smitfraud-c.generic

[diane7]

12:26:59.0532 3840 VgaSave - ok

12:26:59.0548 3840 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

12:26:59.0551 3840 vhdmp - ok

12:26:59.0568 3840 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

12:26:59.0570 3840 viaide - ok

12:26:59.0584 3840 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

12:26:59.0586 3840 volmgr - ok

12:26:59.0620 3840 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

12:26:59.0624 3840 volmgrx - ok

12:26:59.0641 3840 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

12:26:59.0644 3840 volsnap - ok

12:26:59.0679 3840 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

12:26:59.0681 3840 vsmraid - ok

12:26:59.0731 3840 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

12:26:59.0761 3840 VSS - ok

12:26:59.0775 3840 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

12:26:59.0776 3840 vwifibus - ok

12:26:59.0791 3840 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

12:26:59.0793 3840 vwififlt - ok

12:26:59.0811 3840 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

12:26:59.0814 3840 W32Time - ok

12:26:59.0837 3840 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

12:26:59.0838 3840 WacomPen - ok

12:26:59.0873 3840 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

12:26:59.0875 3840 WANARP - ok

12:26:59.0879 3840 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

12:26:59.0880 3840 Wanarpv6 - ok

12:26:59.0923 3840 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

12:26:59.0936 3840 WatAdminSvc - ok

12:26:59.0978 3840 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

12:26:59.0994 3840 wbengine - ok

12:27:00.0019 3840 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

12:27:00.0023 3840 WbioSrvc - ok

12:27:00.0058 3840 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

12:27:00.0063 3840 wcncsvc - ok

12:27:00.0091 3840 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

12:27:00.0093 3840 WcsPlugInService - ok

12:27:00.0113 3840 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

12:27:00.0114 3840 Wd - ok

12:27:00.0153 3840 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

12:27:00.0160 3840 Wdf01000 - ok

12:27:00.0178 3840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

12:27:00.0180 3840 WdiServiceHost - ok

12:27:00.0186 3840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

12:27:00.0188 3840 WdiSystemHost - ok

12:27:00.0213 3840 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

12:27:00.0217 3840 WebClient - ok

12:27:00.0234 3840 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

12:27:00.0238 3840 Wecsvc - ok

12:27:00.0249 3840 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

12:27:00.0251 3840 wercplsupport - ok

12:27:00.0273 3840 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

12:27:00.0274 3840 WerSvc - ok

12:27:00.0294 3840 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

12:27:00.0295 3840 WfpLwf - ok

12:27:00.0312 3840 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

12:27:00.0313 3840 WIMMount - ok

12:27:00.0323 3840 WinDefend - ok

12:27:00.0329 3840 WinHttpAutoProxySvc - ok

12:27:00.0379 3840 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

12:27:00.0382 3840 Winmgmt - ok

12:27:00.0441 3840 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

12:27:00.0494 3840 WinRM - ok

12:27:00.0551 3840 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

12:27:00.0558 3840 Wlansvc - ok

12:27:00.0589 3840 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

12:27:00.0590 3840 WmiAcpi - ok

12:27:00.0613 3840 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

12:27:00.0616 3840 wmiApSrv - ok

12:27:00.0630 3840 WMPNetworkSvc - ok

12:27:00.0650 3840 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

12:27:00.0653 3840 WPCSvc - ok

12:27:00.0684 3840 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

12:27:00.0686 3840 WPDBusEnum - ok

12:27:00.0708 3840 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

12:27:00.0709 3840 ws2ifsl - ok

12:27:00.0725 3840 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

12:27:00.0727 3840 wscsvc - ok

12:27:00.0732 3840 WSearch - ok

12:27:00.0799 3840 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

12:27:00.0830 3840 wuauserv - ok

12:27:00.0861 3840 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

12:27:00.0862 3840 WudfPf - ok

12:27:00.0890 3840 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

12:27:00.0892 3840 wudfsvc - ok

12:27:00.0906 3840 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

12:27:00.0910 3840 WwanSvc - ok

12:27:00.0931 3840 ================ Scan global ===============================

12:27:00.0953 3840 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

12:27:00.0986 3840 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

12:27:00.0994 3840 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

12:27:01.0009 3840 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

12:27:01.0033 3840 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

12:27:01.0036 3840 [Global] - ok

12:27:01.0037 3840 ================ Scan MBR ==================================

12:27:01.0046 3840 [ 89750024E83C5387C5B5F649AFB20429 ] \Device\Harddisk0\DR0

12:27:01.0233 3840 \Device\Harddisk0\DR0 - ok

12:27:01.0233 3840 ================ Scan VBR ==================================

12:27:01.0238 3840 [ 0CB555645E88FB9D32D324EDD502BEAA ] \Device\Harddisk0\DR0\Partition1

12:27:01.0240 3840 \Device\Harddisk0\DR0\Partition1 - ok

12:27:01.0251 3840 [ C88532FE8C261DC926E34F2EEDC1F880 ] \Device\Harddisk0\DR0\Partition2

12:27:01.0254 3840 \Device\Harddisk0\DR0\Partition2 - ok

12:27:01.0283 3840 [ 3A96162BAA79A5A8E0F50DA9AB06DE36 ] \Device\Harddisk0\DR0\Partition3

12:27:01.0286 3840 \Device\Harddisk0\DR0\Partition3 - ok

12:27:01.0286 3840 ============================================================

12:27:01.0286 3840 Scan finished

12:27:01.0286 3840 ============================================================

12:27:01.0305 3740 Detected object count: 0

12:27:01.0305 3740 Actual detected object count: 0

12:27:09.0251 1772 ============================================================

12:27:09.0251 1772 Scan started

12:27:09.0251 1772 Mode: Manual; TDLFS;

12:27:09.0251 1772 ============================================================

12:27:09.0387 1772 ================ Scan system memory ========================

12:27:09.0387 1772 System memory - ok

12:27:09.0388 1772 ================ Scan services =============================

12:27:09.0513 1772 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

12:27:09.0516 1772 1394ohci - ok

12:27:09.0533 1772 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

12:27:09.0537 1772 ACPI - ok

12:27:09.0564 1772 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

12:27:09.0565 1772 AcpiPmi - ok

12:27:09.0651 1772 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

12:27:09.0654 1772 AdobeFlashPlayerUpdateSvc - ok

12:27:09.0682 1772 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

12:27:09.0687 1772 adp94xx - ok

12:27:09.0720 1772 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

12:27:09.0724 1772 adpahci - ok

12:27:09.0735 1772 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

12:27:09.0737 1772 adpu320 - ok

12:27:09.0765 1772 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

12:27:09.0766 1772 AeLookupSvc - ok

12:27:09.0800 1772 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

12:27:09.0805 1772 AFD - ok

12:27:09.0884 1772 [ 23E7CB4641B93CE8591D1057670A4F04 ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

12:27:09.0890 1772 AffinegyService - ok

12:27:09.0922 1772 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

12:27:09.0923 1772 agp440 - ok

12:27:09.0939 1772 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

12:27:09.0940 1772 ALG - ok

12:27:09.0957 1772 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

12:27:09.0958 1772 aliide - ok

12:27:09.0971 1772 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

12:27:09.0972 1772 amdide - ok

12:27:09.0988 1772 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

12:27:09.0989 1772 AmdK8 - ok

12:27:09.0997 1772 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

12:27:09.0998 1772 AmdPPM - ok

12:27:10.0028 1772 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

12:27:10.0029 1772 amdsata - ok

12:27:10.0070 1772 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

12:27:10.0072 1772 amdsbs - ok

12:27:10.0093 1772 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

12:27:10.0094 1772 amdxata - ok

12:27:10.0119 1772 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

12:27:10.0121 1772 AppID - ok

12:27:10.0128 1772 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

12:27:10.0129 1772 AppIDSvc - ok

12:27:10.0181 1772 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

12:27:10.0182 1772 Appinfo - ok

12:27:10.0223 1772 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

12:27:10.0224 1772 arc - ok

12:27:10.0230 1772 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

12:27:10.0231 1772 arcsas - ok

12:27:10.0289 1772 aspnet_state - ok

12:27:10.0316 1772 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

12:27:10.0317 1772 AsyncMac - ok

12:27:10.0327 1772 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

12:27:10.0328 1772 atapi - ok

12:27:10.0368 1772 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

12:27:10.0372 1772 AudioEndpointBuilder - ok

12:27:10.0385 1772 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

12:27:10.0389 1772 AudioSrv - ok

12:27:10.0420 1772 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

12:27:10.0421 1772 AxInstSV - ok

12:27:10.0445 1772 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

12:27:10.0448 1772 b06bdrv - ok

12:27:10.0461 1772 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

12:27:10.0463 1772 b57nd60a - ok

12:27:10.0481 1772 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

12:27:10.0482 1772 BDESVC - ok

12:27:10.0499 1772 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

12:27:10.0499 1772 Beep - ok

12:27:10.0577 1772 [ 9BB84C554D7429F0A2CDF4EA1836F233 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe

12:27:10.0579 1772 Belkin Local Backup Service - ok

12:27:10.0603 1772 [ E62A04D615A8CAC83601E1F07C010D3C ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe

12:27:10.0604 1772 Belkin Network USB Helper - ok

12:27:10.0643 1772 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

12:27:10.0650 1772 BFE - ok

12:27:10.0797 1772 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130208.001\BHDrvx64.sys

12:27:10.0811 1772 BHDrvx64 - ok

12:27:10.0864 1772 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

12:27:10.0874 1772 BITS - ok

12:27:10.0895 1772 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

12:27:10.0896 1772 blbdrive - ok

12:27:10.0922 1772 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

12:27:10.0923 1772 bowser - ok

12:27:10.0944 1772 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

12:27:10.0945 1772 BrFiltLo - ok

12:27:10.0959 1772 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

12:27:10.0960 1772 BrFiltUp - ok

12:27:10.0990 1772 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

12:27:10.0992 1772 Browser - ok

12:27:11.0019 1772 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

12:27:11.0022 1772 Brserid - ok

12:27:11.0030 1772 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

12:27:11.0031 1772 BrSerWdm - ok

12:27:11.0050 1772 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

12:27:11.0051 1772 BrUsbMdm - ok

12:27:11.0058 1772 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

12:27:11.0059 1772 BrUsbSer - ok

12:27:11.0075 1772 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

12:27:11.0076 1772 BTHMODEM - ok

12:27:11.0105 1772 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

12:27:11.0106 1772 bthserv - ok

12:27:11.0158 1772 [ A5C13600F63EB92F8D15123D64BA9895 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1401010.002\ccSetx64.sys

12:27:11.0160 1772 ccSet_N360 - ok

12:27:11.0188 1772 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

12:27:11.0189 1772 cdfs - ok

12:27:11.0223 1772 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

12:27:11.0224 1772 cdrom - ok

12:27:11.0255 1772 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

12:27:11.0256 1772 CertPropSvc - ok

12:27:11.0266 1772 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

12:27:11.0267 1772 circlass - ok

12:27:11.0284 1772 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

12:27:11.0288 1772 CLFS - ok

12:27:11.0312 1772 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:27:11.0313 1772 clr_optimization_v2.0.50727_32 - ok

12:27:11.0358 1772 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

12:27:11.0360 1772 clr_optimization_v2.0.50727_64 - ok

12:27:11.0399 1772 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:27:11.0401 1772 clr_optimization_v4.0.30319_32 - ok

12:27:11.0419 1772 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

12:27:11.0421 1772 clr_optimization_v4.0.30319_64 - ok

12:27:11.0447 1772 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

12:27:11.0447 1772 CmBatt - ok

12:27:11.0468 1772 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

12:27:11.0469 1772 cmdide - ok

12:27:11.0497 1772 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

12:27:11.0502 1772 CNG - ok

12:27:11.0521 1772 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

12:27:11.0522 1772 Compbatt - ok

12:27:11.0543 1772 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

12:27:11.0544 1772 CompositeBus - ok

12:27:11.0551 1772 COMSysApp - ok

12:27:11.0585 1772 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

12:27:11.0586 1772 crcdisk - ok

12:27:11.0624 1772 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

12:27:11.0626 1772 CryptSvc - ok

12:27:11.0664 1772 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

12:27:11.0671 1772 DcomLaunch - ok

12:27:11.0697 1772 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

12:27:11.0699 1772 defragsvc - ok

12:27:11.0723 1772 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

12:27:11.0723 1772 DfsC - ok

12:27:11.0751 1772 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

12:27:11.0753 1772 Dhcp - ok

12:27:11.0774 1772 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

12:27:11.0774 1772 discache - ok

12:27:11.0789 1772 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

12:27:11.0790 1772 Disk - ok

12:27:11.0812 1772 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

12:27:11.0813 1772 Dnscache - ok

12:27:11.0843 1772 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

12:27:11.0844 1772 dot3svc - ok

12:27:11.0870 1772 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

12:27:11.0871 1772 DPS - ok

12:27:11.0897 1772 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

12:27:11.0897 1772 drmkaud - ok

12:27:11.0933 1772 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

12:27:11.0938 1772 DXGKrnl - ok

12:27:11.0949 1772 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

12:27:11.0950 1772 EapHost - ok

12:27:12.0008 1772 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

12:27:12.0026 1772 ebdrv - ok

12:27:12.0076 1772 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

12:27:12.0081 1772 eeCtrl - ok

12:27:12.0108 1772 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

12:27:12.0110 1772 EFS - ok

12:27:12.0158 1772 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

12:27:12.0165 1772 ehRecvr - ok

12:27:12.0189 1772 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

12:27:12.0190 1772 ehSched - ok

12:27:12.0219 1772 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

12:27:12.0224 1772 elxstor - ok

12:27:12.0255 1772 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

12:27:12.0257 1772 EraserUtilRebootDrv - ok

12:27:12.0287 1772 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

12:27:12.0288 1772 ErrDev - ok

12:27:12.0310 1772 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

12:27:12.0315 1772 EventSystem - ok

12:27:12.0345 1772 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

12:27:12.0346 1772 exfat - ok

12:27:12.0353 1772 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

12:27:12.0355 1772 fastfat - ok

12:27:12.0383 1772 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

12:27:12.0388 1772 Fax - ok

12:27:12.0400 1772 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

12:27:12.0401 1772 fdc - ok

12:27:12.0415 1772 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

12:27:12.0416 1772 fdPHost - ok

12:27:12.0431 1772 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

12:27:12.0432 1772 FDResPub - ok

12:27:12.0443 1772 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

12:27:12.0444 1772 FileInfo - ok

12:27:12.0454 1772 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

12:27:12.0454 1772 Filetrace - ok

12:27:12.0467 1772 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

12:27:12.0467 1772 flpydisk - ok

12:27:12.0497 1772 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

12:27:12.0499 1772 FltMgr - ok

12:27:12.0540 1772 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

12:27:12.0546 1772 FontCache - ok

12:27:12.0594 1772 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

12:27:12.0595 1772 FontCache3.0.0.0 - ok

12:27:12.0603 1772 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

12:27:12.0604 1772 FsDepends - ok

12:27:12.0634 1772 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

12:27:12.0635 1772 Fs_Rec - ok

12:27:12.0673 1772 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

12:27:12.0676 1772 fvevol - ok

12:27:12.0697 1772 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

12:27:12.0699 1772 gagp30kx - ok

12:27:12.0737 1772 [ 81C1EB203DD3F0C111FE2086BADA2D67 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

12:27:12.0740 1772 GameConsoleService - ok

12:27:12.0787 1772 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

12:27:12.0795 1772 gpsvc - ok

12:27:12.0859 1772 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:27:12.0861 1772 gupdate - ok

12:27:12.0868 1772 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:27:12.0871 1772 gupdatem - ok

12:27:12.0914 1772 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

12:27:12.0916 1772 gusvc - ok

12:27:12.0936 1772 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

12:27:12.0937 1772 hcw85cir - ok

12:27:12.0961 1772 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

12:27:12.0962 1772 HDAudBus - ok

12:27:12.0970 1772 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

12:27:12.0971 1772 HidBatt - ok

12:27:12.0989 1772 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

12:27:12.0990 1772 HidBth - ok

12:27:12.0999 1772 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

12:27:13.0000 1772 HidIr - ok

12:27:13.0026 1772 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

12:27:13.0027 1772 hidserv - ok

12:27:13.0036 1772 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

12:27:13.0037 1772 HidUsb - ok

12:27:13.0068 1772 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

12:27:13.0069 1772 hkmsvc - ok

12:27:13.0104 1772 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

12:27:13.0107 1772 HomeGroupListener - ok

12:27:13.0136 1772 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

12:27:13.0139 1772 HomeGroupProvider - ok

12:27:13.0197 1772 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

12:27:13.0199 1772 HP Support Assistant Service - ok

12:27:13.0249 1772 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

12:27:13.0259 1772 hpqwmiex - ok

12:27:13.0287 1772 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

12:27:13.0288 1772 HpSAMD - ok

12:27:13.0327 1772 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

12:27:13.0331 1772 HTTP - ok

12:27:13.0362 1772 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

12:27:13.0362 1772 hwpolicy - ok

12:27:13.0390 1772 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

12:27:13.0391 1772 i8042prt - ok

12:27:13.0425 1772 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

12:27:13.0428 1772 iaStor - ok

12:27:13.0461 1772 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

12:27:13.0461 1772 IAStorDataMgrSvc - ok

12:27:13.0483 1772 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

12:27:13.0485 1772 iaStorV - ok

12:27:13.0521 1772 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

12:27:13.0526 1772 idsvc - ok

12:27:13.0602 1772 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130301.002\IDSvia64.sys

12:27:13.0607 1772 IDSVia64 - ok

12:27:13.0737 1772 [ 89B99E3E988DFA20ABB58FF1930ADD21 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

12:27:13.0769 1772 igfx - ok

12:27:13.0810 1772 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

12:27:13.0811 1772 iirsp - ok

12:27:13.0835 1772 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

12:27:13.0844 1772 IKEEXT - ok

12:27:13.0903 1772 [ BFBABCB231628A4551DBB10D0EA25D62 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

12:27:13.0913 1772 IntcAzAudAddService - ok

12:27:13.0932 1772 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

12:27:13.0932 1772 intelide - ok

12:27:13.0958 1772 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

12:27:13.0959 1772 intelppm - ok

12:27:14.0008 1772 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

12:27:14.0009 1772 IntuitUpdateService - ok

12:27:14.0051 1772 [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

12:27:14.0052 1772 IntuitUpdateServiceV4 - ok

12:27:14.0072 1772 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

12:27:14.0074 1772 IPBusEnum - ok

12:27:14.0104 1772 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:27:14.0105 1772 IpFilterDriver - ok

12:27:14.0137 1772 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

12:27:14.0140 1772 iphlpsvc - ok

12:27:14.0173 1772 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

12:27:14.0174 1772 IPMIDRV - ok

12:27:14.0198 1772 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

12:27:14.0199 1772 IPNAT - ok

12:27:14.0217 1772 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

12:27:14.0218 1772 IRENUM - ok

12:27:14.0236 1772 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

12:27:14.0237 1772 isapnp - ok

12:27:14.0268 1772 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

12:27:14.0271 1772 iScsiPrt - ok

12:27:14.0290 1772 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

12:27:14.0291 1772 kbdclass - ok

12:27:14.0322 1772 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

12:27:14.0323 1772 kbdhid - ok

12:27:14.0333 1772 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

12:27:14.0334 1772 KeyIso - ok

12:27:14.0359 1772 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

12:27:14.0360 1772 KSecDD - ok

12:27:14.0388 1772 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

12:27:14.0389 1772 KSecPkg - ok

12:27:14.0396 1772 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

12:27:14.0396 1772 ksthunk - ok

12:27:14.0435 1772 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

12:27:14.0438 1772 KtmRm - ok

12:27:14.0460 1772 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

12:27:14.0463 1772 LanmanServer - ok

12:27:14.0492 1772 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

12:27:14.0494 1772 LanmanWorkstation - ok

12:27:14.0534 1772 [ 108333981C841EB0FF198AA5DFCF3D3B ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

12:27:14.0535 1772 LightScribeService - ok

12:27:14.0546 1772 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

12:27:14.0547 1772 lltdio - ok

12:27:14.0569 1772 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

12:27:14.0572 1772 lltdsvc - ok

12:27:14.0586 1772 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

12:27:14.0587 1772 lmhosts - ok

12:27:14.0613 1772 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

12:27:14.0614 1772 LSI_FC - ok

12:27:14.0628 1772 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

12:27:14.0629 1772 LSI_SAS - ok

12:27:14.0638 1772 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

12:27:14.0639 1772 LSI_SAS2 - ok

12:27:14.0650 1772 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

12:27:14.0651 1772 LSI_SCSI - ok

12:27:14.0671 1772 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

12:27:14.0672 1772 luafv - ok

12:27:14.0701 1772 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

12:27:14.0702 1772 Mcx2Svc - ok

12:27:14.0726 1772 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

12:27:14.0727 1772 megasas - ok

12:27:14.0748 1772 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

12:27:14.0750 1772 MegaSR - ok

12:27:14.0757 1772 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

12:27:14.0758 1772 MMCSS - ok

12:27:14.0773 1772 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

12:27:14.0774 1772 Modem - ok

12:27:14.0796 1772 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

12:27:14.0797 1772 monitor - ok

12:27:14.0807 1772 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

12:27:14.0808 1772 mouclass - ok

12:27:14.0838 1772 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

[diane7]

ComboFix 13-03-02.01 - member 03/02/2013 12:36:14.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5110.3209 [GMT -8:00]
Running from: c:\users\member\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ArcadeWeb\arCAdeweb32.dll
c:\program files (x86)\CouponAlert_2pEI
c:\programdata\Microsoft\Windows\DRM\2E17.tmp
c:\programdata\Microsoft\Windows\DRM\2E27.tmp
c:\users\member\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
c:\users\member\AppData\Roaming\.#
c:\windows\svchost.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-02 to 2013-03-02 )))))))))))))))))))))))))))))))
.
.
2013-03-02 20:43 . 2013-03-02 20:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-02 20:43 . 2013-03-02 20:43 -------- d-----w- c:\users\your goddamn jokes\AppData\Local\temp
2013-03-02 20:43 . 2013-03-02 20:43 -------- d-----w- c:\users\my account\AppData\Local\temp
2013-03-01 07:25 . 2009-01-25 20:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-03-01 07:25 . 2013-03-01 07:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-03-01 07:23 . 2013-03-01 07:23 -------- d-----w- c:\users\member\AppData\Local\Programs
2013-02-28 03:57 . 2013-03-02 20:28 -------- d-----w- C:\TDSSKiller_Quarantine
2013-02-27 03:12 . 2013-02-27 03:12 -------- d-----w- c:\program files (x86)\ERUNT
2013-02-23 22:19 . 2013-02-23 22:20 -------- d-----w- c:\users\my account\AppData\Local\Adobe
2013-02-23 22:17 . 2013-02-23 22:17 -------- d-----w- c:\users\my account\AppData\Local\IsolatedStorage
2013-02-23 22:17 . 2013-02-23 22:17 -------- d-----w- c:\users\my account\AppData\Roaming\Intuit
2013-02-23 06:18 . 2013-02-23 06:18 -------- d-----w- c:\windows\Sun
2013-02-23 04:16 . 2013-02-23 04:16 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2013-02-23 02:57 . 2013-02-23 02:57 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-02-23 02:57 . 2013-02-23 02:57 -------- d-----w- c:\program files\Symantec
2013-02-23 02:57 . 2013-02-23 02:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-02-23 02:56 . 2013-02-23 06:24 -------- d-----w- c:\windows\system32\drivers\N360x64\1401010.002
2013-02-23 02:56 . 2013-02-23 02:56 -------- d-----w- c:\program files (x86)\Norton 360
2013-02-23 02:56 . 2013-02-23 02:56 -------- d-----w- c:\program files (x86)\NortonInstaller
2013-02-23 02:19 . 2013-02-23 02:19 -------- d-----w- c:\users\my account\AppData\Local\LogMeIn Rescue Applet
2013-02-23 01:46 . 2013-02-23 01:46 95392 ----a-w- c:\windows\system32\drivers\SMR311.SYS
2013-02-23 01:46 . 2013-02-23 02:28 -------- d-----w- c:\users\my account\AppData\Local\NPE
2013-02-23 01:03 . 2013-02-23 03:18 -------- d-----w- c:\users\my account\AppData\Local\ElevatedDiagnostics
2013-02-14 08:03 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 08:03 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 06:54 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 06:53 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 06:53 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 06:53 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 06:53 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-14 06:53 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-14 06:53 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-14 06:53 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-14 06:53 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-14 06:53 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-14 06:53 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 06:53 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-05 04:24 . 2013-02-05 04:24 -------- d-----w- c:\users\my account\AppData\Local\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 01:55 . 2012-04-05 00:15 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-28 01:55 . 2011-06-26 18:04 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-14 08:08 . 2010-01-27 09:20 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-04 04:43 . 2013-02-14 06:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 01:42 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 01:42 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 01:42 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 01:42 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-10 05:53 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-10 05:53 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-10 05:53 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-10 05:53 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-10 05:53 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-10 05:53 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-10 05:53 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-10 05:53 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-10 05:53 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-10 05:53 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-10 05:53 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-10 05:53 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-10 05:53 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-10 05:53 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-10 05:53 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-10 05:53 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-10 05:53 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-10 05:53 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-10 05:53 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-10 05:53 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-10 05:53 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-10 05:53 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-10 05:53 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-10 05:53 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-10 05:53 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-10 05:53 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-10 05:53 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-10 05:53 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-10 05:53 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-10 05:53 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-10 05:53 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-10 05:53 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-02-04 18:18 . 2012-04-17 04:15 689552 ----a-w- c:\program files (x86)\2pUninstall Coupon Alert.dll
2012-02-04 18:18 . 2012-04-17 04:15 161720 ----a-w- c:\program files (x86)\2pres.dll
2011-03-19 22:50 . 2011-04-05 20:45 684032 ----a-w- c:\program files (x86)\Uninstall Coupon Alert.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}]
2009-12-18 18:47 81920 ----a-w- c:\program files (x86)\eGames\egamestoolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}"= "c:\program files (x86)\egames\egamestoolbar.dll" [2009-12-18 81920]
"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"= "c:\users\member\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll" [2012-10-18 2572728]
.
[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e}]
.
[HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}]
[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet 4620 series (NET)"="c:\program files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" [2011-12-19 2548072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-11-14 1884064]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\users\member\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\windows\Speech\ERUNTcorrectone\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Remote Solution"=%ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"SelectRebates"=c:\program files (x86)\SelectRebates\SelectRebates.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ApnUpdater"="C:\Program Files (x86)
"AW TrayIcon"=RunDll32.exe "c:\program files (x86)\ArcadeWeb\arcadeweb32.dll", RunTrayIcon
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"ShopAtHomeWatcher"=c:\users\member\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 mrtRate;mrtRate; [x]
R3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [2011-04-06 91304]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-19 446976]
R3 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-06 1255736]
S0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\System32\drivers\SMR311.SYS [2013-02-23 95392]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1401010.002\SYMDS64.SYS [2012-07-28 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1401010.002\SYMEFA64.SYS [2012-08-08 1132192]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-02-08 1388120]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1401010.002\ccSetx64.sys [2012-08-07 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130301.002\IDSvia64.sys [2013-02-23 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1401010.002\Ironx64.SYS [2012-07-28 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\1401010.002\SYMNETS.SYS [2012-07-23 432800]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-04-19 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe [2012-08-29 143928]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2009-06-22 291352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-18 138912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-22 04:16 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 01:55]
.
2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 04:04]
.
2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 04:04]
.
2013-03-01 c:\windows\Tasks\HPCeeScheduleFormember.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-12 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-12 363544]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = www.google.com
mDefault_Search_URL = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
mLocal Page = hxxp://www.google.com/
mSearch Page = hxxp://www.google.com/
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\member\AppData\Roaming\Mozilla\Firefox\Profiles\p8ye63aw.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=16148
FF - prefs.js: keyword.URL - hxxp://urlseek10.vmn.net/search.php?type=dns&tbn=egames3_1dn&q=
FF - ExtSQL: 2013-02-25 15:20; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn
FF - ExtSQL: 2013-02-25 18:43; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\IPSFFPlgn
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-65312228.sys
WebBrowser-{C4D78C72-08DB-4A3F-9175-B265157283F3} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Mahjongg Dimensions Deluxe (tb) - c:\program files (x86)\eGames\Mahjongg Dimensions Deluxe (tb)\Uninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.1.1.2\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2013-03-02 12:51:13 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-02 20:51
.
Pre-Run: 426,064,453,632 bytes free
Post-Run: 425,736,925,184 bytes free
.
- - End Of File - - 9F272AA13A59438FA9FDE750E7951733

[diane7]

hope i did all that right cause im so confused. Most of everything on my parents pc is not clickable. It says illegal operation attempted marked for deletion. Please advice. Thanks!

[JonTom]

Hello diane7

hope i did all that right cause im so confused

You did it right

Most of everything on my parents pc is not clickable. It says illegal operation attempted marked for deletion. Please advice.

Thats nothing to worry about. Simply reboot the machine a couple of times and that message will go away.

I will get back to you later on today with the next set of instructions

[JonTom]

Hello diane7

I'm back

We need to use Combofix again, but this time we will be running it in a slightly different way.

1. Please work through the following steps
   
   
   
   • Hold down the Windows key (has the Windows symbol on it) and press the "R" key. A Run box will open. Type in Notepad and press Enter then click on "OK").
     
   • NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
     
   • Copy and Paste the text in the quotebox below into the open Notepad window:
     
     

     File::
     c:\program files (x86)\eGames\egamestoolbar.dll
     c:\users\member\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
     c:\program files (x86)\SelectRebates\SelectRebates.exe
     c:\users\member\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
     c:\program files (x86)\ArcadeWeb\arcadeweb32.dll
     
     Folder::
     c:\program files (x86)\eGames
     c:\users\member\AppData\Roaming\ShopAtHome
     c:\program files (x86)\SelectRebates
     c:\program files (x86)\ArcadeWeb
     
     Registry::
     [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}]
     
     [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
     "{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}"=-
     "{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"=-
     
     [-HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e}]
     
     [-HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}]
     
     [-HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3]
     
     [-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
     
     [-HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome]
     
     [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
     "SelectRebates"=-
     "ShopAtHomeWatcher"=-
     "AW TrayIcon"=-
     
     Firefox::
     FF - ProfilePath - c:\users\member\AppData\Roaming\Mozilla\Firefox\Profiles\p8ye63aw.default\
     FF - prefs.js: keyword.URL - hxxp://urlseek10.vmn.net/search.php?type=dns&tbn=egames3_1dn&q=
     
     RegLock::
     [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
     

   • Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
     
   • Close any open browsers.
     
   • Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
     
   • Refering to the picture below, drag CFScript.txt into ComboFix.exe
     
     
     
     
     
   • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
     
   • Once the log is produced, re-engage your resident anti virus.
   
   
   
2. Junkware Removal Tool
   
   Please download Junkware Removal Tool by clicking here and save it to your desktop.
   
   
   • Shutdown your antivirus to avoid any conflicts.
   • Double click JRT.exe to run the tool.
   • The tool will open and start scanning your system.
   • Please be patient as this can take a while to complete.
   • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
   • Post the contents of JRT.txt into your next message.
   
   
   Please post the new Combofix log and the Junkware Removal Tool log in your next reply.

[diane7]

I did have that report from after I did all those steps...However I copied it but I couldnt get a browswer to open...everything I clicked was marked for deletion. So knowing what you said last time I restarted the pc and now I can get a browser but I cannot find that log. Please advise!

I will continue on to the next set of instructions. Thanks!

[diane7]

Chrome is telling me that next thing you wanted me to download I believe it had junk it the words is malicious. Please advise. Thanks!

[JonTom]

Hello diane7

The Junkware Removal Tool is not malicious. It has been used many times without incident.

As for the Combofix log, let try to find it like this:

Navigate to your C drive and check to see if there is a file there called C:\ComboFix.txt

If it is present open the file and copy/paste the contents into your next reply.

[diane7]

Jon Tom I am out of town and will be back tomorrow night. I will proceed with your instructions at that time. I appreciate your help and guidance more than you know! di

[JonTom]

Hello diane7

I am out of town and will be back tomorrow night

No problem, we will continue when you get back