2620 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys

17:10:57.0937 2620 BTWDNDIS - ok

17:10:57.0937 2620 [ C51D50CF24DA69A9C499E65B0EDB3BB7 ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys

17:10:57.0937 2620 btwhid - ok

17:10:57.0937 2620 [ 581CA1A9B6F8CBA92E3BC8460C14FAAB ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys

17:10:57.0953 2620 BTWUSB - ok

17:10:57.0968 2620 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

17:10:58.0078 2620 cbidf2k - ok

17:10:58.0109 2620 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

17:10:58.0187 2620 CCDECODE - ok

17:10:58.0265 2620 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\WINDOWS\system32\drivers\N360\0604000.009\ccSetx86.sys

17:10:58.0281 2620 ccSet_N360 - ok

17:10:58.0281 2620 cd20xrnt - ok

17:10:58.0312 2620 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

17:10:58.0406 2620 Cdaudio - ok

17:10:58.0437 2620 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

17:10:58.0500 2620 Cdfs - ok

17:10:58.0531 2620 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:10:58.0609 2620 Cdrom - ok

17:10:58.0625 2620 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys

17:10:58.0640 2620 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

17:10:58.0640 2620 cercsr6 - detected UnsignedFile.Multi.Generic (1)

17:10:58.0640 2620 Changer - ok

17:10:58.0640 2620 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe

17:10:58.0718 2620 CiSvc - ok

17:10:58.0718 2620 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

17:10:58.0796 2620 ClipSrv - ok

17:10:58.0828 2620 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:10:58.0859 2620 clr_optimization_v2.0.50727_32 - ok

17:10:58.0890 2620 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys

17:10:58.0968 2620 CmBatt - ok

17:10:58.0968 2620 CmdIde - ok

17:10:58.0968 2620 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys

17:10:59.0031 2620 Compbatt - ok

17:10:59.0046 2620 COMSysApp - ok

17:10:59.0046 2620 Cpqarray - ok

17:10:59.0078 2620 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

17:10:59.0156 2620 CryptSvc - ok

17:10:59.0171 2620 dac2w2k - ok

17:10:59.0171 2620 dac960nt - ok

17:10:59.0203 2620 [ 5C83A4408604F737717AB96371201680 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

17:10:59.0296 2620 DcomLaunch - ok

17:10:59.0312 2620 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

17:10:59.0421 2620 Dhcp - ok

17:10:59.0468 2620 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

17:10:59.0562 2620 Disk - ok

17:10:59.0562 2620 dmadmin - ok

17:10:59.0593 2620 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

17:10:59.0718 2620 dmboot - ok

17:10:59.0718 2620 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys

17:10:59.0843 2620 dmio - ok

17:10:59.0859 2620 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

17:10:59.0968 2620 dmload - ok

17:10:59.0984 2620 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll

17:11:00.0109 2620 dmserver - ok

17:11:00.0140 2620 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

17:11:00.0265 2620 DMusic - ok

17:11:00.0281 2620 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

17:11:00.0406 2620 Dnscache - ok

17:11:00.0406 2620 dpti2o - ok

17:11:00.0437 2620 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

17:11:00.0546 2620 drmkaud - ok

17:11:00.0625 2620 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

17:11:00.0656 2620 eeCtrl - ok

17:11:00.0671 2620 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

17:11:00.0687 2620 EraserUtilRebootDrv - ok

17:11:00.0703 2620 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll

17:11:00.0812 2620 ERSvc - ok

17:11:00.0843 2620 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe

17:11:00.0984 2620 Eventlog - ok

17:11:01.0015 2620 [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem C:\WINDOWS\system32\es.dll

17:11:01.0156 2620 EventSystem - ok

17:11:01.0187 2620 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

17:11:01.0312 2620 Fastfat - ok

17:11:01.0359 2620 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

17:11:01.0484 2620 FastUserSwitchingCompatibility - ok

17:11:01.0531 2620 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

17:11:01.0687 2620 Fdc - ok

17:11:01.0703 2620 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys

17:11:01.0859 2620 Fips - ok

17:11:01.0859 2620 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

17:11:01.0937 2620 Flpydisk - ok

17:11:01.0968 2620 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys

17:11:02.0031 2620 FltMgr - ok

17:11:02.0109 2620 [ FACECF3F75BAF3775A879D1168402270 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

17:11:02.0140 2620 FontCache3.0.0.0 - ok

17:11:02.0156 2620 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:11:02.0218 2620 Fs_Rec - ok

17:11:02.0218 2620 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:11:02.0281 2620 Ftdisk - ok

17:11:02.0296 2620 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:11:02.0359 2620 Gpc - ok

17:11:02.0406 2620 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

17:11:02.0421 2620 gupdate - ok

17:11:02.0421 2620 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

17:11:02.0437 2620 gupdatem - ok

17:11:02.0468 2620 [ E31363D186B3E1D7C4E9117884A6AEE5 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:11:02.0500 2620 HDAudBus - ok

17:11:02.0515 2620 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys

17:11:02.0546 2620 HECI - ok

17:11:02.0578 2620 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

17:11:02.0703 2620 helpsvc - ok

17:11:02.0718 2620 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll

17:11:02.0843 2620 HidServ - ok

17:11:02.0875 2620 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:11:02.0984 2620 hidusb - ok

17:11:02.0984 2620 hpn - ok

17:11:03.0031 2620 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

17:11:03.0140 2620 HTTP - ok

17:11:03.0187 2620 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

17:11:03.0312 2620 HTTPFilter - ok

17:11:03.0312 2620 i2omgmt - ok

17:11:03.0312 2620 i2omp - ok

17:11:03.0343 2620 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:11:03.0421 2620 i8042prt - ok

17:11:03.0468 2620 [ EA7267505149B3A10DF32506A4E4E412 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:11:03.0515 2620 idsvc ( UnsignedFile.Multi.Generic ) - warning

17:11:03.0515 2620 idsvc - detected UnsignedFile.Multi.Generic (1)

17:11:03.0609 2620 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130104.001\IDSxpx86.sys

17:11:03.0625 2620 IDSxpx86 - ok

17:11:03.0687 2620 [ 9995160D6F69A603FA5B8DA9A42E8F9F ] IDVaultSvc C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe

17:11:03.0687 2620 IDVaultSvc - ok

17:11:03.0718 2620 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

17:11:03.0781 2620 Imapi - ok

17:11:03.0812 2620 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe

17:11:03.0875 2620 ImapiService - ok

17:11:03.0906 2620 [ 2DB41BA61D5E44D0667CF126D35DCF34 ] Impcd C:\WINDOWS\system32\DRIVERS\Impcd.sys

17:11:03.0921 2620 Impcd - ok

17:11:03.0937 2620 ini910u - ok

17:11:03.0937 2620 IntelIde - ok

17:11:03.0968 2620 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:11:04.0062 2620 intelppm - ok

17:11:04.0078 2620 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

17:11:04.0171 2620 Ip6Fw - ok

17:11:04.0203 2620 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:11:04.0265 2620 IpFilterDriver - ok

17:11:04.0265 2620 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:11:04.0328 2620 IpInIp - ok

17:11:04.0343 2620 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:11:04.0421 2620 IpNat - ok

17:11:04.0437 2620 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:11:04.0500 2620 IPSec - ok

17:11:04.0531 2620 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

17:11:04.0562 2620 IRENUM - ok

17:11:04.0609 2620 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:11:04.0671 2620 isapnp - ok

17:11:04.0750 2620 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe

17:11:04.0765 2620 JavaQuickStarterService - ok

17:11:04.0796 2620 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:11:04.0890 2620 Kbdclass - ok

17:11:04.0906 2620 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:11:04.0968 2620 kbdhid - ok

17:11:04.0984 2620 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

17:11:05.0046 2620 kmixer - ok

17:11:05.0171 2620 [ 775C6D5D60146D7DB08A01CB596D7EC6 ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

17:11:05.0187 2620 Kodak AiO Network Discovery Service - ok

17:11:05.0234 2620 [ 17AFF68AB32F8671BC46612D35351099 ] Kodak AiO Status Monitor Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

17:11:05.0265 2620 Kodak AiO Status Monitor Service - ok

17:11:05.0265 2620 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

17:11:05.0375 2620 KSecDD - ok

17:11:05.0390 2620 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

17:11:05.0468 2620 lanmanserver - ok

17:11:05.0500 2620 [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

17:11:05.0578 2620 lanmanworkstation - ok

17:11:05.0578 2620 lbrtfdc - ok

17:11:05.0593 2620 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

17:11:05.0687 2620 LmHosts - ok

17:11:05.0734 2620 [ 5460828F8951D310B42B442877603B8D ] LMS C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

17:11:05.0750 2620 LMS - ok

17:11:05.0781 2620 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

17:11:05.0781 2620 MBAMProtector - ok

17:11:05.0796 2620 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

17:11:05.0812 2620 MBAMScheduler - ok

17:11:05.0875 2620 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

17:11:05.0890 2620 MBAMService - ok

17:11:05.0937 2620 [ ED6235C93981D8658FA433092A809303 ] MemeoBackgroundService C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe

17:11:05.0937 2620 MemeoBackgroundService - ok

17:11:05.0968 2620 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll

17:11:06.0078 2620 Messenger - ok

17:11:06.0109 2620 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

17:11:06.0171 2620 mnmdd - ok

17:11:06.0203 2620 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

17:11:06.0265 2620 mnmsrvc - ok

17:11:06.0281 2620 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

17:11:06.0343 2620 Modem - ok

17:11:06.0359 2620 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:11:06.0421 2620 Mouclass - ok

17:11:06.0453 2620 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:11:06.0531 2620 mouhid - ok

17:11:06.0546 2620 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

17:11:06.0640 2620 MountMgr - ok

17:11:06.0687 2620 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

17:11:06.0687 2620 MozillaMaintenance - ok

17:11:06.0687 2620 mraid35x - ok

17:11:06.0703 2620 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:11:06.0781 2620 MRxDAV - ok

17:11:06.0781 2620 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:11:06.0843 2620 MRxSmb - ok

17:11:06.0875 2620 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

17:11:06.0953 2620 MSDTC - ok

17:11:06.0953 2620 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

17:11:07.0015 2620 Msfs - ok

17:11:07.0015 2620 MSIServer - ok

17:11:07.0031 2620 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:11:07.0109 2620 MSKSSRV - ok

17:11:07.0109 2620 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:11:07.0171 2620 MSPCLOCK - ok

17:11:07.0171 2620 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

17:11:07.0234 2620 MSPQM - ok

17:11:07.0265 2620 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:11:07.0328 2620 mssmbios - ok

17:11:07.0359 2620 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

17:11:07.0421 2620 MSTEE - ok

17:11:07.0437 2620 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

17:11:07.0531 2620 Mup - ok

17:11:07.0562 2620 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe

17:11:07.0578 2620 N360 - ok

17:11:07.0609 2620 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

17:11:07.0687 2620 NABTSFEC - ok

17:11:07.0750 2620 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130104.032\NAVENG.SYS

17:11:07.0765 2620 NAVENG - ok

17:11:07.0828 2620 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130104.032\NAVEX15.SYS

17:11:07.0875 2620 NAVEX15 - ok

17:11:07.0906 2620 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

17:11:08.0000 2620 NDIS - ok

17:11:08.0031 2620 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

17:11:08.0140 2620 NdisIP - ok

17:11:08.0187 2620 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:11:08.0296 2620 NdisTapi - ok

17:11:08.0328 2620 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:11:08.0437 2620 Ndisuio - ok

17:11:08.0453 2620 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:11:08.0562 2620 NdisWan - ok

17:11:08.0593 2620 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

17:11:08.0687 2620 NDProxy - ok

17:11:08.0687 2620 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

17:11:08.0812 2620 NetBIOS - ok

17:11:08.0843 2620 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

17:11:08.0953 2620 NetBT - ok

17:11:08.0984 2620 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe

17:11:09.0078 2620 NetDDE - ok

17:11:09.0093 2620 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

17:11:09.0203 2620 NetDDEdsdm - ok

17:11:09.0218 2620 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe

17:11:09.0281 2620 Netlogon - ok

17:11:09.0296 2620 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll

17:11:09.0375 2620 Netman - ok

17:11:09.0406 2620 [ 8070BB07FE06DE8B9ACB29B07016A273 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:11:09.0421 2620 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - warning

17:11:09.0421 2620 NetTcpPortSharing - detected UnsignedFile.Multi.Generic (1)

17:11:09.0453 2620 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll

17:11:09.0500 2620 Nla - ok

17:11:09.0546 2620 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

17:11:09.0593 2620 Npfs - ok

17:11:09.0625 2620 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

17:11:09.0703 2620 Ntfs - ok

17:11:09.0703 2620 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

17:11:09.0765 2620 NtLmSsp - ok

17:11:09.0781 2620 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

17:11:09.0843 2620 NtmsSvc - ok

17:11:09.0859 2620 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

17:11:09.0937 2620 Null - ok

17:11:10.0109 2620 [ 5868D9602CBC3D41896B8750744664C9 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

17:11:10.0375 2620 nv - ok

17:11:10.0406 2620 [ 2D2B7B3AD297C659EFA1D02852CA9860 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys

17:11:10.0406 2620 NVHDA - ok

17:11:10.0453 2620 [ FCD5A42D241E23A90785A0864DDD0428 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe

17:11:10.0468 2620 nvsvc ( UnsignedFile.Multi.Generic ) - warning

17:11:10.0468 2620 nvsvc - detected UnsignedFile.Multi.Generic (1)

17:11:10.0500 2620 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:11:10.0625 2620 NwlnkFlt - ok

17:11:10.0625 2620 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:11:10.0687 2620 NwlnkFwd - ok

17:11:10.0750 2620 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

17:11:10.0765 2620 odserv - ok

17:11:10.0765 2620 OMCI - ok

17:11:10.0796 2620 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:11:10.0796 2620 ose - ok

17:11:10.0812 2620 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\drivers\Parport.sys

17:11:10.0875 2620 Parport - ok

17:11:10.0890 2620 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

17:11:10.0953 2620 PartMgr - ok

17:11:10.0984 2620 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

17:11:11.0046 2620 ParVdm - ok

17:11:11.0062 2620 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

17:11:11.0109 2620 PCI - ok

17:11:11.0109 2620 PCIDump - ok

17:11:11.0125 2620 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

17:11:11.0171 2620 PCIIde - ok

17:11:11.0187 2620 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

17:11:11.0312 2620 Pcmcia - ok

17:11:11.0312 2620 PDCOMP - ok

17:11:11.0328 2620 PDFRAME - ok

17:11:11.0328 2620 PDRELI - ok

17:11:11.0328 2620 PDRFRAME - ok

17:11:11.0343 2620 perc2 - ok

17:11:11.0343 2620 perc2hib - ok

17:11:11.0390 2620 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe

17:11:11.0484 2620 PlugPlay - ok

17:11:11.0484 2620 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

17:11:11.0578 2620 PolicyAgent - ok

17:11:11.0578 2620 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:11:11.0687 2620 PptpMiniport - ok

17:11:11.0687 2620 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

17:11:11.0765 2620 ProtectedStorage - ok

17:11:11.0765 2620 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

17:11:11.0828 2620 PSched - ok

17:11:11.0843 2620 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:11:11.0906 2620 Ptilink - ok

17:11:11.0906 2620 ql1080 - ok

17:11:11.0906 2620 Ql10wnt - ok

17:11:11.0921 2620 ql12160 - ok

17:11:11.0921 2620 ql1240 - ok

17:11:11.0921 2620 ql1280 - ok

17:11:11.0953 2620 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:11:12.0000 2620 RasAcd - ok

17:11:12.0031 2620 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll

17:11:12.0078 2620 RasAuto - ok

17:11:12.0109 2620 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:11:12.0156 2620 Rasl2tp - ok

17:11:12.0187 2620 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll

17:11:12.0234 2620 RasMan - ok

17:11:12.0250 2620 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:11:12.0296 2620 RasPppoe - ok

17:11:12.0296 2620 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

17:11:12.0375 2620 Raspti - ok

17:11:12.0390 2620 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:11:12.0468 2620 Rdbss - ok

17:11:12.0484 2620 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:11:12.0546 2620 RDPCDD - ok

17:11:12.0562 2620 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:11:12.0656 2620 rdpdr - ok

17:11:12.0687 2620 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

17:11:12.0765 2620 RDPWD - ok

17:11:12.0781 2620 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

17:11:12.0843 2620 RDSessMgr - ok

17:11:12.0875 2620 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

17:11:12.0953 2620 redbook - ok

17:11:12.0984 2620 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

17:11:13.0062 2620 RemoteAccess - ok

17:11:13.0078 2620 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

17:11:13.0156 2620 RemoteRegistry - ok

17:11:13.0187 2620 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe

17:11:13.0250 2620 RpcLocator - ok

17:11:13.0281 2620 [ 5C83A4408604F737717AB96371201680 ] RpcSs C:\WINDOWS\system32\rpcss.dll

17:11:13.0375 2620 RpcSs - ok

17:11:13.0390 2620 [ 31D45ECA63884FF5F7AECC50F7D1BAE0 ] RSUSBSTOR C:\WINDOWS\system32\Drivers\RtsUStor.sys

17:11:13.0437 2620 RSUSBSTOR - ok

17:11:13.0453 2620 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

17:11:13.0531 2620 RSVP - ok

17:11:13.0546 2620 [ A1AD65718870DBF2BCB81E3C1406469E ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

17:11:13.0562 2620 RTLE8023xp - ok

17:11:13.0578 2620 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe

17:11:13.0640 2620 SamSs - ok

17:11:13.0671 2620 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

17:11:13.0734 2620 SCardSvr - ok

17:11:13.0765 2620 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll

17:11:13.0843 2620 Schedule - ok

17:11:13.0859 2620 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:11:13.0906 2620 Secdrv - ok

17:11:13.0937 2620 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll

17:11:14.0031 2620 seclogon - ok

17:11:14.0046 2620 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll

17:11:14.0109 2620 SENS - ok

17:11:14.0125 2620 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\drivers\Serial.sys

17:11:14.0187 2620 Serial - ok

17:11:14.0218 2620 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

17:11:14.0281 2620 Sfloppy - ok

17:11:14.0296 2620 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

17:11:14.0375 2620 SharedAccess - ok

17:11:14.0390 2620 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

17:11:14.0453 2620 ShellHWDetection - ok

17:11:14.0453 2620 Simbad - ok

17:11:14.0500 2620 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

17:11:14.0500 2620 SkypeUpdate - ok

17:11:14.0531 2620 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

17:11:14.0593 2620 SLIP - ok

17:11:14.0593 2620 Sparrow - ok

17:11:14.0625 2620 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys

17:11:14.0687 2620 splitter - ok

17:11:14.0718 2620 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe

17:11:14.0765 2620 Spooler - ok

17:11:14.0812 2620 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

17:11:14.0859 2620 sr - ok

17:11:14.0875 2620 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll

17:11:14.0921 2620 srservice - ok

17:11:14.0937 2620 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\N360\0604000.009\SRTSP.SYS

17:11:14.0953 2620 SRTSP - ok

17:11:14.0984 2620 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\N360\0604000.009\SRTSPX.SYS

17:11:14.0984 2620 SRTSPX - ok

17:11:15.0000 2620 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

17:11:15.0078 2620 Srv - ok

17:11:15.0093 2620 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

17:11:15.0125 2620 SSDPSRV - ok

17:11:15.0171 2620 [ FBAA145C28074C853529050914D405C6 ] STacSV c:\program files\idt\wdm\stacsv.exe

17:11:15.0187 2620 STacSV - ok

17:11:15.0203 2620 [ 1E72739A30A0D3E3FC95EBB07F83912D ] stdcfltn C:\WINDOWS\system32\DRIVERS\stdcfltn.sys

17:11:15.0203 2620 stdcfltn - ok

17:11:15.0250 2620 [ 9BFDE0E43834495E501A9E3AB3B88062 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys

17:11:15.0312 2620 STHDA - ok

17:11:15.0375 2620 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll

17:11:15.0515 2620 stisvc - ok

17:11:15.0546 2620 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

17:11:15.0656 2620 streamip - ok

17:11:15.0687 2620 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

17:11:15.0796 2620 swenum - ok

17:11:15.0812 2620 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

17:11:15.0890 2620 swmidi - ok

17:11:15.0906 2620 SwPrv - ok

17:11:15.0906 2620 symc810 - ok

17:11:15.0906 2620 symc8xx - ok

17:11:15.0953 2620 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\N360\0604000.009\SYMDS.SYS

17:11:15.0968 2620 SymDS - ok

17:11:16.0000 2620 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\N360\0604000.009\SYMEFA.SYS

17:11:16.0046 2620 SymEFA - ok

17:11:16.0078 2620 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

17:11:16.0078 2620 SymEvent - ok

17:11:16.0093 2620 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\N360\0604000.009\Ironx86.SYS

17:11:16.0093 2620 SymIRON - ok

17:11:16.0109 2620 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0604000.009\SYMTDI.SYS

17:11:16.0125 2620 SYMTDI - ok

17:11:16.0125 2620 sym_hi - ok

17:11:16.0125 2620 sym_u3 - ok

17:11:16.0156 2620 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

17:11:16.0234 2620 sysaudio - ok

17:11:16.0265 2620 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

17:11:16.0343 2620 SysmonLog - ok

17:11:16.0359 2620 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

17:11:16.0421 2620 TapiSrv - ok

17:11:16.0437 2620 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:11:16.0531 2620 Tcpip - ok

17:11:16.0546 2620 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

17:11:16.0640 2620 TDPIPE - ok

17:11:16.0656 2620 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

17:11:16.0750 2620 TDTCP - ok

17:11:16.0765 2620 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

17:11:16.0828 2620 TermDD - ok

17:11:16.0875 2620 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll

17:11:16.0937 2620 TermService - ok

17:11:16.0953 2620 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll

17:11:17.0015 2620 Themes - ok

17:11:17.0031 2620 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

17:11:17.0062 2620 TlntSvr - ok

17:11:17.0062 2620 TosIde - ok

17:11:17.0093 2620 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll

17:11:17.0156 2620 TrkWks - ok

17:11:17.0171 2620 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

17:11:17.0281 2620 Udfs - ok

17:11:17.0281 2620 ultra - ok

17:11:17.0375 2620 [ 9E89C2D6945389270DE067CE51FF7425 ] UNS C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

17:11:17.0468 2620 UNS - ok

17:11:17.0500 2620 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

17:11:17.0609 2620 Update - ok

17:11:17.0625 2620 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll

17:11:17.0671 2620 upnphost - ok

17:11:17.0671 2620 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe

17:11:17.0765 2620 UPS - ok

17:11:17.0796 2620 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

17:11:17.0906 2620 usbaudio - ok

17:11:17.0953 2620 [ 77B3C8F166A6E6F2E834737AB8CAC1CA ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:11:17.0984 2620 usbccgp - ok

17:11:18.0015 2620 [ 4FFAEA1BD071A72DFB76519F5B1DA956 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:11:18.0062 2620 usbehci - ok

17:11:18.0062 2620 [ ACE960E54148821E8E48F5D191562C28 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:11:18.0109 2620 usbhub - ok

17:11:18.0156 2620 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:11:18.0250 2620 usbprint - ok

17:11:18.0281 2620 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:11:18.0406 2620 usbscan - ok

17:11:18.0437 2620 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:11:18.0546 2620 USBSTOR - ok

17:11:18.0562 2620 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys

17:11:18.0656 2620 usbvideo - ok

17:11:18.0718 2620 [ F44970C4137B57A5D5BD632B46113366 ] vcsFPService C:\WINDOWS\system32\vcsFPService.exe

17:11:18.0781 2620 vcsFPService - ok

17:11:18.0796 2620 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

17:11:18.0906 2620 VgaSave - ok

17:11:18.0906 2620 ViaIde - ok

17:11:18.0937 2620 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

17:11:19.0046 2620 VolSnap - ok

17:11:19.0078 2620 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe

17:11:19.0140 2620 VSS - ok

17:11:19.0171 2620 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll

17:11:19.0281 2620 W32Time - ok

17:11:19.0296 2620 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:11:19.0390 2620 Wanarp - ok

17:11:19.0437 2620 [ A1A36682DF22777834E1C37F3C79AEC2 ] WDBtnMgrSvc.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

17:11:19.0437 2620 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - warning

17:11:19.0437 2620 WDBtnMgrSvc.exe - detected UnsignedFile.Multi.Generic (1)

17:11:19.0484 2620 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys

17:11:19.0515 2620 Wdf01000 - ok

17:11:19.0515 2620 WDICA - ok

17:11:19.0531 2620 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

17:11:19.0609 2620 wdmaud - ok

17:11:19.0625 2620 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll

17:11:19.0718 2620 WebClient - ok

17:11:19.0812 2620 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

17:11:19.0906 2620 winmgmt - ok

17:11:19.0921 2620 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys

17:11:19.0921 2620 WinUSB - ok

17:11:19.0937 2620 wltrysvc - ok

17:11:19.0953 2620 [ C086483E3DBA8C1C0A687EC8D5B3D4C1 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll

17:11:20.0078 2620 WmdmPmSN - ok

17:11:20.0093 2620 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll

17:11:20.0234 2620 Wmi - ok

17:11:20.0265 2620 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

17:11:20.0328 2620 WmiAcpi - ok

17:11:20.0359 2620 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

17:11:20.0406 2620 WmiApSrv - ok

17:11:20.0437 2620 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll

17:11:20.0515 2620 wscsvc - ok

17:11:20.0531 2620 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

17:11:20.0578 2620 WSTCODEC - ok

17:11:20.0609 2620 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll

17:11:20.0671 2620 wuauserv - ok

17:11:20.0687 2620 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

17:11:20.0750 2620 WZCSVC - ok

17:11:20.0765 2620 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

17:11:20.0859 2620 xmlprov - ok

17:11:20.0859 2620 ================ Scan global ===============================

17:11:20.0890 2620 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll

17:11:20.0906 2620 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll

17:11:20.0906 2620 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll

17:11:20.0921 2620 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe

17:11:20.0921 2620 [Global] - ok

17:11:20.0921 2620 ================ Scan MBR ==================================

17:11:20.0937 2620 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

17:11:21.0234 2620 \Device\Harddisk0\DR0 - ok

17:11:21.0234 2620 ================ Scan VBR ==================================

17:11:21.0234 2620 [ D8073073BA2D2F071A5FB7BFAE8EBBD3 ] \Device\Harddisk0\DR0\Partition1

17:11:21.0234 2620 \Device\Harddisk0\DR0\Partition1 - ok

17:11:21.0234 2620 ============================================================

17:11:21.0234 2620 Scan finished

17:11:21.0234 2620 ============================================================

17:11:21.0343 2236 Detected object count: 5

17:11:21.0343 2236 Actual detected object count: 5

18:01:25.0687 2236 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:25.0687 2236 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:01:25.0687 2236 idsvc ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:25.0687 2236 idsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:01:25.0703 2236 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:25.0703 2236 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:01:25.0703 2236 nvsvc ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:25.0703 2236 nvsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:01:25.0703 2236 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:25.0703 2236 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:02:09.0906 3696 ============================================================

18:02:09.0906 3696 Scan started

18:02:09.0906 3696 Mode: Manual; SigCheck; TDLFS;

18:02:09.0906 3696 ============================================================

18:02:10.0109 3696 ================ Scan system memory ========================

18:02:11.0046 3696 System memory - ok

18:02:11.0046 3696 ================ Scan services =============================

18:02:11.0234 3696 Abiosdsk - ok

18:02:11.0250 3696 abp480n5 - ok

18:02:11.0281 3696 [ C351EB0DEB102D7EC67CDDEE6513DDF5 ] Acceler C:\WINDOWS\system32\DRIVERS\Accelern.sys

18:02:11.0296 3696 Acceler - ok

18:02:11.0343 3696 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:02:11.0531 3696 ACPI - ok

18:02:11.0562 3696 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

18:02:11.0687 3696 ACPIEC - ok

18:02:11.0765 3696 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

18:02:11.0781 3696 AdobeFlashPlayerUpdateSvc - ok

18:02:11.0796 3696 adpu160m - ok

18:02:11.0828 3696 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys

18:02:11.0953 3696 aec - ok

18:02:12.0000 3696 [ F21D5E93A94514BE9F5B6EBF74A696B2 ] AESTAud C:\WINDOWS\system32\drivers\AESTAud.sys

18:02:12.0015 3696 AESTAud - ok

18:02:12.0046 3696 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys

18:02:12.0187 3696 AFD - ok

18:02:12.0203 3696 Aha154x - ok

18:02:12.0203 3696 aic78u2 - ok

18:02:12.0203 3696 aic78xx - ok

18:02:12.0234 3696 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll

18:02:12.0328 3696 Alerter - ok

18:02:12.0343 3696 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe

18:02:12.0390 3696 ALG - ok

18:02:12.0390 3696 AliIde - ok

18:02:12.0390 3696 amsint - ok

18:02:12.0421 3696 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

18:02:12.0468 3696 AppMgmt - ok

18:02:12.0468 3696 asc - ok

18:02:12.0468 3696 asc3350p - ok

18:02:12.0484 3696 asc3550 - ok

18:02:12.0546 3696 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

18:02:12.0546 3696 aspnet_state - ok

18:02:12.0562 3696 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:02:12.0625 3696 AsyncMac - ok

18:02:12.0671 3696 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

18:02:12.0781 3696 atapi - ok

18:02:12.0796 3696 Atdisk - ok

18:02:12.0796 3696 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:02:12.0859 3696 Atmarpc - ok

18:02:12.0906 3696 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

18:02:12.0953 3696 AudioSrv - ok

18:02:13.0000 3696 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

18:02:13.0062 3696 audstub - ok

18:02:13.0156 3696 [ 5D4893633B7161FA25500EB7AEABEC94 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

18:02:13.0250 3696 BCM43XX - ok

18:02:13.0281 3696 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

18:02:13.0343 3696 Beep - ok

18:02:13.0437 3696 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121130.005\BHDrvx86.sys

18:02:13.0484 3696 BHDrvx86 - ok

18:02:13.0515 3696 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll

18:02:13.0656 3696 BITS - ok

18:02:13.0734 3696 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

18:02:13.0750 3696 Bonjour Service - ok

18:02:13.0781 3696 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll

18:02:13.0875 3696 Browser - ok

18:02:14.0031 3696 [ 9E8CF88D340E32FCB3C53955B2DF388F ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys

18:02:14.0093 3696 btaudio - ok

18:02:14.0218 3696 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys

18:02:14.0234 3696 BTDriver - ok

18:02:14.0296 3696 [ 9F704F40CD50AE05BBFC492C0342E765 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys

18:02:14.0343 3696 BTKRNL - ok

18:02:14.0406 3696 [ 8487071731230D3D40807E0B28F64725 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

18:02:14.0437 3696 btwdins - ok

18:02:14.0437 3696 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys

18:02:14.0453 3696 BTWDNDIS - ok

18:02:14.0484 3696 [ C51D50CF24DA69A9C499E65B0EDB3BB7 ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys

18:02:14.0484 3696 btwhid - ok

18:02:14.0500 3696 [ 581CA1A9B6F8CBA92E3BC8460C14FAAB ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys

18:02:14.0500 3696 BTWUSB - ok

18:02:14.0531 3696 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

18:02:14.0656 3696 cbidf2k - ok

18:02:14.0671 3696 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

18:02:14.0796 3696 CCDECODE - ok

18:02:14.0875 3696 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\WINDOWS\system32\drivers\N360\0604000.009\ccSetx86.sys

18:02:14.0890 3696 ccSet_N360 - ok

18:02:14.0890 3696 cd20xrnt - ok

18:02:14.0937 3696 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

18:02:15.0062 3696 Cdaudio - ok

18:02:15.0093 3696 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

18:02:15.0218 3696 Cdfs - ok

18:02:15.0250 3696 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:02:15.0359 3696 Cdrom - ok

18:02:15.0390 3696 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys

18:02:15.0406 3696 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

18:02:15.0406 3696 cercsr6 - detected UnsignedFile.Multi.Generic (1)

18:02:15.0406 3696 Changer - ok

18:02:15.0421 3696 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe

18:02:15.0546 3696 CiSvc - ok

18:02:15.0546 3696 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

18:02:15.0609 3696 ClipSrv - ok

18:02:15.0640 3696 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:02:15.0640 3696 clr_optimization_v2.0.50727_32 - ok

18:02:15.0656 3696 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys

18:02:15.0703 3696 CmBatt - ok

18:02:15.0718 3696 CmdIde - ok

18:02:15.0718 3696 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys

18:02:15.0765 3696 Compbatt - ok

18:02:15.0765 3696 COMSysApp - ok

18:02:15.0781 3696 Cpqarray - ok

18:02:15.0796 3696 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

18:02:15.0859 3696 CryptSvc - ok

18:02:15.0875 3696 dac2w2k - ok

18:02:15.0875 3696 dac960nt - ok

18:02:15.0890 3696 [ 5C83A4408604F737717AB96371201680 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

18:02:15.0953 3696 DcomLaunch - ok

18:02:15.0968 3696 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

18:02:16.0031 3696 Dhcp - ok

18:02:16.0062 3696 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

18:02:16.0125 3696 Disk - ok

18:02:16.0125 3696 dmadmin - ok

18:02:16.0171 3696 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

18:02:16.0281 3696 dmboot - ok

18:02:16.0312 3696 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys

18:02:16.0390 3696 dmio - ok

18:02:16.0406 3696 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

18:02:16.0500 3696 dmload - ok

18:02:16.0500 3696 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll

18:02:16.0562 3696 dmserver - ok

18:02:16.0593 3696 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

18:02:16.0671 3696 DMusic - ok

18:02:16.0703 3696 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

18:02:16.0812 3696 Dnscache - ok

18:02:16.0812 3696 dpti2o - ok

18:02:16.0828 3696 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

18:02:16.0937 3696 drmkaud - ok

18:02:17.0015 3696 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

18:02:17.0046 3696 eeCtrl - ok

18:02:17.0046 3696 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

18:02:17.0062 3696 EraserUtilRebootDrv - ok

18:02:17.0093 3696 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll

18:02:17.0187 3696 ERSvc - ok

18:02:17.0203 3696 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe

18:02:17.0328 3696 Eventlog - ok

18:02:17.0343 3696 [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem C:\WINDOWS\system32\es.dll

18:02:17.0468 3696 EventSystem - ok

18:02:17.0484 3696 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

18:02:17.0609 3696 Fastfat - ok

18:02:17.0656 3696 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

18:02:17.0765 3696 FastUserSwitchingCompatibility - ok

18:02:17.0781 3696 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

18:02:17.0859 3696 Fdc - ok

18:02:17.0875 3696 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys

18:02:17.0937 3696 Fips - ok

18:02:17.0937 3696 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

18:02:18.0000 3696 Flpydisk - ok

18:02:18.0015 3696 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys

18:02:18.0078 3696 FltMgr - ok

18:02:18.0156 3696 [ FACECF3F75BAF3775A879D1168402270 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

18:02:18.0156 3696 FontCache3.0.0.0 - ok

18:02:18.0187 3696 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:02:18.0250 3696 Fs_Rec - ok

18:02:18.0250 3696 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:02:18.0296 3696 Ftdisk - ok

18:02:18.0328 3696 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:02:18.0375 3696 Gpc - ok

18:02:18.0421 3696 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

18:02:18.0437 3696 gupdate - ok

18:02:18.0437 3696 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

18:02:18.0453 3696 gupdatem - ok

18:02:18.0484 3696 [ E31363D186B3E1D7C4E9117884A6AEE5 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

18:02:18.0500 3696 HDAudBus - ok

18:02:18.0531 3696 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys

18:02:18.0546 3696 HECI - ok

18:02:18.0562 3696 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

18:02:18.0640 3696 helpsvc - ok

18:02:18.0656 3696 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll

18:02:18.0765 3696 HidServ - ok

18:02:18.0796 3696 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:02:18.0890 3696 hidusb - ok

18:02:18.0890 3696 hpn - ok

18:02:18.0937 3696 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

18:02:19.0046 3696 HTTP - ok

18:02:19.0078 3696 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

18:02:19.0187 3696 HTTPFilter - ok

18:02:19.0187 3696 i2omgmt - ok

18:02:19.0187 3696 i2omp - ok

18:02:19.0218 3696 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:02:19.0312 3696 i8042prt - ok

18:02:19.0375 3696 [ EA7267505149B3A10DF32506A4E4E412 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

18:02:19.0421 3696 idsvc ( UnsignedFile.Multi.Generic ) - warning

18:02:19.0421 3696 idsvc - detected UnsignedFile.Multi.Generic (1)

18:02:19.0500 3696 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130104.001\IDSxpx86.sys

18:02:19.0515 3696 IDSxpx86 - ok

18:02:19.0578 3696 [ 9995160D6F69A603FA5B8DA9A42E8F9F ] IDVaultSvc C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe

18:02:19.0593 3696 IDVaultSvc - ok

18:02:19.0609 3696 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

18:02:19.0718 3696 Imapi - ok

18:02:19.0750 3696 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe

18:02:19.0875 3696 ImapiService - ok

18:02:19.0906 3696 [ 2DB41BA61D5E44D0667CF126D35DCF34 ] Impcd C:\WINDOWS\system32\DRIVERS\Impcd.sys

18:02:19.0921 3696 Impcd - ok

18:02:19.0921 3696 ini910u - ok

18:02:19.0937 3696 IntelIde - ok

18:02:19.0937 3696 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:02:20.0062 3696 intelppm - ok

18:02:20.0062 3696 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

18:02:20.0125 3696 Ip6Fw - ok

18:02:20.0156 3696 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:02:20.0203 3696 IpFilterDriver - ok

18:02:20.0203 3696 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:02:20.0265 3696 IpInIp - ok

18:02:20.0281 3696 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:02:20.0359 3696 IpNat - ok

18:02:20.0375 3696 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:02:20.0437 3696 IPSec - ok

18:02:20.0453 3696 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

18:02:20.0484 3696 IRENUM - ok

18:02:20.0531 3696 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:02:20.0593 3696 isapnp - ok

18:02:20.0656 3696 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe

18:02:20.0671 3696 JavaQuickStarterService - ok

18:02:20.0703 3696 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:02:20.0812 3696 Kbdclass - ok

18:02:20.0812 3696 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:02:20.0921 3696 kbdhid - ok

18:02:20.0937 3696 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

18:02:21.0000 3696 kmixer - ok

18:02:21.0093 3696 [ 775C6D5D60146D7DB08A01CB596D7EC6 ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

18:02:21.0109 3696 Kodak AiO Network Discovery Service - ok

18:02:21.0156 3696 [ 17AFF68AB32F8671BC46612D35351099 ] Kodak AiO Status Monitor Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

18:02:21.0187 3696 Kodak AiO Status Monitor Service - ok

18:02:21.0218 3696 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

18:02:21.0312 3696 KSecDD - ok

18:02:21.0343 3696 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

18:02:21.0406 3696 lanmanserver - ok

18:02:21.0421 3696 [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

18:02:21.0468 3696 lanmanworkstation - ok

18:02:21.0484 3696 lbrtfdc - ok

18:02:21.0500 3696 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

18:02:21.0625 3696 LmHosts - ok

18:02:21.0671 3696 [ 5460828F8951D310B42B442877603B8D ] LMS C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

18:02:21.0687 3696 LMS - ok

18:02:21.0734 3696 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

18:02:21.0750 3696 MBAMProtector - ok

18:02:21.0765 3696 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

18:02:21.0796 3696 MBAMScheduler - ok

18:02:21.0828 3696 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

18:02:21.0859 3696 MBAMService - ok

18:02:21.0906 3696 [ ED6235C93981D8658FA433092A809303 ] MemeoBackgroundService C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe

18:02:21.0921 3696 MemeoBackgroundService - ok

18:02:21.0937 3696 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll

18:02:22.0046 3696 Messenger - ok

18:02:22.0078 3696 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

18:02:22.0187 3696 mnmdd - ok

18:02:22.0218 3696 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

18:02:22.0343 3696 mnmsrvc - ok

18:02:22.0359 3696 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

18:02:22.0484 3696 Modem - ok

18:02:22.0500 3696 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:02:22.0609 3696 Mouclass - ok

18:02:22.0656 3696 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:02:22.0781 3696 mouhid - ok

18:02:22.0796 3696 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

18:02:22.0921 3696 MountMgr - ok

18:02:22.0968 3696 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

18:02:22.0984 3696 MozillaMaintenance - ok

18:02:22.0984 3696 mraid35x - ok

18:02:22.0984 3696 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:02:23.0125 3696 MRxDAV - ok

18:02:23.0140 3696 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:02:23.0218 3696 MRxSmb - ok

18:02:23.0234 3696 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

18:02:23.0281 3696 MSDTC - ok

18:02:23.0296 3696 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

18:02:23.0343 3696 Msfs - ok

18:02:23.0343 3696 MSIServer - ok

18:02:23.0359 3696 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:02:23.0437 3696 MSKSSRV - ok

18:02:23.0437 3696 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:02:23.0484 3696 MSPCLOCK - ok

18:02:23.0484 3696 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

18:02:23.0546 3696 MSPQM - ok

18:02:23.0578 3696 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:02:23.0625 3696 mssmbios - ok

18:02:23.0656 3696 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

18:02:23.0703 3696 MSTEE - ok

18:02:23.0734 3696 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

18:02:23.0781 3696 Mup - ok

18:02:23.0843 3696 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe

18:02:23.0843 3696 N360 - ok

18:02:23.0875 3696 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

18:02:23.0921 3696 NABTSFEC - ok

18:02:24.0000 3696 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130104.032\NAVENG.SYS

18:02:24.0000 3696 NAVENG - ok

18:02:24.0062 3696 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130104.032\NAVEX15.SYS

18:02:24.0093 3696 NAVEX15 - ok

18:02:24.0125 3696 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

18:02:24.0171 3696 NDIS - ok

18:02:24.0187 3696 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

18:02:24.0265 3696 NdisIP - ok

18:02:24.0296 3696 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:02:24.0359 3696 NdisTapi - ok

18:02:24.0406 3696 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:02:24.0468 3696 Ndisuio - ok

18:02:24.0484 3696 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:02:24.0546 3696 NdisWan - ok

18:02:24.0562 3696 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

18:02:24.0625 3696 NDProxy - ok

18:02:24.0625 3696 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

18:02:24.0703 3696 NetBIOS - ok

18:02:24.0718 3696 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

18:02:24.0781 3696 NetBT - ok

18:02:24.0796 3696 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe

18:02:24.0859 3696 NetDDE - ok

18:02:24.0859 3696 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

18:02:24.0921 3696 NetDDEdsdm - ok

18:02:24.0937 3696 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe

18:02:25.0031 3696 Netlogon - ok

18:02:25.0046 3696 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll

18:02:25.0125 3696 Netman - ok

18:02:25.0140 3696 [ 8070BB07FE06DE8B9ACB29B07016A273 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:02:25.0156 3696 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - warning

18:02:25.0156 3696 NetTcpPortSharing - detected UnsignedFile.Multi.Generic (1)

18:02:25.0171 3696 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll

18:02:25.0250 3696 Nla - ok

18:02:25.0265 3696 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

18:02:25.0328 3696 Npfs - ok

18:02:25.0359 3696 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

18:02:25.0453 3696 Ntfs - ok

18:02:25.0453 3696 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

18:02:25.0500 3696 NtLmSsp - ok

18:02:25.0531 3696 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

18:02:25.0593 3696 NtmsSvc - ok

18:02:25.0609 3696 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

18:02:25.0671 3696 Null - ok

18:02:25.0828 3696 [ 5868D9602CBC3D41896B8750744664C9 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

18:02:25.0984 3696 nv - ok

18:02:26.0031 3696 [ 2D2B7B3AD297C659EFA1D02852CA9860 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys

18:02:26.0031 3696 NVHDA - ok

18:02:26.0078 3696 [ FCD5A42D241E23A90785A0864DDD0428 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe

18:02:26.0093 3696 nvsvc ( UnsignedFile.Multi.Generic ) - warning

18:02:26.0093 3696 nvsvc - detected UnsignedFile.Multi.Generic (1)

18:02:26.0125 3696 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:02:26.0250 3696 NwlnkFlt - ok

18:02:26.0250 3696 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:02:26.0359 3696 NwlnkFwd - ok

18:02:26.0421 3696 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

18:02:26.0437 3696 odserv - ok

18:02:26.0437 3696 OMCI - ok

18:02:26.0468 3696 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:02:26.0468 3696 ose - ok

18:02:26.0484 3696 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\drivers\Parport.sys

18:02:26.0562 3696 Parport - ok

18:02:26.0578 3696 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

18:02:26.0625 3696 PartMgr - ok

18:02:26.0671 3696 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

18:02:26.0718 3696 ParVdm - ok

18:02:26.0734 3696 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

18:02:26.0781 3696 PCI - ok

18:02:26.0781 3696 PCIDump - ok

18:02:26.0781 3696 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

18:02:26.0843 3696 PCIIde - ok

18:02:26.0859 3696 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

18:02:26.0953 3696 Pcmcia - ok

18:02:26.0953 3696 PDCOMP - ok

18:02:26.0953 3696 PDFRAME - ok

18:02:26.0953 3696 PDRELI - ok

18:02:26.0968 3696 PDRFRAME - ok

18:02:26.0968 3696 perc2 - ok

18:02:26.0968 3696 perc2hib - ok

18:02:27.0015 3696 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe

18:02:27.0078 3696 PlugPlay - ok

18:02:27.0109 3696 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

18:02:27.0171 3696 PolicyAgent - ok

18:02:27.0187 3696 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:02:27.0250 3696 PptpMiniport - ok

18:02:27.0250 3696 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

18:02:27.0312 3696 ProtectedStorage - ok

18:02:27.0312 3696 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

18:02:27.0421 3696 PSched - ok

18:02:27.0421 3696 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:02:27.0500 3696 Ptilink - ok

18:02:27.0500 3696 ql1080 - ok

18:02:27.0500 3696 Ql10wnt - ok

18:02:27.0500 3696 ql12160 - ok

18:02:27.0515 3696 ql1240 - ok

18:02:27.0515 3696 ql1280 - ok

18:02:27.0546 3696 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:02:27.0593 3696 RasAcd - ok

18:02:27.0609 3696 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll

18:02:27.0671 3696 RasAuto - ok

18:02:27.0687 3696 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:02:27.0750 3696 Rasl2tp - ok

18:02:27.0750 3696 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll

18:02:27.0812 3696 RasMan - ok

18:02:27.0812 3696 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:02:27.0859 3696 RasPppoe - ok

18:02:27.0875 3696 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

18:02:27.0937 3696 Raspti - ok

18:02:27.0968 3696 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:02:28.0031 3696 Rdbss - ok

18:02:28.0031 3696 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:02:28.0109 3696 RDPCDD - ok

18:02:28.0109 3696 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:02:28.0187 3696 rdpdr - ok

18:02:28.0203 3696 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

18:02:28.0265 3696 RDPWD - ok

18:02:28.0281 3696 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

18:02:28.0343 3696 RDSessMgr - ok

18:02:28.0375 3696 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

18:02:28.0421 3696 redbook - ok

18:02:28.0453 3696 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

18:02:28.0531 3696 RemoteAccess - ok

18:02:28.0562 3696 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

18:02:28.0640 3696 RemoteRegistry - ok

18:02:28.0656 3696 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe

18:02:28.0718 3696 RpcLocator - ok

18:02:28.0734 3696 [ 5C83A4408604F737717AB96371201680 ] RpcSs C:\WINDOWS\system32\rpcss.dll

18:02:28.0812 3696 RpcSs - ok

18:02:28.0828 3696 [ 31D45ECA63884FF5F7AECC50F7D1BAE0 ] RSUSBSTOR C:\WINDOWS\system32\Drivers\RtsUStor.sys

18:02:28.0843 3696 RSUSBSTOR - ok

18:02:28.0859 3696 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

18:02:28.0921 3696 RSVP - ok

18:02:28.0953 3696 [ A1AD65718870DBF2BCB81E3C1406469E ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

18:02:28.0968 3696 RTLE8023xp - ok

18:02:28.0984 3696 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe

18:02:29.0031 3696 SamSs - ok

18:02:29.0062 3696 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

18:02:29.0125 3696 SCardSvr - ok

18:02:29.0156 3696 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll

18:02:29.0218 3696 Schedule - ok

18:02:29.0234 3696 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:02:29.0281 3696 Secdrv - ok

18:02:29.0296 3696 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll

18:02:29.0375 3696 seclogon - ok

18:02:29.0375 3696 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll

18:02:29.0484 3696 SENS - ok

18:02:29.0484 3696 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\drivers\Serial.sys

18:02:29.0593 3696 Serial - ok

18:02:29.0640 3696 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

18:02:29.0703 3696 Sfloppy - ok

18:02:29.0718 3696 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

18:02:29.0796 3696 SharedAccess - ok

18:02:29.0828 3696 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

18:02:29.0875 3696 ShellHWDetection - ok

18:02:29.0875 3696 Simbad - ok

18:02:29.0921 3696 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

18:02:29.0921 3696 SkypeUpdate - ok

18:02:29.0953 3696 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

18:02:30.0000 3696 SLIP - ok

18:02:30.0000 3696 Sparrow - ok

18:02:30.0031 3696 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys

18:02:30.0093 3696 splitter - ok

18:02:30.0125 3696 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe

18:02:30.0234 3696 Spooler - ok

18:02:30.0265 3696 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

18:02:30.0328 3696 sr - ok

18:02:30.0328 3696 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll

18:02:30.0390 3696 srservice - ok

18:02:30.0437 3696 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\N360\0604000.009\SRTSP.SYS

18:02:30.0468 3696 SRTSP - ok

18:02:30.0484 3696 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\N360\0604000.009\SRTSPX.SYS

18:02:30.0500 3696 SRTSPX - ok

18:02:30.0500 3696 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

18:02:30.0609 3696 Srv - ok

18:02:30.0640 3696 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

18:02:30.0703 3696 SSDPSRV - ok

18:02:30.0750 3696 [ FBAA145C28074C853529050914D405C6 ] STacSV c:\program files\idt\wdm\stacsv.exe

18:02:30.0765 3696 STacSV - ok

18:02:30.0781 3696 [ 1E72739A30A0D3E3FC95EBB07F83912D ] stdcfltn C:\WINDOWS\system32\DRIVERS\stdcfltn.sys

18:02:30.0796 3696 stdcfltn - ok

18:02:30.0843 3696 [ 9BFDE0E43834495E501A9E3AB3B88062 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys

18:02:30.0921 3696 STHDA - ok

18:02:30.0937 3696 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll

18:02:31.0046 3696 stisvc - ok

18:02:31.0046 3696 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

18:02:31.0156 3696 streamip - ok

18:02:31.0171 3696 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

18:02:31.0281 3696 swenum - ok

18:02:31.0296 3696 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

18:02:31.0359 3696 swmidi - ok

18:02:31.0359 3696 SwPrv - ok

18:02:31.0375 3696 symc810 - ok

18:02:31.0375 3696 symc8xx - ok

18:02:31.0421 3696 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\N360\0604000.009\SYMDS.SYS

18:02:31.0437 3696 SymDS - ok

18:02:31.0468 3696 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\N360\0604000.009\SYMEFA.SYS

18:02:31.0500 3696 SymEFA - ok

18:02:31.0531 3696 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

18:02:31.0531 3696 SymEvent - ok

18:02:31.0546 3696 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\N360\0604000.009\Ironx86.SYS

18:02:31.0546 3696 SymIRON - ok

18:02:31.0562 3696 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0604000.009\SYMTDI.SYS

18:02:31.0578 3696 SYMTDI - ok

18:02:31.0578 3696 sym_hi - ok

18:02:31.0578 3696 sym_u3 - ok

18:02:31.0609 3696 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

18:02:31.0687 3696 sysaudio - ok

18:02:31.0703 3696 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

18:02:31.0765 3696 SysmonLog - ok

18:02:31.0781 3696 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

18:02:31.0843 3696 TapiSrv - ok

18:02:31.0859 3696 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:02:31.0937 3696 Tcpip - ok

18:02:31.0953 3696 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

18:02:32.0015 3696 TDPIPE - ok

18:02:32.0015 3696 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

18:02:32.0109 3696 TDTCP - ok

18:02:32.0125 3696 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

18:02:32.0203 3696 TermDD - ok

18:02:32.0250 3696 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll

18:02:32.0312 3696 TermService - ok

18:02:32.0328 3696 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll

18:02:32.0375 3696 Themes - ok

18:02:32.0406 3696 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

18:02:32.0437 3696 TlntSvr - ok

18:02:32.0437 3696 TosIde - ok

18:02:32.0468 3696 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll

18:02:32.0515 3696 TrkWks - ok

18:02:32.0531 3696 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

18:02:32.0609 3696 Udfs - ok

18:02:32.0609 3696 ultra - ok

18:02:32.0687 3696 [ 9E89C2D6945389270DE067CE51FF7425 ] UNS C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

18:02:32.0750 3696 UNS - ok

18:02:32.0781 3696 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

18:02:32.0906 3696 Update - ok

18:02:32.0921 3696 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll

18:02:32.0968 3696 upnphost - ok

18:02:32.0968 3696 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe

18:02:33.0093 3696 UPS - ok

18:02:33.0125 3696 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

18:02:33.0234 3696 usbaudio - ok

18:02:33.0250 3696 [ 77B3C8F166A6E6F2E834737AB8CAC1CA ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:02:33.0265 3696 usbccgp - ok

18:02:33.0312 3696 [ 4FFAEA1BD071A72DFB76519F5B1DA956 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:02:33.0328 3696 usbehci - ok

18:02:33.0328 3696 [ ACE960E54148821E8E48F5D191562C28 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:02:33.0359 3696 usbhub - ok

18:02:33.0390 3696 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:02:33.0484 3696 usbprint - ok

18:02:33.0515 3696 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:02:33.0625 3696 usbscan - ok

18:02:33.0640 3696 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:02:33.0734 3696 USBSTOR - ok

18:02:33.0750 3696 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys

18:02:33.0843 3696 usbvideo - ok

18:02:33.0906 3696 [ F44970C4137B57A5D5BD632B46113366 ] vcsFPService C:\WINDOWS\system32\vcsFPService.exe

18:02:33.0953 3696 vcsFPService - ok

18:02:33.0968 3696 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

18:02:34.0015 3696 VgaSave - ok

18:02:34.0015 3696 ViaIde - ok

18:02:34.0031 3696 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

18:02:34.0093 3696 VolSnap - ok

18:02:34.0125 3696 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe

18:02:34.0156 3696 VSS - ok

18:02:34.0187 3696 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll

18:02:34.0234 3696 W32Time - ok

18:02:34.0250 3696 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:02:34.0312 3696 Wanarp - ok

18:02:34.0359 3696 [ A1A36682DF22777834E1C37F3C79AEC2 ] WDBtnMgrSvc.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

18:02:34.0375 3696 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - warning

18:02:34.0375 3696 WDBtnMgrSvc.exe - detected UnsignedFile.Multi.Generic (1)

18:02:34.0406 3696 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys

18:02:34.0421 3696 Wdf01000 - ok

18:02:34.0421 3696 WDICA - ok

18:02:34.0453 3696 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

18:02:34.0500 3696 wdmaud - ok

18:02:34.0515 3696 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll

18:02:34.0562 3696 WebClient - ok

18:02:34.0656 3696 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

18:02:34.0718 3696 winmgmt - ok

18:02:34.0718 3696 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys

18:02:34.0734 3696 WinUSB - ok

18:02:34.0734 3696 wltrysvc - ok

18:02:34.0765 3696 [ C086483E3DBA8C1C0A687EC8D5B3D4C1 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll

18:02:34.0828 3696 WmdmPmSN - ok

18:02:34.0859 3696 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll

18:02:35.0015 3696 Wmi - ok

18:02:35.0031 3696 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

18:02:35.0156 3696 WmiAcpi - ok

18:02:35.0171 3696 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

18:02:35.0281 3696 WmiApSrv - ok

18:02:35.0312 3696 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll

18:02:35.0453 3696 wscsvc - ok

18:02:35.0453 3696 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

18:02:35.0546 3696 WSTCODEC - ok

18:02:35.0578 3696 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll

18:02:35.0640 3696 wuauserv - ok

18:02:35.0656 3696 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

18:02:35.0718 3696 WZCSVC - ok

18:02:35.0734 3696 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

18:02:35.0796 3696 xmlprov - ok

18:02:35.0812 3696 ================ Scan global ===============================

18:02:35.0843 3696 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll

18:02:35.0843 3696 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll

18:02:35.0859 3696 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll

18:02:35.0859 3696 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe

18:02:35.0859 3696 [Global] - ok

18:02:35.0859 3696 ================ Scan MBR ==================================

18:02:35.0890 3696 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

18:02:36.0171 3696 \Device\Harddisk0\DR0 - ok

18:02:36.0171 3696 ================ Scan VBR ==================================

18:02:36.0171 3696 [ D8073073BA2D2F071A5FB7BFAE8EBBD3 ] \Device\Harddisk0\DR0\Partition1

18:02:36.0171 3696 \Device\Harddisk0\DR0\Partition1 - ok

18:02:36.0171 3696 ============================================================

18:02:36.0171 3696 Scan finished

18:02:36.0171 3696 ============================================================

18:02:36.0187 3656 Detected object count: 5

18:02:36.0187 3656 Actual detected object count: 5

18:03:50.0953 3656 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

18:03:50.0953 3656 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:03:50.0953 3656 idsvc ( UnsignedFile.Multi.Generic ) - skipped by user

18:03:50.0953 3656 idsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:03:50.0953 3656 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - skipped by user

18:03:50.0953 3656 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:03:50.0968 3656 nvsvc ( UnsignedFile.Multi.Generic ) - skipped by user

18:03:50.0968 3656 nvsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:03:50.0968 3656 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - skipped by user

18:03:50.0968 3656 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

ComboFix 13-01-05.01 - Tom 01/05/2013 18:28:43.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3063.2117 [GMT -5:00]

Running from: c:\documents and settings\Tom\My Documents\Downloads\ComboFix.exe

AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\chrome.manifest

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\loader.xul

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\install.rdf

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf

c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf

c:\documents and settings\Tom\GoToAssistDownloadHelper.exe

c:\documents and settings\Tom\Local Settings\Application Data\Vid-Saver

c:\documents and settings\Tom\Local Settings\Application Data\Vid-Saver\Chrome\Vid-Saver.crx

c:\program files\Internet Explorer\SET43.tmp

c:\program files\Internet Explorer\SET47.tmp

c:\program files\Internet Explorer\SET48.tmp

c:\program files\Vid-Saver

c:\program files\Vid-Saver\ButtonUtil.dll

c:\program files\Vid-Saver\Uninstall.exe

c:\program files\Vid-Saver\Vid-Saver-bg.exe

c:\program files\Vid-Saver\Vid-Saver.exe

c:\windows\jestertb.dll

c:\windows\klog633.lg

c:\windows\system32\_000003_.tmp.dll

c:\windows\system32\SET5E.tmp

c:\windows\system32\SET5F.tmp

c:\windows\system32\SET60.tmp

c:\windows\system32\SET61.tmp

c:\windows\system32\SET62.tmp

c:\windows\system32\SET63.tmp

c:\windows\system32\SET64.tmp

c:\windows\system32\SET65.tmp

c:\windows\system32\SET66.tmp

c:\windows\system32\SET69.tmp

c:\windows\system32\SET6A.tmp

c:\windows\system32\SET6B.tmp

c:\windows\system32\SET6C.tmp

c:\windows\system32\SET6D.tmp

c:\windows\system32\SET6E.tmp

c:\windows\system32\SET70.tmp

c:\windows\system32\SET71.tmp

c:\windows\system32\SET72.tmp

c:\windows\system32\SET73.tmp

c:\windows\system32\SET74.tmp

c:\windows\system32\SET75.tmp

c:\windows\system32\SET76.tmp

c:\windows\system32\SET78.tmp

c:\windows\system32\SET79.tmp

c:\windows\system32\SET7A.tmp

c:\windows\system32\SET7B.tmp

c:\windows\system32\SET7C.tmp

c:\windows\system32\SET7D.tmp

c:\windows\system32\SET7E.tmp

c:\windows\system32\SET7F.tmp

c:\windows\system32\SET80.tmp

c:\windows\system32\SET81.tmp

c:\windows\system32\SET83.tmp

c:\windows\system32\SET84.tmp

c:\windows\system32\SET85.tmp

c:\windows\system32\SET86.tmp

c:\windows\system32\SET87.tmp

c:\windows\system32\SET88.tmp

c:\windows\system32\SET8A.tmp

c:\windows\system32\SET8B.tmp

c:\windows\system32\SET8C.tmp

c:\windows\system32\SET8D.tmp

c:\windows\system32\SET8E.tmp

c:\windows\system32\SET8F.tmp

c:\windows\system32\SET90.tmp

c:\windows\system32\SET91.tmp

c:\windows\system32\SET92.tmp

c:\windows\system32\SET93.tmp

c:\windows\system32\SETC.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 )))))))))))))))))))))))))))))))

.

.

2012-12-27 23:57 . 2012-12-27 23:57 -------- d-----w- c:\documents and settings\Tom\Application Data\Malwarebytes

2012-12-27 23:57 . 2012-12-27 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-12-27 23:57 . 2012-12-27 23:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-27 23:57 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-22 03:37 . 2012-12-22 04:32 -------- d--h--w- c:\windows\PIF

2012-12-21 22:43 . 2012-12-21 22:43 -------- d-----w- C:\N360_BACKUP

2012-12-10 01:19 . 2012-12-10 01:19 -------- d-----w- c:\program files\Easeware

2012-12-10 01:19 . 2012-12-10 01:19 -------- d-----w- c:\documents and settings\Tom\Application Data\Easeware

2012-12-08 23:05 . 2012-12-28 00:17 -------- d-----w- c:\documents and settings\Tom\Application Data\Skype

2012-12-08 23:05 . 2012-12-08 23:05 -------- d-----w- c:\program files\Common Files\Skype

2012-12-08 23:05 . 2012-12-08 23:05 -------- d-----r- c:\program files\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-13 04:07 . 2012-09-28 02:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-13 04:07 . 2012-09-28 02:10 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-23 04:22 . 2012-11-23 04:22 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-23 04:22 . 2012-11-23 04:22 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-23 04:22 . 2012-11-23 04:22 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-11-23 04:22 . 2012-11-23 04:22 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-21 14:20 . 2012-11-21 14:20 22328 ----a-w- c:\documents and settings\Tom\Application Data\PnkBstrK.sys

2012-10-15 23:19 . 2012-10-15 23:19 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL

2012-10-15 23:19 . 2012-10-15 23:19 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-10-08 14:05 . 2012-10-26 13:02 604672 ----a-w- c:\windows\system32\EKIJ5000MON.dll

2012-10-08 14:05 . 2012-10-26 13:02 225792 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll

2012-10-08 14:05 . 2012-10-26 13:02 118784 ----a-w- c:\windows\system32\EKIJCOINST13.dll

2012-12-01 13:26 . 2012-12-01 13:26 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PrivitizeVPNInstaller"="c:\documents and settings\Tom\Local Settings\Application Data\PrivitizeVPNInstaller\PrivitizeVPN_1.0.0.2_install_config.exe" [2012-11-24 1274472]

"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]

"Conime"="c:\windows\system32\conime.exe" [2004-08-04 27648]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Constant Guard.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Constant Guard.lnk

backup=c:\windows\pss\Constant Guard.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]

2008-12-17 09:41 729088 ----a-w- c:\windows\system32\AESTFltr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2012-09-28 03:44 2670592 ----a-w- c:\windows\system32\WLTRAY.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]

2004-08-04 12:00 27648 ----a-w- c:\windows\system32\conime.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]

2012-10-08 14:05 2804224 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKStatusMonitor]

2012-10-15 15:58 2844608 ----a-w- c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeFallProtection]

2010-10-01 13:48 727664 ----a-w- c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2010-02-19 17:02 13803520 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]

2010-02-19 17:02 86016 ----a-w- c:\windows\system32\nvhotkey.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2010-02-19 17:02 86016 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2010-02-19 17:03 1657448 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-11-09 16:27 17877168 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]

2010-04-07 08:35 495708 ------w- c:\program files\IDT\WDM\sttray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Anywhere Backup]

2008-11-07 19:20 197856 ----a-w- c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]

2008-07-24 19:22 450560 ----a-w- c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=

"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=

"c:\\WINDOWS\\system32\\msiexec.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:UDP"= 5353:UDP:Bonjour Port 5353

"9322:TCP"= 9322:TCP:EKDiscovery

.

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [9/27/2012 10:46 PM 17648]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604000.009\symds.sys [10/15/2012 7:21 PM 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604000.009\symefa.sys [10/15/2012 7:21 PM 924320]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121130.005\BHDrvx86.sys [12/3/2012 10:00 PM 995488]

R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360\0604000.009\ccsetx86.sys [10/15/2012 7:21 PM 132768]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604000.009\ironx86.sys [10/15/2012 7:21 PM 149624]

R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [10/16/2012 1:19 PM 61552]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [10/19/2012 1:51 PM 395200]

R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [10/15/2012 10:58 AM 779200]

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [11/7/2008 2:20 PM 25824]

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\6.4.0.9\ccsvchst.exe [10/15/2012 7:21 PM 138272]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [9/27/2012 9:40 PM 2320920]

R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [6/3/2010 2:40 PM 1664304]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 2:22 PM 102400]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [9/27/2012 10:46 PM 43888]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9/27/2012 10:38 PM 112512]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/15/2012 6:41 PM 106656]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130104.001\IDSXpx86.sys [1/4/2013 6:44 PM 373728]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [9/27/2012 10:54 PM 125696]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/27/2012 6:57 PM 398184]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/27/2012 6:57 PM 682344]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 11:21 AM 160944]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/27/2012 6:57 PM 21104]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [9/27/2012 10:51 PM 171520]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 12793247

*NewlyCreated* - FFADIPOB

*Deregistered* - 12793247

*Deregistered* - ffadipob

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-28 04:07]

.

2012-12-10 c:\windows\Tasks\DriverNavigator Scheduled Scan.job

- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2012-12-10 20:09]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-24 17:41]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-24 17:41]

.

2013-01-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2012-10-17 05:46]

.

2013-01-05 c:\windows\Tasks\User_Feed_Synchronization-{5C0642A4-63DD-49BD-8329-13BC0EC29F72}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

FF - ProfilePath - c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\

FF - prefs.js: browser.search.selectedEngine - Funmoods

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q=

FF - ExtSQL: 2012-11-22 23:33; toolbar@ask.com; c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\toolbar@ask.com

FF - ExtSQL: 2012-11-23 23:30; crossriderapp3491@crossrider.com; c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\crossriderapp3491@crossrider.com

FF - ExtSQL: 2012-11-27 08:32; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

FF - ExtSQL: 2012-12-08 17:38; ffxtlbr@funmoods.com; c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\extensions\ffxtlbr@funmoods.com

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzyzz0E0E0B0FtBzzyCyCtN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=511266012

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzyzz0E0E0B0FtBzzyCyCtN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=511266012

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzyzz0E0E0B0FtBzzyCyCtN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=511266012&q=

FF - user.js: extensions.funmoods.id - F04DA298EEBF2866

FF - user.js: extensions.funmoods.instlDay - 15682

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:38:2

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - orgnl

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef -

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

Toolbar-Locked - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-05 18:31

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(892)

c:\windows\System32\BCMLogon.dll

.

Completion time: 2013-01-05 18:32:15

ComboFix-quarantined-files.txt 2013-01-05 23:32

.

Pre-Run: 425,588,326,400 bytes free

Post-Run: 425,540,382,720 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 5E29D4FDE6ECA6ABC733DE7AFE153DCE

Link to post
Share on other sites

  • Staff

Please run the following:

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Link to post
Share on other sites

  • Staff

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

(click "Junkware Removal Tool" above

it will take you to here:

http://thisisudax.org/downloads/JRT.exe)

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.3.8 (01.03.2013:2)

OS: Microsoft Windows XP x86

Ran by Tom on Sat 01/05/2013 at 23:24:50.75

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-57989841-1606980848-682003330-1003\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\datamngr_toolbar

Successfully deleted: [Registry Key] hkey_current_user\software\ilivid

Successfully deleted: [Registry Key] hkey_current_user\software\installedbrowserextensions

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim

Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetup.exe

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}

Successfully deleted: [Registry Key] "hkey_current_user\software\apn"

Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"

Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job"

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"

Successfully deleted: [Folder] "C:\Documents and Settings\Tom\Application Data\comcasttb"

Successfully deleted: [Folder] "C:\Documents and Settings\Tom\Local Settings\Application Data\torch"

Successfully deleted: [Folder] "C:\Program Files\sweetim"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"

Successfully deleted: [Folder] "C:\Program Files\ask.com"

Successfully deleted: [Folder] "C:\Documents and Settings\Tom\local settings\application data\asktoolbar"

Successfully deleted: [Folder] "C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\search_results.xml"

Successfully deleted: [File] C:\Documents and Settings\Tom\Application Data\mozilla\firefox\profiles\6cycggh8.default\user.js

Successfully deleted: [File] C:\Documents and Settings\Tom\Application Data\mozilla\firefox\profiles\6cycggh8.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi

Successfully deleted: [File] C:\Documents and Settings\Tom\Application Data\mozilla\firefox\profiles\6cycggh8.default\searchplugins\askcom.xml

Successfully deleted: [File] C:\Documents and Settings\Tom\Application Data\mozilla\firefox\profiles\6cycggh8.default\searchplugins\funmoods.xml

Successfully deleted: [File] C:\Documents and Settings\Tom\Application Data\mozilla\firefox\profiles\6cycggh8.default\searchplugins\search_results.xml

Successfully deleted: [File] C:\Documents and Settings\Tom\Application Data\mozilla\firefox\profiles\6cycggh8.default\searchplugins\sweetim.xml

Successfully deleted: [Folder] C:\Documents and Settings\Tom\Application Data\mozilla\firefox\profiles\6cycggh8.default\extensions\crossriderapp3491@crossrider.com

Successfully deleted: [Folder] C:\Documents and Settings\Tom\Application Data\mozilla\firefox\profiles\6cycggh8.default\extensions\toolbar@ask.com

Successfully deleted the following from C:\Documents and Settings\Tom\Application Data\mozilla\firefox\profiles\6cycggh8.default\prefs.js

user_pref("browser.newtab.url", "http://home.sweetim.com/?src=97&barid={796D5449-3892-11E2-8040-5CAC4CE8713A}");

user_pref("browser.search.defaultengine", "Ask.com");

user_pref("browser.search.defaultenginename", "Funmoods");

user_pref("browser.search.order.1", "Search Results");

user_pref("browser.search.selectedEngine", "Funmoods");

user_pref("extensions.asktb.ff-original-keyword-url", "http://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q=");

user_pref("extensions.crossrider.bic", "13b324220a37fa092b983c20ce0dc133");

user_pref("extensions.crossriderapp3491.3491.InstallationTime", 1353757893);

user_pref("extensions.crossriderapp3491.3491.active", true);

user_pref("extensions.crossriderapp3491.3491.addressbar", "");

user_pref("extensions.crossriderapp3491.3491.addressbarenhanced", "");

user_pref("extensions.crossriderapp3491.3491.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit()

user_pref("extensions.crossriderapp3491.3491.backgroundver", 12);

user_pref("extensions.crossriderapp3491.3491.can_run_bg_code", true);

user_pref("extensions.crossriderapp3491.3491.certdomaininstaller", "");

user_pref("extensions.crossriderapp3491.3491.changeprevious", false);

user_pref("extensions.crossriderapp3491.3491.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.cookie.InstallationTime.value", "1353757893");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_aoi.value", "1353757893");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_blocklist.expiration", "Sat Jan 05 2013 21:14:02 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_country_code.expiration", "Tue Jan 08 2013 07:50:34 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_country_code.value", "%22US%22");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_crr.value", "1357438204");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_currenttime.value", "%221356061408%22");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_hotfix20111102645.value", "%221%22");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_parent_zoneid.value", "%2214019%22");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_pc_20120828.value", "1353758000841");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_product_id.value", "%221140%22");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_sr[hulu.com].expiration", "Wed Dec 26 2012 10:42:22 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_sr[hulu.com].value", "1356450142");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.cookie._GPL_zoneid.value", "%22110731%22");

user_pref("extensions.crossriderapp3491.3491.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.cookie.dbtest.value", "1353757894661");

user_pref("extensions.crossriderapp3491.3491.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.cookie.lastrequest.value", "%7B%22path%22%3A%22/interfaces/sso/login.php%22%2C%22host%22%3A%22mail.nilesjanitorsupply.com%22%2C%22

user_pref("extensions.crossriderapp3491.3491.description", "Vid-Saver allows you to download your favorite streaming videos!");

user_pref("extensions.crossriderapp3491.3491.domain", "");

user_pref("extensions.crossriderapp3491.3491.enablesearch", false);

user_pref("extensions.crossriderapp3491.3491.fbremoteurl", "");

user_pref("extensions.crossriderapp3491.3491.group", 0);

user_pref("extensions.crossriderapp3491.3491.homepage", "");

user_pref("extensions.crossriderapp3491.3491.iframe", false);

user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_appVer.value", "65");

user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_lastVersion.value", "0");

user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_meta.value", "%7B%7D");

user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_nextCheck.expiration", "Sun Jan 06 2013 03:10:04 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_nextCheck.value", "true");

user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_queue.value", "%7B%7D");

user_pref("extensions.crossriderapp3491.3491.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1140,baseCDN:\"

user_pref("extensions.crossriderapp3491.3491.manifesturl", "");

user_pref("extensions.crossriderapp3491.3491.name", "Vid-Saver");

user_pref("extensions.crossriderapp3491.3491.newtab", "");

user_pref("extensions.crossriderapp3491.3491.opensearch", "");

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw n

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000014.name", "GPL Plugin (Loader)");

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000014.ver", 10);

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function(

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000015.name", "GPL Background (BG)");

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000015.ver", 4);

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelectio

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.name", "CrossriderAppUtils");

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.ver", 2);

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.name", "CrossriderUtils");

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.ver", 2);

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*9999999999999

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.name", "FacebookFFIE");

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.ver", 1);

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!=true)&&(typeof _firefoxVersion!==\"undefined\"&&_

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.name", "FFAppAPIWrapper");

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.ver", 4);

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * http://jquery.com/\n *\

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.name", "jQuery");

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.ver", 3);

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(fu

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_47.name", "resources_background");

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_47.ver", 1);

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};v

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_64.name", "appApiMessage");

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_64.ver", 1);

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var j={};var e=appAPI.appInfo.name;var k=fu

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_72.name", "appApiValidation");

user_pref("extensions.crossriderapp3491.3491.plugins.plugin_72.ver", 1);

user_pref("extensions.crossriderapp3491.3491.plugins_lists.plugins_0", "17,14,16,64,72,47,1000015");

user_pref("extensions.crossriderapp3491.3491.plugins_lists.plugins_1", "17,14,13,16,15,64,72,1000014");

user_pref("extensions.crossriderapp3491.3491.pluginsurl", "http://app-static.crossrider.com/plugin/apps/3491/plugins/086/ff/plugins.json");

user_pref("extensions.crossriderapp3491.3491.pluginsversion", 22);

user_pref("extensions.crossriderapp3491.3491.publisher", "215 Apps");

user_pref("extensions.crossriderapp3491.3491.searchstatus", 0);

user_pref("extensions.crossriderapp3491.3491.setnewtab", false);

user_pref("extensions.crossriderapp3491.3491.settingsurl", "");

user_pref("extensions.crossriderapp3491.3491.thankyou", "http://vid-saver.com/thankyou.html");

user_pref("extensions.crossriderapp3491.3491.updateinterval", 360);

user_pref("extensions.crossriderapp3491.3491.ver", 65);

user_pref("extensions.crossriderapp3491.adsOldValue", -1);

user_pref("extensions.crossriderapp3491.apps", "3491");

user_pref("extensions.crossriderapp3491.bic", "13b324220a37fa092b983c20ce0dc133");

user_pref("extensions.crossriderapp3491.cid", 3491);

user_pref("extensions.crossriderapp3491.firstrun", false);

user_pref("extensions.crossriderapp3491.hadappinstalled", true);

user_pref("extensions.crossriderapp3491.installationdate", 1353757893);

user_pref("extensions.crossriderapp3491.lastcheck", 22623969);

user_pref("extensions.crossriderapp3491.lastcheckitem", 22623970);

user_pref("extensions.crossriderapp3491.modetype", "production");

user_pref("extensions.crossriderapp3491.reportInstall", true);

user_pref("extensions.funmoods.aflt", "orgnl");

user_pref("extensions.funmoods.autoRvrt", false);

user_pref("extensions.funmoods.dfltLng", "");

user_pref("extensions.funmoods.dfltSrch", true);

user_pref("extensions.funmoods.dnsErr", true);

user_pref("extensions.funmoods.envrmnt", "production");

user_pref("extensions.funmoods.excTlbr", false);

user_pref("extensions.funmoods.hmpg", true);

user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzyzz0E0E0B0FtBzzyCyCtN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtDtFt

user_pref("extensions.funmoods.id", "F04DA298EEBF2866");

user_pref("extensions.funmoods.instlDay", "15682");

user_pref("extensions.funmoods.instlRef", "");

user_pref("extensions.funmoods.isdcmntcmplt", true);

user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzyzz0E0E0B0FtBzzyCyCtN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtDt

user_pref("extensions.funmoods.prdct", "funmoods");

user_pref("extensions.funmoods.prtnrId", "funmoods");

user_pref("extensions.funmoods.srchPrvdr", "Search");

user_pref("extensions.funmoods.tlbrId", "base");

user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzyzz0E0E0B0FtBzzyCyCtN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFt

user_pref("extensions.funmoods.vrsn", "1.5.23.22");

user_pref("extensions.funmoods.vrsni", "1.5.23.22");

user_pref("extensions.funmoods_i.newTab", true);

user_pref("extensions.funmoods_i.smplGrp", "none");

user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:38:2");

user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");

user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");

user_pref("sweetim.toolbar.Visibility.enable", "true");

user_pref("sweetim.toolbar.Visibility.intervaldays", "7");

user_pref("sweetim.toolbar.cargo", "3.1010000.10005");

user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");

user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");

user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");

user_pref("sweetim.toolbar.cda.returnValue", "hide");

user_pref("sweetim.toolbar.dialogs.0.enable", "true");

user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");

user_pref("sweetim.toolbar.dialogs.0.height", "335");

user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");

user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");

user_pref("sweetim.toolbar.dialogs.0.url", "http://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");

user_pref("sweetim.toolbar.dialogs.0.width", "761");

user_pref("sweetim.toolbar.dialogs.1.enable", "true");

user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");

user_pref("sweetim.toolbar.dialogs.1.height", "300");

user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");

user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");

user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");

user_pref("sweetim.toolbar.dialogs.1.width", "500");

user_pref("sweetim.toolbar.dialogs.2.enable", "true");

user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");

user_pref("sweetim.toolbar.dialogs.2.height", "150");

user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");

user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");

user_pref("sweetim.toolbar.dialogs.2.url", "http://www.sweetim.com/simffbar/simcdadialog.asp");

user_pref("sweetim.toolbar.dialogs.2.width", "530");

user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube

user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");

user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");

user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");

user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");

user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");

user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");

user_pref("sweetim.toolbar.mode.debug", "false");

user_pref("sweetim.toolbar.newtab.created", "true");

user_pref("sweetim.toolbar.newtab.enable", "true");

user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");

user_pref("sweetim.toolbar.previous.keyword.URL", "");

user_pref("sweetim.toolbar.rc.url", "http://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");

user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");

user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");

user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");

user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "http://(www.|apps.)?facebook\\.com.*");

user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");

user_pref("sweetim.toolbar.scripts.0.enable", "true");

user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");

user_pref("sweetim.toolbar.scripts.0.url", "http://sc.sweetim.com/apps/in/fb/infb.js");

user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");

user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");

user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "https://(www.|apps.)?facebook\\.com.*");

user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");

user_pref("sweetim.toolbar.scripts.1.enable", "false");

user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_httpS");

user_pref("sweetim.toolbar.scripts.1.url", "https://sc.sweetim.com/apps/in/fb/infb.js");

user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");

user_pref("sweetim.toolbar.scripts.2.callback", "");

user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");

user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");

user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");

user_pref("sweetim.toolbar.scripts.2.enable", "false");

user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");

user_pref("sweetim.toolbar.scripts.2.url", "http://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");

user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://sear

user_pref("sweetim.toolbar.search.history", "");

user_pref("sweetim.toolbar.search.history.capacity", "10");

user_pref("sweetim.toolbar.searchguard.enable", "false");

user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");

user_pref("sweetim.toolbar.simapp_id", "{796D5449-3892-11E2-8040-5CAC4CE8713A}");

user_pref("sweetim.toolbar.version", "1.7.0.3");

~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pgmfkblbflahhponhjmkcnpjinenhlnc

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 01/05/2013 at 23:29:28.46

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

# AdwCleaner v2.104 - Logfile created 01/05/2013 at 23:47:06

# Updated 29/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)

# User : Tom - NJS-7392FF1A179

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Tom\My Documents\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Tom\Desktop\Search The Web.url

File Deleted : C:\Documents and Settings\Tom\Desktop\sweetpcfix.url

Folder Deleted : C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\SweetPacksToolbarData

Folder Deleted : C:\Documents and Settings\Tom\Local Settings\Application Data\APN

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\StartSearch

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

Key Deleted : HKLM\Software\iLividSRTB

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\6cycggh8.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.18] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y[...]

Deleted [l.2186] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1[...]

*************************

AdwCleaner[s1].txt - [2139 octets] - [05/01/2013 23:47:06]

########## EOF - C:\AdwCleaner[s1].txt - [2199 octets] ##########

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.06.01

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.18702

Tom :: NJS-7392FF1A179 [administrator]

Protection: Enabled

1/5/2013 11:57:24 PM

mbam-log-2013-01-05 (23-57-24).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 190408

Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

  • Staff
Jesus! All this just to remove? With everything else I've tried, it keeps coming back. It's like pc herpes.

are you saying funmoods has returned?

if so please run the following:

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.