knit
-
Posts
17 -
Joined
-
Last visited
-
Please help - WhiteSmoke Hijacker/Shop To Win
knit replied to knit's topic in Resolved Malware Removal Logs
Great, I got ComboFix uninstalled. Really, thank you so much for your help. I am incredibly grateful! I have contacted the Neuroscience Research Institute to see if they can accept a donation from the US, and they can, so I will be doing that very soon. -
Please help - WhiteSmoke Hijacker/Shop To Win
knit replied to knit's topic in Resolved Malware Removal Logs
Thanks.... I wonder if I'm doing the Combofix uninstall correctly. I got to Start Menu > Accessories > Run and enter the text you specified. I get a security alert asking if I want to allow the program to make changes to my computer and click OK. Then Combofix appears as though it's running, including warning me that my antivirus/antispyware is enabled. Is this supposed to be happening? Also wondering if I should keep or uninstall the other utilities that we've used for the repairs. The only thing that seems different about my computer is the browser seems to take a little longer to launch now than it did before. Maybe I'm just paranoid now, but that is definitely a behavior I've seen on other infected machines. I think I am also just overly protective of this computer because it's brand new. ;-) I appreciate the advice and will look into the Spyware Blaster application. I already use Firefox nearly exclusively, and will look into those add-ons you referenced. I've got antivirus, antispyware and firewall running. Unfortunately I know exactly how the computer got infected, and now my husband has learned that "free" online content actually does come with a price. :-{{ So! Now he gets to share the kids' computer! :-D -
Please help - WhiteSmoke Hijacker/Shop To Win
knit replied to knit's topic in Resolved Malware Removal Logs
OK, whew! Restarting did help. Upon restart, Norton 360 reported errors that required me to uninstall and reinstall the program. Now that I have done that, things seem to be working fine. Thank you! Let me know next steps. -
Please help - WhiteSmoke Hijacker/Shop To Win
knit replied to knit's topic in Resolved Malware Removal Logs
The post above is the combofix log. I was able to transfer it to my phone and copy it. It looks like many applications on my computer are now not working. I originally tried to transfer this file to Dropbox so I could access it from my phone, but I got the same error message. -
Please help - WhiteSmoke Hijacker/Shop To Win
knit replied to knit's topic in Resolved Malware Removal Logs
ComboFix 12-08-10.02 - Jennifer 08/16/2012 13:04:08.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6047.4362 [GMT -7:00] Running from: c:\users\Jennifer\Downloads\ComboFix.exe Command switches used :: c:\users\Jennifer\Downloads\CFScript.txt AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\conduit.lnk" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Jennifer\AppData\LocalLow\Conduit c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\conduit.lnk . . ((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 ))))))))))))))))))))))))))))))) . . 2012-08-16 20:07 . 2012-08-16 20:07--------d-----w-c:\users\Default\AppData\Local\temp 2012-08-13 01:46 . 2012-08-13 01:46--------d-----w-c:\program files (x86)\ESET 2012-08-12 15:22 . 2012-08-12 15:22--------d-----w-C:\_OTL 2012-08-11 05:44 . 2012-08-11 05:51--------d-----w-c:\users\Jennifer\AppData\Local\NPE 2012-08-11 05:07 . 2012-08-11 05:07--------d-----w-c:\users\Jennifer\AppData\Roaming\Malwarebytes 2012-08-11 05:07 . 2012-08-11 05:10--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-11 05:07 . 2012-08-11 05:07--------d-----w-c:\programdata\Malwarebytes 2012-08-11 05:07 . 2012-07-03 20:4624904----a-w-c:\windows\system32\drivers\mbam.sys 2012-08-11 00:06 . 2012-08-11 00:06--------d-----w-c:\users\Jennifer\AppData\Local\CRE 2012-08-11 00:05 . 2012-08-11 00:05--------d-----w-c:\program files (x86)\DefaultTab 2012-08-11 00:04 . 2012-08-11 19:14--------d-----w-c:\users\Jennifer\AppData\Roaming\DefaultTab 2012-08-11 00:03 . 2012-08-11 19:01--------d-----w-c:\programdata\Tarma Installer 2012-08-10 22:43 . 2012-08-10 22:44--------d-----w-c:\users\Pickle 2012-08-07 20:23 . 2012-08-07 20:23--------d-----w-c:\users\Jennifer\AppData\Local\Macromedia 2012-08-07 20:20 . 2012-08-15 17:53426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-07 20:20 . 2012-08-07 20:20--------d-----w-c:\windows\system32\Macromed 2012-08-06 00:10 . 2012-08-06 00:10175736----a-w-c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-08-06 00:10 . 2012-08-06 00:10--------d-----w-c:\program files\Symantec 2012-08-06 00:10 . 2012-08-06 00:10--------d-----w-c:\program files\Common Files\Symantec Shared 2012-08-06 00:09 . 2012-08-15 04:31--------d-----w-c:\windows\system32\drivers\N360x64 2012-08-06 00:09 . 2012-08-06 00:09--------d-----w-c:\program files (x86)\Norton 360 2012-08-06 00:06 . 2012-08-06 00:06--------d-----w-c:\programdata\PCSettings 2012-08-03 05:03 . 2012-08-03 05:04--------d-----w-c:\users\Scott 2012-08-03 02:27 . 2012-08-03 02:27--------d-----w-c:\users\Sam 2012-07-31 06:13 . 2012-06-12 03:083148800----a-w-c:\windows\system32\win32k.sys 2012-07-24 04:06 . 2012-08-13 16:42--------d-----r-c:\users\Jennifer\Dropbox 2012-07-24 02:16 . 2012-08-15 17:06--------d-----w-c:\users\Jennifer\AppData\Roaming\Dropbox . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 17:53 . 2011-11-11 08:2370344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-31 06:10 . 2012-07-10 00:4359701280----a-w-c:\windows\system32\MRT.exe 2012-07-11 00:06 . 2011-03-29 02:3619736----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-09 05:43 . 2012-07-10 20:0814172672----a-w-c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-10 20:082004480----a-w-c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-10 20:081881600----a-w-c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-10 20:031133568----a-w-c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-10 20:081390080----a-w-c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-10 20:081236992----a-w-c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-10 20:03805376----a-w-c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-07-11 00:0738424----a-w-c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-07-11 00:082428952----a-w-c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-07-11 00:0857880----a-w-c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-07-11 00:0844056----a-w-c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-07-11 00:06186752----a-w-c:\windows\system32\wuwebv.dll 2012-06-02 22:19 . 2012-07-11 00:07701976----a-w-c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-07-11 00:082622464----a-w-c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-07-11 00:0636864----a-w-c:\windows\system32\wuapp.exe 2012-06-02 22:15 . 2012-07-11 00:0799840----a-w-c:\windows\system32\wudriver.dll 2012-06-02 05:50 . 2012-07-10 20:08458704----a-w-c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-10 20:08151920----a-w-c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:48 . 2012-07-10 20:0895600----a-w-c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:45 . 2012-07-10 20:08340992----a-w-c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-10 20:08307200----a-w-c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-10 20:0822016----a-w-c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-10 20:08225280----a-w-c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-10 20:08219136----a-w-c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-10 20:0896768----a-w-c:\windows\SysWow64\sspicli.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-08-11_19.16.36 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-08-11 05:4916384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-08-15 17:5316384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-08-11 05:4932768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-15 17:5332768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-08-11 05:4949152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-08-15 17:5349152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-21 03:09 . 2012-08-11 19:2436196 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-13 16:4236856 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-08-15 04:31 . 2012-07-06 02:1737536 c:\windows\system32\drivers\N360x64\0603000.00E\srtspx64.sys + 2012-07-11 00:10 . 2012-08-15 17:5316384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-07-11 00:10 . 2012-08-11 05:4116384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-08-15 16:53 . 2012-08-15 17:5332768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-07-11 00:10 . 2012-08-11 05:4132768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-15 17:5316384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-08-11 05:4116384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-08-13 07:5895984 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-07-10 00:18 . 2012-08-13 16:425474 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1579526397-1582197377-4291584978-1001_UserData.bin + 2012-08-13 23:10 . 2012-08-13 23:108192 c:\windows\system32\Microsoft\Protect\Recovery\Recovery.dat - 2012-08-11 19:16 . 2012-08-11 19:162048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-16 20:10 . 2012-08-16 20:102048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-11 19:16 . 2012-08-11 19:162048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-16 20:10 . 2012-08-16 20:102048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-15 17:53 . 2012-08-15 17:53686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe + 2012-08-15 16:53 . 2012-08-15 16:53686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe + 2012-08-15 16:53 . 2012-08-15 16:53466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll + 2012-08-07 20:20 . 2012-08-15 17:53250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe - 2012-08-07 20:20 . 2012-08-07 22:53250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe + 2012-07-12 19:04 . 2012-08-16 19:57223546 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2012-07-10 02:40 . 2012-08-16 13:04236854 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2012-08-11 19:07624178 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-13 23:26624178 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-13 23:26106522 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-08-11 19:07106522 c:\windows\system32\perfc009.dat + 2012-08-15 17:53 . 2012-08-15 17:53417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_Plugin.exe + 2012-08-15 16:53 . 2012-08-15 16:53417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.exe + 2012-08-15 16:53 . 2012-08-15 16:53513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.dll + 2012-08-15 04:31 . 2012-03-29 06:28405624 c:\windows\system32\drivers\N360x64\0603000.00E\symnets.sys + 2012-08-15 04:31 . 2012-03-29 06:28451192 c:\windows\system32\drivers\N360x64\0603000.00E\symds64.sys + 2012-08-15 04:31 . 2012-07-06 02:17737952 c:\windows\system32\drivers\N360x64\0603000.00E\srtsp64.sys + 2012-08-15 04:31 . 2012-03-29 06:06190072 c:\windows\system32\drivers\N360x64\0603000.00E\ironx64.sys + 2012-08-15 04:31 . 2012-06-07 04:43167072 c:\windows\system32\drivers\N360x64\0603000.00E\ccsetx64.sys - 2009-07-14 05:01 . 2012-08-11 19:15385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-16 20:09385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-08-15 17:53 . 2012-08-15 17:539465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll + 2012-08-15 17:53 . 2012-08-15 17:531536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe + 2012-08-15 04:31 . 2012-05-22 01:371129120 c:\windows\system32\drivers\N360x64\0603000.00E\symefa64.sys + 2012-08-15 17:53 . 2012-08-15 17:5312315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll + 2012-07-10 00:13 . 2012-08-16 20:0924472088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1579526397-1582197377-4291584978-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}] c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [bU] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:1994208----a-w-c:\users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:1994208----a-w-c:\users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:1994208----a-w-c:\users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-2 26868192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [2012-03-29 405624] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DefaultTabSearch;DefaultTabSearch;c:\program files (x86)\DefaultTab\DefaultTabSearch.exe [2012-07-17 562688] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 136176] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056] R3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-11 138912] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 136176] R3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120815.002\IDSvia64.sys [2012-08-03 509088] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-08 113120] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-10 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [2012-03-29 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [2012-05-22 1129120] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2011-03-24 36992] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [2012-06-07 167072] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [2012-03-29 190072] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe [2012-06-16 138272] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392] S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888] S2 taisregispinger;taisregispinger;c:\program files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe [2011-11-06 2191240] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-06-29 342192] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096] . . Contents of the 'Scheduled Tasks' folder . 2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 17:53] . 2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 15:47] . 2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 15:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:1997792----a-w-c:\users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:1997792----a-w-c:\users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:1997792----a-w-c:\users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:1997792----a-w-c:\users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-19 11775592] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-06-23 331128] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU] "TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560] "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.0.0.1 FF - ProfilePath - c:\users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\hq7q2cty.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - user.js: extensions.autoDisableScopes - 14 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-08-16 13:14:28 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-16 20:14 ComboFix2.txt 2012-08-11 19:19 . Pre-Run: 574,383,607,808 bytes free Post-Run: 574,294,421,504 bytes free . - - End Of File - - D5A646C596E360A985BF8E3D6EFA41B6 -
Please help - WhiteSmoke Hijacker/Shop To Win
knit replied to knit's topic in Resolved Malware Removal Logs
Hi TDK, posting this from my phone. After running ComboFix, I am unable to launch any browser on my machine. I get an error message that says "Illegal operation attempted on a registry key that has been marked for deletion.". This happenswhen I try to launch firefox or IE. Thanks. -
Please help - WhiteSmoke Hijacker/Shop To Win
knit replied to knit's topic in Resolved Malware Removal Logs
I ended up restoring defaults to Firefox (for another reason), so the preference entry is now gone. Here's the SystemLook log. And thank you! SystemLook 30.07.11 by jpshortstuff Log created at 19:49 on 14/08/2012 by Jennifer Administrator - Elevation successful ========== filefind ========== Searching for "*Conduit*" C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\conduit.lnk --a---- 11704 bytes [01:57 12/08/2012] [01:57 12/08/2012] 68E45B8EEDC4C5BE42C2F6182A9D7041 C:\_OTL\MovedFiles\08122012_082248\C_Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\hq7q2cty.default\searchplugins\conduit.xml --a---- 919 bytes [04:55 11/08/2012] [04:55 11/08/2012] CF32DDA3BFCDD47FBCA2EA15E4848BFC ========== folderfind ========== Searching for "*Conduit*" C:\Users\Jennifer\AppData\LocalLow\Conduit d------ [00:05 11/08/2012] C:\_OTL\MovedFiles\08132012_093926\C_Program Files (x86)\Conduit d------ [00:05 11/08/2012] C:\_OTL\MovedFiles\08132012_093926\C_Users\Jennifer\AppData\Local\Conduit d------ [00:05 11/08/2012] ========== regfind ========== Searching for "Conduit" [HKEY_CURRENT_USER\Software\Conduit] [HKEY_CURRENT_USER\Software\Conduit\ChromeExtData\bdhffggcfjnkigeciffmipblemhphbjl\Repository] "CT3198785.installType"="ConduitNSISIntegration" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] @="Conduit Community Alerts" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32] @="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Community Alerts] "Path"="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\HomePage] "{cce665dd-f6dd-4808-968e-eaec971f70ef}"="http://search.conduit.com?SearchSource=10&ctid=CT3198785" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] @="Conduit Community Alerts" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32] @="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll" [HKEY_USERS\S-1-5-21-1579526397-1582197377-4291584978-1001\Software\Conduit] [HKEY_USERS\S-1-5-21-1579526397-1582197377-4291584978-1001\Software\Conduit\ChromeExtData\bdhffggcfjnkigeciffmipblemhphbjl\Repository] "CT3198785.installType"="ConduitNSISIntegration" Searching for "WhiteSmoke" No data found. -= EOF =- -
Please help - WhiteSmoke Hijacker/Shop To Win
knit replied to knit's topic in Resolved Malware Removal Logs
Hi TDK, I have just discovered one other thing. I was making some changes to my Firefox preferences using about:config, and I noticed this entry: Smartbar.ConduitSearchEngineListThe associated value is WhiteSmoke US Customized Web SearchThis thing is insidious! Should this entry be removed as well? Thanks so much. -
Please help - WhiteSmoke Hijacker/Shop To Win
knit replied to knit's topic in Resolved Malware Removal Logs
Voila! Results of screen317's Security Check version 0.99.43 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 JavaFX 2.1.1 Java 6 Update 25 Java 7 Update 5 Mozilla Firefox (14.0.1) Google Chrome 21.0.1180.75 Google Chrome 21.0.1180.77 Google Chrome VisualElementsManifest.xml.. ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` -
Please help - WhiteSmoke Hijacker/Shop To Win
knit replied to knit's topic in Resolved Malware Removal Logs
Here's the log! Computer still seems to be working well. Thanks! ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=61025972aa50024b97c2ba2db1030b58 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-13 02:07:29 # local_time=2012-08-12 07:07:29 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=3589 16777213 100 71 0 95398927 0 0 # compatibility_mode=5893 16776574 100 94 53581620 96366281 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=24254 # found=0 # cleaned=0 # scan_time=818 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=61025972aa50024b97c2ba2db1030b58 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-13 07:46:43 # local_time=2012-08-13 12:46:43 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=3589 16777213 100 71 0 95416919 0 0 # compatibility_mode=5893 16776574 100 94 53599612 96384273 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=99373 # found=0 # cleaned=0 # scan_time=3180 -
Please help - WhiteSmoke Hijacker/Shop To Win
knit replied to knit's topic in Resolved Malware Removal Logs
Not a problem at all. Even though I am sure he believes it's not part of his ethos, I think The Dark Knight is allowed occasional off days. My machine appears to be working normally now. Here are the logs, and let me know next steps. All processes killed ========== FILES ========== C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully. C:\Program Files (x86)\Conduit folder moved successfully. C:\Users\Jennifer\AppData\Local\Conduit folder moved successfully. C:\Users\Jennifer\AppData\Local\Shopping Sidekick\Chrome folder moved successfully. C:\Users\Jennifer\AppData\Local\Shopping Sidekick folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Jennifer ->Temp folder emptied: 605973739 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 29384602 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Pickle ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Sam ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Scott ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 608 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 606.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Jennifer ->Flash cache emptied: 0 bytes User: Pickle ->Flash cache emptied: 0 bytes User: Public User: Sam ->Flash cache emptied: 0 bytes User: Scott ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.57.0 log created on 08132012_093926 Files\Folders moved on Reboot... C:\Users\Jennifer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\Jennifer\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot... ----------------------------------------------------------------------------------------------------------------------- Results of screen317's Security Check version 0.99.43 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 JavaFX 2.1.1 Java 6 Update 25 Java 7 Update 5 Mozilla Firefox (14.0.1) Google Chrome 21.0.1180.60 Google Chrome 21.0.1180.75 Google Chrome VisualElementsManifest.xml.. ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` -
Please help - WhiteSmoke Hijacker/Shop To Win
knit replied to knit's topic in Resolved Malware Removal Logs
OK, here we go! So far things appear to be working normally. Let me know what the next steps are. Thanks! All processes killed Error: Unable to interpret <:file> in the current context! Error: Unable to interpret <C:\Program Files (x86)\Conduit> in the current context! Error: Unable to interpret <C:\Users\Jennifer\AppData\Local\Conduit> in the current context! Error: Unable to interpret <C:\Users\Jennifer\AppData\Local\Shopping Sidekick> in the current context! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Jennifer ->Temp folder emptied: 782 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 39165680 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 492 bytes User: Pickle ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Sam ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Scott ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 608 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 37.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Jennifer ->Flash cache emptied: 0 bytes User: Pickle ->Flash cache emptied: 0 bytes User: Public User: Sam ->Flash cache emptied: 0 bytes User: Scott ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.57.0 log created on 08122012_183856 Files\Folders moved on Reboot... C:\Users\Jennifer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\Jennifer\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot... ------------------------------------------------------------------------------------------------------------ ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=61025972aa50024b97c2ba2db1030b58 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-13 02:07:29 # local_time=2012-08-12 07:07:29 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=3589 16777213 100 71 0 95398927 0 0 # compatibility_mode=5893 16776574 100 94 53581620 96366281 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=24254 # found=0 # cleaned=0 # scan_time=818 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=61025972aa50024b97c2ba2db1030b58 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-13 07:46:43 # local_time=2012-08-13 12:46:43 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=3589 16777213 100 71 0 95416919 0 0 # compatibility_mode=5893 16776574 100 94 53599612 96384273 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=99373 # found=0 # cleaned=0 # scan_time=3180 -
Please help - WhiteSmoke Hijacker/Shop To Win
knit replied to knit's topic in Resolved Malware Removal Logs
OTL log below. WhiteSmoke appears to be gone now, hooray! All processes killed ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{99FE889A-3EDD-4187-8B3C-41AB53380DBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99FE889A-3EDD-4187-8B3C-41AB53380DBA}\ not found. Prefs.js: "WhiteSmoke US Customized Web Search" removed from browser.search.selectedEngine Prefs.js: "http://search.conduit.com/?ctid=CT3198785&SearchSource=13" removed from browser.startup.homepage Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=" removed from keyword.URL C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\hq7q2cty.default\searchplugins\conduit.xml moved successfully. C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\hq7q2cty.default\searchplugins\search-here.xml moved successfully. Use Chrome's Settings page to change the HomePage. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Error: Unable to interpret <:file> in the current context! Error: Unable to interpret <C:\Program Files (x86)\Conduit> in the current context! Error: Unable to interpret <C:\Users\Jennifer\AppData\Local\Conduit> in the current context! Error: Unable to interpret <C:\Users\Jennifer\AppData\Local\Shopping Sidekick> in the current context! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Jennifer ->Temp folder emptied: 782 bytes ->Temporary Internet Files folder emptied: 36647 bytes ->Java cache emptied: 520184 bytes ->FireFox cache emptied: 99001084 bytes ->Google Chrome cache emptied: 24476807 bytes ->Flash cache emptied: 95793 bytes User: Pickle ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 268 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 36258346 bytes ->Flash cache emptied: 57913 bytes User: Public ->Temp folder emptied: 0 bytes User: Sam ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 804 bytes ->FireFox cache emptied: 19939399 bytes ->Flash cache emptied: 56922 bytes User: Scott ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 871 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 455364435 bytes ->Flash cache emptied: 61735 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 608 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 2129702 bytes Total Files Cleaned = 609.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Jennifer ->Flash cache emptied: 0 bytes User: Pickle ->Flash cache emptied: 0 bytes User: Public User: Sam ->Flash cache emptied: 0 bytes User: Scott ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.57.0 log created on 08122012_082248 Files\Folders moved on Reboot... C:\Users\Jennifer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\Jennifer\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot... -
Please help - WhiteSmoke Hijacker/Shop To Win
knit replied to knit's topic in Resolved Malware Removal Logs
OTL Extras logfile created on: 8/11/2012 7:03:14 PM - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Jennifer\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.91 Gb Total Physical Memory | 4.13 Gb Available Physical Memory | 69.94% Memory free 11.81 Gb Paging File | 9.89 Gb Available in Paging File | 83.74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 579.51 Gb Total Space | 536.69 Gb Free Space | 92.61% Space Free | Partition Type: NTFS Computer Name: HAPAGIRL | User Name: Jennifer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{194D8C0E-3196-426B-807B-529A2A781D2A}" = rport=138 | protocol=17 | dir=out | app=system | "{27D95E1D-75E2-4CD4-9EE1-4B3ABBCF9FCA}" = rport=10243 | protocol=6 | dir=out | app=system | "{329EA959-ABC4-4C53-B787-82452FF092D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{375E05DA-2215-4839-ABBC-EDCC1D3397A1}" = lport=137 | protocol=17 | dir=in | app=system | "{4424961F-10C1-4695-9AB5-7E8FF2C14C79}" = rport=137 | protocol=17 | dir=out | app=system | "{45E38E4D-B9B5-4545-80D6-705425FE2798}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4ADE437F-17A5-4116-AD1A-C3C9347AA447}" = lport=2869 | protocol=6 | dir=in | app=system | "{4F1B94DE-E633-47CE-8225-E974C4878E72}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{52C22B9B-E054-4B66-A1B9-2D55ABFF908E}" = lport=10243 | protocol=6 | dir=in | app=system | "{5746A41E-3646-4081-9749-8D5C65EC2D6C}" = lport=138 | protocol=17 | dir=in | app=system | "{7E95221A-47C7-4CB6-9EB5-FBB3B5C83B6E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{94AC536D-EB85-43DE-BC2F-AAE06ADE18D8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A933D9B3-2F30-4780-B9BE-20EABDC9E2F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A9751C09-C987-45DF-88B1-874C66849D91}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B908CAC6-73C9-4504-AAA6-409A98104EED}" = rport=139 | protocol=6 | dir=out | app=system | "{BABB3F1B-FB5B-4880-AB8E-D22249214145}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{C6CAA077-A785-4EB2-859C-DC93040A5159}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D6A8901D-958A-4F6F-8D89-01AA4800497B}" = lport=139 | protocol=6 | dir=in | app=system | "{D9FECC75-A183-40FC-91FB-52E0477A7B2A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DA53E53E-5740-4E01-8162-763DB2469ACB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DD2DAC24-FADF-4466-A29C-BB9DF86F8E25}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{E7757ECE-C2E2-40FA-A650-F04678237B9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EF7783C0-D4B7-4803-A894-54DFFB2277E3}" = rport=445 | protocol=6 | dir=out | app=system | "{F12B1291-686A-4C27-A32F-96808CBC447A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FC207A66-662D-43EF-BB46-2A82FAA40D30}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D2EA6A3-7527-4B03-A886-7770A1B1D995}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{222B2A06-C9D6-43DA-BCFF-77EAA3FEB717}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2A9577B3-4852-49F2-8F42-3F615D99A0BC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2E515092-1BC1-4322-ACC5-A5EB060CFAC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{31680717-94BE-41A5-BC88-47408561FC44}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3D0F4C40-8606-4649-89D0-0D42ABEA8F4F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{43010D04-4E74-4B3F-B053-6F88B0B0F7B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{625D8CC4-E25C-4E34-A52C-15FAF92095C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{65EFBB5B-6429-4475-8622-88D04E7565BA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6A13B296-9685-48F6-9DE8-9B9446EFBF54}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{8C797ED8-E456-4882-9DBB-0069ADD43561}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A976DBD9-2EF4-4888-A3C7-BFD57B111E02}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{AAA97E08-DD36-40DE-8111-5E8927A4BCFD}" = protocol=17 | dir=in | app=c:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe | "{AFF16D3B-0F82-48E1-8332-B393379439DC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B889B99E-F5A9-4897-A22E-02BBA48798FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C001F96A-2B3E-498A-83CB-D77F785D107C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C4DA345E-25F6-4DBC-9DE9-356B01454A74}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C6D14CF6-2B5D-4355-83CB-925ECFF34AFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CA39B1E8-B6BB-48B7-A856-8B4183F75BA3}" = protocol=6 | dir=in | app=c:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe | "{D04B126A-8A5A-4405-A9F5-FB353218C6E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DAC18F86-7D35-4F9D-B541-7C6B8BD7E4FF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{ED4D35AE-1FAA-42EC-9BC0-B7DB6F7DD075}" = protocol=6 | dir=out | app=system | "{F99AF1E4-29CE-42AE-AAF7-DC3D905A222D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FAD92ACC-4BB9-4AEB-BCB4-E05F3971E0DF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "PROSet" = Intel® Network Connections Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 25 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player "{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games) "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007 "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial "{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in "{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.15.17.02 "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "DefaultTab" = DefaultTab "DefaultTab Chrome" = DefaultTab Chrome "Google Chrome" = Google Chrome "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "N360" = Norton 360 "NortonPCCheckup" = Toshiba Laptop Checkup "PUBLISHERR" = Microsoft Office Publisher 2007 "WildTangent toshiba Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials "WTA-0f19d41f-a6ac-449c-95ae-7aa3302067ac" = FATE - The Traitor Soul "WTA-16689b5a-a394-4e1b-a0c2-907c426533e1" = Tales of Lagoona "WTA-42c090d3-b918-4cad-b0bb-d4e31f07010d" = Letters from Nowhere 2 "WTA-5ac09275-be19-497c-8ac4-1b50069280fb" = Zuma's Revenge "WTA-641dc5ea-52a7-4920-aad9-1bfdad05e37a" = Bejeweled 3 "WTA-8c4477fe-d12a-4658-aa86-65f35df5170a" = Plants vs. Zombies - Game of the Year "WTA-9c9224b1-7b61-483e-bb64-81b12685e966" = Polar Bowler "WTA-cb6d9e90-4b01-4583-a214-1ef33a73187e" = RollerCoaster Tycoon 3: Platinum "WTA-de9e3164-09a6-4d71-ac26-2d2453e94008" = Penguins! ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/9/2012 8:13:24 PM | Computer Name = HapaGirl | Source = Application Error | ID = 1000 Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4df67dcc Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58 Exception code: 0xc0000005 Fault offset: 0x0002e39e Faulting process id: 0x10f8 Faulting application start time: 0x01cd5e30b766637c Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module path: C:\windows\SysWOW64\ntdll.dll Report Id: 10170538-ca24-11e1-8600-e8e0b71b2b55 Error - 7/9/2012 8:16:17 PM | Computer Name = HapaGirl | Source = WinMgmt | ID = 10 Description = Error - 7/9/2012 8:52:08 PM | Computer Name = HapaGirl | Source = WinMgmt | ID = 10 Description = Error - 7/9/2012 9:09:59 PM | Computer Name = HapaGirl | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 7/9/2012 9:10:00 PM | Computer Name = HapaGirl | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 7/10/2012 9:09:59 PM | Computer Name = HapaGirl | Source = Toshiba App Place | ID = 0 Description = Error - 7/11/2012 1:43:22 AM | Computer Name = HapaGirl | Source = Microsoft-Windows-RestartManager | ID = 10006 Description = Application or service 'Microsoft Office Word' could not be shut down. Error - 7/11/2012 1:46:17 AM | Computer Name = HapaGirl | Source = WinMgmt | ID = 10 Description = Error - 7/12/2012 2:04:45 AM | Computer Name = HapaGirl | Source = Toshiba App Place | ID = 0 Description = Error - 7/12/2012 3:46:08 AM | Computer Name = HapaGirl | Source = VSS | ID = 8194 Description = [ System Events ] Error - 7/9/2012 8:48:43 PM | Computer Name = HapaGirl | Source = DCOM | ID = 10010 Description = Error - 7/24/2012 7:13:41 PM | Computer Name = HapaGirl | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service. Error - 7/25/2012 6:07:16 PM | Computer Name = HapaGirl | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service. Error - 7/29/2012 1:08:13 PM | Computer Name = HapaGirl | Source = DCOM | ID = 10010 Description = Error - 7/29/2012 1:18:10 PM | Computer Name = HapaGirl | Source = DCOM | ID = 10010 Description = Error - 7/31/2012 2:29:05 AM | Computer Name = HapaGirl | Source = DCOM | ID = 10010 Description = < End of report > ------------------------------------------------------------------------------------------------------------------------- 19:16:21.0590 2516 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 19:16:22.0051 2516 ============================================================ 19:16:22.0051 2516 Current date / time: 2012/08/11 19:16:22.0051 19:16:22.0051 2516 SystemInfo: 19:16:22.0051 2516 19:16:22.0051 2516 OS Version: 6.1.7601 ServicePack: 1.0 19:16:22.0052 2516 Product type: Workstation 19:16:22.0052 2516 ComputerName: HAPAGIRL 19:16:22.0052 2516 UserName: Jennifer 19:16:22.0052 2516 Windows directory: C:\windows 19:16:22.0052 2516 System windows directory: C:\windows 19:16:22.0052 2516 Running under WOW64 19:16:22.0052 2516 Processor architecture: Intel x64 19:16:22.0052 2516 Number of processors: 4 19:16:22.0052 2516 Page size: 0x1000 19:16:22.0052 2516 Boot type: Normal boot 19:16:22.0052 2516 ============================================================ 19:16:23.0721 2516 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:16:23.0730 2516 ============================================================ 19:16:23.0730 2516 \Device\Harddisk0\DR0: 19:16:23.0731 2516 MBR partitions: 19:16:23.0731 2516 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48704800 19:16:23.0731 2516 ============================================================ 19:16:23.0771 2516 C: <-> \Device\Harddisk0\DR0\Partition0 19:16:23.0772 2516 ============================================================ 19:16:23.0772 2516 Initialize success 19:16:23.0772 2516 ============================================================ 19:17:10.0287 5340 ============================================================ 19:17:10.0287 5340 Scan started 19:17:10.0287 5340 Mode: Manual; 19:17:10.0287 5340 ============================================================ 19:17:11.0039 5340 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys 19:17:11.0045 5340 1394ohci - ok 19:17:11.0088 5340 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 19:17:11.0093 5340 ACPI - ok 19:17:11.0120 5340 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 19:17:11.0122 5340 AcpiPmi - ok 19:17:11.0357 5340 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 19:17:11.0362 5340 AdobeFlashPlayerUpdateSvc - ok 19:17:11.0449 5340 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys 19:17:11.0460 5340 adp94xx - ok 19:17:11.0537 5340 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys 19:17:11.0544 5340 adpahci - ok 19:17:11.0585 5340 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys 19:17:11.0589 5340 adpu320 - ok 19:17:11.0634 5340 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll 19:17:11.0637 5340 AeLookupSvc - ok 19:17:11.0741 5340 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys 19:17:11.0752 5340 AFD - ok 19:17:11.0810 5340 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 19:17:11.0813 5340 agp440 - ok 19:17:11.0874 5340 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe 19:17:11.0877 5340 ALG - ok 19:17:11.0940 5340 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 19:17:11.0942 5340 aliide - ok 19:17:11.0948 5340 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 19:17:11.0950 5340 amdide - ok 19:17:11.0963 5340 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys 19:17:11.0965 5340 AmdK8 - ok 19:17:11.0977 5340 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys 19:17:11.0979 5340 AmdPPM - ok 19:17:11.0988 5340 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 19:17:11.0990 5340 amdsata - ok 19:17:12.0020 5340 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys 19:17:12.0023 5340 amdsbs - ok 19:17:12.0027 5340 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 19:17:12.0028 5340 amdxata - ok 19:17:12.0103 5340 ApfiltrService (a8d468753d02f528d7d5ae649e2d31fc) C:\windows\system32\DRIVERS\Apfiltr.sys 19:17:12.0110 5340 ApfiltrService - ok 19:17:12.0166 5340 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 19:17:12.0168 5340 AppID - ok 19:17:12.0200 5340 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll 19:17:12.0202 5340 AppIDSvc - ok 19:17:12.0235 5340 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll 19:17:12.0236 5340 Appinfo - ok 19:17:12.0313 5340 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys 19:17:12.0315 5340 arc - ok 19:17:12.0328 5340 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys 19:17:12.0331 5340 arcsas - ok 19:17:12.0349 5340 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 19:17:12.0350 5340 AsyncMac - ok 19:17:12.0377 5340 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 19:17:12.0378 5340 atapi - ok 19:17:12.0611 5340 athr (b2931c83cfb12a3223a47b180473ae1a) C:\windows\system32\DRIVERS\athrx.sys 19:17:12.0642 5340 athr - ok 19:17:12.0840 5340 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 19:17:12.0854 5340 AudioEndpointBuilder - ok 19:17:12.0869 5340 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 19:17:12.0881 5340 AudioSrv - ok 19:17:12.0946 5340 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll 19:17:12.0949 5340 AxInstSV - ok 19:17:13.0058 5340 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys 19:17:13.0066 5340 b06bdrv - ok 19:17:13.0165 5340 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 19:17:13.0170 5340 b57nd60a - ok 19:17:13.0321 5340 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll 19:17:13.0324 5340 BDESVC - ok 19:17:13.0431 5340 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 19:17:13.0432 5340 Beep - ok 19:17:13.0596 5340 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll 19:17:13.0611 5340 BFE - ok 19:17:13.0909 5340 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120804.001\BHDrvx64.sys 19:17:13.0933 5340 BHDrvx64 - ok 19:17:14.0103 5340 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll 19:17:14.0118 5340 BITS - ok 19:17:14.0200 5340 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 19:17:14.0202 5340 blbdrive - ok 19:17:14.0263 5340 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 19:17:14.0265 5340 bowser - ok 19:17:14.0311 5340 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys 19:17:14.0313 5340 BrFiltLo - ok 19:17:14.0326 5340 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys 19:17:14.0327 5340 BrFiltUp - ok 19:17:14.0361 5340 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys 19:17:14.0363 5340 BridgeMP - ok 19:17:14.0423 5340 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll 19:17:14.0427 5340 Browser - ok 19:17:14.0472 5340 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 19:17:14.0479 5340 Brserid - ok 19:17:14.0501 5340 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 19:17:14.0503 5340 BrSerWdm - ok 19:17:14.0511 5340 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 19:17:14.0513 5340 BrUsbMdm - ok 19:17:14.0523 5340 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 19:17:14.0525 5340 BrUsbSer - ok 19:17:14.0534 5340 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys 19:17:14.0535 5340 BTHMODEM - ok 19:17:14.0585 5340 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll 19:17:14.0586 5340 bthserv - ok 19:17:14.0609 5340 catchme - ok 19:17:14.0712 5340 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys 19:17:14.0716 5340 ccSet_N360 - ok 19:17:14.0783 5340 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 19:17:14.0787 5340 cdfs - ok 19:17:14.0845 5340 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys 19:17:14.0849 5340 cdrom - ok 19:17:14.0920 5340 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 19:17:14.0923 5340 CertPropSvc - ok 19:17:14.0972 5340 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys 19:17:14.0973 5340 circlass - ok 19:17:15.0051 5340 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 19:17:15.0058 5340 CLFS - ok 19:17:15.0177 5340 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:17:15.0180 5340 clr_optimization_v2.0.50727_32 - ok 19:17:15.0243 5340 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:17:15.0247 5340 clr_optimization_v2.0.50727_64 - ok 19:17:15.0336 5340 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:17:15.0339 5340 clr_optimization_v4.0.30319_32 - ok 19:17:15.0400 5340 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:17:15.0404 5340 clr_optimization_v4.0.30319_64 - ok 19:17:15.0471 5340 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 19:17:15.0473 5340 CmBatt - ok 19:17:15.0478 5340 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 19:17:15.0480 5340 cmdide - ok 19:17:15.0564 5340 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys 19:17:15.0573 5340 CNG - ok 19:17:15.0637 5340 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys 19:17:15.0639 5340 Compbatt - ok 19:17:15.0648 5340 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys 19:17:15.0649 5340 CompositeBus - ok 19:17:15.0677 5340 COMSysApp - ok 19:17:15.0685 5340 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys 19:17:15.0686 5340 crcdisk - ok 19:17:15.0745 5340 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll 19:17:15.0749 5340 CryptSvc - ok 19:17:15.0853 5340 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 19:17:15.0864 5340 DcomLaunch - ok 19:17:16.0049 5340 DefaultTabSearch (2ab40d0f2c34549604c75dc0b54451e7) C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe 19:17:16.0058 5340 DefaultTabSearch - ok 19:17:16.0101 5340 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll 19:17:16.0106 5340 defragsvc - ok 19:17:16.0191 5340 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 19:17:16.0194 5340 DfsC - ok 19:17:16.0276 5340 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll 19:17:16.0281 5340 Dhcp - ok 19:17:16.0310 5340 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 19:17:16.0311 5340 discache - ok 19:17:16.0347 5340 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys 19:17:16.0349 5340 Disk - ok 19:17:16.0398 5340 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll 19:17:16.0403 5340 Dnscache - ok 19:17:16.0426 5340 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll 19:17:16.0430 5340 dot3svc - ok 19:17:16.0444 5340 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll 19:17:16.0447 5340 DPS - ok 19:17:16.0490 5340 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 19:17:16.0492 5340 drmkaud - ok 19:17:16.0561 5340 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 19:17:16.0575 5340 DXGKrnl - ok 19:17:16.0658 5340 e1cexpress (8563d1507431c77e295fe9a01ae8d014) C:\windows\system32\DRIVERS\e1c62x64.sys 19:17:16.0665 5340 e1cexpress - ok 19:17:16.0702 5340 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll 19:17:16.0706 5340 EapHost - ok 19:17:16.0926 5340 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys 19:17:16.0962 5340 ebdrv - ok 19:17:17.0096 5340 eeCtrl (4353ff94d47a0a9d52b89eccf0cdb013) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 19:17:17.0107 5340 eeCtrl - ok 19:17:17.0237 5340 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe 19:17:17.0238 5340 EFS - ok 19:17:17.0351 5340 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe 19:17:17.0362 5340 ehRecvr - ok 19:17:17.0387 5340 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe 19:17:17.0389 5340 ehSched - ok 19:17:17.0505 5340 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys 19:17:17.0518 5340 elxstor - ok 19:17:17.0623 5340 EraserUtilRebootDrv (c5bccb378d0a896304a3e71be7215983) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 19:17:17.0626 5340 EraserUtilRebootDrv - ok 19:17:17.0649 5340 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys 19:17:17.0651 5340 ErrDev - ok 19:17:17.0739 5340 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll 19:17:17.0746 5340 EventSystem - ok 19:17:17.0771 5340 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 19:17:17.0774 5340 exfat - ok 19:17:17.0796 5340 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 19:17:17.0800 5340 fastfat - ok 19:17:17.0898 5340 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe 19:17:17.0915 5340 Fax - ok 19:17:17.0952 5340 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys 19:17:17.0955 5340 fdc - ok 19:17:17.0983 5340 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll 19:17:17.0985 5340 fdPHost - ok 19:17:17.0995 5340 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll 19:17:17.0998 5340 FDResPub - ok 19:17:18.0068 5340 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 19:17:18.0070 5340 FileInfo - ok 19:17:18.0076 5340 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 19:17:18.0078 5340 Filetrace - ok 19:17:18.0103 5340 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys 19:17:18.0104 5340 flpydisk - ok 19:17:18.0127 5340 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys 19:17:18.0131 5340 FltMgr - ok 19:17:18.0230 5340 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll 19:17:18.0252 5340 FontCache - ok 19:17:18.0297 5340 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:17:18.0299 5340 FontCache3.0.0.0 - ok 19:17:18.0340 5340 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 19:17:18.0342 5340 FsDepends - ok 19:17:18.0392 5340 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys 19:17:18.0393 5340 Fs_Rec - ok 19:17:18.0456 5340 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys 19:17:18.0460 5340 fvevol - ok 19:17:18.0517 5340 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys 19:17:18.0520 5340 gagp30kx - ok 19:17:18.0643 5340 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 19:17:18.0648 5340 GamesAppService - ok 19:17:18.0763 5340 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll 19:17:18.0781 5340 gpsvc - ok 19:17:18.0866 5340 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:17:18.0869 5340 gupdate - ok 19:17:18.0893 5340 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:17:18.0896 5340 gupdatem - ok 19:17:18.0946 5340 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 19:17:18.0951 5340 gusvc - ok 19:17:19.0015 5340 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 19:17:19.0017 5340 hcw85cir - ok 19:17:19.0097 5340 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys 19:17:19.0105 5340 HdAudAddService - ok 19:17:19.0158 5340 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys 19:17:19.0162 5340 HDAudBus - ok 19:17:19.0190 5340 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys 19:17:19.0192 5340 HidBatt - ok 19:17:19.0216 5340 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys 19:17:19.0219 5340 HidBth - ok 19:17:19.0243 5340 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys 19:17:19.0245 5340 HidIr - ok 19:17:19.0283 5340 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll 19:17:19.0285 5340 hidserv - ok 19:17:19.0341 5340 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys 19:17:19.0342 5340 HidUsb - ok 19:17:19.0376 5340 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll 19:17:19.0379 5340 hkmsvc - ok 19:17:19.0410 5340 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll 19:17:19.0415 5340 HomeGroupListener - ok 19:17:19.0454 5340 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll 19:17:19.0458 5340 HomeGroupProvider - ok 19:17:19.0502 5340 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys 19:17:19.0504 5340 HpSAMD - ok 19:17:19.0598 5340 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys 19:17:19.0610 5340 HTTP - ok 19:17:19.0631 5340 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys 19:17:19.0632 5340 hwpolicy - ok 19:17:19.0691 5340 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys 19:17:19.0694 5340 i8042prt - ok 19:17:19.0783 5340 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys 19:17:19.0789 5340 iaStor - ok 19:17:19.0864 5340 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys 19:17:19.0872 5340 iaStorV - ok 19:17:20.0011 5340 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:17:20.0027 5340 idsvc - ok 19:17:20.0225 5340 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120810.001\IDSvia64.sys 19:17:20.0237 5340 IDSVia64 - ok 19:17:21.0047 5340 igfx (93c8115d4baeb1bd047ab0a9b265ee7a) C:\windows\system32\DRIVERS\igdkmd64.sys 19:17:21.0276 5340 igfx - ok 19:17:21.0439 5340 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys 19:17:21.0440 5340 iirsp - ok 19:17:21.0517 5340 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll 19:17:21.0531 5340 IKEEXT - ok 19:17:21.0749 5340 IntcAzAudAddService (51e8db3618d106a2b2849a00839cc452) C:\windows\system32\drivers\RTKVHD64.sys 19:17:21.0785 5340 IntcAzAudAddService - ok 19:17:21.0983 5340 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys 19:17:21.0991 5340 IntcDAud - ok 19:17:22.0015 5340 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys 19:17:22.0017 5340 intelide - ok 19:17:22.0053 5340 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys 19:17:22.0055 5340 intelppm - ok 19:17:22.0100 5340 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll 19:17:22.0104 5340 IPBusEnum - ok 19:17:22.0123 5340 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys 19:17:22.0125 5340 IpFilterDriver - ok 19:17:22.0204 5340 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll 19:17:22.0214 5340 iphlpsvc - ok 19:17:22.0235 5340 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys 19:17:22.0237 5340 IPMIDRV - ok 19:17:22.0256 5340 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 19:17:22.0259 5340 IPNAT - ok 19:17:22.0285 5340 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 19:17:22.0286 5340 IRENUM - ok 19:17:22.0292 5340 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys 19:17:22.0293 5340 isapnp - ok 19:17:22.0340 5340 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys 19:17:22.0344 5340 iScsiPrt - ok 19:17:22.0382 5340 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys 19:17:22.0383 5340 kbdclass - ok 19:17:22.0431 5340 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys 19:17:22.0433 5340 kbdhid - ok 19:17:22.0460 5340 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 19:17:22.0462 5340 KeyIso - ok 19:17:22.0491 5340 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys 19:17:22.0494 5340 KSecDD - ok 19:17:22.0518 5340 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys 19:17:22.0522 5340 KSecPkg - ok 19:17:22.0579 5340 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 19:17:22.0581 5340 ksthunk - ok 19:17:22.0635 5340 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll 19:17:22.0642 5340 KtmRm - ok 19:17:22.0681 5340 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll 19:17:22.0687 5340 LanmanServer - ok 19:17:22.0743 5340 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll 19:17:22.0749 5340 LanmanWorkstation - ok 19:17:22.0805 5340 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 19:17:22.0807 5340 lltdio - ok 19:17:22.0858 5340 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll 19:17:22.0866 5340 lltdsvc - ok 19:17:22.0895 5340 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll 19:17:22.0897 5340 lmhosts - ok 19:17:23.0016 5340 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 19:17:23.0022 5340 LMS - ok 19:17:23.0078 5340 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys 19:17:23.0081 5340 LSI_FC - ok 19:17:23.0102 5340 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys 19:17:23.0104 5340 LSI_SAS - ok 19:17:23.0113 5340 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys 19:17:23.0114 5340 LSI_SAS2 - ok 19:17:23.0125 5340 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys 19:17:23.0127 5340 LSI_SCSI - ok 19:17:23.0135 5340 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 19:17:23.0137 5340 luafv - ok 19:17:23.0164 5340 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll 19:17:23.0166 5340 Mcx2Svc - ok 19:17:23.0180 5340 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys 19:17:23.0181 5340 megasas - ok 19:17:23.0250 5340 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys 19:17:23.0257 5340 MegaSR - ok 19:17:23.0307 5340 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys 19:17:23.0308 5340 MEIx64 - ok 19:17:23.0364 5340 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 19:17:23.0366 5340 MMCSS - ok 19:17:23.0374 5340 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 19:17:23.0375 5340 Modem - ok 19:17:23.0421 5340 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 19:17:23.0422 5340 monitor - ok 19:17:23.0460 5340 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys 19:17:23.0488 5340 mouclass - ok 19:17:23.0522 5340 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 19:17:23.0524 5340 mouhid - ok 19:17:23.0564 5340 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys 19:17:23.0566 5340 mountmgr - ok 19:17:23.0792 5340 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 19:17:23.0796 5340 MozillaMaintenance - ok 19:17:23.0825 5340 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys 19:17:23.0829 5340 mpio - ok 19:17:23.0837 5340 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 19:17:23.0839 5340 mpsdrv - ok 19:17:23.0914 5340 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll 19:17:23.0929 5340 MpsSvc - ok 19:17:23.0949 5340 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys 19:17:23.0951 5340 MRxDAV - ok 19:17:23.0971 5340 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys 19:17:23.0973 5340 mrxsmb - ok 19:17:23.0991 5340 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys 19:17:23.0995 5340 mrxsmb10 - ok 19:17:24.0004 5340 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys 19:17:24.0006 5340 mrxsmb20 - ok 19:17:24.0010 5340 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys 19:17:24.0011 5340 msahci - ok 19:17:24.0020 5340 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys 19:17:24.0022 5340 msdsm - ok 19:17:24.0050 5340 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe 19:17:24.0054 5340 MSDTC - ok 19:17:24.0085 5340 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 19:17:24.0086 5340 Msfs - ok 19:17:24.0111 5340 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 19:17:24.0115 5340 mshidkmdf - ok 19:17:24.0126 5340 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys 19:17:24.0128 5340 msisadrv - ok 19:17:24.0192 5340 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll 19:17:24.0198 5340 MSiSCSI - ok 19:17:24.0203 5340 msiserver - ok 19:17:24.0267 5340 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 19:17:24.0269 5340 MSKSSRV - ok 19:17:24.0275 5340 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 19:17:24.0277 5340 MSPCLOCK - ok 19:17:24.0284 5340 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 19:17:24.0285 5340 MSPQM - ok 19:17:24.0311 5340 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys 19:17:24.0317 5340 MsRPC - ok 19:17:24.0324 5340 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys 19:17:24.0325 5340 mssmbios - ok 19:17:24.0329 5340 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 19:17:24.0330 5340 MSTEE - ok 19:17:24.0334 5340 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys 19:17:24.0335 5340 MTConfig - ok 19:17:24.0342 5340 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 19:17:24.0343 5340 Mup - ok 19:17:24.0502 5340 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe 19:17:24.0505 5340 N360 - ok 19:17:24.0572 5340 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll 19:17:24.0584 5340 napagent - ok 19:17:24.0670 5340 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 19:17:24.0676 5340 NativeWifiP - ok 19:17:24.0846 5340 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120811.008\ENG64.SYS 19:17:24.0848 5340 NAVENG - ok 19:17:24.0997 5340 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120811.008\EX64.SYS 19:17:25.0012 5340 NAVEX15 - ok 19:17:25.0192 5340 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys 19:17:25.0209 5340 NDIS - ok 19:17:25.0229 5340 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 19:17:25.0230 5340 NdisCap - ok 19:17:25.0276 5340 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 19:17:25.0278 5340 NdisTapi - ok 19:17:25.0287 5340 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys 19:17:25.0290 5340 Ndisuio - ok 19:17:25.0311 5340 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys 19:17:25.0313 5340 NdisWan - ok 19:17:25.0319 5340 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys 19:17:25.0320 5340 NDProxy - ok 19:17:25.0326 5340 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 19:17:25.0327 5340 NetBIOS - ok 19:17:25.0344 5340 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys 19:17:25.0347 5340 NetBT - ok 19:17:25.0370 5340 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 19:17:25.0372 5340 Netlogon - ok 19:17:25.0455 5340 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll 19:17:25.0462 5340 Netman - ok 19:17:25.0492 5340 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll 19:17:25.0498 5340 netprofm - ok 19:17:25.0579 5340 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:17:25.0584 5340 NetTcpPortSharing - ok 19:17:25.0641 5340 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys 19:17:25.0643 5340 nfrd960 - ok 19:17:25.0743 5340 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll 19:17:25.0751 5340 NlaSvc - ok 19:17:25.0834 5340 Norton PC Checkup Application Launcher - ok 19:17:25.0852 5340 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 19:17:25.0854 5340 Npfs - ok 19:17:25.0890 5340 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll 19:17:25.0893 5340 nsi - ok 19:17:25.0917 5340 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 19:17:25.0919 5340 nsiproxy - ok 19:17:26.0030 5340 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys 19:17:26.0058 5340 Ntfs - ok 19:17:26.0170 5340 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 19:17:26.0172 5340 Null - ok 19:17:26.0222 5340 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\windows\system32\DRIVERS\nusb3hub.sys 19:17:26.0224 5340 nusb3hub - ok 19:17:26.0251 5340 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\windows\system32\DRIVERS\nusb3xhc.sys 19:17:26.0255 5340 nusb3xhc - ok 19:17:26.0305 5340 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys 19:17:26.0309 5340 nvraid - ok 19:17:26.0340 5340 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys 19:17:26.0343 5340 nvstor - ok 19:17:26.0398 5340 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys 19:17:26.0401 5340 nv_agp - ok 19:17:26.0524 5340 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 19:17:26.0534 5340 odserv - ok 19:17:26.0567 5340 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys 19:17:26.0570 5340 ohci1394 - ok 19:17:26.0638 5340 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:17:26.0642 5340 ose - ok 19:17:26.0726 5340 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 19:17:26.0733 5340 p2pimsvc - ok 19:17:26.0780 5340 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll 19:17:26.0789 5340 p2psvc - ok 19:17:26.0828 5340 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys 19:17:26.0830 5340 Parport - ok 19:17:26.0865 5340 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys 19:17:26.0868 5340 partmgr - ok 19:17:26.0913 5340 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll 19:17:26.0918 5340 PcaSvc - ok 19:17:26.0979 5340 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe 19:17:26.0982 5340 PCCUJobMgr - ok 19:17:27.0015 5340 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys 19:17:27.0019 5340 pci - ok 19:17:27.0026 5340 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys 19:17:27.0027 5340 pciide - ok 19:17:27.0047 5340 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys 19:17:27.0050 5340 pcmcia - ok 19:17:27.0056 5340 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 19:17:27.0058 5340 pcw - ok 19:17:27.0096 5340 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 19:17:27.0105 5340 PEAUTH - ok 19:17:27.0223 5340 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe 19:17:27.0226 5340 PerfHost - ok 19:17:27.0315 5340 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys 19:17:27.0317 5340 PGEffect - ok 19:17:27.0430 5340 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll 19:17:27.0448 5340 pla - ok 19:17:27.0537 5340 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll 19:17:27.0548 5340 PlugPlay - ok 19:17:27.0571 5340 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll 19:17:27.0574 5340 PNRPAutoReg - ok 19:17:27.0624 5340 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 19:17:27.0629 5340 PNRPsvc - ok 19:17:27.0700 5340 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll 19:17:27.0709 5340 PolicyAgent - ok 19:17:27.0732 5340 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll 19:17:27.0736 5340 Power - ok 19:17:27.0812 5340 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys 19:17:27.0816 5340 PptpMiniport - ok 19:17:27.0837 5340 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys 19:17:27.0839 5340 Processor - ok 19:17:27.0887 5340 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll 19:17:27.0892 5340 ProfSvc - ok 19:17:27.0915 5340 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 19:17:27.0917 5340 ProtectedStorage - ok 19:17:27.0985 5340 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys 19:17:27.0989 5340 Psched - ok 19:17:28.0113 5340 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys 19:17:28.0144 5340 ql2300 - ok 19:17:28.0274 5340 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys 19:17:28.0277 5340 ql40xx - ok 19:17:28.0323 5340 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll 19:17:28.0330 5340 QWAVE - ok 19:17:28.0356 5340 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 19:17:28.0358 5340 QWAVEdrv - ok 19:17:28.0363 5340 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 19:17:28.0365 5340 RasAcd - ok 19:17:28.0422 5340 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 19:17:28.0423 5340 RasAgileVpn - ok 19:17:28.0464 5340 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll 19:17:28.0468 5340 RasAuto - ok 19:17:28.0534 5340 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys 19:17:28.0537 5340 Rasl2tp - ok 19:17:28.0620 5340 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll 19:17:28.0628 5340 RasMan - ok 19:17:28.0677 5340 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 19:17:28.0680 5340 RasPppoe - ok 19:17:28.0701 5340 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 19:17:28.0703 5340 RasSstp - ok 19:17:28.0728 5340 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys 19:17:28.0734 5340 rdbss - ok 19:17:28.0744 5340 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys 19:17:28.0746 5340 rdpbus - ok 19:17:28.0770 5340 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 19:17:28.0771 5340 RDPCDD - ok 19:17:28.0776 5340 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 19:17:28.0776 5340 RDPENCDD - ok 19:17:28.0781 5340 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 19:17:28.0781 5340 RDPREFMP - ok 19:17:28.0828 5340 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys 19:17:28.0829 5340 RDPWD - ok 19:17:28.0853 5340 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys 19:17:28.0857 5340 rdyboost - ok 19:17:28.0889 5340 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll 19:17:28.0891 5340 RemoteAccess - ok 19:17:28.0934 5340 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll 19:17:28.0941 5340 RemoteRegistry - ok 19:17:29.0008 5340 risdxc (5a227511ed22ddfedf7ef7323c8f7d2f) C:\windows\system32\DRIVERS\risdxc64.sys 19:17:29.0010 5340 risdxc - ok 19:17:29.0050 5340 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll 19:17:29.0053 5340 RpcEptMapper - ok 19:17:29.0078 5340 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe 19:17:29.0081 5340 RpcLocator - ok 19:17:29.0138 5340 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 19:17:29.0148 5340 RpcSs - ok 19:17:29.0182 5340 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 19:17:29.0184 5340 rspndr - ok 19:17:29.0203 5340 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 19:17:29.0205 5340 SamSs - ok 19:17:29.0214 5340 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys 19:17:29.0216 5340 sbp2port - ok 19:17:29.0258 5340 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll 19:17:29.0262 5340 SCardSvr - ok 19:17:29.0281 5340 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys 19:17:29.0282 5340 scfilter - ok 19:17:29.0380 5340 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll 19:17:29.0395 5340 Schedule - ok 19:17:29.0420 5340 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 19:17:29.0421 5340 SCPolicySvc - ok 19:17:29.0454 5340 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll 19:17:29.0457 5340 SDRSVC - ok 19:17:29.0541 5340 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 19:17:29.0542 5340 secdrv - ok 19:17:29.0570 5340 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll 19:17:29.0574 5340 seclogon - ok 19:17:29.0621 5340 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll 19:17:29.0626 5340 SENS - ok 19:17:29.0658 5340 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll 19:17:29.0662 5340 SensrSvc - ok 19:17:29.0681 5340 Ser2pl (9f6490423ac3271e84a90a0dd9d30a3b) C:\windows\system32\drivers\ser2pl64.sys 19:17:29.0684 5340 Ser2pl - ok 19:17:29.0744 5340 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys 19:17:29.0746 5340 Serenum - ok 19:17:29.0783 5340 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys 19:17:29.0786 5340 Serial - ok 19:17:29.0834 5340 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys 19:17:29.0837 5340 sermouse - ok 19:17:29.0888 5340 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll 19:17:29.0892 5340 SessionEnv - ok 19:17:29.0900 5340 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys 19:17:29.0901 5340 sffdisk - ok 19:17:29.0920 5340 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys 19:17:29.0922 5340 sffp_mmc - ok 19:17:29.0927 5340 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys 19:17:29.0928 5340 sffp_sd - ok 19:17:29.0948 5340 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys 19:17:29.0949 5340 sfloppy - ok 19:17:30.0015 5340 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll 19:17:30.0023 5340 SharedAccess - ok 19:17:30.0084 5340 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll 19:17:30.0092 5340 ShellHWDetection - ok 19:17:30.0137 5340 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys 19:17:30.0139 5340 SiSRaid2 - ok 19:17:30.0156 5340 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys 19:17:30.0159 5340 SiSRaid4 - ok 19:17:30.0193 5340 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 19:17:30.0196 5340 Smb - ok 19:17:30.0243 5340 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe 19:17:30.0247 5340 SNMPTRAP - ok 19:17:30.0274 5340 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 19:17:30.0276 5340 spldr - ok 19:17:30.0336 5340 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe 19:17:30.0345 5340 Spooler - ok 19:17:30.0562 5340 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe 19:17:30.0648 5340 sppsvc - ok 19:17:30.0778 5340 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll 19:17:30.0783 5340 sppuinotify - ok 19:17:30.0903 5340 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\windows\system32\drivers\N360x64\0602010.005\SRTSP64.SYS 19:17:30.0913 5340 SRTSP - ok 19:17:30.0931 5340 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS 19:17:30.0932 5340 SRTSPX - ok 19:17:30.0989 5340 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys 19:17:30.0996 5340 srv - ok 19:17:31.0021 5340 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys 19:17:31.0028 5340 srv2 - ok 19:17:31.0040 5340 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys 19:17:31.0043 5340 srvnet - ok 19:17:31.0103 5340 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll 19:17:31.0107 5340 SSDPSRV - ok 19:17:31.0113 5340 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll 19:17:31.0115 5340 SstpSvc - ok 19:17:31.0136 5340 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys 19:17:31.0137 5340 stexstor - ok 19:17:31.0231 5340 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll 19:17:31.0245 5340 stisvc - ok 19:17:31.0251 5340 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys 19:17:31.0252 5340 swenum - ok 19:17:31.0314 5340 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll 19:17:31.0325 5340 swprv - ok 19:17:31.0452 5340 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS 19:17:31.0462 5340 SymDS - ok 19:17:31.0551 5340 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS 19:17:31.0572 5340 SymEFA - ok 19:17:31.0643 5340 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\windows\system32\Drivers\SYMEVENT64x86.SYS 19:17:31.0646 5340 SymEvent - ok 19:17:31.0712 5340 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS 19:17:31.0716 5340 SymIRON - ok 19:17:31.0774 5340 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS 19:17:31.0781 5340 SymNetS - ok 19:17:31.0918 5340 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll 19:17:31.0945 5340 SysMain - ok 19:17:32.0060 5340 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll 19:17:32.0065 5340 TabletInputService - ok 19:17:32.0258 5340 taisregispinger (f38be8b8e7a5b8816a857b0ad0eb8aba) C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe 19:17:32.0277 5340 taisregispinger - ok 19:17:32.0403 5340 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll 19:17:32.0411 5340 TapiSrv - ok 19:17:32.0433 5340 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll 19:17:32.0437 5340 TBS - ok 19:17:32.0639 5340 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys 19:17:32.0669 5340 Tcpip - ok 19:17:32.0945 5340 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys 19:17:32.0961 5340 TCPIP6 - ok 19:17:33.0089 5340 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys 19:17:33.0091 5340 tcpipreg - ok 19:17:33.0150 5340 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys 19:17:33.0152 5340 tdcmdpst - ok 19:17:33.0189 5340 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 19:17:33.0191 5340 TDPIPE - ok 19:17:33.0220 5340 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys 19:17:33.0222 5340 TDTCP - ok 19:17:33.0277 5340 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys 19:17:33.0281 5340 tdx - ok 19:17:33.0302 5340 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys 19:17:33.0305 5340 TermDD - ok 19:17:33.0376 5340 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll 19:17:33.0390 5340 TermService - ok 19:17:33.0410 5340 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll 19:17:33.0412 5340 Themes - ok 19:17:33.0468 5340 Thpdrv (7f35ca8296a52c7161088eb1d952e8ed) C:\windows\system32\DRIVERS\thpdrv.sys 19:17:33.0471 5340 Thpdrv - ok 19:17:33.0488 5340 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS 19:17:33.0490 5340 Thpevm - ok 19:17:33.0551 5340 Thpsrv (0b4734ae9ec70b843df02e7b1c056377) C:\windows\system32\ThpSrv.exe 19:17:33.0562 5340 Thpsrv - ok 19:17:33.0589 5340 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 19:17:33.0590 5340 THREADORDER - ok 19:17:33.0654 5340 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe 19:17:33.0656 5340 TMachInfo - ok 19:17:33.0690 5340 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe 19:17:33.0696 5340 TODDSrv - ok 19:17:33.0861 5340 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 19:17:33.0872 5340 TosCoSrv - ok 19:17:33.0926 5340 TOSHIBA eco Utility Service (63aafcf3ea5dbb17123e0bae9afe4d58) C:\Program Files\TOSHIBA\TECO\TecoService.exe 19:17:33.0929 5340 TOSHIBA eco Utility Service - ok 19:17:33.0968 5340 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe 19:17:33.0970 5340 TOSHIBA HDD SSD Alert Service - ok 19:17:34.0081 5340 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys 19:17:34.0092 5340 tos_sps64 - ok 19:17:34.0177 5340 TPCHSrv (098b8a408c17e125a3d9a8e1166780c8) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe 19:17:34.0185 5340 TPCHSrv - ok 19:17:34.0308 5340 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\windows\system32\drivers\tpm.sys 19:17:34.0310 5340 TPM - ok 19:17:34.0376 5340 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll 19:17:34.0382 5340 TrkWks - ok 19:17:34.0441 5340 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe 19:17:34.0446 5340 TrustedInstaller - ok 19:17:34.0475 5340 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys 19:17:34.0477 5340 tssecsrv - ok 19:17:34.0512 5340 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys 19:17:34.0515 5340 TsUsbFlt - ok 19:17:34.0524 5340 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys 19:17:34.0526 5340 TsUsbGD - ok 19:17:34.0582 5340 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys 19:17:34.0585 5340 tunnel - ok 19:17:34.0649 5340 TVALZ (effce6e033ebdd0f3c0f14a413558f65) C:\windows\system32\DRIVERS\TVALZ.SYS 19:17:34.0651 5340 TVALZ - ok 19:17:34.0681 5340 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys 19:17:34.0683 5340 TVALZFL - ok 19:17:34.0704 5340 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys 19:17:34.0706 5340 uagp35 - ok 19:17:34.0746 5340 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys 19:17:34.0753 5340 udfs - ok 19:17:34.0786 5340 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe 19:17:34.0788 5340 UI0Detect - ok 19:17:34.0833 5340 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys 19:17:34.0834 5340 uliagpkx - ok 19:17:34.0856 5340 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys 19:17:34.0858 5340 umbus - ok 19:17:34.0861 5340 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys 19:17:34.0862 5340 UmPass - ok 19:17:35.0108 5340 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 19:17:35.0143 5340 UNS - ok 19:17:35.0304 5340 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll 19:17:35.0312 5340 upnphost - ok 19:17:35.0373 5340 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys 19:17:35.0376 5340 usbccgp - ok 19:17:35.0388 5340 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys 19:17:35.0391 5340 usbcir - ok 19:17:35.0399 5340 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys 19:17:35.0401 5340 usbehci - ok 19:17:35.0447 5340 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys 19:17:35.0453 5340 usbhub - ok 19:17:35.0458 5340 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys 19:17:35.0459 5340 usbohci - ok 19:17:35.0497 5340 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys 19:17:35.0498 5340 usbprint - ok 19:17:35.0551 5340 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys 19:17:35.0554 5340 usbscan - ok 19:17:35.0595 5340 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS 19:17:35.0598 5340 USBSTOR - ok 19:17:35.0607 5340 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys 19:17:35.0609 5340 usbuhci - ok 19:17:35.0641 5340 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys 19:17:35.0644 5340 usbvideo - ok 19:17:35.0684 5340 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll 19:17:35.0688 5340 UxSms - ok 19:17:35.0750 5340 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 19:17:35.0753 5340 VaultSvc - ok 19:17:35.0772 5340 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys 19:17:35.0774 5340 vdrvroot - ok 19:17:35.0838 5340 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe 19:17:35.0851 5340 vds - ok 19:17:35.0897 5340 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 19:17:35.0899 5340 vga - ok 19:17:35.0908 5340 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 19:17:35.0911 5340 VgaSave - ok 19:17:35.0955 5340 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys 19:17:35.0960 5340 vhdmp - ok 19:17:35.0967 5340 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys 19:17:35.0970 5340 viaide - ok 19:17:35.0981 5340 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys 19:17:35.0983 5340 volmgr - ok 19:17:36.0007 5340 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys 19:17:36.0012 5340 volmgrx - ok 19:17:36.0031 5340 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys 19:17:36.0036 5340 volsnap - ok 19:17:36.0097 5340 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys 19:17:36.0102 5340 vsmraid - ok 19:17:36.0222 5340 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe 19:17:36.0243 5340 VSS - ok 19:17:36.0364 5340 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 19:17:36.0365 5340 vwifibus - ok 19:17:36.0379 5340 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys 19:17:36.0381 5340 vwififlt - ok 19:17:36.0431 5340 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll 19:17:36.0439 5340 W32Time - ok 19:17:36.0466 5340 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys 19:17:36.0467 5340 WacomPen - ok 19:17:36.0500 5340 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 19:17:36.0503 5340 WANARP - ok 19:17:36.0509 5340 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 19:17:36.0511 5340 Wanarpv6 - ok 19:17:36.0637 5340 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe 19:17:36.0654 5340 WatAdminSvc - ok 19:17:36.0774 5340 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe 19:17:36.0799 5340 wbengine - ok 19:17:36.0919 5340 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll 19:17:36.0924 5340 WbioSrvc - ok 19:17:36.0948 5340 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll 19:17:36.0956 5340 wcncsvc - ok 19:17:36.0964 5340 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll 19:17:36.0967 5340 WcsPlugInService - ok 19:17:37.0024 5340 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys 19:17:37.0026 5340 Wd - ok 19:17:37.0071 5340 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 19:17:37.0082 5340 Wdf01000 - ok 19:17:37.0098 5340 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 19:17:37.0102 5340 WdiServiceHost - ok 19:17:37.0107 5340 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 19:17:37.0111 5340 WdiSystemHost - ok 19:17:37.0144 5340 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll 19:17:37.0150 5340 WebClient - ok 19:17:37.0233 5340 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll 19:17:37.0241 5340 Wecsvc - ok 19:17:37.0265 5340 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll 19:17:37.0270 5340 wercplsupport - ok 19:17:37.0321 5340 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll 19:17:37.0326 5340 WerSvc - ok 19:17:37.0364 5340 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 19:17:37.0365 5340 WfpLwf - ok 19:17:37.0372 5340 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 19:17:37.0374 5340 WIMMount - ok 19:17:37.0429 5340 WinDefend - ok 19:17:37.0440 5340 WinHttpAutoProxySvc - ok 19:17:37.0515 5340 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll 19:17:37.0520 5340 Winmgmt - ok 19:17:37.0683 5340 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll 19:17:37.0708 5340 WinRM - ok 19:17:37.0867 5340 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUSB.sys 19:17:37.0870 5340 WinUsb - ok 19:17:37.0948 5340 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll 19:17:37.0963 5340 Wlansvc - ok 19:17:38.0056 5340 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 19:17:38.0058 5340 wlcrasvc - ok 19:17:38.0291 5340 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 19:17:38.0318 5340 wlidsvc - ok 19:17:38.0443 5340 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys 19:17:38.0445 5340 WmiAcpi - ok 19:17:38.0527 5340 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe 19:17:38.0533 5340 wmiApSrv - ok 19:17:38.0604 5340 WMPNetworkSvc - ok 19:17:38.0662 5340 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll 19:17:38.0666 5340 WPCSvc - ok 19:17:38.0682 5340 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll 19:17:38.0686 5340 WPDBusEnum - ok 19:17:38.0711 5340 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 19:17:38.0712 5340 ws2ifsl - ok 19:17:38.0745 5340 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll 19:17:38.0748 5340 wscsvc - ok 19:17:38.0753 5340 WSearch - ok 19:17:38.0923 5340 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll 19:17:38.0952 5340 wuauserv - ok 19:17:39.0087 5340 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys 19:17:39.0089 5340 WudfPf - ok 19:17:39.0104 5340 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys 19:17:39.0107 5340 WUDFRd - ok 19:17:39.0136 5340 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll 19:17:39.0140 5340 wudfsvc - ok 19:17:39.0184 5340 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll 19:17:39.0190 5340 WwanSvc - ok 19:17:39.0213 5340 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0 19:17:39.0460 5340 \Device\Harddisk0\DR0 - ok 19:17:39.0468 5340 Boot (0x1200) (736b894eb897a2dbf7f2b7aaadddaba2) \Device\Harddisk0\DR0\Partition0 19:17:39.0471 5340 \Device\Harddisk0\DR0\Partition0 - ok 19:17:39.0472 5340 ============================================================ 19:17:39.0472 5340 Scan finished 19:17:39.0472 5340 ============================================================ 19:17:39.0486 2704 Detected object count: 0 19:17:39.0487 2704 Actual detected object count: 0 -
Please help - WhiteSmoke Hijacker/Shop To Win
knit replied to knit's topic in Resolved Malware Removal Logs
Thanks! I am unable to remove Conduit using the Uninstall function on the Control Panel. I can see where it's locate (C:\Program Files (x86)\Conduit) but it does not appear in the list of available programs at Control Panel\Uninstall. I'm guessing a manual removal is required? OK, now here are the logs. OTL logfile created on: 8/11/2012 7:03:13 PM - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Jennifer\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.91 Gb Total Physical Memory | 4.13 Gb Available Physical Memory | 69.94% Memory free 11.81 Gb Paging File | 9.89 Gb Available in Paging File | 83.74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 579.51 Gb Total Space | 536.69 Gb Free Space | 92.61% Space Free | Partition Type: NTFS Computer Name: HAPAGIRL | User Name: Jennifer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/11 19:00:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe PRC - [2012/08/08 00:37:29 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/07/02 18:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe PRC - [2011/07/19 08:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe PRC - [2011/07/19 08:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe PRC - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== MOD - [2012/08/08 00:37:29 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/07/01 12:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2011/06/09 22:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2011/05/24 10:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2011/05/17 15:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2011/04/20 16:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv) SRV:64bit: - [2010/10/20 15:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/08/08 00:37:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/08/07 15:53:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/16 21:10:18 | 000,562,688 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch) SRV - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360) SRV - [2011/11/06 11:14:12 | 002,191,240 | ---- | M] (Toshiba America Information Systems.) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe -- (taisregispinger) SRV - [2011/07/19 08:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr) SRV - [2011/07/19 08:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2011/07/11 18:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/08/05 17:10:26 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012/03/28 23:28:38 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symnets.sys -- (SymNetS) DRV:64bit: - [2012/03/28 23:28:30 | 001,092,728 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\SymEFA64.sys -- (SymEFA) DRV:64bit: - [2012/03/28 23:28:25 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\SymDS64.sys -- (SymDS) DRV:64bit: - [2012/03/28 23:06:25 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\Ironx64.sys -- (SymIRON) DRV:64bit: - [2012/03/28 23:03:27 | 000,737,912 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012/03/28 23:03:27 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/11/29 15:44:29 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ccSetx64.sys -- (ccSet_N360) DRV:64bit: - [2011/06/28 17:18:14 | 000,342,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011/06/26 19:55:48 | 012,231,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/06/13 18:34:52 | 000,370,512 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011/05/25 18:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc) DRV:64bit: - [2011/03/23 18:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011/02/10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011/02/08 20:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/12/17 20:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/03/12 19:21:52 | 000,097,280 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl) DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/14 13:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ.SYS -- (TVALZ) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/29 17:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm) DRV:64bit: - [2009/06/24 16:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012/08/11 19:02:35 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120811.008\ex64.sys -- (NAVEX15) DRV - [2012/08/11 19:02:35 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120811.008\eng64.sys -- (NAVENG) DRV - [2012/08/10 18:50:01 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/08/10 09:02:27 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/08/03 15:50:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120810.001\IDSviA64.sys -- (IDSVia64) DRV - [2012/07/11 01:00:46 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120804.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {284C6243-54B4-42BF-9EE7-0A0D63300102} IE:64bit: - HKLM\..\SearchScopes\{284C6243-54B4-42BF-9EE7-0A0D63300102}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {284C6243-54B4-42BF-9EE7-0A0D63300102} IE - HKLM\..\SearchScopes\{284C6243-54B4-42BF-9EE7-0A0D63300102}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3198785 IE - HKCU\..\SearchScopes,DefaultScope = {DFD500B9-207F-4B09-A48F-DE0F375CD0BA} IE - HKCU\..\SearchScopes\{284C6243-54B4-42BF-9EE7-0A0D63300102}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKCU\..\SearchScopes\{99FE889A-3EDD-4187-8B3C-41AB53380DBA}: "URL" = http://www.mysearchresults.com/search?&c=4200&t=11&q={searchTerms} IE - HKCU\..\SearchScopes\{DFD500B9-207F-4B09-A48F-DE0F375CD0BA}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS492 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke US Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3198785&SearchSource=13" FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/08/05 17:10:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2012/08/11 12:24:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/08 00:37:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/08 00:37:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/09 17:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Extensions [2012/08/10 22:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\hq7q2cty.default\extensions [2012/08/10 21:55:12 | 000,000,919 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\hq7q2cty.default\searchplugins\conduit.xml [2012/08/11 12:23:04 | 000,002,030 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\hq7q2cty.default\searchplugins\search-here.xml [2012/07/09 17:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/08/05 17:10:52 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPLGN [2012/08/10 17:06:06 | 000,022,392 | ---- | M] () (No name found) -- C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HQ7Q2CTY.DEFAULT\EXTENSIONS\ADDON@DEFAULTTAB.COM.XPI [2012/08/08 00:37:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/14 15:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/14 15:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://search.conduit.com/?ctid=CT3198785&SearchSource=48 CHR - Extension: Norton Identity Protection = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\ O1 HOSTS File: ([2012/08/11 12:16:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\CoIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba) O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\Toshiba\PasswordUtility\TOSDCR.exe () O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B2F6535-F0A5-4FBB-B66B-B8A95275E1A7}: DhcpNameServer = 10.0.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/08/11 19:00:26 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe [2012/08/11 12:22:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/08/11 12:19:55 | 000,000,000 | ---D | C] -- C:\windows\temp [2012/08/11 12:08:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012/08/11 12:08:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012/08/11 12:08:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012/08/11 12:08:26 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/08/11 12:08:11 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2012/08/10 23:25:57 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jennifer\Desktop\dds.com [2012/08/10 22:44:50 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\NPE [2012/08/10 22:07:34 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Malwarebytes [2012/08/10 22:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/08/10 22:07:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/08/10 22:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/08/10 22:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/08/10 17:06:26 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\CRE [2012/08/10 17:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2012/08/10 17:05:47 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Conduit [2012/08/10 17:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab [2012/08/10 17:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\DefaultTab [2012/08/10 17:04:14 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Shopping Sidekick [2012/08/10 17:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012/08/07 13:23:30 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Macromedia [2012/08/07 13:20:42 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012/08/07 13:20:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed [2012/08/05 17:12:10 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Documents\Symantec [2012/08/05 17:10:26 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/08/05 17:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012/08/05 17:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012/08/05 17:09:42 | 001,092,728 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0602010.005\SymEFA64.sys [2012/08/05 17:09:42 | 000,737,912 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0602010.005\srtsp64.sys [2012/08/05 17:09:42 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0602010.005\SymDS64.sys [2012/08/05 17:09:42 | 000,405,624 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0602010.005\symnets.sys [2012/08/05 17:09:42 | 000,190,072 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0602010.005\Ironx64.sys [2012/08/05 17:09:42 | 000,167,048 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0602010.005\ccSetx64.sys [2012/08/05 17:09:42 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0602010.005\srtspx64.sys [2012/08/05 17:09:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64 [2012/08/05 17:09:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\0602010.005 [2012/08/05 17:09:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360 [2012/08/05 17:09:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 [2012/08/05 17:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings [2012/08/05 16:36:17 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton [2012/08/03 03:05:32 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012/07/30 23:09:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012/07/30 23:09:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012/07/30 23:09:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012/07/30 23:09:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012/07/30 23:09:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012/07/30 23:09:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012/07/30 23:09:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012/07/30 23:09:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012/07/30 23:09:09 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012/07/30 23:09:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012/07/30 23:09:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012/07/30 23:09:09 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012/07/30 23:09:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012/07/23 21:06:09 | 000,000,000 | R--D | C] -- C:\Users\Jennifer\Dropbox [2012/07/23 19:17:25 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012/07/23 19:16:58 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Dropbox [2012/07/15 19:31:47 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Microsoft Games [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/11 19:06:04 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/11 19:00:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe [2012/08/11 18:52:06 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/08/11 18:52:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/08/11 12:30:02 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/11 12:30:02 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/11 12:26:34 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/08/11 12:26:34 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/08/11 12:26:34 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/08/11 12:22:27 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/11 12:22:06 | 460,918,783 | -HS- | M] () -- C:\hiberfil.sys [2012/08/11 12:16:31 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012/08/10 23:25:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jennifer\Desktop\dds.com [2012/08/10 22:10:02 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/08/10 17:06:39 | 000,000,009 | ---- | M] () -- C:\END [2012/08/07 15:53:06 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012/08/07 15:53:06 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012/08/05 17:10:58 | 001,606,782 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\Cat.DB [2012/08/05 17:10:26 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/08/05 17:10:26 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/08/05 17:10:26 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF [2012/08/05 17:10:17 | 000,002,386 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2012/08/05 17:08:51 | 000,001,310 | ---- | M] () -- C:\Users\Jennifer\Desktop\Norton Installation Files.lnk [2012/07/30 23:31:31 | 000,416,000 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/07/23 21:06:09 | 000,001,054 | ---- | M] () -- C:\Users\Jennifer\Desktop\Dropbox.lnk [2012/07/23 19:17:40 | 000,001,064 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/11 12:08:50 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/08/11 12:08:50 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/08/11 12:08:50 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/08/11 12:08:50 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/08/11 12:08:50 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/08/10 22:07:29 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/08/10 17:06:37 | 000,000,009 | ---- | C] () -- C:\END [2012/08/07 13:20:43 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/08/05 17:10:28 | 001,606,782 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\Cat.DB [2012/08/05 17:10:26 | 000,007,488 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/08/05 17:10:26 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF [2012/08/05 17:10:17 | 000,002,386 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk [2012/08/05 17:09:17 | 000,003,434 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\SymEFA.inf [2012/08/05 17:09:17 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\SymDS.inf [2012/08/05 17:09:17 | 000,001,441 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\SymNet.inf [2012/08/05 17:09:17 | 000,001,437 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\srtsp64.inf [2012/08/05 17:09:17 | 000,001,419 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\srtspx64.inf [2012/08/05 17:09:17 | 000,000,853 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\ccSetx64.inf [2012/08/05 17:09:17 | 000,000,772 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\Iron.inf [2012/08/05 17:09:14 | 000,004,782 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\SymVTcer.dat [2012/08/05 17:09:11 | 000,007,496 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\SymDS64.cat [2012/08/05 17:09:11 | 000,007,462 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\srtspx64.cat [2012/08/05 17:09:11 | 000,007,460 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\SymEFA64.cat [2012/08/05 17:09:11 | 000,007,458 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\symnet64.cat [2012/08/05 17:09:11 | 000,007,458 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\srtsp64.cat [2012/08/05 17:09:11 | 000,007,450 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\iron.cat [2012/08/05 17:09:10 | 000,007,468 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\ccsetx64.cat [2012/08/05 17:09:10 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\isolate.ini [2012/08/05 16:36:17 | 000,001,310 | ---- | C] () -- C:\Users\Jennifer\Desktop\Norton Installation Files.lnk [2012/07/23 21:06:09 | 000,001,054 | ---- | C] () -- C:\Users\Jennifer\Desktop\Dropbox.lnk [2012/07/23 19:17:40 | 000,001,064 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/07/09 17:26:02 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI [2011/06/26 19:53:56 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011/06/26 19:53:56 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011/06/26 19:53:56 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011/06/26 19:48:56 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2011/06/26 19:28:06 | 013,899,776 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010/11/20 20:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr [2011/11/11 00:41:19 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2012/08/11 12:19:53 | 000,023,895 | ---- | M] () -- C:\ComboFix.txt [2012/08/10 17:06:39 | 000,000,009 | ---- | M] () -- C:\END [2012/08/11 12:22:06 | 460,918,783 | -HS- | M] () -- C:\hiberfil.sys [2012/08/11 12:22:14 | 2046,218,239 | -HS- | M] () -- C:\pagefile.sys [2012/08/10 23:06:53 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.38.0_10.08.2012_23.06.43_log.txt [2012/08/10 23:09:05 | 000,257,598 | ---- | M] () -- C:\TDSSKiller.2.7.48.0_10.08.2012_23.07.42_log.txt < %systemroot%\*. /mp /s > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report >
