Please help - WhiteSmoke Hijacker/Shop To Win

knit · August 11, 2012

Hello,

My computer has been infected with the WhiteSmoke browser hijacker and a program called Shop To Win. I ran a Norton 360 full scan and Norton Power Eraser and they found nothing. Malwarebytes found several items and removed them, but these two items are still on my machine. When I run Malwarebytes again, it does not find any infected items. I would appreciate any help.

I ran DDS per the instructions in the pinned post and the logs are attached.

Thank you - I really appreciate any help.

Attach.txt

DDS.txt

TheDarkKnight · August 11, 2012

Welcome knit to Malwarebytes. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear.

Please go to Start>Control Panel>Programs and Features>Programs and uninstall the following (if present):

QuickLinx
Shopping Sidekick
Shop To Win
WhiteSmoke US Toolbar
Yontoo

Please restart your computer after these program removals.

==========

Next, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

==========

In your next post I would like to see the following please:

Fresh MBAM log.
ComboFix.txt.

How is your computer running now?

knit · August 11, 2012

Hi, and thanks for your help. The logs are pasted below.

Unfortunatey my browser appears to still be hijacked.

I appreciate your assistance.

ComboFix 12-08-10.02 - Jennifer 08/11/2012 12:11:22.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6047.4581 [GMT -7:00]

Running from: c:\users\Jennifer\Downloads\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab

c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\addon.ico

c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico

c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg

c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe

c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll

c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\DT.ico

c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico

c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico

c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico

c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico

c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico

c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe

c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico

c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_DefaultTabUpdate

.

((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))

.

2012-08-11 05:44 . 2012-08-11 05:51 -------- d-----w- c:\users\Jennifer\AppData\Local\NPE

2012-08-11 05:07 . 2012-08-11 05:07 -------- d-----w- c:\users\Jennifer\AppData\Roaming\Malwarebytes

2012-08-11 05:07 . 2012-08-11 05:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-11 05:07 . 2012-08-11 05:07 -------- d-----w- c:\programdata\Malwarebytes

2012-08-11 05:07 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-11 00:06 . 2012-08-11 00:06 -------- d-----w- c:\users\Jennifer\AppData\Local\CRE

2012-08-11 00:05 . 2012-08-11 00:05 -------- d-----w- c:\program files (x86)\Conduit

2012-08-11 00:05 . 2012-08-11 19:00 -------- d-----w- c:\users\Jennifer\AppData\Local\Conduit

2012-08-11 00:05 . 2012-08-11 00:05 -------- d-----w- c:\program files (x86)\DefaultTab

2012-08-11 00:04 . 2012-08-11 19:14 -------- d-----w- c:\users\Jennifer\AppData\Roaming\DefaultTab

2012-08-11 00:04 . 2012-08-11 00:04 -------- d-----w- c:\users\Jennifer\AppData\Local\Shopping Sidekick

2012-08-11 00:03 . 2012-08-11 19:01 -------- d-----w- c:\programdata\Tarma Installer

2012-08-10 22:43 . 2012-08-10 22:44 -------- d-----w- c:\users\Pickle

2012-08-07 20:23 . 2012-08-07 20:23 -------- d-----w- c:\users\Jennifer\AppData\Local\Macromedia

2012-08-07 20:20 . 2012-08-07 22:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-07 20:20 . 2012-08-07 20:20 -------- d-----w- c:\windows\system32\Macromed

2012-08-06 00:10 . 2012-08-06 00:10 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-08-06 00:10 . 2012-08-06 00:10 -------- d-----w- c:\program files\Symantec

2012-08-06 00:10 . 2012-08-06 00:10 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-08-06 00:09 . 2012-08-06 00:09 -------- d-----w- c:\windows\system32\drivers\N360x64

2012-08-06 00:09 . 2012-08-06 00:09 -------- d-----w- c:\program files (x86)\Norton 360

2012-08-06 00:06 . 2012-08-06 00:06 -------- d-----w- c:\programdata\PCSettings

2012-08-03 05:03 . 2012-08-03 05:04 -------- d-----w- c:\users\Scott

2012-08-03 02:27 . 2012-08-03 02:27 -------- d-----w- c:\users\Sam

2012-07-31 06:13 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-24 04:06 . 2012-08-11 19:03 -------- d-----r- c:\users\Jennifer\Dropbox

2012-07-24 02:16 . 2012-08-11 19:03 -------- d-----w- c:\users\Jennifer\AppData\Roaming\Dropbox

2012-07-16 02:31 . 2012-07-23 22:26 -------- d-----w- c:\users\Jennifer\AppData\Local\Microsoft Games

2012-07-12 19:34 . 2012-07-12 19:34 -------- d-----w- c:\users\Jennifer\AppData\Local\Adobe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-07 22:53 . 2011-11-11 08:23 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-31 06:10 . 2012-07-10 00:43 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-11 00:06 . 2011-03-29 02:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-09 05:43 . 2012-07-10 20:08 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-10 20:08 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-10 20:08 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-10 20:03 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-10 20:08 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-10 20:08 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-10 20:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-07-11 00:07 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-07-11 00:08 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-07-11 00:08 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-07-11 00:08 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-07-11 00:06 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 22:19 . 2012-07-11 00:07 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-07-11 00:08 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-07-11 00:06 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 22:15 . 2012-07-11 00:07 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 05:50 . 2012-07-10 20:08 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-10 20:08 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-10 20:08 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-10 20:08 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-10 20:08 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-10 20:08 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-10 20:08 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-10 20:08 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-10 20:08 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]

"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]

"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-2 26868192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DefaultTabSearch;DefaultTabSearch;c:\program files (x86)\DefaultTab\DefaultTabSearch.exe [2012-07-17 562688]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 136176]

R2 taisregispinger;taisregispinger;c:\program files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe [2011-11-06 2191240]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 250056]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 136176]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-08 113120]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-10 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2011-03-24 36992]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]

S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]

S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]

S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120804.001\BHDrvx64.sys [2012-07-11 1161376]

S3 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-29 167048]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-06-29 342192]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-11 138912]

S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120810.001\IDSvia64.sys [2012-08-03 509088]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]

S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2012-03-29 451192]

S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2012-03-29 1092728]

S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2012-03-29 190072]

S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS [2012-03-29 405624]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 22:53]

.

2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 15:47]

.

2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 15:47]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-19 11775592]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-06-23 331128]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"combofix"="c:\combofix\CF24544.3XE" [2010-11-21 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\hq7q2cty.default\

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=

FF - user.js: extensions.autoDisableScopes - 14

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

Toolbar-Locked - (no file)

HKLM-Run-(Default) - (no file)

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

AddRemove-DefaultTab - c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-08-11 12:19:53 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-11 19:19

.

Pre-Run: 576,956,973,056 bytes free

Post-Run: 576,398,028,800 bytes free

.

- - End Of File - - 0E80D0B64AB508CB6D7740BA8FFC0C17

------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.10.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Jennifer :: HAPAGIRL [administrator]

8/11/2012 12:26:55 PM

mbam-log-2012-08-11 (12-26-55).txt

Scan type: Full scan (C:\|)

Scan options disabled: P2P

Objects scanned: 348117

Time elapsed: 19 minute(s), 6 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

TheDarkKnight · August 11, 2012

Hello knit.

I notice that you have Conduit installed. This program has been known to exhibit suspicious behaviour and it is for this reason I recommend removing it (please see here for more information).

Please go to Start>Control Panel>Programs and Features>Programs and uninstall Conduit if you so wish. Then restart your computer after this program removal.

==========

Next, please download OTL.exe by OldTimer to your Desktop.

Close all windows and double click OTL.exe.
In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click Run Scan and let the program run uninterrupted.
When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
You may need to use two posts to get it all.

============

Finally, please download to your Desktop:

TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

==========

In your reply I would like to see the following please:

OTL.txt.
Extras.txt.
TDSSKiller log.

knit · August 12, 2012

Thanks!

I am unable to remove Conduit using the Uninstall function on the Control Panel. I can see where it's locate (C:\Program Files (x86)\Conduit) but it does not appear in the list of available programs at Control Panel\Uninstall. I'm guessing a manual removal is required?

OK, now here are the logs.

OTL logfile created on: 8/11/2012 7:03:13 PM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Jennifer\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.13 Gb Available Physical Memory | 69.94% Memory free

11.81 Gb Paging File | 9.89 Gb Available in Paging File | 83.74% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 579.51 Gb Total Space | 536.69 Gb Free Space | 92.61% Space Free | Partition Type: NTFS

Computer Name: HAPAGIRL | User Name: Jennifer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/11 19:00:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe

PRC - [2012/08/08 00:37:29 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/07/02 18:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe

PRC - [2011/07/19 08:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

PRC - [2011/07/19 08:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe

PRC - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/08 00:37:29 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/01 12:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2011/06/09 22:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2011/05/24 10:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2011/05/17 15:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2011/04/20 16:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)

SRV:64bit: - [2010/10/20 15:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/08/08 00:37:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/08/07 15:53:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/16 21:10:18 | 000,562,688 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)

SRV - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)

SRV - [2011/11/06 11:14:12 | 002,191,240 | ---- | M] (Toshiba America Information Systems.) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe -- (taisregispinger)

SRV - [2011/07/19 08:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)

SRV - [2011/07/19 08:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)

SRV - [2011/07/11 18:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/05 17:10:26 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/06/28 17:18:14 | 000,342,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)

DRV:64bit: - [2011/06/26 19:55:48 | 012,231,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/06/13 18:34:52 | 000,370,512 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2011/05/25 18:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)

DRV:64bit: - [2011/03/23 18:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011/02/10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2011/02/08 20:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/12/17 20:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/03/12 19:21:52 | 000,097,280 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)

DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/14 13:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009/06/29 17:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)

DRV:64bit: - [2009/06/24 16:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)

DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012/08/11 19:02:35 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120811.008\ex64.sys -- (NAVEX15)

DRV - [2012/08/11 19:02:35 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120811.008\eng64.sys -- (NAVENG)

DRV - [2012/08/10 18:50:01 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/08/10 09:02:27 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012/08/03 15:50:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120810.001\IDSviA64.sys -- (IDSVia64)

DRV - [2012/07/11 01:00:46 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120804.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {284C6243-54B4-42BF-9EE7-0A0D63300102}

IE:64bit: - HKLM\..\SearchScopes\{284C6243-54B4-42BF-9EE7-0A0D63300102}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {284C6243-54B4-42BF-9EE7-0A0D63300102}

IE - HKLM\..\SearchScopes\{284C6243-54B4-42BF-9EE7-0A0D63300102}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3198785

IE - HKCU\..\SearchScopes,DefaultScope = {DFD500B9-207F-4B09-A48F-DE0F375CD0BA}

IE - HKCU\..\SearchScopes\{284C6243-54B4-42BF-9EE7-0A0D63300102}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

IE - HKCU\..\SearchScopes\{99FE889A-3EDD-4187-8B3C-41AB53380DBA}: "URL" = http://www.mysearchresults.com/search?&c=4200&t=11&q={searchTerms}

IE - HKCU\..\SearchScopes\{DFD500B9-207F-4B09-A48F-DE0F375CD0BA}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS492

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke US Customized Web Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3198785&SearchSource=13"

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/08/05 17:10:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2012/08/11 12:24:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/08 00:37:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/08 00:37:29 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/09 17:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Extensions

[2012/08/10 22:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\hq7q2cty.default\extensions

[2012/08/10 21:55:12 | 000,000,919 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\hq7q2cty.default\searchplugins\conduit.xml

[2012/08/11 12:23:04 | 000,002,030 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\hq7q2cty.default\searchplugins\search-here.xml

[2012/07/09 17:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/08/05 17:10:52 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPLGN

[2012/08/10 17:06:06 | 000,022,392 | ---- | M] () (No name found) -- C:\USERS\JENNIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HQ7Q2CTY.DEFAULT\EXTENSIONS\ADDON@DEFAULTTAB.COM.XPI

[2012/08/08 00:37:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/06/14 15:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/14 15:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://search.conduit.com/?ctid=CT3198785&SearchSource=48

CHR - Extension: Norton Identity Protection = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\

O1 HOSTS File: ([2012/08/11 12:16:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\CoIEPlg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)

O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\Toshiba\PasswordUtility\TOSDCR.exe ()

O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.1)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B2F6535-F0A5-4FBB-B66B-B8A95275E1A7}: DhcpNameServer = 10.0.0.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/11 19:00:26 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe

[2012/08/11 12:22:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/08/11 12:19:55 | 000,000,000 | ---D | C] -- C:\windows\temp

[2012/08/11 12:08:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012/08/11 12:08:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012/08/11 12:08:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012/08/11 12:08:26 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/08/11 12:08:11 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2012/08/10 23:25:57 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jennifer\Desktop\dds.com

[2012/08/10 22:44:50 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\NPE

[2012/08/10 22:07:34 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Malwarebytes

[2012/08/10 22:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/08/10 22:07:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/08/10 22:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/08/10 22:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/08/10 17:06:26 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\CRE

[2012/08/10 17:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit

[2012/08/10 17:05:47 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Conduit

[2012/08/10 17:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab

[2012/08/10 17:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\DefaultTab

[2012/08/10 17:04:14 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Shopping Sidekick

[2012/08/10 17:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer

[2012/08/07 13:23:30 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Macromedia

[2012/08/07 13:20:42 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

[2012/08/07 13:20:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed

[2012/08/05 17:12:10 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Documents\Symantec

[2012/08/05 17:10:26 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012/08/05 17:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2012/08/05 17:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2012/08/05 17:09:42 | 001,092,728 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0602010.005\SymEFA64.sys

[2012/08/05 17:09:42 | 000,737,912 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0602010.005\srtsp64.sys

[2012/08/05 17:09:42 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0602010.005\SymDS64.sys

[2012/08/05 17:09:42 | 000,405,624 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0602010.005\symnets.sys

[2012/08/05 17:09:42 | 000,190,072 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0602010.005\Ironx64.sys

[2012/08/05 17:09:42 | 000,167,048 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0602010.005\ccSetx64.sys

[2012/08/05 17:09:42 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0602010.005\srtspx64.sys

[2012/08/05 17:09:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64

[2012/08/05 17:09:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\0602010.005

[2012/08/05 17:09:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360

[2012/08/05 17:09:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

[2012/08/05 17:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings

[2012/08/05 16:36:17 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton

[2012/08/03 03:05:32 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012/07/30 23:09:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2012/07/30 23:09:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2012/07/30 23:09:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2012/07/30 23:09:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2012/07/30 23:09:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2012/07/30 23:09:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2012/07/30 23:09:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2012/07/30 23:09:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2012/07/30 23:09:09 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2012/07/30 23:09:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2012/07/30 23:09:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2012/07/30 23:09:09 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2012/07/30 23:09:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2012/07/23 21:06:09 | 000,000,000 | R--D | C] -- C:\Users\Jennifer\Dropbox

[2012/07/23 19:17:25 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

[2012/07/23 19:16:58 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Dropbox

[2012/07/15 19:31:47 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Microsoft Games

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/11 19:06:04 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/11 19:00:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe

[2012/08/11 18:52:06 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/08/11 18:52:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/08/11 12:30:02 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/11 12:30:02 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/11 12:26:34 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/08/11 12:26:34 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/08/11 12:26:34 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/08/11 12:22:27 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/11 12:22:06 | 460,918,783 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/11 12:16:31 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2012/08/10 23:25:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jennifer\Desktop\dds.com

[2012/08/10 22:10:02 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/10 17:06:39 | 000,000,009 | ---- | M] () -- C:\END

[2012/08/07 15:53:06 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

[2012/08/07 15:53:06 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/08/05 17:10:58 | 001,606,782 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\Cat.DB

[2012/08/05 17:10:26 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012/08/05 17:10:26 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012/08/05 17:10:26 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF

[2012/08/05 17:10:17 | 000,002,386 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2012/08/05 17:08:51 | 000,001,310 | ---- | M] () -- C:\Users\Jennifer\Desktop\Norton Installation Files.lnk

[2012/07/30 23:31:31 | 000,416,000 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/07/23 21:06:09 | 000,001,054 | ---- | M] () -- C:\Users\Jennifer\Desktop\Dropbox.lnk

[2012/07/23 19:17:40 | 000,001,064 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/11 12:08:50 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012/08/11 12:08:50 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012/08/11 12:08:50 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012/08/11 12:08:50 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012/08/11 12:08:50 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012/08/10 22:07:29 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/10 17:06:37 | 000,000,009 | ---- | C] () -- C:\END

[2012/08/07 13:20:43 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/08/05 17:10:28 | 001,606,782 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\Cat.DB

[2012/08/05 17:10:26 | 000,007,488 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012/08/05 17:10:26 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF

[2012/08/05 17:10:17 | 000,002,386 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2012/08/05 17:09:17 | 000,003,434 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\SymEFA.inf

[2012/08/05 17:09:17 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\SymDS.inf

[2012/08/05 17:09:17 | 000,001,441 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\SymNet.inf

[2012/08/05 17:09:17 | 000,001,437 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\srtsp64.inf

[2012/08/05 17:09:17 | 000,001,419 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\srtspx64.inf

[2012/08/05 17:09:17 | 000,000,853 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\ccSetx64.inf

[2012/08/05 17:09:17 | 000,000,772 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\Iron.inf

[2012/08/05 17:09:14 | 000,004,782 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\SymVTcer.dat

[2012/08/05 17:09:11 | 000,007,496 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\SymDS64.cat

[2012/08/05 17:09:11 | 000,007,462 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\srtspx64.cat

[2012/08/05 17:09:11 | 000,007,460 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\SymEFA64.cat

[2012/08/05 17:09:11 | 000,007,458 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\symnet64.cat

[2012/08/05 17:09:11 | 000,007,458 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\srtsp64.cat

[2012/08/05 17:09:11 | 000,007,450 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\iron.cat

[2012/08/05 17:09:10 | 000,007,468 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\ccsetx64.cat

[2012/08/05 17:09:10 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0602010.005\isolate.ini

[2012/08/05 16:36:17 | 000,001,310 | ---- | C] () -- C:\Users\Jennifer\Desktop\Norton Installation Files.lnk

[2012/07/23 21:06:09 | 000,001,054 | ---- | C] () -- C:\Users\Jennifer\Desktop\Dropbox.lnk

[2012/07/23 19:17:40 | 000,001,064 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012/07/09 17:26:02 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI

[2011/06/26 19:53:56 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2011/06/26 19:53:56 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2011/06/26 19:53:56 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2011/06/26 19:48:56 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll

[2011/06/26 19:28:06 | 013,899,776 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2010/11/20 20:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr

[2011/11/11 00:41:19 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2012/08/11 12:19:53 | 000,023,895 | ---- | M] () -- C:\ComboFix.txt

[2012/08/10 17:06:39 | 000,000,009 | ---- | M] () -- C:\END

[2012/08/11 12:22:06 | 460,918,783 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/11 12:22:14 | 2046,218,239 | -HS- | M] () -- C:\pagefile.sys

[2012/08/10 23:06:53 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.38.0_10.08.2012_23.06.43_log.txt

[2012/08/10 23:09:05 | 000,257,598 | ---- | M] () -- C:\TDSSKiller.2.7.48.0_10.08.2012_23.07.42_log.txt

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

knit · August 12, 2012

OTL Extras logfile created on: 8/11/2012 7:03:14 PM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Jennifer\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.13 Gb Available Physical Memory | 69.94% Memory free

11.81 Gb Paging File | 9.89 Gb Available in Paging File | 83.74% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 579.51 Gb Total Space | 536.69 Gb Free Space | 92.61% Space Free | Partition Type: NTFS

Computer Name: HAPAGIRL | User Name: Jennifer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{194D8C0E-3196-426B-807B-529A2A781D2A}" = rport=138 | protocol=17 | dir=out | app=system |

"{27D95E1D-75E2-4CD4-9EE1-4B3ABBCF9FCA}" = rport=10243 | protocol=6 | dir=out | app=system |

"{329EA959-ABC4-4C53-B787-82452FF092D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{375E05DA-2215-4839-ABBC-EDCC1D3397A1}" = lport=137 | protocol=17 | dir=in | app=system |

"{4424961F-10C1-4695-9AB5-7E8FF2C14C79}" = rport=137 | protocol=17 | dir=out | app=system |

"{45E38E4D-B9B5-4545-80D6-705425FE2798}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4ADE437F-17A5-4116-AD1A-C3C9347AA447}" = lport=2869 | protocol=6 | dir=in | app=system |

"{4F1B94DE-E633-47CE-8225-E974C4878E72}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{52C22B9B-E054-4B66-A1B9-2D55ABFF908E}" = lport=10243 | protocol=6 | dir=in | app=system |

"{5746A41E-3646-4081-9749-8D5C65EC2D6C}" = lport=138 | protocol=17 | dir=in | app=system |

"{7E95221A-47C7-4CB6-9EB5-FBB3B5C83B6E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{94AC536D-EB85-43DE-BC2F-AAE06ADE18D8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A933D9B3-2F30-4780-B9BE-20EABDC9E2F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{A9751C09-C987-45DF-88B1-874C66849D91}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{B908CAC6-73C9-4504-AAA6-409A98104EED}" = rport=139 | protocol=6 | dir=out | app=system |

"{BABB3F1B-FB5B-4880-AB8E-D22249214145}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{C6CAA077-A785-4EB2-859C-DC93040A5159}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{D6A8901D-958A-4F6F-8D89-01AA4800497B}" = lport=139 | protocol=6 | dir=in | app=system |

"{D9FECC75-A183-40FC-91FB-52E0477A7B2A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{DA53E53E-5740-4E01-8162-763DB2469ACB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{DD2DAC24-FADF-4466-A29C-BB9DF86F8E25}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{E7757ECE-C2E2-40FA-A650-F04678237B9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{EF7783C0-D4B7-4803-A894-54DFFB2277E3}" = rport=445 | protocol=6 | dir=out | app=system |

"{F12B1291-686A-4C27-A32F-96808CBC447A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{FC207A66-662D-43EF-BB46-2A82FAA40D30}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0D2EA6A3-7527-4B03-A886-7770A1B1D995}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{222B2A06-C9D6-43DA-BCFF-77EAA3FEB717}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{2A9577B3-4852-49F2-8F42-3F615D99A0BC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{2E515092-1BC1-4322-ACC5-A5EB060CFAC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{31680717-94BE-41A5-BC88-47408561FC44}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{3D0F4C40-8606-4649-89D0-0D42ABEA8F4F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{43010D04-4E74-4B3F-B053-6F88B0B0F7B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{625D8CC4-E25C-4E34-A52C-15FAF92095C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{65EFBB5B-6429-4475-8622-88D04E7565BA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{6A13B296-9685-48F6-9DE8-9B9446EFBF54}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{8C797ED8-E456-4882-9DBB-0069ADD43561}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{A976DBD9-2EF4-4888-A3C7-BFD57B111E02}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{AAA97E08-DD36-40DE-8111-5E8927A4BCFD}" = protocol=17 | dir=in | app=c:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe |

"{AFF16D3B-0F82-48E1-8332-B393379439DC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B889B99E-F5A9-4897-A22E-02BBA48798FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C001F96A-2B3E-498A-83CB-D77F785D107C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{C4DA345E-25F6-4DBC-9DE9-356B01454A74}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{C6D14CF6-2B5D-4355-83CB-925ECFF34AFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{CA39B1E8-B6BB-48B7-A856-8B4183F75BA3}" = protocol=6 | dir=in | app=c:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe |

"{D04B126A-8A5A-4405-A9F5-FB353218C6E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{DAC18F86-7D35-4F9D-B541-7C6B8BD7E4FF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{ED4D35AE-1FAA-42EC-9BC0-B7DB6F7DD075}" = protocol=6 | dir=out | app=system |

"{F99AF1E4-29CE-42AE-AAF7-DC3D905A222D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{FAD92ACC-4BB9-4AEB-BCB4-E05F3971E0DF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board

"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"PROSet" = Intel® Network Connections Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 25

"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player

"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application

"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial

"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in

"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.15.17.02

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"DefaultTab" = DefaultTab

"DefaultTab Chrome" = DefaultTab Chrome

"Google Chrome" = Google Chrome

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board

"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"N360" = Norton 360

"NortonPCCheckup" = Toshiba Laptop Checkup

"PUBLISHERR" = Microsoft Office Publisher 2007

"WildTangent toshiba Master Uninstall" = WildTangent Games

"WinLiveSuite" = Windows Live Essentials

"WTA-0f19d41f-a6ac-449c-95ae-7aa3302067ac" = FATE - The Traitor Soul

"WTA-16689b5a-a394-4e1b-a0c2-907c426533e1" = Tales of Lagoona

"WTA-42c090d3-b918-4cad-b0bb-d4e31f07010d" = Letters from Nowhere 2

"WTA-5ac09275-be19-497c-8ac4-1b50069280fb" = Zuma's Revenge

"WTA-641dc5ea-52a7-4920-aad9-1bfdad05e37a" = Bejeweled 3

"WTA-8c4477fe-d12a-4658-aa86-65f35df5170a" = Plants vs. Zombies - Game of the Year

"WTA-9c9224b1-7b61-483e-bb64-81b12685e966" = Polar Bowler

"WTA-cb6d9e90-4b01-4583-a214-1ef33a73187e" = RollerCoaster Tycoon 3: Platinum

"WTA-de9e3164-09a6-4d71-ac26-2d2453e94008" = Penguins!

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/9/2012 8:13:24 PM | Computer Name = HapaGirl | Source = Application Error | ID = 1000

Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:

0x4df67dcc Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp:

0x4ce7ba58 Exception code: 0xc0000005 Fault offset: 0x0002e39e Faulting process id:

0x10f8 Faulting application start time: 0x01cd5e30b766637c Faulting application path:

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module path:

C:\windows\SysWOW64\ntdll.dll Report Id: 10170538-ca24-11e1-8600-e8e0b71b2b55

Error - 7/9/2012 8:16:17 PM | Computer Name = HapaGirl | Source = WinMgmt | ID = 10

Description =

Error - 7/9/2012 8:52:08 PM | Computer Name = HapaGirl | Source = WinMgmt | ID = 10

Description =

Error - 7/9/2012 9:09:59 PM | Computer Name = HapaGirl | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 7/9/2012 9:10:00 PM | Computer Name = HapaGirl | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 7/10/2012 9:09:59 PM | Computer Name = HapaGirl | Source = Toshiba App Place | ID = 0

Description =

Error - 7/11/2012 1:43:22 AM | Computer Name = HapaGirl | Source = Microsoft-Windows-RestartManager | ID = 10006

Description = Application or service 'Microsoft Office Word' could not be shut down.

Error - 7/11/2012 1:46:17 AM | Computer Name = HapaGirl | Source = WinMgmt | ID = 10

Description =

Error - 7/12/2012 2:04:45 AM | Computer Name = HapaGirl | Source = Toshiba App Place | ID = 0

Description =

Error - 7/12/2012 3:46:08 AM | Computer Name = HapaGirl | Source = VSS | ID = 8194

Description =

[ System Events ]

Error - 7/9/2012 8:48:43 PM | Computer Name = HapaGirl | Source = DCOM | ID = 10010

Description =

Error - 7/24/2012 7:13:41 PM | Computer Name = HapaGirl | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the PCCUJobMgr service.

Error - 7/25/2012 6:07:16 PM | Computer Name = HapaGirl | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the PCCUJobMgr service.

Error - 7/29/2012 1:08:13 PM | Computer Name = HapaGirl | Source = DCOM | ID = 10010

Description =

Error - 7/29/2012 1:18:10 PM | Computer Name = HapaGirl | Source = DCOM | ID = 10010

Description =

Error - 7/31/2012 2:29:05 AM | Computer Name = HapaGirl | Source = DCOM | ID = 10010

Description =

< End of report >

-------------------------------------------------------------------------------------------------------------------------

19:16:21.0590 2516 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

19:16:22.0051 2516 ============================================================

19:16:22.0051 2516 Current date / time: 2012/08/11 19:16:22.0051

19:16:22.0051 2516 SystemInfo:

19:16:22.0051 2516

19:16:22.0051 2516 OS Version: 6.1.7601 ServicePack: 1.0

19:16:22.0052 2516 Product type: Workstation

19:16:22.0052 2516 ComputerName: HAPAGIRL

19:16:22.0052 2516 UserName: Jennifer

19:16:22.0052 2516 Windows directory: C:\windows

19:16:22.0052 2516 System windows directory: C:\windows

19:16:22.0052 2516 Running under WOW64

19:16:22.0052 2516 Processor architecture: Intel x64

19:16:22.0052 2516 Number of processors: 4

19:16:22.0052 2516 Page size: 0x1000

19:16:22.0052 2516 Boot type: Normal boot

19:16:22.0052 2516 ============================================================

19:16:23.0721 2516 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:16:23.0730 2516 ============================================================

19:16:23.0730 2516 \Device\Harddisk0\DR0:

19:16:23.0731 2516 MBR partitions:

19:16:23.0731 2516 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48704800

19:16:23.0731 2516 ============================================================

19:16:23.0771 2516 C: <-> \Device\Harddisk0\DR0\Partition0

19:16:23.0772 2516 ============================================================

19:16:23.0772 2516 Initialize success

19:16:23.0772 2516 ============================================================

19:17:10.0287 5340 ============================================================

19:17:10.0287 5340 Scan started

19:17:10.0287 5340 Mode: Manual;

19:17:10.0287 5340 ============================================================

19:17:11.0039 5340 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

19:17:11.0045 5340 1394ohci - ok

19:17:11.0088 5340 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

19:17:11.0093 5340 ACPI - ok

19:17:11.0120 5340 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

19:17:11.0122 5340 AcpiPmi - ok

19:17:11.0357 5340 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

19:17:11.0362 5340 AdobeFlashPlayerUpdateSvc - ok

19:17:11.0449 5340 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys

19:17:11.0460 5340 adp94xx - ok

19:17:11.0537 5340 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys

19:17:11.0544 5340 adpahci - ok

19:17:11.0585 5340 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys

19:17:11.0589 5340 adpu320 - ok

19:17:11.0634 5340 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

19:17:11.0637 5340 AeLookupSvc - ok

19:17:11.0741 5340 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

19:17:11.0752 5340 AFD - ok

19:17:11.0810 5340 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

19:17:11.0813 5340 agp440 - ok

19:17:11.0874 5340 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

19:17:11.0877 5340 ALG - ok

19:17:11.0940 5340 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

19:17:11.0942 5340 aliide - ok

19:17:11.0948 5340 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

19:17:11.0950 5340 amdide - ok

19:17:11.0963 5340 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys

19:17:11.0965 5340 AmdK8 - ok

19:17:11.0977 5340 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys

19:17:11.0979 5340 AmdPPM - ok

19:17:11.0988 5340 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

19:17:11.0990 5340 amdsata - ok

19:17:12.0020 5340 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys

19:17:12.0023 5340 amdsbs - ok

19:17:12.0027 5340 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

19:17:12.0028 5340 amdxata - ok

19:17:12.0103 5340 ApfiltrService (a8d468753d02f528d7d5ae649e2d31fc) C:\windows\system32\DRIVERS\Apfiltr.sys

19:17:12.0110 5340 ApfiltrService - ok

19:17:12.0166 5340 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

19:17:12.0168 5340 AppID - ok

19:17:12.0200 5340 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

19:17:12.0202 5340 AppIDSvc - ok

19:17:12.0235 5340 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

19:17:12.0236 5340 Appinfo - ok

19:17:12.0313 5340 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys

19:17:12.0315 5340 arc - ok

19:17:12.0328 5340 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys

19:17:12.0331 5340 arcsas - ok

19:17:12.0349 5340 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

19:17:12.0350 5340 AsyncMac - ok

19:17:12.0377 5340 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

19:17:12.0378 5340 atapi - ok

19:17:12.0611 5340 athr (b2931c83cfb12a3223a47b180473ae1a) C:\windows\system32\DRIVERS\athrx.sys

19:17:12.0642 5340 athr - ok

19:17:12.0840 5340 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

19:17:12.0854 5340 AudioEndpointBuilder - ok

19:17:12.0869 5340 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

19:17:12.0881 5340 AudioSrv - ok

19:17:12.0946 5340 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

19:17:12.0949 5340 AxInstSV - ok

19:17:13.0058 5340 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys

19:17:13.0066 5340 b06bdrv - ok

19:17:13.0165 5340 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

19:17:13.0170 5340 b57nd60a - ok

19:17:13.0321 5340 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

19:17:13.0324 5340 BDESVC - ok

19:17:13.0431 5340 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

19:17:13.0432 5340 Beep - ok

19:17:13.0596 5340 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll

19:17:13.0611 5340 BFE - ok

19:17:13.0909 5340 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120804.001\BHDrvx64.sys

19:17:13.0933 5340 BHDrvx64 - ok

19:17:14.0103 5340 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll

19:17:14.0118 5340 BITS - ok

19:17:14.0200 5340 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

19:17:14.0202 5340 blbdrive - ok

19:17:14.0263 5340 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

19:17:14.0265 5340 bowser - ok

19:17:14.0311 5340 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys

19:17:14.0313 5340 BrFiltLo - ok

19:17:14.0326 5340 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys

19:17:14.0327 5340 BrFiltUp - ok

19:17:14.0361 5340 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys

19:17:14.0363 5340 BridgeMP - ok

19:17:14.0423 5340 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

19:17:14.0427 5340 Browser - ok

19:17:14.0472 5340 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

19:17:14.0479 5340 Brserid - ok

19:17:14.0501 5340 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

19:17:14.0503 5340 BrSerWdm - ok

19:17:14.0511 5340 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

19:17:14.0513 5340 BrUsbMdm - ok

19:17:14.0523 5340 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

19:17:14.0525 5340 BrUsbSer - ok

19:17:14.0534 5340 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys

19:17:14.0535 5340 BTHMODEM - ok

19:17:14.0585 5340 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

19:17:14.0586 5340 bthserv - ok

19:17:14.0609 5340 catchme - ok

19:17:14.0712 5340 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys

19:17:14.0716 5340 ccSet_N360 - ok

19:17:14.0783 5340 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

19:17:14.0787 5340 cdfs - ok

19:17:14.0845 5340 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

19:17:14.0849 5340 cdrom - ok

19:17:14.0920 5340 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

19:17:14.0923 5340 CertPropSvc - ok

19:17:14.0972 5340 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys

19:17:14.0973 5340 circlass - ok

19:17:15.0051 5340 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

19:17:15.0058 5340 CLFS - ok

19:17:15.0177 5340 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:17:15.0180 5340 clr_optimization_v2.0.50727_32 - ok

19:17:15.0243 5340 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:17:15.0247 5340 clr_optimization_v2.0.50727_64 - ok

19:17:15.0336 5340 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:17:15.0339 5340 clr_optimization_v4.0.30319_32 - ok

19:17:15.0400 5340 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:17:15.0404 5340 clr_optimization_v4.0.30319_64 - ok

19:17:15.0471 5340 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

19:17:15.0473 5340 CmBatt - ok

19:17:15.0478 5340 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

19:17:15.0480 5340 cmdide - ok

19:17:15.0564 5340 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys

19:17:15.0573 5340 CNG - ok

19:17:15.0637 5340 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys

19:17:15.0639 5340 Compbatt - ok

19:17:15.0648 5340 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys

19:17:15.0649 5340 CompositeBus - ok

19:17:15.0677 5340 COMSysApp - ok

19:17:15.0685 5340 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys

19:17:15.0686 5340 crcdisk - ok

19:17:15.0745 5340 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll

19:17:15.0749 5340 CryptSvc - ok

19:17:15.0853 5340 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

19:17:15.0864 5340 DcomLaunch - ok

19:17:16.0049 5340 DefaultTabSearch (2ab40d0f2c34549604c75dc0b54451e7) C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe

19:17:16.0058 5340 DefaultTabSearch - ok

19:17:16.0101 5340 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

19:17:16.0106 5340 defragsvc - ok

19:17:16.0191 5340 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

19:17:16.0194 5340 DfsC - ok

19:17:16.0276 5340 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

19:17:16.0281 5340 Dhcp - ok

19:17:16.0310 5340 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

19:17:16.0311 5340 discache - ok

19:17:16.0347 5340 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys

19:17:16.0349 5340 Disk - ok

19:17:16.0398 5340 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

19:17:16.0403 5340 Dnscache - ok

19:17:16.0426 5340 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

19:17:16.0430 5340 dot3svc - ok

19:17:16.0444 5340 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

19:17:16.0447 5340 DPS - ok

19:17:16.0490 5340 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

19:17:16.0492 5340 drmkaud - ok

19:17:16.0561 5340 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

19:17:16.0575 5340 DXGKrnl - ok

19:17:16.0658 5340 e1cexpress (8563d1507431c77e295fe9a01ae8d014) C:\windows\system32\DRIVERS\e1c62x64.sys

19:17:16.0665 5340 e1cexpress - ok

19:17:16.0702 5340 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

19:17:16.0706 5340 EapHost - ok

19:17:16.0926 5340 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys

19:17:16.0962 5340 ebdrv - ok

19:17:17.0096 5340 eeCtrl (4353ff94d47a0a9d52b89eccf0cdb013) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

19:17:17.0107 5340 eeCtrl - ok

19:17:17.0237 5340 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

19:17:17.0238 5340 EFS - ok

19:17:17.0351 5340 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

19:17:17.0362 5340 ehRecvr - ok

19:17:17.0387 5340 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

19:17:17.0389 5340 ehSched - ok

19:17:17.0505 5340 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys

19:17:17.0518 5340 elxstor - ok

19:17:17.0623 5340 EraserUtilRebootDrv (c5bccb378d0a896304a3e71be7215983) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

19:17:17.0626 5340 EraserUtilRebootDrv - ok

19:17:17.0649 5340 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

19:17:17.0651 5340 ErrDev - ok

19:17:17.0739 5340 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

19:17:17.0746 5340 EventSystem - ok

19:17:17.0771 5340 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

19:17:17.0774 5340 exfat - ok

19:17:17.0796 5340 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

19:17:17.0800 5340 fastfat - ok

19:17:17.0898 5340 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

19:17:17.0915 5340 Fax - ok

19:17:17.0952 5340 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys

19:17:17.0955 5340 fdc - ok

19:17:17.0983 5340 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

19:17:17.0985 5340 fdPHost - ok

19:17:17.0995 5340 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

19:17:17.0998 5340 FDResPub - ok

19:17:18.0068 5340 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

19:17:18.0070 5340 FileInfo - ok

19:17:18.0076 5340 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

19:17:18.0078 5340 Filetrace - ok

19:17:18.0103 5340 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys

19:17:18.0104 5340 flpydisk - ok

19:17:18.0127 5340 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

19:17:18.0131 5340 FltMgr - ok

19:17:18.0230 5340 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

19:17:18.0252 5340 FontCache - ok

19:17:18.0297 5340 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:17:18.0299 5340 FontCache3.0.0.0 - ok

19:17:18.0340 5340 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

19:17:18.0342 5340 FsDepends - ok

19:17:18.0392 5340 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys

19:17:18.0393 5340 Fs_Rec - ok

19:17:18.0456 5340 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

19:17:18.0460 5340 fvevol - ok

19:17:18.0517 5340 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys

19:17:18.0520 5340 gagp30kx - ok

19:17:18.0643 5340 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

19:17:18.0648 5340 GamesAppService - ok

19:17:18.0763 5340 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

19:17:18.0781 5340 gpsvc - ok

19:17:18.0866 5340 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:17:18.0869 5340 gupdate - ok

19:17:18.0893 5340 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:17:18.0896 5340 gupdatem - ok

19:17:18.0946 5340 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

19:17:18.0951 5340 gusvc - ok

19:17:19.0015 5340 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

19:17:19.0017 5340 hcw85cir - ok

19:17:19.0097 5340 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

19:17:19.0105 5340 HdAudAddService - ok

19:17:19.0158 5340 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys

19:17:19.0162 5340 HDAudBus - ok

19:17:19.0190 5340 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys

19:17:19.0192 5340 HidBatt - ok

19:17:19.0216 5340 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys

19:17:19.0219 5340 HidBth - ok

19:17:19.0243 5340 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys

19:17:19.0245 5340 HidIr - ok

19:17:19.0283 5340 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll

19:17:19.0285 5340 hidserv - ok

19:17:19.0341 5340 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

19:17:19.0342 5340 HidUsb - ok

19:17:19.0376 5340 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

19:17:19.0379 5340 hkmsvc - ok

19:17:19.0410 5340 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

19:17:19.0415 5340 HomeGroupListener - ok

19:17:19.0454 5340 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

19:17:19.0458 5340 HomeGroupProvider - ok

19:17:19.0502 5340 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

19:17:19.0504 5340 HpSAMD - ok

19:17:19.0598 5340 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

19:17:19.0610 5340 HTTP - ok

19:17:19.0631 5340 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

19:17:19.0632 5340 hwpolicy - ok

19:17:19.0691 5340 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

19:17:19.0694 5340 i8042prt - ok

19:17:19.0783 5340 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys

19:17:19.0789 5340 iaStor - ok

19:17:19.0864 5340 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

19:17:19.0872 5340 iaStorV - ok

19:17:20.0011 5340 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:17:20.0027 5340 idsvc - ok

19:17:20.0225 5340 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120810.001\IDSvia64.sys

19:17:20.0237 5340 IDSVia64 - ok

19:17:21.0047 5340 igfx (93c8115d4baeb1bd047ab0a9b265ee7a) C:\windows\system32\DRIVERS\igdkmd64.sys

19:17:21.0276 5340 igfx - ok

19:17:21.0439 5340 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys

19:17:21.0440 5340 iirsp - ok

19:17:21.0517 5340 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

19:17:21.0531 5340 IKEEXT - ok

19:17:21.0749 5340 IntcAzAudAddService (51e8db3618d106a2b2849a00839cc452) C:\windows\system32\drivers\RTKVHD64.sys

19:17:21.0785 5340 IntcAzAudAddService - ok

19:17:21.0983 5340 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys

19:17:21.0991 5340 IntcDAud - ok

19:17:22.0015 5340 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

19:17:22.0017 5340 intelide - ok

19:17:22.0053 5340 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

19:17:22.0055 5340 intelppm - ok

19:17:22.0100 5340 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

19:17:22.0104 5340 IPBusEnum - ok

19:17:22.0123 5340 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

19:17:22.0125 5340 IpFilterDriver - ok

19:17:22.0204 5340 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll

19:17:22.0214 5340 iphlpsvc - ok

19:17:22.0235 5340 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

19:17:22.0237 5340 IPMIDRV - ok

19:17:22.0256 5340 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

19:17:22.0259 5340 IPNAT - ok

19:17:22.0285 5340 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

19:17:22.0286 5340 IRENUM - ok

19:17:22.0292 5340 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

19:17:22.0293 5340 isapnp - ok

19:17:22.0340 5340 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

19:17:22.0344 5340 iScsiPrt - ok

19:17:22.0382 5340 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

19:17:22.0383 5340 kbdclass - ok

19:17:22.0431 5340 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

19:17:22.0433 5340 kbdhid - ok

19:17:22.0460 5340 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

19:17:22.0462 5340 KeyIso - ok

19:17:22.0491 5340 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys

19:17:22.0494 5340 KSecDD - ok

19:17:22.0518 5340 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys

19:17:22.0522 5340 KSecPkg - ok

19:17:22.0579 5340 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

19:17:22.0581 5340 ksthunk - ok

19:17:22.0635 5340 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

19:17:22.0642 5340 KtmRm - ok

19:17:22.0681 5340 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll

19:17:22.0687 5340 LanmanServer - ok

19:17:22.0743 5340 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

19:17:22.0749 5340 LanmanWorkstation - ok

19:17:22.0805 5340 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

19:17:22.0807 5340 lltdio - ok

19:17:22.0858 5340 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

19:17:22.0866 5340 lltdsvc - ok

19:17:22.0895 5340 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

19:17:22.0897 5340 lmhosts - ok

19:17:23.0016 5340 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

19:17:23.0022 5340 LMS - ok

19:17:23.0078 5340 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys

19:17:23.0081 5340 LSI_FC - ok

19:17:23.0102 5340 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys

19:17:23.0104 5340 LSI_SAS - ok

19:17:23.0113 5340 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys

19:17:23.0114 5340 LSI_SAS2 - ok

19:17:23.0125 5340 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys

19:17:23.0127 5340 LSI_SCSI - ok

19:17:23.0135 5340 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

19:17:23.0137 5340 luafv - ok

19:17:23.0164 5340 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

19:17:23.0166 5340 Mcx2Svc - ok

19:17:23.0180 5340 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys

19:17:23.0181 5340 megasas - ok

19:17:23.0250 5340 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys

19:17:23.0257 5340 MegaSR - ok

19:17:23.0307 5340 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys

19:17:23.0308 5340 MEIx64 - ok

19:17:23.0364 5340 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

19:17:23.0366 5340 MMCSS - ok

19:17:23.0374 5340 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

19:17:23.0375 5340 Modem - ok

19:17:23.0421 5340 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

19:17:23.0422 5340 monitor - ok

19:17:23.0460 5340 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

19:17:23.0488 5340 mouclass - ok

19:17:23.0522 5340 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

19:17:23.0524 5340 mouhid - ok

19:17:23.0564 5340 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

19:17:23.0566 5340 mountmgr - ok

19:17:23.0792 5340 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

19:17:23.0796 5340 MozillaMaintenance - ok

19:17:23.0825 5340 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

19:17:23.0829 5340 mpio - ok

19:17:23.0837 5340 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

19:17:23.0839 5340 mpsdrv - ok

19:17:23.0914 5340 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll

19:17:23.0929 5340 MpsSvc - ok

19:17:23.0949 5340 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

19:17:23.0951 5340 MRxDAV - ok

19:17:23.0971 5340 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

19:17:23.0973 5340 mrxsmb - ok

19:17:23.0991 5340 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

19:17:23.0995 5340 mrxsmb10 - ok

19:17:24.0004 5340 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

19:17:24.0006 5340 mrxsmb20 - ok

19:17:24.0010 5340 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys

19:17:24.0011 5340 msahci - ok

19:17:24.0020 5340 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

19:17:24.0022 5340 msdsm - ok

19:17:24.0050 5340 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

19:17:24.0054 5340 MSDTC - ok

19:17:24.0085 5340 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

19:17:24.0086 5340 Msfs - ok

19:17:24.0111 5340 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

19:17:24.0115 5340 mshidkmdf - ok

19:17:24.0126 5340 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

19:17:24.0128 5340 msisadrv - ok

19:17:24.0192 5340 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

19:17:24.0198 5340 MSiSCSI - ok

19:17:24.0203 5340 msiserver - ok

19:17:24.0267 5340 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

19:17:24.0269 5340 MSKSSRV - ok

19:17:24.0275 5340 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

19:17:24.0277 5340 MSPCLOCK - ok

19:17:24.0284 5340 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

19:17:24.0285 5340 MSPQM - ok

19:17:24.0311 5340 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

19:17:24.0317 5340 MsRPC - ok

19:17:24.0324 5340 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

19:17:24.0325 5340 mssmbios - ok

19:17:24.0329 5340 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

19:17:24.0330 5340 MSTEE - ok

19:17:24.0334 5340 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys

19:17:24.0335 5340 MTConfig - ok

19:17:24.0342 5340 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

19:17:24.0343 5340 Mup - ok

19:17:24.0502 5340 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe

19:17:24.0505 5340 N360 - ok

19:17:24.0572 5340 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

19:17:24.0584 5340 napagent - ok

19:17:24.0670 5340 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

19:17:24.0676 5340 NativeWifiP - ok

19:17:24.0846 5340 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120811.008\ENG64.SYS

19:17:24.0848 5340 NAVENG - ok

19:17:24.0997 5340 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120811.008\EX64.SYS

19:17:25.0012 5340 NAVEX15 - ok

19:17:25.0192 5340 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

19:17:25.0209 5340 NDIS - ok

19:17:25.0229 5340 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

19:17:25.0230 5340 NdisCap - ok

19:17:25.0276 5340 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

19:17:25.0278 5340 NdisTapi - ok

19:17:25.0287 5340 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

19:17:25.0290 5340 Ndisuio - ok

19:17:25.0311 5340 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

19:17:25.0313 5340 NdisWan - ok

19:17:25.0319 5340 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

19:17:25.0320 5340 NDProxy - ok

19:17:25.0326 5340 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

19:17:25.0327 5340 NetBIOS - ok

19:17:25.0344 5340 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

19:17:25.0347 5340 NetBT - ok

19:17:25.0370 5340 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

19:17:25.0372 5340 Netlogon - ok

19:17:25.0455 5340 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

19:17:25.0462 5340 Netman - ok

19:17:25.0492 5340 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

19:17:25.0498 5340 netprofm - ok

19:17:25.0579 5340 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:17:25.0584 5340 NetTcpPortSharing - ok

19:17:25.0641 5340 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys

19:17:25.0643 5340 nfrd960 - ok

19:17:25.0743 5340 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

19:17:25.0751 5340 NlaSvc - ok

19:17:25.0834 5340 Norton PC Checkup Application Launcher - ok

19:17:25.0852 5340 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

19:17:25.0854 5340 Npfs - ok

19:17:25.0890 5340 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

19:17:25.0893 5340 nsi - ok

19:17:25.0917 5340 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

19:17:25.0919 5340 nsiproxy - ok

19:17:26.0030 5340 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

19:17:26.0058 5340 Ntfs - ok

19:17:26.0170 5340 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

19:17:26.0172 5340 Null - ok

19:17:26.0222 5340 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\windows\system32\DRIVERS\nusb3hub.sys

19:17:26.0224 5340 nusb3hub - ok

19:17:26.0251 5340 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\windows\system32\DRIVERS\nusb3xhc.sys

19:17:26.0255 5340 nusb3xhc - ok

19:17:26.0305 5340 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

19:17:26.0309 5340 nvraid - ok

19:17:26.0340 5340 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

19:17:26.0343 5340 nvstor - ok

19:17:26.0398 5340 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

19:17:26.0401 5340 nv_agp - ok

19:17:26.0524 5340 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

19:17:26.0534 5340 odserv - ok

19:17:26.0567 5340 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

19:17:26.0570 5340 ohci1394 - ok

19:17:26.0638 5340 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:17:26.0642 5340 ose - ok

19:17:26.0726 5340 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

19:17:26.0733 5340 p2pimsvc - ok

19:17:26.0780 5340 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

19:17:26.0789 5340 p2psvc - ok

19:17:26.0828 5340 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys

19:17:26.0830 5340 Parport - ok

19:17:26.0865 5340 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys

19:17:26.0868 5340 partmgr - ok

19:17:26.0913 5340 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

19:17:26.0918 5340 PcaSvc - ok

19:17:26.0979 5340 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

19:17:26.0982 5340 PCCUJobMgr - ok

19:17:27.0015 5340 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

19:17:27.0019 5340 pci - ok

19:17:27.0026 5340 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

19:17:27.0027 5340 pciide - ok

19:17:27.0047 5340 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys

19:17:27.0050 5340 pcmcia - ok

19:17:27.0056 5340 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

19:17:27.0058 5340 pcw - ok

19:17:27.0096 5340 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

19:17:27.0105 5340 PEAUTH - ok

19:17:27.0223 5340 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

19:17:27.0226 5340 PerfHost - ok

19:17:27.0315 5340 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys

19:17:27.0317 5340 PGEffect - ok

19:17:27.0430 5340 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

19:17:27.0448 5340 pla - ok

19:17:27.0537 5340 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

19:17:27.0548 5340 PlugPlay - ok

19:17:27.0571 5340 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

19:17:27.0574 5340 PNRPAutoReg - ok

19:17:27.0624 5340 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

19:17:27.0629 5340 PNRPsvc - ok

19:17:27.0700 5340 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

19:17:27.0709 5340 PolicyAgent - ok

19:17:27.0732 5340 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

19:17:27.0736 5340 Power - ok

19:17:27.0812 5340 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

19:17:27.0816 5340 PptpMiniport - ok

19:17:27.0837 5340 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys

19:17:27.0839 5340 Processor - ok

19:17:27.0887 5340 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll

19:17:27.0892 5340 ProfSvc - ok

19:17:27.0915 5340 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

19:17:27.0917 5340 ProtectedStorage - ok

19:17:27.0985 5340 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

19:17:27.0989 5340 Psched - ok

19:17:28.0113 5340 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys

19:17:28.0144 5340 ql2300 - ok

19:17:28.0274 5340 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys

19:17:28.0277 5340 ql40xx - ok

19:17:28.0323 5340 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

19:17:28.0330 5340 QWAVE - ok

19:17:28.0356 5340 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

19:17:28.0358 5340 QWAVEdrv - ok

19:17:28.0363 5340 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

19:17:28.0365 5340 RasAcd - ok

19:17:28.0422 5340 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

19:17:28.0423 5340 RasAgileVpn - ok

19:17:28.0464 5340 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

19:17:28.0468 5340 RasAuto - ok

19:17:28.0534 5340 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

19:17:28.0537 5340 Rasl2tp - ok

19:17:28.0620 5340 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

19:17:28.0628 5340 RasMan - ok

19:17:28.0677 5340 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

19:17:28.0680 5340 RasPppoe - ok

19:17:28.0701 5340 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

19:17:28.0703 5340 RasSstp - ok

19:17:28.0728 5340 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

19:17:28.0734 5340 rdbss - ok

19:17:28.0744 5340 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys

19:17:28.0746 5340 rdpbus - ok

19:17:28.0770 5340 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

19:17:28.0771 5340 RDPCDD - ok

19:17:28.0776 5340 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

19:17:28.0776 5340 RDPENCDD - ok

19:17:28.0781 5340 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

19:17:28.0781 5340 RDPREFMP - ok

19:17:28.0828 5340 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys

19:17:28.0829 5340 RDPWD - ok

19:17:28.0853 5340 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

19:17:28.0857 5340 rdyboost - ok

19:17:28.0889 5340 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

19:17:28.0891 5340 RemoteAccess - ok

19:17:28.0934 5340 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

19:17:28.0941 5340 RemoteRegistry - ok

19:17:29.0008 5340 risdxc (5a227511ed22ddfedf7ef7323c8f7d2f) C:\windows\system32\DRIVERS\risdxc64.sys

19:17:29.0010 5340 risdxc - ok

19:17:29.0050 5340 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

19:17:29.0053 5340 RpcEptMapper - ok

19:17:29.0078 5340 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

19:17:29.0081 5340 RpcLocator - ok

19:17:29.0138 5340 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

19:17:29.0148 5340 RpcSs - ok

19:17:29.0182 5340 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

19:17:29.0184 5340 rspndr - ok

19:17:29.0203 5340 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

19:17:29.0205 5340 SamSs - ok

19:17:29.0214 5340 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

19:17:29.0216 5340 sbp2port - ok

19:17:29.0258 5340 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

19:17:29.0262 5340 SCardSvr - ok

19:17:29.0281 5340 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

19:17:29.0282 5340 scfilter - ok

19:17:29.0380 5340 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

19:17:29.0395 5340 Schedule - ok

19:17:29.0420 5340 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

19:17:29.0421 5340 SCPolicySvc - ok

19:17:29.0454 5340 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

19:17:29.0457 5340 SDRSVC - ok

19:17:29.0541 5340 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

19:17:29.0542 5340 secdrv - ok

19:17:29.0570 5340 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

19:17:29.0574 5340 seclogon - ok

19:17:29.0621 5340 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll

19:17:29.0626 5340 SENS - ok

19:17:29.0658 5340 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

19:17:29.0662 5340 SensrSvc - ok

19:17:29.0681 5340 Ser2pl (9f6490423ac3271e84a90a0dd9d30a3b) C:\windows\system32\drivers\ser2pl64.sys

19:17:29.0684 5340 Ser2pl - ok

19:17:29.0744 5340 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys

19:17:29.0746 5340 Serenum - ok

19:17:29.0783 5340 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys

19:17:29.0786 5340 Serial - ok

19:17:29.0834 5340 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys

19:17:29.0837 5340 sermouse - ok

19:17:29.0888 5340 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

19:17:29.0892 5340 SessionEnv - ok

19:17:29.0900 5340 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

19:17:29.0901 5340 sffdisk - ok

19:17:29.0920 5340 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

19:17:29.0922 5340 sffp_mmc - ok

19:17:29.0927 5340 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

19:17:29.0928 5340 sffp_sd - ok

19:17:29.0948 5340 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys

19:17:29.0949 5340 sfloppy - ok

19:17:30.0015 5340 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll

19:17:30.0023 5340 SharedAccess - ok

19:17:30.0084 5340 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

19:17:30.0092 5340 ShellHWDetection - ok

19:17:30.0137 5340 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys

19:17:30.0139 5340 SiSRaid2 - ok

19:17:30.0156 5340 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys

19:17:30.0159 5340 SiSRaid4 - ok

19:17:30.0193 5340 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

19:17:30.0196 5340 Smb - ok

19:17:30.0243 5340 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

19:17:30.0247 5340 SNMPTRAP - ok

19:17:30.0274 5340 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

19:17:30.0276 5340 spldr - ok

19:17:30.0336 5340 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

19:17:30.0345 5340 Spooler - ok

19:17:30.0562 5340 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

19:17:30.0648 5340 sppsvc - ok

19:17:30.0778 5340 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

19:17:30.0783 5340 sppuinotify - ok

19:17:30.0903 5340 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\windows\system32\drivers\N360x64\0602010.005\SRTSP64.SYS

19:17:30.0913 5340 SRTSP - ok

19:17:30.0931 5340 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS

19:17:30.0932 5340 SRTSPX - ok

19:17:30.0989 5340 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

19:17:30.0996 5340 srv - ok

19:17:31.0021 5340 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

19:17:31.0028 5340 srv2 - ok

19:17:31.0040 5340 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

19:17:31.0043 5340 srvnet - ok

19:17:31.0103 5340 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

19:17:31.0107 5340 SSDPSRV - ok

19:17:31.0113 5340 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

19:17:31.0115 5340 SstpSvc - ok

19:17:31.0136 5340 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys

19:17:31.0137 5340 stexstor - ok

19:17:31.0231 5340 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

19:17:31.0245 5340 stisvc - ok

19:17:31.0251 5340 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

19:17:31.0252 5340 swenum - ok

19:17:31.0314 5340 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

19:17:31.0325 5340 swprv - ok

19:17:31.0452 5340 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS

19:17:31.0462 5340 SymDS - ok

19:17:31.0551 5340 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS

19:17:31.0572 5340 SymEFA - ok

19:17:31.0643 5340 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\windows\system32\Drivers\SYMEVENT64x86.SYS

19:17:31.0646 5340 SymEvent - ok

19:17:31.0712 5340 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS

19:17:31.0716 5340 SymIRON - ok

19:17:31.0774 5340 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS

19:17:31.0781 5340 SymNetS - ok

19:17:31.0918 5340 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

19:17:31.0945 5340 SysMain - ok

19:17:32.0060 5340 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

19:17:32.0065 5340 TabletInputService - ok

19:17:32.0258 5340 taisregispinger (f38be8b8e7a5b8816a857b0ad0eb8aba) C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe

19:17:32.0277 5340 taisregispinger - ok

19:17:32.0403 5340 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

19:17:32.0411 5340 TapiSrv - ok

19:17:32.0433 5340 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

19:17:32.0437 5340 TBS - ok

19:17:32.0639 5340 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys

19:17:32.0669 5340 Tcpip - ok

19:17:32.0945 5340 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys

19:17:32.0961 5340 TCPIP6 - ok

19:17:33.0089 5340 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

19:17:33.0091 5340 tcpipreg - ok

19:17:33.0150 5340 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

19:17:33.0152 5340 tdcmdpst - ok

19:17:33.0189 5340 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

19:17:33.0191 5340 TDPIPE - ok

19:17:33.0220 5340 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

19:17:33.0222 5340 TDTCP - ok

19:17:33.0277 5340 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

19:17:33.0281 5340 tdx - ok

19:17:33.0302 5340 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys

19:17:33.0305 5340 TermDD - ok

19:17:33.0376 5340 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

19:17:33.0390 5340 TermService - ok

19:17:33.0410 5340 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

19:17:33.0412 5340 Themes - ok

19:17:33.0468 5340 Thpdrv (7f35ca8296a52c7161088eb1d952e8ed) C:\windows\system32\DRIVERS\thpdrv.sys

19:17:33.0471 5340 Thpdrv - ok

19:17:33.0488 5340 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS

19:17:33.0490 5340 Thpevm - ok

19:17:33.0551 5340 Thpsrv (0b4734ae9ec70b843df02e7b1c056377) C:\windows\system32\ThpSrv.exe

19:17:33.0562 5340 Thpsrv - ok

19:17:33.0589 5340 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

19:17:33.0590 5340 THREADORDER - ok

19:17:33.0654 5340 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

19:17:33.0656 5340 TMachInfo - ok

19:17:33.0690 5340 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe

19:17:33.0696 5340 TODDSrv - ok

19:17:33.0861 5340 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

19:17:33.0872 5340 TosCoSrv - ok

19:17:33.0926 5340 TOSHIBA eco Utility Service (63aafcf3ea5dbb17123e0bae9afe4d58) C:\Program Files\TOSHIBA\TECO\TecoService.exe

19:17:33.0929 5340 TOSHIBA eco Utility Service - ok

19:17:33.0968 5340 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

19:17:33.0970 5340 TOSHIBA HDD SSD Alert Service - ok

19:17:34.0081 5340 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys

19:17:34.0092 5340 tos_sps64 - ok

19:17:34.0177 5340 TPCHSrv (098b8a408c17e125a3d9a8e1166780c8) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

19:17:34.0185 5340 TPCHSrv - ok

19:17:34.0308 5340 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\windows\system32\drivers\tpm.sys

19:17:34.0310 5340 TPM - ok

19:17:34.0376 5340 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

19:17:34.0382 5340 TrkWks - ok

19:17:34.0441 5340 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

19:17:34.0446 5340 TrustedInstaller - ok

19:17:34.0475 5340 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

19:17:34.0477 5340 tssecsrv - ok

19:17:34.0512 5340 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

19:17:34.0515 5340 TsUsbFlt - ok

19:17:34.0524 5340 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys

19:17:34.0526 5340 TsUsbGD - ok

19:17:34.0582 5340 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

19:17:34.0585 5340 tunnel - ok

19:17:34.0649 5340 TVALZ (effce6e033ebdd0f3c0f14a413558f65) C:\windows\system32\DRIVERS\TVALZ.SYS

19:17:34.0651 5340 TVALZ - ok

19:17:34.0681 5340 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys

19:17:34.0683 5340 TVALZFL - ok

19:17:34.0704 5340 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys

19:17:34.0706 5340 uagp35 - ok

19:17:34.0746 5340 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

19:17:34.0753 5340 udfs - ok

19:17:34.0786 5340 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

19:17:34.0788 5340 UI0Detect - ok

19:17:34.0833 5340 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

19:17:34.0834 5340 uliagpkx - ok

19:17:34.0856 5340 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys

19:17:34.0858 5340 umbus - ok

19:17:34.0861 5340 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys

19:17:34.0862 5340 UmPass - ok

19:17:35.0108 5340 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

19:17:35.0143 5340 UNS - ok

19:17:35.0304 5340 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

19:17:35.0312 5340 upnphost - ok

19:17:35.0373 5340 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

19:17:35.0376 5340 usbccgp - ok

19:17:35.0388 5340 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

19:17:35.0391 5340 usbcir - ok

19:17:35.0399 5340 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

19:17:35.0401 5340 usbehci - ok

19:17:35.0447 5340 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

19:17:35.0453 5340 usbhub - ok

19:17:35.0458 5340 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

19:17:35.0459 5340 usbohci - ok

19:17:35.0497 5340 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

19:17:35.0498 5340 usbprint - ok

19:17:35.0551 5340 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys

19:17:35.0554 5340 usbscan - ok

19:17:35.0595 5340 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

19:17:35.0598 5340 USBSTOR - ok

19:17:35.0607 5340 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

19:17:35.0609 5340 usbuhci - ok

19:17:35.0641 5340 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys

19:17:35.0644 5340 usbvideo - ok

19:17:35.0684 5340 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

19:17:35.0688 5340 UxSms - ok

19:17:35.0750 5340 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

19:17:35.0753 5340 VaultSvc - ok

19:17:35.0772 5340 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

19:17:35.0774 5340 vdrvroot - ok

19:17:35.0838 5340 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

19:17:35.0851 5340 vds - ok

19:17:35.0897 5340 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

19:17:35.0899 5340 vga - ok

19:17:35.0908 5340 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

19:17:35.0911 5340 VgaSave - ok

19:17:35.0955 5340 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

19:17:35.0960 5340 vhdmp - ok

19:17:35.0967 5340 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

19:17:35.0970 5340 viaide - ok

19:17:35.0981 5340 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

19:17:35.0983 5340 volmgr - ok

19:17:36.0007 5340 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

19:17:36.0012 5340 volmgrx - ok

19:17:36.0031 5340 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys

19:17:36.0036 5340 volsnap - ok

19:17:36.0097 5340 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys

19:17:36.0102 5340 vsmraid - ok

19:17:36.0222 5340 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

19:17:36.0243 5340 VSS - ok

19:17:36.0364 5340 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

19:17:36.0365 5340 vwifibus - ok

19:17:36.0379 5340 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

19:17:36.0381 5340 vwififlt - ok

19:17:36.0431 5340 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

19:17:36.0439 5340 W32Time - ok

19:17:36.0466 5340 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys

19:17:36.0467 5340 WacomPen - ok

19:17:36.0500 5340 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

19:17:36.0503 5340 WANARP - ok

19:17:36.0509 5340 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

19:17:36.0511 5340 Wanarpv6 - ok

19:17:36.0637 5340 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

19:17:36.0654 5340 WatAdminSvc - ok

19:17:36.0774 5340 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

19:17:36.0799 5340 wbengine - ok

19:17:36.0919 5340 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

19:17:36.0924 5340 WbioSrvc - ok

19:17:36.0948 5340 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

19:17:36.0956 5340 wcncsvc - ok

19:17:36.0964 5340 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

19:17:36.0967 5340 WcsPlugInService - ok

19:17:37.0024 5340 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys

19:17:37.0026 5340 Wd - ok

19:17:37.0071 5340 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

19:17:37.0082 5340 Wdf01000 - ok

19:17:37.0098 5340 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

19:17:37.0102 5340 WdiServiceHost - ok

19:17:37.0107 5340 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

19:17:37.0111 5340 WdiSystemHost - ok

19:17:37.0144 5340 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

19:17:37.0150 5340 WebClient - ok

19:17:37.0233 5340 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

19:17:37.0241 5340 Wecsvc - ok

19:17:37.0265 5340 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

19:17:37.0270 5340 wercplsupport - ok

19:17:37.0321 5340 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

19:17:37.0326 5340 WerSvc - ok

19:17:37.0364 5340 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

19:17:37.0365 5340 WfpLwf - ok

19:17:37.0372 5340 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

19:17:37.0374 5340 WIMMount - ok

19:17:37.0429 5340 WinDefend - ok

19:17:37.0440 5340 WinHttpAutoProxySvc - ok

19:17:37.0515 5340 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

19:17:37.0520 5340 Winmgmt - ok

19:17:37.0683 5340 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

19:17:37.0708 5340 WinRM - ok

19:17:37.0867 5340 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUSB.sys

19:17:37.0870 5340 WinUsb - ok

19:17:37.0948 5340 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

19:17:37.0963 5340 Wlansvc - ok

19:17:38.0056 5340 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

19:17:38.0058 5340 wlcrasvc - ok

19:17:38.0291 5340 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

19:17:38.0318 5340 wlidsvc - ok

19:17:38.0443 5340 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

19:17:38.0445 5340 WmiAcpi - ok

19:17:38.0527 5340 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

19:17:38.0533 5340 wmiApSrv - ok

19:17:38.0604 5340 WMPNetworkSvc - ok

19:17:38.0662 5340 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

19:17:38.0666 5340 WPCSvc - ok

19:17:38.0682 5340 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

19:17:38.0686 5340 WPDBusEnum - ok

19:17:38.0711 5340 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

19:17:38.0712 5340 ws2ifsl - ok

19:17:38.0745 5340 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll

19:17:38.0748 5340 wscsvc - ok

19:17:38.0753 5340 WSearch - ok

19:17:38.0923 5340 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll

19:17:38.0952 5340 wuauserv - ok

19:17:39.0087 5340 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

19:17:39.0089 5340 WudfPf - ok

19:17:39.0104 5340 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

19:17:39.0107 5340 WUDFRd - ok

19:17:39.0136 5340 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

19:17:39.0140 5340 wudfsvc - ok

19:17:39.0184 5340 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

19:17:39.0190 5340 WwanSvc - ok

19:17:39.0213 5340 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

19:17:39.0460 5340 \Device\Harddisk0\DR0 - ok

19:17:39.0468 5340 Boot (0x1200) (736b894eb897a2dbf7f2b7aaadddaba2) \Device\Harddisk0\DR0\Partition0

19:17:39.0471 5340 \Device\Harddisk0\DR0\Partition0 - ok

19:17:39.0472 5340 ============================================================

19:17:39.0472 5340 Scan finished

19:17:39.0472 5340 ============================================================

19:17:39.0486 2704 Detected object count: 0

19:17:39.0487 2704 Actual detected object count: 0

TheDarkKnight · August 12, 2012

Good afternoon knit.

I am unable to remove Conduit using the Uninstall function on the Control Panel. I can see where it's locate (C:\Program Files (x86)\Conduit) but it does not appear in the list of available programs at Control Panel\Uninstall. I'm guessing a manual removal is required?

Yes, it would seem so. Conduit can be taken of with OTL.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3198785
IE - HKCU\..\SearchScopes\{99FE889A-3EDD-4187-8B3C-41AB53380DBA}: "URL" = http://www.mysearchr...q={searchTerms}
FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke US Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3198785&SearchSource=13"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q="
[2012/08/10 21:55:12 | 000,000,919 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\hq7q2cty.default\searchplugins\conduit.xml
[2012/08/11 12:23:04 | 000,002,030 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\hq7q2cty.default\searchplugins\search-here.xml
CHR - homepage: http://search.condui...SearchSource=48
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
:file
C:\Program Files (x86)\Conduit
C:\Users\Jennifer\AppData\Local\Conduit
C:\Users\Jennifer\AppData\Local\Shopping Sidekick
:Commands
[EmptyTemp]
[EmptyFlash]
[Reboot]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Are you still being hijacked by WhiteSmoke?

knit · August 12, 2012

OTL log below. WhiteSmoke appears to be gone now, hooray!

All processes killed

========== OTL ==========

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{99FE889A-3EDD-4187-8B3C-41AB53380DBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99FE889A-3EDD-4187-8B3C-41AB53380DBA}\ not found.

Prefs.js: "WhiteSmoke US Customized Web Search" removed from browser.search.selectedEngine

Prefs.js: "http://search.conduit.com/?ctid=CT3198785&SearchSource=13" removed from browser.startup.homepage

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=" removed from keyword.URL

C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\hq7q2cty.default\searchplugins\conduit.xml moved successfully.

C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\hq7q2cty.default\searchplugins\search-here.xml moved successfully.

Use Chrome's Settings page to change the HomePage.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Error: Unable to interpret <:file> in the current context!

Error: Unable to interpret <C:\Program Files (x86)\Conduit> in the current context!

Error: Unable to interpret <C:\Users\Jennifer\AppData\Local\Conduit> in the current context!

Error: Unable to interpret <C:\Users\Jennifer\AppData\Local\Shopping Sidekick> in the current context!

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Jennifer

->Temp folder emptied: 782 bytes

->Temporary Internet Files folder emptied: 36647 bytes

->Java cache emptied: 520184 bytes

->FireFox cache emptied: 99001084 bytes

->Google Chrome cache emptied: 24476807 bytes

->Flash cache emptied: 95793 bytes

User: Pickle

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 268 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 36258346 bytes

->Flash cache emptied: 57913 bytes

User: Public

->Temp folder emptied: 0 bytes

User: Sam

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 804 bytes

->FireFox cache emptied: 19939399 bytes

->Flash cache emptied: 56922 bytes

User: Scott

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 871 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 455364435 bytes

->Flash cache emptied: 61735 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 608 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 2129702 bytes

Total Files Cleaned = 609.00 mb

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Jennifer

->Flash cache emptied: 0 bytes

User: Pickle

->Flash cache emptied: 0 bytes

User: Public

User: Sam

->Flash cache emptied: 0 bytes

User: Scott

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.57.0 log created on 08122012_082248

Files\Folders moved on Reboot...

C:\Users\Jennifer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

File C:\Users\Jennifer\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

TheDarkKnight · August 12, 2012

Hello knit.

OTL log below. WhiteSmoke appears to be gone now, hooray!

Awesome!

I made a slight error in my script before, so those Conduit entries still remain.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:file
C:\Program Files (x86)\Conduit
C:\Users\Jennifer\AppData\Local\Conduit
C:\Users\Jennifer\AppData\Local\Shopping Sidekick
:Commands
[EmptyTemp]
[EmptyFlash]
[Reboot]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===========

Then, please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start.
When asked, allow the ActiveX control to install.
Click Start.
Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
Click Scan.
Wait for the scan to finish.
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

===========

In your next reply please provide OTL fix log, log.txt and a description of any current issues on your computer.

knit · August 13, 2012

OK, here we go! So far things appear to be working normally. Let me know what the next steps are. Thanks!

All processes killed

Error: Unable to interpret <:file> in the current context!

Error: Unable to interpret <C:\Program Files (x86)\Conduit> in the current context!

Error: Unable to interpret <C:\Users\Jennifer\AppData\Local\Conduit> in the current context!

Error: Unable to interpret <C:\Users\Jennifer\AppData\Local\Shopping Sidekick> in the current context!

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Jennifer

->Temp folder emptied: 782 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 39165680 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 492 bytes

User: Pickle

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: Sam

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Scott

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 608 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 37.00 mb

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Jennifer

->Flash cache emptied: 0 bytes

User: Pickle

->Flash cache emptied: 0 bytes

User: Public

User: Sam

->Flash cache emptied: 0 bytes

User: Scott

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.57.0 log created on 08122012_183856

Files\Folders moved on Reboot...

C:\Users\Jennifer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

File C:\Users\Jennifer\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

------------------------------------------------------------------------------------------------------------

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=61025972aa50024b97c2ba2db1030b58

# end=stopped

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-13 02:07:29

# local_time=2012-08-12 07:07:29 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=3589 16777213 100 71 0 95398927 0 0

# compatibility_mode=5893 16776574 100 94 53581620 96366281 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=24254

# found=0

# cleaned=0

# scan_time=818

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=61025972aa50024b97c2ba2db1030b58

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-13 07:46:43

# local_time=2012-08-13 12:46:43 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=3589 16777213 100 71 0 95416919 0 0

# compatibility_mode=5893 16776574 100 94 53599612 96384273 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=99373

# found=0

# cleaned=0

# scan_time=3180

TheDarkKnight · August 13, 2012

Good afternoon knit.

I don't know what it is today but I feel like I am becoming dyslexic or something. Twice I have made the same mistake with OTL. :blink:

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:files
C:\Program Files (x86)\Conduit
C:\Users\Jennifer\AppData\Local\Conduit
C:\Users\Jennifer\AppData\Local\Shopping Sidekick
:Commands
[EmptyTemp]
[EMPTYFLASH]
[Reboot]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===========

Next, please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===========

In your next post please provide the OTL fix log and checkup.txt. No current computer issues?

knit · August 13, 2012

Not a problem at all. Even though I am sure he believes it's not part of his ethos, I think The Dark Knight is allowed occasional off days.

My machine appears to be working normally now.

Here are the logs, and let me know next steps.

All processes killed

========== FILES ==========

C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.

C:\Program Files (x86)\Conduit folder moved successfully.

C:\Users\Jennifer\AppData\Local\Conduit folder moved successfully.

C:\Users\Jennifer\AppData\Local\Shopping Sidekick\Chrome folder moved successfully.

C:\Users\Jennifer\AppData\Local\Shopping Sidekick folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Jennifer

->Temp folder emptied: 605973739 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 29384602 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Pickle

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: Sam

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Scott

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 608 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 606.00 mb

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Jennifer

->Flash cache emptied: 0 bytes

User: Pickle

->Flash cache emptied: 0 bytes

User: Public

User: Sam

->Flash cache emptied: 0 bytes

User: Scott

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.57.0 log created on 08132012_093926

Files\Folders moved on Reboot...

C:\Users\Jennifer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

File C:\Users\Jennifer\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

-----------------------------------------------------------------------------------------------------------------------

Results of screen317's Security Check version 0.99.43

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton 360

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

JavaFX 2.1.1

Java 6 Update 25

Java 7 Update 5

Mozilla Firefox (14.0.1)

Google Chrome 21.0.1180.60

Google Chrome 21.0.1180.75

Google Chrome VisualElementsManifest.xml..

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

TheDarkKnight · August 13, 2012

Good morning knit.

Not a problem at all. Even though I am sure he believes it's not part of his ethos, I think The Dark Knight is allowed occasional off days.

Indeed. :lol:

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start.
When asked, allow the ActiveX control to install.
Click Start.
Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
Click Scan.
Wait for the scan to finish.
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

knit · August 14, 2012

Here's the log! Computer still seems to be working well. Thanks!

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=61025972aa50024b97c2ba2db1030b58

# end=stopped

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-13 02:07:29

# local_time=2012-08-12 07:07:29 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=3589 16777213 100 71 0 95398927 0 0

# compatibility_mode=5893 16776574 100 94 53581620 96366281 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=24254

# found=0

# cleaned=0

# scan_time=818

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=61025972aa50024b97c2ba2db1030b58

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-13 07:46:43

# local_time=2012-08-13 12:46:43 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=3589 16777213 100 71 0 95416919 0 0

# compatibility_mode=5893 16776574 100 94 53599612 96384273 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=99373

# found=0

# cleaned=0

# scan_time=3180

TheDarkKnight · August 14, 2012

Hello knit.

Here's the log! Computer still seems to be working well. Thanks!

Great!

Please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

knit · August 14, 2012

Voila!

Results of screen317's Security Check version 0.99.43

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton 360

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

JavaFX 2.1.1

Java 6 Update 25

Java 7 Update 5

Mozilla Firefox (14.0.1)

Google Chrome 21.0.1180.75

Google Chrome 21.0.1180.77

Google Chrome VisualElementsManifest.xml..

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

knit · August 14, 2012

Hi TDK,

I have just discovered one other thing. I was making some changes to my Firefox preferences using about:config, and I noticed this entry:

Smartbar.ConduitSearchEngineList

The associated value is

WhiteSmoke US Customized Web Search

This thing is insidious! Should this entry be removed as well?

Thanks so much.

TheDarkKnight · August 14, 2012

Good morning knit.

This thing is insidious! Should this entry be removed as well?

Yes it is rather. Please do.

Please download to your Desktop SystemLook by jpshortstuff from here.

Double-click SystemLook.exe and copy and paste the content of the following codebox (starting with :filefind) into the main textfield and click the Look button to start the scan:

:filefind
*Conduit*
:folderfind
*Conduit*
:regfind
Conduit
WhiteSmoke

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt.

knit · August 15, 2012

I ended up restoring defaults to Firefox (for another reason), so the preference entry is now gone.

Here's the SystemLook log. And thank you!

SystemLook 30.07.11 by jpshortstuff

Log created at 19:49 on 14/08/2012 by Jennifer

Administrator - Elevation successful

========== filefind ==========

Searching for "*Conduit*"

C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\conduit.lnk --a---- 11704 bytes [01:57 12/08/2012] [01:57 12/08/2012] 68E45B8EEDC4C5BE42C2F6182A9D7041

C:\_OTL\MovedFiles\08122012_082248\C_Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\hq7q2cty.default\searchplugins\conduit.xml --a---- 919 bytes [04:55 11/08/2012] [04:55 11/08/2012] CF32DDA3BFCDD47FBCA2EA15E4848BFC

========== folderfind ==========

Searching for "*Conduit*"

C:\Users\Jennifer\AppData\LocalLow\Conduit d------ [00:05 11/08/2012]

C:\_OTL\MovedFiles\08132012_093926\C_Program Files (x86)\Conduit d------ [00:05 11/08/2012]

C:\_OTL\MovedFiles\08132012_093926\C_Users\Jennifer\AppData\Local\Conduit d------ [00:05 11/08/2012]

========== regfind ==========

Searching for "Conduit"

[HKEY_CURRENT_USER\Software\Conduit]

[HKEY_CURRENT_USER\Software\Conduit\ChromeExtData\bdhffggcfjnkigeciffmipblemhphbjl\Repository]

"CT3198785.installType"="ConduitNSISIntegration"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]

@="Conduit Community Alerts"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]

@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Community Alerts]

"Path"="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\HomePage]

"{cce665dd-f6dd-4808-968e-eaec971f70ef}"="http://search.conduit.com?SearchSource=10&ctid=CT3198785"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]

@="Conduit Community Alerts"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]

@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"

[HKEY_USERS\S-1-5-21-1579526397-1582197377-4291584978-1001\Software\Conduit]

[HKEY_USERS\S-1-5-21-1579526397-1582197377-4291584978-1001\Software\Conduit\ChromeExtData\bdhffggcfjnkigeciffmipblemhphbjl\Repository]

"CT3198785.installType"="ConduitNSISIntegration"

Searching for "WhiteSmoke"

No data found.

-= EOF =-

TheDarkKnight · August 15, 2012

Good afternoon knit.

Thank you for the log. After this fix Conduit should hopefully be gone.

Please follow these instructions to remove the remaining Conduit entries:

Please close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open Notepad and copy/paste the text in the quotebox below into it:
Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

killall::
File::
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\conduit.lnk
Folder::
C:\Users\Jennifer\AppData\LocalLow\Conduit
Registry::
[-HKEY_CURRENT_USER\Software\Conduit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKEY_USERS\S-1-5-21-1579526397-1582197377-4291584978-1001\Software\Conduit]
Save this as CFScript.txt, in the same location as ComboFix.exe.
Referring to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply. Is your computer running fine?

knit · August 16, 2012

Hi TDK, posting this from my phone. After running ComboFix, I am unable to launch any browser on my machine. I get an error message that says "Illegal operation attempted on a registry key that has been marked for deletion.". This happenswhen I try to launch firefox or IE. Thanks.

knit · August 16, 2012

ComboFix 12-08-10.02 - Jennifer 08/16/2012 13:04:08.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6047.4362 [GMT -7:00]

Running from: c:\users\Jennifer\Downloads\ComboFix.exe

Command switches used :: c:\users\Jennifer\Downloads\CFScript.txt

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

FILE ::

"c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\conduit.lnk"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Jennifer\AppData\LocalLow\Conduit

c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Recent\conduit.lnk

.

((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))

.

2012-08-16 20:07 . 2012-08-16 20:07--------d-----w-c:\users\Default\AppData\Local\temp

2012-08-13 01:46 . 2012-08-13 01:46--------d-----w-c:\program files (x86)\ESET

2012-08-12 15:22 . 2012-08-12 15:22--------d-----w-C:\_OTL

2012-08-11 05:44 . 2012-08-11 05:51--------d-----w-c:\users\Jennifer\AppData\Local\NPE

2012-08-11 05:07 . 2012-08-11 05:07--------d-----w-c:\users\Jennifer\AppData\Roaming\Malwarebytes

2012-08-11 05:07 . 2012-08-11 05:10--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-11 05:07 . 2012-08-11 05:07--------d-----w-c:\programdata\Malwarebytes

2012-08-11 05:07 . 2012-07-03 20:4624904----a-w-c:\windows\system32\drivers\mbam.sys

2012-08-11 00:06 . 2012-08-11 00:06--------d-----w-c:\users\Jennifer\AppData\Local\CRE

2012-08-11 00:05 . 2012-08-11 00:05--------d-----w-c:\program files (x86)\DefaultTab

2012-08-11 00:04 . 2012-08-11 19:14--------d-----w-c:\users\Jennifer\AppData\Roaming\DefaultTab

2012-08-11 00:03 . 2012-08-11 19:01--------d-----w-c:\programdata\Tarma Installer

2012-08-10 22:43 . 2012-08-10 22:44--------d-----w-c:\users\Pickle

2012-08-07 20:23 . 2012-08-07 20:23--------d-----w-c:\users\Jennifer\AppData\Local\Macromedia

2012-08-07 20:20 . 2012-08-15 17:53426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-07 20:20 . 2012-08-07 20:20--------d-----w-c:\windows\system32\Macromed

2012-08-06 00:10 . 2012-08-06 00:10175736----a-w-c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-08-06 00:10 . 2012-08-06 00:10--------d-----w-c:\program files\Symantec

2012-08-06 00:10 . 2012-08-06 00:10--------d-----w-c:\program files\Common Files\Symantec Shared

2012-08-06 00:09 . 2012-08-15 04:31--------d-----w-c:\windows\system32\drivers\N360x64

2012-08-06 00:09 . 2012-08-06 00:09--------d-----w-c:\program files (x86)\Norton 360

2012-08-06 00:06 . 2012-08-06 00:06--------d-----w-c:\programdata\PCSettings

2012-08-03 05:03 . 2012-08-03 05:04--------d-----w-c:\users\Scott

2012-08-03 02:27 . 2012-08-03 02:27--------d-----w-c:\users\Sam

2012-07-31 06:13 . 2012-06-12 03:083148800----a-w-c:\windows\system32\win32k.sys

2012-07-24 04:06 . 2012-08-13 16:42--------d-----r-c:\users\Jennifer\Dropbox

2012-07-24 02:16 . 2012-08-15 17:06--------d-----w-c:\users\Jennifer\AppData\Roaming\Dropbox

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 17:53 . 2011-11-11 08:2370344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-31 06:10 . 2012-07-10 00:4359701280----a-w-c:\windows\system32\MRT.exe

2012-07-11 00:06 . 2011-03-29 02:3619736----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-09 05:43 . 2012-07-10 20:0814172672----a-w-c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-10 20:082004480----a-w-c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-10 20:081881600----a-w-c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-10 20:031133568----a-w-c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-10 20:081390080----a-w-c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-10 20:081236992----a-w-c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-10 20:03805376----a-w-c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-07-11 00:0738424----a-w-c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-07-11 00:082428952----a-w-c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-07-11 00:0857880----a-w-c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-07-11 00:0844056----a-w-c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-07-11 00:06186752----a-w-c:\windows\system32\wuwebv.dll

2012-06-02 22:19 . 2012-07-11 00:07701976----a-w-c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-07-11 00:082622464----a-w-c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-07-11 00:0636864----a-w-c:\windows\system32\wuapp.exe

2012-06-02 22:15 . 2012-07-11 00:0799840----a-w-c:\windows\system32\wudriver.dll

2012-06-02 05:50 . 2012-07-10 20:08458704----a-w-c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-10 20:08151920----a-w-c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-10 20:0895600----a-w-c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-10 20:08340992----a-w-c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-10 20:08307200----a-w-c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-10 20:0822016----a-w-c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-10 20:08225280----a-w-c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-10 20:08219136----a-w-c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-10 20:0896768----a-w-c:\windows\SysWow64\sspicli.dll

.

((((((((((((((((((((((((((((( SnapShot@2012-08-11_19.16.36 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-08-11 05:4916384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-08-15 17:5316384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-08-11 05:4932768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-15 17:5332768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-11 05:4949152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-15 17:5349152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-21 03:09 . 2012-08-11 19:2436196 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-13 16:4236856 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-08-15 04:31 . 2012-07-06 02:1737536 c:\windows\system32\drivers\N360x64\0603000.00E\srtspx64.sys

+ 2012-07-11 00:10 . 2012-08-15 17:5316384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-07-11 00:10 . 2012-08-11 05:4116384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-08-15 16:53 . 2012-08-15 17:5332768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2012-07-11 00:10 . 2012-08-11 05:4132768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-15 17:5316384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-11 05:4116384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2012-08-13 07:5895984 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2012-07-10 00:18 . 2012-08-13 16:425474 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1579526397-1582197377-4291584978-1001_UserData.bin

+ 2012-08-13 23:10 . 2012-08-13 23:108192 c:\windows\system32\Microsoft\Protect\Recovery\Recovery.dat

- 2012-08-11 19:16 . 2012-08-11 19:162048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-16 20:10 . 2012-08-16 20:102048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-08-11 19:16 . 2012-08-11 19:162048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-08-16 20:10 . 2012-08-16 20:102048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-08-15 17:53 . 2012-08-15 17:53686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe

+ 2012-08-15 16:53 . 2012-08-15 16:53686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe

+ 2012-08-15 16:53 . 2012-08-15 16:53466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll

+ 2012-08-07 20:20 . 2012-08-15 17:53250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

- 2012-08-07 20:20 . 2012-08-07 22:53250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

+ 2012-07-12 19:04 . 2012-08-16 19:57223546 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2012-07-10 02:40 . 2012-08-16 13:04236854 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2012-08-11 19:07624178 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-08-13 23:26624178 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-08-13 23:26106522 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-08-11 19:07106522 c:\windows\system32\perfc009.dat

+ 2012-08-15 17:53 . 2012-08-15 17:53417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_Plugin.exe

+ 2012-08-15 16:53 . 2012-08-15 16:53417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.exe

+ 2012-08-15 16:53 . 2012-08-15 16:53513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.dll

+ 2012-08-15 04:31 . 2012-03-29 06:28405624 c:\windows\system32\drivers\N360x64\0603000.00E\symnets.sys

+ 2012-08-15 04:31 . 2012-03-29 06:28451192 c:\windows\system32\drivers\N360x64\0603000.00E\symds64.sys

+ 2012-08-15 04:31 . 2012-07-06 02:17737952 c:\windows\system32\drivers\N360x64\0603000.00E\srtsp64.sys

+ 2012-08-15 04:31 . 2012-03-29 06:06190072 c:\windows\system32\drivers\N360x64\0603000.00E\ironx64.sys

+ 2012-08-15 04:31 . 2012-06-07 04:43167072 c:\windows\system32\drivers\N360x64\0603000.00E\ccsetx64.sys

- 2009-07-14 05:01 . 2012-08-11 19:15385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-08-16 20:09385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-08-15 17:53 . 2012-08-15 17:539465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

+ 2012-08-15 17:53 . 2012-08-15 17:531536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

+ 2012-08-15 04:31 . 2012-05-22 01:371129120 c:\windows\system32\drivers\N360x64\0603000.00E\symefa64.sys

+ 2012-08-15 17:53 . 2012-08-15 17:5312315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll

+ 2012-07-10 00:13 . 2012-08-16 20:0924472088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1579526397-1582197377-4291584978-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]

c:\users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:1994208----a-w-c:\users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:1994208----a-w-c:\users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:1994208----a-w-c:\users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]

"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]

"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-2 26868192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [2012-03-29 405624]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DefaultTabSearch;DefaultTabSearch;c:\program files (x86)\DefaultTab\DefaultTabSearch.exe [2012-07-17 562688]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 136176]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]

R3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-11 138912]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 136176]

R3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120815.002\IDSvia64.sys [2012-08-03 509088]