Jump to content

jlp439

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks so much MrCharlie the problem has stopped and you were a great help. I really appreciate the quick responses to my post and I definitely wouldn't have been able to do this without you.

  2. I ran MBAM quick scan and it didn't find anything and the random ad isn't playing as of now. Here is the log from MBAM. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.29.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Steve Petruso :: STEVEPETRUSO-PC [administrator] 6/29/2012 8:52:00 AM mbam-log-2012-06-29 (08-52-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 253641 Time elapsed: 2 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) If this works thanks so much for your help I definitely couldn't have figured all this out without you.
  3. Here is the Combofix Log. ComboFix 12-06-28.03 - Steve Petruso 06/29/2012 8:26.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4560 [GMT -4:00] Running from: c:\users\Steve Petruso\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\HeadlineAlley_29EI c:\program files (x86)\HeadlineAlley_29EI\Installr\1.bin\29EIPlug.dll c:\program files (x86)\HeadlineAlley_29EI\Installr\1.bin\29EZSETP.dll c:\program files (x86)\HeadlineAlley_29EI\Installr\1.bin\NP29EISb.dll c:\program files (x86)\TelevisionFanaticEI c:\users\Steve Petruso\AppData\Local\Temp\{08EADE67-90D8-43CB-9AB1-8FFCFB2D5D8D}\fpb.tmp c:\users\STEVEP~1\AppData\Local\Temp\{08EADE67-90D8-43CB-9AB1-8FFCFB2D5D8D}\fpb.tmp c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 ))))))))))))))))))))))))))))))) . . 2012-06-29 12:33 . 2012-06-29 12:33 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B0D5081-52FF-4F17-A8A8-B7729E50DF5C}\offreg.dll 2012-06-29 12:32 . 2012-06-29 12:32 -------- d-----w- c:\users\Lisa Petruso\AppData\Local\temp 2012-06-29 11:48 . 2012-06-29 12:07 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-29 11:29 . 2012-06-29 11:29 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF53563A-6A52-4093-B400-DBBCB93BCD1F}\gapaengine.dll 2012-06-29 11:29 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B0D5081-52FF-4F17-A8A8-B7729E50DF5C}\mpengine.dll 2012-06-28 16:24 . 2012-06-28 16:24 -------- d-----w- C:\325e4e255b7acab05e1d64 2012-06-28 15:22 . 2012-06-29 11:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-06-28 15:21 . 2012-06-29 11:29 -------- d-----w- c:\program files\Microsoft Security Client 2012-06-25 11:52 . 2012-06-25 11:52 -------- d-----w- C:\rsit 2012-06-25 11:52 . 2012-06-25 11:52 -------- d-----w- c:\program files\trend micro 2012-06-25 01:48 . 2012-06-25 01:48 -------- d-----w- c:\program files\CCleaner 2012-06-24 23:21 . 2012-06-24 23:21 -------- d-----w- c:\program files (x86)\Trend Micro 2012-06-24 20:32 . 2012-06-24 20:32 -------- d-----w- c:\users\Steve Petruso\AppData\Roaming\Malwarebytes 2012-06-24 20:32 . 2012-06-24 20:32 -------- d-----w- c:\programdata\Malwarebytes 2012-06-24 20:32 . 2012-06-24 20:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-24 20:32 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-24 20:30 . 2012-06-25 01:53 -------- d-----w- c:\program files (x86)\1ClickDownload 2012-06-24 20:22 . 2012-06-24 20:22 -------- d-----w- c:\programdata\Conexant 2012-06-24 20:22 . 2012-06-24 20:22 -------- d-----w- c:\users\Steve Petruso\AppData\Local\Conexant 2012-06-24 20:21 . 2011-12-06 23:54 161736 ----a-w- c:\program files (x86)\64res.dll 2012-06-24 19:47 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-06-24 19:47 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-06-23 10:43 . 2012-06-23 10:43 -------- d-----w- c:\users\Steve Petruso\AppData\Roaming\PCCUStubInstaller 2012-06-22 10:01 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 10:01 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 10:01 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 10:01 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-22 10:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-22 10:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-22 10:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-22 10:00 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-22 10:00 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-14 10:34 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-24 19:13 . 2012-04-12 20:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-24 19:13 . 2011-08-01 07:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-24 39408] "CarMD"="c:\program files (x86)\CarMD\CarMD.exe" [2010-04-07 796672] "Facebook Update"="c:\users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-28 137536] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17345712] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056] R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984] R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2011-07-09 307304] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-05 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-05-16 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120628.001\IDSvia64.sys [2012-06-18 509088] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-02-15 135608] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 19:13] . 2012-06-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2726610858-437048973-2726063162-1000Core.job - c:\users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-28 22:52] . 2012-06-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2726610858-437048973-2726063162-1000UA.job - c:\users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-28 22:52] . 2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 06:05] . 2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 06:05] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-24 310912] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-06-30 562304] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://mail.google.com/mail/?shva=1#inbox mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;localhost TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe SafeBoot-48583638.sys Toolbar-Locked - (no file) HKLM-Run-(Default) - (no file) HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-06-29 08:39:25 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-29 12:39 . Pre-Run: 573,881,212,928 bytes free Post-Run: 573,931,208,704 bytes free . - - End Of File - - 6F340CEB07906E954FEDE69CCAD703C3
  4. Here is the TDSS Killer log 07:49:28.0659 4788 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44 07:49:29.0283 4788 ============================================================ 07:49:29.0283 4788 Current date / time: 2012/06/29 07:49:29.0283 07:49:29.0283 4788 SystemInfo: 07:49:29.0283 4788 07:49:29.0283 4788 OS Version: 6.1.7601 ServicePack: 1.0 07:49:29.0283 4788 Product type: Workstation 07:49:29.0283 4788 ComputerName: STEVEPETRUSO-PC 07:49:29.0283 4788 UserName: Steve Petruso 07:49:29.0283 4788 Windows directory: C:\windows 07:49:29.0283 4788 System windows directory: C:\windows 07:49:29.0283 4788 Running under WOW64 07:49:29.0283 4788 Processor architecture: Intel x64 07:49:29.0283 4788 Number of processors: 4 07:49:29.0283 4788 Page size: 0x1000 07:49:29.0283 4788 Boot type: Normal boot 07:49:29.0283 4788 ============================================================ 07:49:29.0605 4788 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 07:49:29.0615 4788 Drive \Device\Harddisk1\DR2 - Size: 0x7C80000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 07:49:29.0615 4788 ============================================================ 07:49:29.0615 4788 \Device\Harddisk0\DR0: 07:49:29.0615 4788 MBR partitions: 07:49:29.0615 4788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x4885C000 07:49:29.0615 4788 \Device\Harddisk1\DR2: 07:49:29.0615 4788 MBR partitions: 07:49:29.0615 4788 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0x3E3E0 07:49:29.0615 4788 ============================================================ 07:49:29.0645 4788 C: <-> \Device\Harddisk0\DR0\Partition0 07:49:29.0645 4788 ============================================================ 07:49:29.0645 4788 Initialize success 07:49:29.0645 4788 ============================================================ 07:50:28.0390 4220 ============================================================ 07:50:28.0390 4220 Scan started 07:50:28.0390 4220 Mode: Manual; SigCheck; TDLFS; 07:50:28.0390 4220 ============================================================ 07:50:32.0322 4220 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys 07:50:32.0782 4220 1394ohci - ok 07:50:32.0912 4220 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 07:50:32.0962 4220 ACPI - ok 07:50:33.0012 4220 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 07:50:33.0152 4220 AcpiPmi - ok 07:50:33.0362 4220 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 07:50:33.0434 4220 AdobeARMservice - ok 07:50:33.0764 4220 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 07:50:33.0864 4220 AdobeFlashPlayerUpdateSvc - ok 07:50:34.0014 4220 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys 07:50:34.0054 4220 adp94xx - ok 07:50:34.0154 4220 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys 07:50:34.0184 4220 adpahci - ok 07:50:34.0254 4220 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys 07:50:34.0284 4220 adpu320 - ok 07:50:34.0314 4220 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll 07:50:34.0644 4220 AeLookupSvc - ok 07:50:34.0724 4220 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys 07:50:34.0904 4220 AFD - ok 07:50:34.0974 4220 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 07:50:35.0004 4220 agp440 - ok 07:50:35.0044 4220 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe 07:50:35.0124 4220 ALG - ok 07:50:35.0194 4220 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 07:50:35.0214 4220 aliide - ok 07:50:35.0264 4220 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 07:50:35.0294 4220 amdide - ok 07:50:35.0364 4220 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys 07:50:35.0414 4220 AmdK8 - ok 07:50:35.0434 4220 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys 07:50:35.0464 4220 AmdPPM - ok 07:50:35.0524 4220 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 07:50:35.0554 4220 amdsata - ok 07:50:35.0584 4220 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys 07:50:35.0620 4220 amdsbs - ok 07:50:35.0656 4220 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 07:50:35.0686 4220 amdxata - ok 07:50:35.0746 4220 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 07:50:36.0176 4220 AppID - ok 07:50:36.0216 4220 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll 07:50:36.0306 4220 AppIDSvc - ok 07:50:36.0376 4220 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll 07:50:36.0486 4220 Appinfo - ok 07:50:36.0556 4220 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys 07:50:36.0576 4220 arc - ok 07:50:36.0626 4220 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys 07:50:36.0646 4220 arcsas - ok 07:50:36.0716 4220 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 07:50:36.0816 4220 AsyncMac - ok 07:50:36.0856 4220 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 07:50:36.0876 4220 atapi - ok 07:50:37.0456 4220 athr (b2931c83cfb12a3223a47b180473ae1a) C:\windows\system32\DRIVERS\athrx.sys 07:50:37.0546 4220 athr - ok 07:50:37.0766 4220 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 07:50:37.0846 4220 AudioEndpointBuilder - ok 07:50:37.0856 4220 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 07:50:37.0958 4220 AudioSrv - ok 07:50:38.0010 4220 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll 07:50:38.0130 4220 AxInstSV - ok 07:50:38.0340 4220 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys 07:50:38.0410 4220 b06bdrv - ok 07:50:38.0480 4220 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 07:50:38.0550 4220 b57nd60a - ok 07:50:38.0610 4220 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll 07:50:38.0670 4220 BDESVC - ok 07:50:38.0710 4220 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 07:50:38.0790 4220 Beep - ok 07:50:39.0040 4220 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll 07:50:39.0150 4220 BFE - ok 07:50:39.0560 4220 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120619.001\BHDrvx64.sys 07:50:39.0640 4220 BHDrvx64 - ok 07:50:39.0810 4220 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll 07:50:39.0920 4220 BITS - ok 07:50:39.0970 4220 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 07:50:40.0030 4220 blbdrive - ok 07:50:40.0070 4220 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 07:50:40.0140 4220 bowser - ok 07:50:40.0180 4220 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys 07:50:40.0230 4220 BrFiltLo - ok 07:50:40.0260 4220 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys 07:50:40.0290 4220 BrFiltUp - ok 07:50:40.0350 4220 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll 07:50:40.0450 4220 Browser - ok 07:50:40.0510 4220 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 07:50:40.0570 4220 Brserid - ok 07:50:40.0590 4220 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 07:50:40.0620 4220 BrSerWdm - ok 07:50:40.0780 4220 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 07:50:40.0810 4220 BrUsbMdm - ok 07:50:40.0880 4220 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 07:50:40.0910 4220 BrUsbSer - ok 07:50:41.0030 4220 BtFilter (2347abbd13bada65826fdab4caafe357) C:\windows\system32\DRIVERS\btfilter.sys 07:50:41.0050 4220 BtFilter - ok 07:50:41.0100 4220 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys 07:50:41.0180 4220 BTHMODEM - ok 07:50:41.0230 4220 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll 07:50:41.0330 4220 bthserv - ok 07:50:41.0440 4220 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys 07:50:41.0470 4220 ccSet_NIS - ok 07:50:41.0530 4220 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 07:50:41.0610 4220 cdfs - ok 07:50:41.0680 4220 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys 07:50:41.0740 4220 cdrom - ok 07:50:41.0810 4220 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 07:50:41.0900 4220 CertPropSvc - ok 07:50:41.0980 4220 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys 07:50:42.0020 4220 circlass - ok 07:50:42.0070 4220 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 07:50:42.0110 4220 CLFS - ok 07:50:42.0200 4220 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 07:50:42.0250 4220 clr_optimization_v2.0.50727_32 - ok 07:50:42.0320 4220 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 07:50:42.0350 4220 clr_optimization_v2.0.50727_64 - ok 07:50:42.0550 4220 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 07:50:42.0590 4220 clr_optimization_v4.0.30319_32 - ok 07:50:42.0700 4220 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 07:50:42.0720 4220 clr_optimization_v4.0.30319_64 - ok 07:50:42.0790 4220 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 07:50:42.0880 4220 CmBatt - ok 07:50:42.0910 4220 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 07:50:42.0940 4220 cmdide - ok 07:50:43.0030 4220 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys 07:50:43.0160 4220 CNG - ok 07:50:43.0390 4220 CnxtHdAudService (20506f12afad3db588d007ea9325fbbc) C:\windows\system32\drivers\CHDRT64.sys 07:50:43.0440 4220 CnxtHdAudService - ok 07:50:43.0740 4220 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys 07:50:43.0760 4220 Compbatt - ok 07:50:43.0800 4220 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys 07:50:43.0830 4220 CompositeBus - ok 07:50:43.0850 4220 COMSysApp - ok 07:50:43.0910 4220 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys 07:50:43.0930 4220 crcdisk - ok 07:50:44.0070 4220 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll 07:50:44.0140 4220 CryptSvc - ok 07:50:44.0250 4220 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 07:50:44.0430 4220 DcomLaunch - ok 07:50:44.0490 4220 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll 07:50:44.0550 4220 defragsvc - ok 07:50:44.0710 4220 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 07:50:44.0780 4220 DfsC - ok 07:50:44.0940 4220 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll 07:50:45.0020 4220 Dhcp - ok 07:50:45.0080 4220 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 07:50:45.0140 4220 discache - ok 07:50:45.0300 4220 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys 07:50:45.0320 4220 Disk - ok 07:50:45.0430 4220 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll 07:50:45.0520 4220 Dnscache - ok 07:50:45.0560 4220 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll 07:50:45.0650 4220 dot3svc - ok 07:50:45.0810 4220 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll 07:50:45.0870 4220 DPS - ok 07:50:45.0980 4220 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 07:50:46.0030 4220 drmkaud - ok 07:50:46.0210 4220 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 07:50:46.0260 4220 DXGKrnl - ok 07:50:46.0440 4220 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll 07:50:46.0520 4220 EapHost - ok 07:50:47.0580 4220 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys 07:50:47.0700 4220 ebdrv - ok 07:50:47.0910 4220 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 07:50:47.0960 4220 eeCtrl - ok 07:50:48.0110 4220 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe 07:50:48.0180 4220 EFS - ok 07:50:48.0350 4220 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe 07:50:48.0550 4220 ehRecvr - ok 07:50:48.0600 4220 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe 07:50:48.0660 4220 ehSched - ok 07:50:48.0850 4220 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys 07:50:48.0890 4220 elxstor - ok 07:50:49.0182 4220 EraserUtilDrv11210 (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys 07:50:49.0229 4220 EraserUtilDrv11210 - ok 07:50:49.0284 4220 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 07:50:49.0319 4220 EraserUtilRebootDrv - ok 07:50:49.0333 4220 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys 07:50:49.0396 4220 ErrDev - ok 07:50:49.0506 4220 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll 07:50:49.0616 4220 EventSystem - ok 07:50:49.0662 4220 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 07:50:49.0726 4220 exfat - ok 07:50:49.0858 4220 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 07:50:49.0958 4220 fastfat - ok 07:50:50.0048 4220 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe 07:50:50.0178 4220 Fax - ok 07:50:50.0218 4220 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys 07:50:50.0238 4220 fdc - ok 07:50:50.0278 4220 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll 07:50:50.0348 4220 fdPHost - ok 07:50:50.0398 4220 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll 07:50:50.0498 4220 FDResPub - ok 07:50:50.0528 4220 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 07:50:50.0568 4220 FileInfo - ok 07:50:50.0598 4220 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 07:50:50.0668 4220 Filetrace - ok 07:50:50.0728 4220 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys 07:50:50.0798 4220 flpydisk - ok 07:50:50.0858 4220 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys 07:50:50.0918 4220 FltMgr - ok 07:50:51.0048 4220 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll 07:50:51.0168 4220 FontCache - ok 07:50:51.0310 4220 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 07:50:51.0349 4220 FontCache3.0.0.0 - ok 07:50:51.0392 4220 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 07:50:51.0422 4220 FsDepends - ok 07:50:51.0452 4220 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys 07:50:51.0472 4220 Fs_Rec - ok 07:50:51.0562 4220 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys 07:50:51.0602 4220 fvevol - ok 07:50:51.0652 4220 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys 07:50:51.0682 4220 gagp30kx - ok 07:50:51.0802 4220 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 07:50:51.0925 4220 GamesAppService - ok 07:50:52.0006 4220 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll 07:50:52.0106 4220 gpsvc - ok 07:50:52.0228 4220 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 07:50:52.0298 4220 gupdate - ok 07:50:52.0308 4220 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 07:50:52.0378 4220 gupdatem - ok 07:50:52.0418 4220 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 07:50:52.0488 4220 gusvc - ok 07:50:52.0590 4220 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 07:50:52.0670 4220 hcw85cir - ok 07:50:52.0760 4220 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys 07:50:52.0814 4220 HdAudAddService - ok 07:50:52.0872 4220 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys 07:50:52.0930 4220 HDAudBus - ok 07:50:52.0944 4220 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys 07:50:52.0964 4220 HidBatt - ok 07:50:53.0004 4220 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys 07:50:53.0064 4220 HidBth - ok 07:50:53.0094 4220 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys 07:50:53.0134 4220 HidIr - ok 07:50:53.0164 4220 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll 07:50:53.0224 4220 hidserv - ok 07:50:53.0384 4220 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys 07:50:53.0404 4220 HidUsb - ok 07:50:53.0434 4220 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll 07:50:53.0524 4220 hkmsvc - ok 07:50:53.0584 4220 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll 07:50:53.0666 4220 HomeGroupListener - ok 07:50:53.0726 4220 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll 07:50:53.0836 4220 HomeGroupProvider - ok 07:50:53.0858 4220 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys 07:50:53.0888 4220 HpSAMD - ok 07:50:54.0050 4220 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys 07:50:54.0174 4220 HTTP - ok 07:50:54.0204 4220 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys 07:50:54.0234 4220 hwpolicy - ok 07:50:54.0262 4220 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys 07:50:54.0296 4220 i8042prt - ok 07:50:54.0463 4220 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys 07:50:54.0544 4220 iaStor - ok 07:50:54.0640 4220 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys 07:50:54.0710 4220 iaStorV - ok 07:50:54.0872 4220 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 07:50:54.0978 4220 IDriverT ( UnsignedFile.Multi.Generic ) - warning 07:50:54.0978 4220 IDriverT - detected UnsignedFile.Multi.Generic (1) 07:50:55.0138 4220 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 07:50:55.0208 4220 idsvc - ok 07:50:55.0508 4220 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120628.001\IDSvia64.sys 07:50:55.0588 4220 IDSVia64 - ok 07:50:57.0566 4220 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys 07:50:58.0102 4220 igfx - ok 07:50:58.0384 4220 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys 07:50:58.0414 4220 iirsp - ok 07:50:58.0494 4220 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll 07:50:58.0647 4220 IKEEXT - ok 07:50:58.0716 4220 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys 07:50:58.0848 4220 IntcDAud - ok 07:50:58.0908 4220 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys 07:50:58.0938 4220 intelide - ok 07:50:59.0029 4220 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys 07:50:59.0090 4220 intelppm - ok 07:50:59.0129 4220 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll 07:50:59.0212 4220 IPBusEnum - ok 07:50:59.0264 4220 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys 07:50:59.0345 4220 IpFilterDriver - ok 07:50:59.0637 4220 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll 07:50:59.0918 4220 iphlpsvc - ok 07:50:59.0948 4220 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys 07:51:00.0060 4220 IPMIDRV - ok 07:51:00.0086 4220 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 07:51:00.0198 4220 IPNAT - ok 07:51:00.0258 4220 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 07:51:00.0301 4220 IRENUM - ok 07:51:00.0330 4220 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys 07:51:00.0377 4220 isapnp - ok 07:51:00.0421 4220 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys 07:51:00.0465 4220 iScsiPrt - ok 07:51:00.0484 4220 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys 07:51:00.0524 4220 kbdclass - ok 07:51:00.0564 4220 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys 07:51:00.0614 4220 kbdhid - ok 07:51:00.0664 4220 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 07:51:00.0768 4220 KeyIso - ok 07:51:00.0786 4220 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys 07:51:00.0826 4220 KSecDD - ok 07:51:00.0851 4220 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys 07:51:00.0888 4220 KSecPkg - ok 07:51:00.0938 4220 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 07:51:01.0082 4220 ksthunk - ok 07:51:01.0140 4220 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll 07:51:01.0230 4220 KtmRm - ok 07:51:01.0322 4220 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys 07:51:01.0358 4220 L1C - ok 07:51:01.0426 4220 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll 07:51:01.0573 4220 LanmanServer - ok 07:51:01.0649 4220 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll 07:51:01.0793 4220 LanmanWorkstation - ok 07:51:01.0824 4220 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 07:51:01.0938 4220 lltdio - ok 07:51:01.0983 4220 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll 07:51:02.0136 4220 lltdsvc - ok 07:51:02.0159 4220 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll 07:51:02.0238 4220 lmhosts - ok 07:51:02.0412 4220 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 07:51:02.0573 4220 LMS - ok 07:51:02.0617 4220 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys 07:51:02.0645 4220 LSI_FC - ok 07:51:02.0692 4220 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys 07:51:02.0714 4220 LSI_SAS - ok 07:51:02.0734 4220 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys 07:51:02.0776 4220 LSI_SAS2 - ok 07:51:02.0836 4220 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys 07:51:02.0871 4220 LSI_SCSI - ok 07:51:02.0908 4220 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 07:51:03.0010 4220 luafv - ok 07:51:03.0050 4220 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll 07:51:03.0113 4220 Mcx2Svc - ok 07:51:03.0142 4220 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys 07:51:03.0173 4220 megasas - ok 07:51:03.0203 4220 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys 07:51:03.0252 4220 MegaSR - ok 07:51:03.0284 4220 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys 07:51:03.0336 4220 MEIx64 - ok 07:51:03.0386 4220 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 07:51:03.0476 4220 MMCSS - ok 07:51:03.0516 4220 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 07:51:03.0596 4220 Modem - ok 07:51:03.0622 4220 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 07:51:03.0668 4220 monitor - ok 07:51:03.0723 4220 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys 07:51:03.0756 4220 mouclass - ok 07:51:03.0810 4220 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 07:51:03.0862 4220 mouhid - ok 07:51:03.0922 4220 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys 07:51:03.0962 4220 mountmgr - ok 07:51:04.0032 4220 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys 07:51:04.0112 4220 MpFilter - ok 07:51:04.0142 4220 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys 07:51:04.0172 4220 mpio - ok 07:51:04.0432 4220 MpKslbc85e27d (0ebb390b7aeec45ec061d9870a34fd42) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4B0D5081-52FF-4F17-A8A8-B7729E50DF5C}\MpKslbc85e27d.sys 07:51:04.0472 4220 MpKslbc85e27d - ok 07:51:04.0506 4220 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 07:51:04.0586 4220 mpsdrv - ok 07:51:04.0696 4220 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll 07:51:04.0828 4220 MpsSvc - ok 07:51:04.0858 4220 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys 07:51:04.0918 4220 MRxDAV - ok 07:51:04.0938 4220 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys 07:51:05.0077 4220 mrxsmb - ok 07:51:05.0119 4220 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys 07:51:05.0180 4220 mrxsmb10 - ok 07:51:05.0281 4220 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys 07:51:05.0344 4220 mrxsmb20 - ok 07:51:05.0384 4220 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys 07:51:05.0414 4220 msahci - ok 07:51:05.0434 4220 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys 07:51:05.0474 4220 msdsm - ok 07:51:05.0546 4220 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe 07:51:05.0626 4220 MSDTC - ok 07:51:05.0688 4220 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 07:51:05.0768 4220 Msfs - ok 07:51:05.0778 4220 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 07:51:05.0850 4220 mshidkmdf - ok 07:51:05.0890 4220 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys 07:51:05.0910 4220 msisadrv - ok 07:51:05.0980 4220 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll 07:51:06.0072 4220 MSiSCSI - ok 07:51:06.0072 4220 msiserver - ok 07:51:06.0122 4220 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 07:51:06.0220 4220 MSKSSRV - ok 07:51:06.0366 4220 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe 07:51:06.0406 4220 MsMpSvc - ok 07:51:06.0436 4220 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 07:51:06.0538 4220 MSPCLOCK - ok 07:51:06.0578 4220 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 07:51:06.0668 4220 MSPQM - ok 07:51:06.0705 4220 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys 07:51:06.0775 4220 MsRPC - ok 07:51:06.0930 4220 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys 07:51:06.0987 4220 mssmbios - ok 07:51:07.0012 4220 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 07:51:07.0095 4220 MSTEE - ok 07:51:07.0124 4220 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys 07:51:07.0154 4220 MTConfig - ok 07:51:07.0174 4220 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 07:51:07.0214 4220 Mup - ok 07:51:07.0276 4220 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll 07:51:07.0375 4220 napagent - ok 07:51:07.0458 4220 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 07:51:07.0538 4220 NativeWifiP - ok 07:51:07.0808 4220 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120628.024\ENG64.SYS 07:51:07.0874 4220 NAVENG - ok 07:51:08.0070 4220 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120628.024\EX64.SYS 07:51:08.0184 4220 NAVEX15 - ok 07:51:08.0406 4220 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys 07:51:08.0476 4220 NDIS - ok 07:51:08.0526 4220 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 07:51:08.0618 4220 NdisCap - ok 07:51:08.0638 4220 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 07:51:08.0720 4220 NdisTapi - ok 07:51:08.0782 4220 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys 07:51:08.0882 4220 Ndisuio - ok 07:51:08.0934 4220 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys 07:51:09.0016 4220 NdisWan - ok 07:51:09.0046 4220 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys 07:51:09.0138 4220 NDProxy - ok 07:51:09.0178 4220 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 07:51:09.0308 4220 NetBIOS - ok 07:51:09.0376 4220 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys 07:51:09.0485 4220 NetBT - ok 07:51:09.0514 4220 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 07:51:09.0558 4220 Netlogon - ok 07:51:09.0630 4220 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll 07:51:09.0764 4220 Netman - ok 07:51:09.0842 4220 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll 07:51:09.0957 4220 netprofm - ok 07:51:10.0058 4220 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 07:51:10.0098 4220 NetTcpPortSharing - ok 07:51:10.0139 4220 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys 07:51:10.0167 4220 nfrd960 - ok 07:51:10.0290 4220 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe 07:51:10.0436 4220 NIS - ok 07:51:10.0492 4220 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys 07:51:10.0522 4220 NisDrv - ok 07:51:10.0642 4220 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe 07:51:10.0710 4220 NisSrv - ok 07:51:10.0764 4220 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll 07:51:10.0876 4220 NlaSvc - ok 07:51:10.0919 4220 Norton PC Checkup Application Launcher - ok 07:51:10.0965 4220 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 07:51:11.0028 4220 Npfs - ok 07:51:11.0073 4220 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll 07:51:11.0188 4220 nsi - ok 07:51:11.0242 4220 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 07:51:11.0352 4220 nsiproxy - ok 07:51:11.0543 4220 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys 07:51:11.0680 4220 Ntfs - ok 07:51:11.0898 4220 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 07:51:12.0030 4220 Null - ok 07:51:12.0062 4220 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys 07:51:12.0106 4220 nvraid - ok 07:51:12.0144 4220 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys 07:51:12.0174 4220 nvstor - ok 07:51:12.0217 4220 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys 07:51:12.0267 4220 nv_agp - ok 07:51:12.0315 4220 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys 07:51:12.0367 4220 ohci1394 - ok 07:51:12.0416 4220 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 07:51:12.0488 4220 p2pimsvc - ok 07:51:12.0548 4220 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll 07:51:12.0631 4220 p2psvc - ok 07:51:12.0708 4220 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys 07:51:12.0768 4220 Parport - ok 07:51:12.0809 4220 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys 07:51:12.0854 4220 partmgr - ok 07:51:12.0898 4220 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll 07:51:12.0982 4220 PcaSvc - ok 07:51:13.0082 4220 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe 07:51:13.0198 4220 PCCUJobMgr - ok 07:51:13.0244 4220 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys 07:51:13.0284 4220 pci - ok 07:51:13.0284 4220 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys 07:51:13.0314 4220 pciide - ok 07:51:13.0356 4220 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys 07:51:13.0396 4220 pcmcia - ok 07:51:13.0426 4220 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 07:51:13.0448 4220 pcw - ok 07:51:13.0518 4220 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 07:51:13.0638 4220 PEAUTH - ok 07:51:13.0720 4220 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe 07:51:13.0760 4220 PerfHost - ok 07:51:13.0833 4220 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys 07:51:13.0899 4220 PGEffect - ok 07:51:14.0092 4220 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll 07:51:14.0259 4220 pla - ok 07:51:14.0314 4220 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll 07:51:14.0416 4220 PlugPlay - ok 07:51:14.0446 4220 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll 07:51:14.0506 4220 PNRPAutoReg - ok 07:51:14.0557 4220 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 07:51:14.0618 4220 PNRPsvc - ok 07:51:14.0700 4220 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll 07:51:14.0892 4220 PolicyAgent - ok 07:51:15.0114 4220 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll 07:51:15.0236 4220 Power - ok 07:51:15.0348 4220 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys 07:51:15.0470 4220 PptpMiniport - ok 07:51:15.0520 4220 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys 07:51:15.0560 4220 Processor - ok 07:51:15.0640 4220 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll 07:51:15.0722 4220 ProfSvc - ok 07:51:15.0742 4220 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 07:51:15.0784 4220 ProtectedStorage - ok 07:51:15.0854 4220 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys 07:51:15.0934 4220 Psched - ok 07:51:15.0994 4220 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys 07:51:16.0064 4220 QIOMem - ok 07:51:16.0184 4220 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys 07:51:16.0274 4220 ql2300 - ok 07:51:16.0444 4220 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys 07:51:16.0464 4220 ql40xx - ok 07:51:16.0524 4220 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll 07:51:16.0584 4220 QWAVE - ok 07:51:16.0594 4220 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 07:51:16.0654 4220 QWAVEdrv - ok 07:51:16.0694 4220 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 07:51:16.0754 4220 RasAcd - ok 07:51:16.0824 4220 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 07:51:16.0894 4220 RasAgileVpn - ok 07:51:16.0964 4220 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll 07:51:17.0064 4220 RasAuto - ok 07:51:17.0194 4220 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys 07:51:17.0284 4220 Rasl2tp - ok 07:51:17.0364 4220 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll 07:51:17.0464 4220 RasMan - ok 07:51:17.0566 4220 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 07:51:17.0668 4220 RasPppoe - ok 07:51:17.0698 4220 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 07:51:17.0795 4220 RasSstp - ok 07:51:17.0820 4220 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys 07:51:17.0900 4220 rdbss - ok 07:51:17.0920 4220 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys 07:51:17.0980 4220 rdpbus - ok 07:51:18.0000 4220 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 07:51:18.0090 4220 RDPCDD - ok 07:51:18.0120 4220 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 07:51:18.0190 4220 RDPENCDD - ok 07:51:18.0220 4220 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 07:51:18.0280 4220 RDPREFMP - ok 07:51:18.0310 4220 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys 07:51:18.0370 4220 RDPWD - ok 07:51:18.0422 4220 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys 07:51:18.0462 4220 rdyboost - ok 07:51:18.0552 4220 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll 07:51:18.0642 4220 RemoteAccess - ok 07:51:18.0722 4220 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll 07:51:18.0822 4220 RemoteRegistry - ok 07:51:18.0962 4220 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll 07:51:19.0072 4220 RpcEptMapper - ok 07:51:19.0102 4220 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe 07:51:19.0142 4220 RpcLocator - ok 07:51:19.0252 4220 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 07:51:19.0322 4220 RpcSs - ok 07:51:19.0382 4220 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 07:51:19.0472 4220 rspndr - ok 07:51:19.0562 4220 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys 07:51:19.0622 4220 RSUSBSTOR - ok 07:51:19.0662 4220 RSUSBVSTOR (e5dc911d0feb72caff2bbdd6e7c3672f) C:\windows\system32\Drivers\RTSUVSTOR.sys 07:51:19.0692 4220 RSUSBVSTOR - ok 07:51:19.0722 4220 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 07:51:19.0762 4220 SamSs - ok 07:51:19.0802 4220 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys 07:51:19.0832 4220 sbp2port - ok 07:51:19.0882 4220 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll 07:51:19.0982 4220 SCardSvr - ok 07:51:20.0052 4220 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys 07:51:20.0122 4220 scfilter - ok 07:51:20.0204 4220 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll 07:51:20.0324 4220 Schedule - ok 07:51:20.0354 4220 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 07:51:20.0434 4220 SCPolicySvc - ok 07:51:20.0474 4220 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll 07:51:20.0554 4220 SDRSVC - ok 07:51:20.0624 4220 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 07:51:20.0714 4220 secdrv - ok 07:51:20.0734 4220 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll 07:51:20.0834 4220 seclogon - ok 07:51:20.0874 4220 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll 07:51:20.0974 4220 SENS - ok 07:51:21.0024 4220 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll 07:51:21.0104 4220 SensrSvc - ok 07:51:21.0134 4220 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys 07:51:21.0174 4220 Serenum - ok 07:51:21.0276 4220 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys 07:51:21.0316 4220 Serial - ok 07:51:21.0376 4220 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys 07:51:21.0416 4220 sermouse - ok 07:51:21.0456 4220 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll 07:51:21.0566 4220 SessionEnv - ok 07:51:21.0586 4220 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys 07:51:21.0627 4220 sffdisk - ok 07:51:21.0678 4220 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys 07:51:21.0718 4220 sffp_mmc - ok 07:51:21.0738 4220 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys 07:51:21.0768 4220 sffp_sd - ok 07:51:21.0788 4220 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys 07:51:21.0818 4220 sfloppy - ok 07:51:21.0888 4220 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll 07:51:21.0968 4220 SharedAccess - ok 07:51:22.0028 4220 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll 07:51:22.0156 4220 ShellHWDetection - ok 07:51:22.0180 4220 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys 07:51:22.0213 4220 SiSRaid2 - ok 07:51:22.0250 4220 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys 07:51:22.0305 4220 SiSRaid4 - ok 07:51:22.0484 4220 SkypeUpdate (b78408ba56fa554e96128d4934ab7561) C:\Program Files (x86)\Skype\Updater\Updater.exe 07:51:22.0765 4220 SkypeUpdate - ok 07:51:22.0802 4220 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 07:51:22.0882 4220 Smb - ok 07:51:22.0952 4220 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe 07:51:22.0992 4220 SNMPTRAP - ok 07:51:23.0052 4220 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 07:51:23.0072 4220 spldr - ok 07:51:23.0172 4220 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe 07:51:23.0272 4220 Spooler - ok 07:51:23.0682 4220 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe 07:51:23.0922 4220 sppsvc - ok 07:51:24.0062 4220 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll 07:51:24.0154 4220 sppuinotify - ok 07:51:24.0344 4220 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS 07:51:24.0424 4220 SRTSP - ok 07:51:24.0454 4220 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS 07:51:24.0484 4220 SRTSPX - ok 07:51:24.0574 4220 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys 07:51:24.0654 4220 srv - ok 07:51:24.0716 4220 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys 07:51:24.0756 4220 srv2 - ok 07:51:24.0836 4220 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS 07:51:24.0886 4220 SrvHsfHDA - ok 07:51:25.0046 4220 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS 07:51:25.0168 4220 SrvHsfV92 - ok 07:51:25.0428 4220 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS 07:51:25.0528 4220 SrvHsfWinac - ok 07:51:25.0579 4220 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys 07:51:25.0630 4220 srvnet - ok 07:51:25.0720 4220 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll 07:51:25.0820 4220 SSDPSRV - ok 07:51:25.0870 4220 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll 07:51:25.0950 4220 SstpSvc - ok 07:51:25.0990 4220 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys 07:51:26.0010 4220 stexstor - ok 07:51:26.0050 4220 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys 07:51:26.0100 4220 StillCam - ok 07:51:26.0220 4220 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll 07:51:26.0300 4220 stisvc - ok 07:51:26.0320 4220 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys 07:51:26.0357 4220 swenum - ok 07:51:26.0402 4220 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll 07:51:26.0536 4220 swprv - ok 07:51:26.0686 4220 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS 07:51:26.0790 4220 SymDS - ok 07:51:27.0188 4220 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS 07:51:27.0298 4220 SymEFA - ok 07:51:27.0390 4220 SymEvent (894579207e39c465737e850a252ce4f2) C:\windows\system32\Drivers\SYMEVENT64x86.SYS 07:51:27.0450 4220 SymEvent - ok 07:51:27.0490 4220 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS 07:51:27.0532 4220 SymIRON - ok 07:51:27.0642 4220 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS 07:51:27.0682 4220 SymNetS - ok 07:51:27.0862 4220 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys 07:51:27.0996 4220 SynTP - ok 07:51:28.0264 4220 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll 07:51:28.0386 4220 SysMain - ok 07:51:28.0578 4220 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll 07:51:28.0694 4220 TabletInputService - ok 07:51:28.0730 4220 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll 07:51:29.0122 4220 TapiSrv - ok 07:51:29.0384 4220 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll 07:51:29.0454 4220 TBS - ok 07:51:29.0784 4220 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys 07:51:29.0924 4220 Tcpip - ok 07:51:30.0266 4220 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys 07:51:30.0366 4220 TCPIP6 - ok 07:51:30.0506 4220 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys 07:51:30.0566 4220 tcpipreg - ok 07:51:30.0606 4220 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys 07:51:30.0626 4220 tdcmdpst - ok 07:51:30.0666 4220 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 07:51:30.0696 4220 TDPIPE - ok 07:51:30.0716 4220 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys 07:51:30.0756 4220 TDTCP - ok 07:51:30.0836 4220 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys 07:51:30.0906 4220 tdx - ok 07:51:30.0966 4220 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys 07:51:30.0996 4220 TermDD - ok 07:51:31.0086 4220 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll 07:51:31.0203 4220 TermService - ok 07:51:31.0258 4220 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll 07:51:31.0320 4220 Themes - ok 07:51:31.0350 4220 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 07:51:31.0420 4220 THREADORDER - ok 07:51:31.0590 4220 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe 07:51:31.0630 4220 TMachInfo - ok 07:51:31.0660 4220 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe 07:51:32.0162 4220 TODDSrv - ok 07:51:32.0332 4220 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe 07:51:32.0424 4220 TosCoSrv - ok 07:51:32.0496 4220 TOSHIBA Bluetooth Service (a22deb5ec05febfdca1d3ff70fa1ff46) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe 07:51:32.0576 4220 TOSHIBA Bluetooth Service - ok 07:51:32.0636 4220 TOSHIBA eco Utility Service (63aafcf3ea5dbb17123e0bae9afe4d58) C:\Program Files\TOSHIBA\TECO\TecoService.exe 07:51:32.0736 4220 TOSHIBA eco Utility Service - ok 07:51:33.0036 4220 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe 07:51:33.0126 4220 TOSHIBA HDD SSD Alert Service - ok 07:51:33.0266 4220 Tosrfcom - ok 07:51:33.0326 4220 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\windows\system32\DRIVERS\tosrfec.sys 07:51:33.0356 4220 tosrfec - ok 07:51:33.0386 4220 Tosrfusb (7a0048693f98460ff537be31c741b927) C:\windows\system32\DRIVERS\tosrfusb.sys 07:51:33.0426 4220 Tosrfusb - ok 07:51:33.0598 4220 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys 07:51:33.0658 4220 tos_sps64 - ok 07:51:33.0738 4220 TPCHSrv (098b8a408c17e125a3d9a8e1166780c8) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe 07:51:33.0848 4220 TPCHSrv - ok 07:51:33.0988 4220 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll 07:51:34.0111 4220 TrkWks - ok 07:51:34.0170 4220 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe 07:51:34.0260 4220 TrustedInstaller - ok 07:51:34.0308 4220 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys 07:51:34.0382 4220 tssecsrv - ok 07:51:34.0422 4220 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys 07:51:34.0472 4220 TsUsbFlt - ok 07:51:34.0492 4220 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys 07:51:34.0542 4220 TsUsbGD - ok 07:51:34.0612 4220 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys 07:51:34.0682 4220 tunnel - ok 07:51:34.0742 4220 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS 07:51:34.0772 4220 TVALZ - ok 07:51:34.0832 4220 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys 07:51:34.0862 4220 TVALZFL - ok 07:51:34.0882 4220 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys 07:51:34.0912 4220 uagp35 - ok 07:51:35.0292 4220 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys 07:51:35.0372 4220 udfs - ok 07:51:35.0412 4220 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe 07:51:35.0452 4220 UI0Detect - ok 07:51:35.0472 4220 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys 07:51:35.0502 4220 uliagpkx - ok 07:51:35.0562 4220 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys 07:51:35.0612 4220 umbus - ok 07:51:35.0632 4220 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys 07:51:35.0672 4220 UmPass - ok 07:51:36.0236 4220 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 07:51:36.0616 4220 UNS - ok 07:51:36.0786 4220 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll 07:51:36.0876 4220 upnphost - ok 07:51:36.0936 4220 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys 07:51:36.0986 4220 usbccgp - ok 07:51:37.0036 4220 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys 07:51:37.0076 4220 usbcir - ok 07:51:37.0116 4220 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys 07:51:37.0166 4220 usbehci - ok 07:51:37.0216 4220 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys 07:51:37.0296 4220 usbhub - ok 07:51:37.0332 4220 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys 07:51:37.0398 4220 usbohci - ok 07:51:37.0448 4220 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys 07:51:37.0571 4220 usbprint - ok 07:51:37.0662 4220 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys 07:51:37.0702 4220 usbscan - ok 07:51:37.0739 4220 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS 07:51:37.0814 4220 USBSTOR - ok 07:51:37.0844 4220 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys 07:51:37.0894 4220 usbuhci - ok 07:51:37.0996 4220 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys 07:51:38.0048 4220 usbvideo - ok 07:51:38.0098 4220 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll 07:51:38.0208 4220 UxSms - ok 07:51:38.0260 4220 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 07:51:38.0300 4220 VaultSvc - ok 07:51:38.0330 4220 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys 07:51:38.0365 4220 vdrvroot - ok 07:51:38.0452 4220 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe 07:51:38.0562 4220 vds - ok 07:51:38.0642 4220 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 07:51:38.0692 4220 vga - ok 07:51:38.0722 4220 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 07:51:38.0782 4220 VgaSave - ok 07:51:38.0844 4220 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys 07:51:38.0884 4220 vhdmp - ok 07:51:38.0904 4220 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys 07:51:38.0934 4220 viaide - ok 07:51:38.0994 4220 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys 07:51:39.0044 4220 volmgr - ok 07:51:39.0134 4220 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys 07:51:39.0174 4220 volmgrx - ok 07:51:39.0214 4220 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys 07:51:39.0254 4220 volsnap - ok 07:51:39.0304 4220 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys 07:51:39.0334 4220 vsmraid - ok 07:51:39.0486 4220 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe 07:51:39.0690 4220 VSS - ok 07:51:39.0854 4220 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 07:51:39.0884 4220 vwifibus - ok 07:51:39.0966 4220 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys 07:51:40.0016 4220 vwififlt - ok 07:51:40.0068 4220 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys 07:51:40.0140 4220 vwifimp - ok 07:51:40.0180 4220 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll 07:51:40.0290 4220 W32Time - ok 07:51:40.0340 4220 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys 07:51:40.0380 4220 WacomPen - ok 07:51:40.0420 4220 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 07:51:40.0528 4220 WANARP - ok 07:51:40.0562 4220 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 07:51:40.0674 4220 Wanarpv6 - ok 07:51:40.0993 4220 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe 07:51:41.0502 4220 WatAdminSvc - ok 07:51:41.0624 4220 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe 07:51:41.0839 4220 wbengine - ok 07:51:41.0979 4220 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll 07:51:42.0058 4220 WbioSrvc - ok 07:51:42.0102 4220 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll 07:51:42.0205 4220 wcncsvc - ok 07:51:42.0246 4220 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll 07:51:42.0369 4220 WcsPlugInService - ok 07:51:42.0428 4220 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys 07:51:42.0465 4220 Wd - ok 07:51:42.0499 4220 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 07:51:42.0551 4220 Wdf01000 - ok 07:51:42.0578 4220 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 07:51:42.0822 4220 WdiServiceHost - ok 07:51:42.0827 4220 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 07:51:42.0891 4220 WdiSystemHost - ok 07:51:42.0942 4220 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll 07:51:43.0018 4220 WebClient - ok 07:51:43.0078 4220 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll 07:51:43.0197 4220 Wecsvc - ok 07:51:43.0254 4220 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll 07:51:43.0371 4220 wercplsupport - ok 07:51:43.0409 4220 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll 07:51:43.0552 4220 WerSvc - ok 07:51:43.0646 4220 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 07:51:43.0734 4220 WfpLwf - ok 07:51:43.0763 4220 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 07:51:43.0796 4220 WIMMount - ok 07:51:43.0832 4220 WinDefend - ok 07:51:43.0843 4220 WinHttpAutoProxySvc - ok 07:51:43.0922 4220 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll 07:51:44.0020 4220 Winmgmt - ok 07:51:44.0172 4220 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll 07:51:44.0337 4220 WinRM - ok 07:51:44.0516 4220 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys 07:51:44.0576 4220 WinUsb - ok 07:51:44.0646 4220 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll 07:51:44.0764 4220 Wlansvc - ok 07:51:45.0061 4220 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 07:51:45.0142 4220 wlcrasvc - ok 07:51:45.0514 4220 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 07:51:45.0827 4220 wlidsvc - ok 07:51:46.0011 4220 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys 07:51:46.0061 4220 WmiAcpi - ok 07:51:46.0209 4220 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe 07:51:46.0293 4220 wmiApSrv - ok 07:51:46.0373 4220 WMPNetworkSvc - ok 07:51:46.0403 4220 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll 07:51:46.0505 4220 WPCSvc - ok 07:51:46.0535 4220 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll 07:51:46.0601 4220 WPDBusEnum - ok 07:51:46.0656 4220 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 07:51:46.0749 4220 ws2ifsl - ok 07:51:46.0831 4220 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll 07:51:46.0937 4220 wscsvc - ok 07:51:46.0956 4220 WSearch - ok 07:51:47.0632 4220 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll 07:51:47.0907 4220 wuauserv - ok 07:51:48.0121 4220 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys 07:51:48.0262 4220 WudfPf - ok 07:51:48.0332 4220 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys 07:51:48.0402 4220 WUDFRd - ok 07:51:48.0462 4220 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll 07:51:48.0532 4220 wudfsvc - ok 07:51:48.0592 4220 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll 07:51:48.0652 4220 WwanSvc - ok 07:51:48.0692 4220 MBR (0x1B8) (b5d3b89509933463264ff7748b075c37) \Device\Harddisk0\DR0 07:51:48.0852 4220 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 07:51:48.0852 4220 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 07:51:48.0952 4220 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 07:51:48.0952 4220 \Device\Harddisk0\DR0 - detected TDSS File System (1) 07:51:48.0952 4220 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR2 07:51:49.0102 4220 \Device\Harddisk1\DR2 - ok 07:51:49.0132 4220 Boot (0x1200) (05311a8a1d22d04f7e35a969646876c4) \Device\Harddisk0\DR0\Partition0 07:51:49.0132 4220 \Device\Harddisk0\DR0\Partition0 - ok 07:51:49.0132 4220 Boot (0x1200) (04b4ded3a84e7a136c9d1550213f7f64) \Device\Harddisk1\DR2\Partition0 07:51:49.0132 4220 \Device\Harddisk1\DR2\Partition0 - ok 07:51:49.0132 4220 ============================================================ 07:51:49.0132 4220 Scan finished 07:51:49.0132 4220 ============================================================ 07:51:49.0152 5996 Detected object count: 3 07:51:49.0152 5996 Actual detected object count: 3 07:52:52.0695 5996 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 07:52:52.0695 5996 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 07:52:54.0264 5996 \Device\Harddisk0\DR0\# - copied to quarantine 07:52:54.0296 5996 \Device\Harddisk0\DR0 - copied to quarantine 07:52:54.0422 5996 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 07:52:54.0468 5996 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 07:52:54.0508 5996 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 07:52:57.0383 5996 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 07:52:57.0474 5996 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 07:52:57.0480 5996 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 07:52:57.0488 5996 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 07:52:58.0183 5996 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 07:52:58.0266 5996 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 07:52:58.0339 5996 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 07:52:58.0454 5996 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine 07:52:59.0169 5996 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 07:52:59.0171 5996 \Device\Harddisk0\DR0 - ok 07:52:59.0339 5996 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 07:52:59.0340 5996 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 07:52:59.0340 5996 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 07:53:06.0480 6160 Deinitialize success
  5. Here is the Rogue killer log. RogueKiller V7.6.1 [06/28/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Steve Petruso [Admin rights] Mode: Scan -- Date: 06/28/2012 09:32:17 ¤¤¤ Bad processes: 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 3 ¤¤¤ [sUSP PATH] Norton PC Checkup Setup.job @ : C:\Users\Steve Petruso\AppData\Roaming\PCCUStubInstaller\SymcPCCUInstaller.exe -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK6465GSXN +++++ --- User --- [MBR] e53f066e582225cab607d72a71b8bbc9 [bSP] a8936ce11f18d4f178bb4c27e2c2e297 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 594104 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1219799040 | Size: 14875 Mo User != LL1 ... KO! --- LL1 --- [MBR] 172862e594acae003ef4e7a109dd00b0 [bSP] 38d84099ea592b3e2c7581475b3353e7 : PiHar MBR Code! Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 594104 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1219799040 | Size: 14875 Mo User != LL2 ... KO! --- LL2 --- [MBR] 172862e594acae003ef4e7a109dd00b0 [bSP] 38d84099ea592b3e2c7581475b3353e7 : PiHar MBR Code! Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 594104 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1219799040 | Size: 14875 Mo +++++ PhysicalDrive1: OPTI3 Flash Disk USB Device +++++ --- User --- [MBR] 984127579d7e23a360be5c90cafe2965 [bSP] 7208b105e661849d4a48c279d3177d8d : Standard MBR Code Partition table: 0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 124 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt
  6. Hi, My parents called me the other day and said their computer was playing a random ad in the background. I didn't believe them so I waited until yesterday to go look at their computer. I turned it on and for ten minutes the computer seemed to be ok and then the ad started playing. They have Norton Internet Security on their computer and it doesn't pick up the virus. I put malwarebytes on the computer and scanned and it found a trojan so I chose to fix the problem. I restarted the computer and thought that would have done it but to my surprise its still on the computer. I saw another forum where they used RSIT which generated some logs so I decided I would try that. Here are the logs. Logfile of random's system information tool 1.09 (written by random/random) Run by Steve Petruso at 2012-06-25 07:52:22 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 546 GB (92%) free of 594 GB Total RAM: 6092 MB (57% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:52:38 AM, on 6/25/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\trend micro\Steve Petruso.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1#inbox R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [CarMD] C:\Program Files (x86)\CarMD\CarMD.exe O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12056 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch winlogon.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe 27346720 C:\windows\System32\spoolsv.exe \??\C:\windows\system32\conhost.exe "1620387087-589614863142652796174828742013758048691802004493-1513016729-578510830 C:\windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll" /prefetch:1 "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1 C:\windows\system32\svchost.exe -k imgsvc C:\Windows\system32\TODDSrv.exe "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSvcM.exe 2024 "C:\Program Files\TOSHIBA\TECO\TecoService.exe" C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -netsvcs \??\C:\windows\system32\conhost.exe "-740113850-1041399657113861242410953134321287194221-18998899641235486413-2094937580 "taskhost.exe" "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /c /a /s UserSession2 "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /c /a /s UserSession "C:\windows\system32\Dwm.exe" C:\windows\Explorer.EXE C:\windows\system32\SearchIndexer.exe /Embedding "C:\Windows\System32\igfxtray.exe" "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Toshiba\Power Saver\TPwrMain.exe" "C:\Program Files\Toshiba\FlashCards\TCrdMain.exe" "C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe" "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "C:\Program Files\Toshiba\TECO\Teco.exe" /r "C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe" "C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe" "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "C:\Program Files (x86)\CarMD\CarMD.exe" "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 "C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe" "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" C:\windows\System32\svchost.exe -k LocalServicePeerNet "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe" /s "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe" "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" "C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe" "C:\windows\system32\wuauclt.exe" "C:\Program Files (x86)\Internet Explorer\iexplore.exe" "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4576 CREDAT:203009 "C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe" C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -Embedding C:\windows\system32\wbem\wmiprvse.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4576 CREDAT:137478 taskeng.exe {429EF3F5-AE0F-4079-8C22-9DB2A6E31222} "C:\Users\Steve Petruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IUMSYAF\RSITx64.exe" C:\windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\windows\tasks\Adobe Flash Player Updater.job C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2726610858-437048973-2726063162-1000Core.job C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2726610858-437048973-2726063162-1000UA.job C:\windows\tasks\GoogleUpdateTaskMachineCore.job C:\windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-19 253040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}] TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12 700800] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-09 502200] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL [2012-03-29 210360] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-19 192112] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02 4296864] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-01 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}] TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-12 534400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-19 253040] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-09 502200] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-19 192112] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""= [] "IgfxTray"=C:\windows\system32\igfxtray.exe [2011-04-07 167256] "HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-04-07 391000] "Persistence"=C:\windows\system32\igfxpers.exe [2011-04-07 418136] "TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2011-05-17 590256] "HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2010-09-25 296824] "TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2011-04-27 972672] "SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2011-03-24 310912] "cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2011-06-30 562304] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-02-03 2679592] "Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2011-05-24 1544624] "TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2011-07-01 712096] "TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376] "TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2011-06-10 710560] "TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2011-07-27 597936] "TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2011-06-28 38824] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-09-24 39408] "CarMD"=C:\Program Files (x86)\CarMD\CarMD.exe [2010-04-07 796672] "Facebook Update"=C:\Users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-28 137536] "Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-06-05 17345712] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "TSleepSrv"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [2010-06-04 252792] "ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2011-07-11 1298816] "NortonOnlineBackupReminder"=C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [2011-06-22 3218864] "ToshibaAppPlace"=C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [2010-09-23 552960] "HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\windows\system32\igfxdev.dll [2011-04-04 385024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2012-06-25 07:52:22 ----D---- C:\rsit 2012-06-25 07:52:22 ----D---- C:\Program Files\trend micro 2012-06-25 07:36:29 ----N---- C:\windows\svchost.exe 2012-06-24 21:48:37 ----D---- C:\Program Files\CCleaner 2012-06-24 19:21:24 ----D---- C:\Program Files (x86)\Trend Micro 2012-06-24 16:32:49 ----D---- C:\Users\Steve Petruso\AppData\Roaming\Malwarebytes 2012-06-24 16:32:42 ----D---- C:\ProgramData\Malwarebytes 2012-06-24 16:32:41 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-24 16:32:41 ----A---- C:\windows\system32\drivers\mbam.sys 2012-06-24 16:30:00 ----D---- C:\Program Files (x86)\1ClickDownload 2012-06-24 16:22:12 ----D---- C:\ProgramData\Conexant 2012-06-24 16:21:34 ----A---- C:\Program Files (x86)\64res.dll 2012-06-24 15:47:25 ----A---- C:\windows\SYSWOW64\qdvd.dll 2012-06-24 15:47:25 ----A---- C:\windows\system32\qdvd.dll 2012-06-23 06:43:49 ----D---- C:\Users\Steve Petruso\AppData\Roaming\PCCUStubInstaller 2012-06-22 06:01:10 ----A---- C:\windows\system32\wups2.dll 2012-06-22 06:01:10 ----A---- C:\windows\system32\wucltux.dll 2012-06-22 06:01:10 ----A---- C:\windows\system32\wuaueng.dll 2012-06-22 06:01:10 ----A---- C:\windows\system32\wuauclt.exe 2012-06-22 06:00:48 ----A---- C:\windows\system32\wups.dll 2012-06-22 06:00:48 ----A---- C:\windows\system32\wudriver.dll 2012-06-22 06:00:48 ----A---- C:\windows\system32\wuapi.dll 2012-06-22 06:00:40 ----A---- C:\windows\system32\wuwebv.dll 2012-06-22 06:00:40 ----A---- C:\windows\system32\wuapp.exe 2012-06-14 14:38:16 ----A---- C:\windows\SYSWOW64\mshtmled.dll 2012-06-14 14:38:16 ----A---- C:\windows\system32\mshtmled.dll 2012-06-14 14:38:15 ----A---- C:\windows\SYSWOW64\urlmon.dll 2012-06-14 14:38:15 ----A---- C:\windows\SYSWOW64\url.dll 2012-06-14 14:38:15 ----A---- C:\windows\system32\urlmon.dll 2012-06-14 14:38:15 ----A---- C:\windows\system32\url.dll 2012-06-14 14:38:15 ----A---- C:\windows\system32\iertutil.dll 2012-06-14 14:38:14 ----A---- C:\windows\SYSWOW64\ieui.dll 2012-06-14 14:38:14 ----A---- C:\windows\SYSWOW64\iertutil.dll 2012-06-14 14:38:14 ----A---- C:\windows\system32\ieui.dll 2012-06-14 14:38:13 ----A---- C:\windows\SYSWOW64\ieUnatt.exe 2012-06-14 14:38:13 ----A---- C:\windows\system32\ieUnatt.exe 2012-06-14 14:38:12 ----A---- C:\windows\SYSWOW64\wininet.dll 2012-06-14 14:38:12 ----A---- C:\windows\system32\wininet.dll 2012-06-14 14:38:11 ----A---- C:\windows\SYSWOW64\jsproxy.dll 2012-06-14 14:38:11 ----A---- C:\windows\SYSWOW64\jscript9.dll 2012-06-14 14:38:11 ----A---- C:\windows\SYSWOW64\jscript.dll 2012-06-14 14:38:11 ----A---- C:\windows\system32\jsproxy.dll 2012-06-14 14:38:11 ----A---- C:\windows\system32\jscript9.dll 2012-06-14 14:38:11 ----A---- C:\windows\system32\jscript.dll 2012-06-14 14:38:10 ----A---- C:\windows\SYSWOW64\mshtml.dll 2012-06-14 14:38:09 ----A---- C:\windows\system32\mshtml.dll 2012-06-14 14:38:08 ----A---- C:\windows\system32\ieframe.dll 2012-06-14 14:38:06 ----A---- C:\windows\SYSWOW64\ieframe.dll 2012-06-14 06:34:44 ----A---- C:\windows\system32\rdrmemptylst.exe 2012-06-14 06:34:44 ----A---- C:\windows\system32\rdpwsx.dll 2012-06-14 06:34:44 ----A---- C:\windows\system32\rdpcorekmts.dll 2012-06-14 06:34:32 ----A---- C:\windows\system32\profsvc.dll 2012-06-14 06:34:26 ----A---- C:\windows\system32\win32k.sys 2012-06-14 06:34:20 ----A---- C:\windows\system32\drivers\rdpwd.sys 2012-06-14 06:34:19 ----A---- C:\windows\SYSWOW64\msi.dll 2012-06-14 06:34:19 ----A---- C:\windows\system32\msi.dll 2012-06-14 06:34:07 ----A---- C:\windows\system32\crypt32.dll 2012-06-14 06:34:06 ----A---- C:\windows\SYSWOW64\cryptsvc.dll 2012-06-14 06:34:06 ----A---- C:\windows\SYSWOW64\cryptnet.dll 2012-06-14 06:34:06 ----A---- C:\windows\SYSWOW64\crypt32.dll 2012-06-14 06:34:06 ----A---- C:\windows\system32\cryptsvc.dll 2012-06-14 06:34:06 ----A---- C:\windows\system32\cryptnet.dll ======List of files/folders modified in the last 1 month====== 2012-06-25 07:52:37 ----D---- C:\windows\Temp 2012-06-25 07:52:22 ----RD---- C:\Program Files 2012-06-25 07:41:46 ----AD---- C:\windows\System32 2012-06-25 07:41:45 ----D---- C:\windows\inf 2012-06-25 07:41:45 ----A---- C:\windows\system32\PerfStringBackup.INI 2012-06-25 07:39:29 ----D---- C:\windows\system32\config 2012-06-25 07:38:47 ----D---- C:\Users\Steve Petruso\AppData\Roaming\Skype 2012-06-25 07:38:17 ----A---- C:\windows\SYSWOW64\log.txt 2012-06-25 07:37:32 ----SHD---- C:\System Volume Information 2012-06-25 07:36:29 ----AD---- C:\Windows 2012-06-25 05:30:17 ----D---- C:\windows\Panther 2012-06-25 05:30:16 ----D---- C:\windows\Minidump 2012-06-25 05:30:16 ----D---- C:\windows\Logs 2012-06-25 05:30:16 ----D---- C:\windows\debug 2012-06-24 19:21:24 ----RD---- C:\Program Files (x86) 2012-06-24 16:32:42 ----HD---- C:\ProgramData 2012-06-24 16:32:41 ----D---- C:\windows\system32\drivers 2012-06-24 16:19:19 ----SHD---- C:\windows\Installer 2012-06-24 16:19:18 ----D---- C:\Program Files (x86)\Microsoft 2012-06-24 16:18:55 ----SD---- C:\ProgramData\Microsoft 2012-06-24 16:17:25 ----D---- C:\windows\SoftwareDistribution 2012-06-24 16:15:51 ----D---- C:\windows\SysWOW64 2012-06-24 16:15:51 ----D---- C:\windows\Downloaded Program Files 2012-06-24 15:48:01 ----D---- C:\windows\winsxs 2012-06-24 15:46:37 ----D---- C:\windows\system32\catroot 2012-06-24 15:30:30 ----D---- C:\windows\Microsoft.NET 2012-06-24 15:30:29 ----RSD---- C:\windows\assembly 2012-06-24 15:13:41 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe 2012-06-23 06:43:49 ----D---- C:\windows\system32\Tasks 2012-06-22 14:56:16 ----D---- C:\windows\system32\en-US 2012-06-22 06:01:01 ----D---- C:\windows\system32\catroot2 2012-06-14 14:46:51 ----D---- C:\windows\SYSWOW64\en-US 2012-06-14 14:46:50 ----D---- C:\windows\SYSWOW64\migration 2012-06-14 14:46:50 ----D---- C:\Program Files (x86)\Internet Explorer 2012-06-14 14:46:49 ----D---- C:\windows\system32\migration 2012-06-14 14:46:49 ----D---- C:\Program Files\Internet Explorer 2012-06-14 06:43:38 ----A---- C:\windows\system32\MRT.INI 2012-06-14 06:39:53 ----A---- C:\windows\system32\MRT.exe 2012-06-08 05:53:23 ----D---- C:\ProgramData\Skype 2012-06-04 05:48:38 ----D---- C:\windows\Prefetch ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-01-12 439320] R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-13 12352] R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R0 SymDS;Symantec Data Store; C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-05-16 451192] R0 SymEFA;Symantec Extended File Attributes; C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728] R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840] R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-18 1161376] R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-05-31 484512] R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120622.001\IDSvia64.sys [2012-06-18 509088] R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS [2012-03-29 37496] R1 SymIRON;Symantec Iron Driver; C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072] R1 SymNetS;Symantec Network Security WFP Driver; C:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624] R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472] R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2010-12-17 2675712] R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2011-07-07 1576576] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912] R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2011-04-04 12262624] R3 IntcDAud;Intel® Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] R3 MEIx64;Intel® Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120624.008\ENG64.SYS [2012-06-24 120440] R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120624.008\EX64.SYS [2012-06-24 2068600] R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096] R3 QIOMem;Generic IO & Memory Access; C:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800] R3 SRTSP;Symantec Real Time Storage Protection x64; C:\windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS [2012-03-29 737912] R3 StillCam;Still Serial Digital Camera Driver; C:\windows\system32\DRIVERS\serscan.sys [2009-07-13 12288] R3 SymEvent;SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [2012-03-27 175736] R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-02-03 1413680] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784] R3 tosrfec;Bluetooth ACPI; C:\windows\system32\DRIVERS\tosrfec.sys [2010-06-18 18872] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920] S3 BtFilter;Bluetooth LowerFilter Class Filter Driver; C:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RTSUVSTOR.sys [2011-07-08 307304] S3 SrvHsfHDA;SrvHsfHDA; C:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] S3 SrvHsfV92;SrvHsfV92; C:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] S3 SrvHsfWinac;SrvHsfWinac; C:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] S3 Tosrfcom;Tosrfcom; C:\windows\system32\drivers\Tosrfcom.sys [] S3 Tosrfusb;Bluetooth USB Controller; C:\windows\system32\DRIVERS\tosrfusb.sys [2011-01-27 67384] S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984] S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-12-20 325656] R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232] R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-02-15 135608] R2 PCCUJobMgr;Common Client Job Manager Service; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2010-10-20 138656] R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2011-05-17 574896] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848] R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096] R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-11 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152] R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056] S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-24 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2011-04-01 198064] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-11-05 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] -----------------EOF----------------- info.txt logfile of random's system information tool 1.09 2012-06-25 07:52:41 ======Uninstall list====== -->"C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - main\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Club Penguin\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Dark Orbit\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Seafight\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Shaiya\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - World of Warcraft\Uninstall.exe" -->C:\Program Files\CONEXANT\cAudioFilterAgent\SETUP64.EXE -U -IcAudioFilterAgent -SM=cAudioFilterAgent64.exe,16 -->C:\Program Files\CONEXANT\cMA3Preset\SETUP64.EXE -U -IcMA3Preset ,16 -->C:\Program Files\Conexant\MaxxAudio\SETUP64.EXE -U -IMaxxAudio -->C:\Program Files\Conexant\MaxxGadget\SETUP64.EXE -U -IMaxxGadget ,16 -->C:\Program Files\Conexant\SAII\SETUP64.EXE -U -ISAII -SM=SmartAudio.EXE,1801 -->C:\Program Files\TOSHIBA\TVAP\setup.exe Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0} Adobe Flash Player 11 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe -maintain plugin Adobe Reader X (10.1.3) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001} Atheros Bluetooth Filter Driver Package-->MsiExec.exe /X{65486209-5C54-439C-8383-8AC9BBE25932} Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly Atheros Driver Installation Program-->"C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe" -runfromtemp -l0x0409 Bejeweled 3-->"C:\Program Files (x86)\TOSHIBA Games\Bejeweled 3\uninstall\uninstaller.exe" Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6} Canon Inkjet Printer Driver Add-On Module-->C:\Program Files\Common Files\Canon\IJ\InboxPrnV100\SETUP.EXE -R CarMD-->MsiExec.exe /I{251C65C0-15FF-4603-98BB-E4A61C7DA424} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Chuzzle Deluxe-->"C:\Program Files (x86)\TOSHIBA Games\Chuzzle Deluxe\uninstall\uninstaller.exe" Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU64a.exe -U -G -ITE7Pebwa.inf Coupon Printer for Windows-->"C:\Program Files (x86)\Coupons\uninstall.exe" "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml" D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} DriverTuner 3.0.1.0-->"C:\Program Files\DriverTuner\unins000.exe" Facebook Video Calling 1.2.0.159-->MsiExec.exe /X{7CAC6A44-C3DE-4153-ACA6-7524602C789E} FATE - The Traitor Soul-->"C:\Program Files (x86)\TOSHIBA Games\FATE - The Traitor Soul\uninstall\uninstaller.exe" Fishdom 2-->"C:\Program Files (x86)\TOSHIBA Games\Fishdom 2\uninstall\uninstaller.exe" Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall HP Photo Creations-->C:\Program Files (x86)\HP Photo Creations\uninst.exe HP Photosmart Plus B210 series Basic Device Software-->MsiExec.exe /I{F4330A8B-3610-4483-975E-69789B70A764} HP Photosmart Plus B210 series Help-->MsiExec.exe /I{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40} HP Photosmart Plus B210 series Product Improvement Study-->MsiExec.exe /I{7C1C9924-3755-483C-87B1-8371B7454B1A} HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE} Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall Java 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022F0} Java 6 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216025FF} Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} Label@Once 1.0-->MsiExec.exe /I{0D795777-9D60-4692-8386-F2B3F2B5E5BF} Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E} Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E} MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9} MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Netwaiting-->MsiExec.exe /I{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A} Norton Internet Security-->C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\19.7.1.5\InstStub.exe /X /ARP OpenOffice.org 3.3-->MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021} Penguins!-->"C:\Program Files (x86)\TOSHIBA Games\Penguins!\uninstall\uninstaller.exe" Plants vs. Zombies - Game of the Year-->"C:\Program Files (x86)\TOSHIBA Games\Plants vs Zombies - Game of the Year\uninstall\uninstaller.exe" PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04} PlayReady PC Runtime x86-->MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61} Polar Bowler-->"C:\Program Files (x86)\TOSHIBA Games\Polar Bowler\uninstall\uninstaller.exe" QuickTime-->C:\windows\unvise32qt.exe C:\windows\system32\QuickTime\Uninstall.log Realtek USB 2.0 Reader Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{62BBB2F0-E220-4821-A564-730807D2C34D}\setup.exe" -runfromtemp -removeonly Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120} Skype Launcher-->C:\Program Files (x86)\InstallShield Installation Information\{DA84ECBF-4B79-47F2-B34C-95C38484C058}\setup.exe -runfromtemp -l0x0009 -removeonly Skype™ 5.9-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Tom Clancy's Splinter Cell-->"C:\Program Files (x86)\TOSHIBA Games\Tom Clancys Splinter Cell\uninstall\uninstaller.exe" Toshiba App Place-->MsiExec.exe /I{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2} TOSHIBA Application Installer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}\setup.exe" -l0x9 -removeonly TOSHIBA Assist-->C:\Program Files (x86)\InstallShield Installation Information\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}\setup.exe -runfromtemp -removeonly Toshiba Book Place-->MsiExec.exe /X{A14962A7-2B7D-456E-BFCD-F54E3A88D41F} TOSHIBA Bulletin Board-->"C:\Program Files (x86)\InstallShield Installation Information\{1C8C049A-145F-4A6E-8290-B5C245EBE39D}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Bulletin Board-->MsiExec.exe /X{1C8C049A-145F-4A6E-8290-B5C245EBE39D} TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0} TOSHIBA eco Utility-->MsiExec.exe /X{C2F94B5E-201A-4754-8F2F-4395E1D90DA3} TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Face Recognition-->MsiExec.exe /X{F67FA545-D8E5-4209-86B1-AEE045D1003F} TOSHIBA Hardware Setup-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C4FFA951-9678-4D51-84B4-AFD15D3C45AD} /l1033 TOSHIBA HDD/SSD Alert-->MsiExec.exe /X{D4322448-B6AF-4316-B859-D8A0E84DCB38} Toshiba Laptop Checkup-->C:\Program Files (x86)\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.13.11\InstStub.exe /X TOSHIBA Media Controller Plug-in-->MsiExec.exe /X{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0} TOSHIBA Media Controller-->C:\Program Files (x86)\InstallShield Installation Information\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}\setup.exe -runfromtemp -removeonly Toshiba Online Backup-->MsiExec.exe /X{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1} TOSHIBA PC Health Monitor-->MsiExec.exe /X{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4} TOSHIBA Quality Application-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E69992ED-A7F6-406C-9280-1C156417BC49}\setup.exe" -l0x9 -removeonly TOSHIBA Recovery Media Creator-->C:\Program Files (x86)\InstallShield Installation Information\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}\Setup.exe -runfromtemp -removeonly TOSHIBA ReelTime-->"C:\Program Files (x86)\InstallShield Installation Information\{24811C12-F4A9-4D0F-8494-A7B8FE46123C}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA ReelTime-->MsiExec.exe /X{24811C12-F4A9-4D0F-8494-A7B8FE46123C} TOSHIBA Resolution+ Plug-in for Windows Media Player-->"C:\Program Files (x86)\InstallShield Installation Information\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Service Station-->C:\Program Files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0009 -removeonly TOSHIBA Sleep Utility-->C:\Program Files (x86)\InstallShield Installation Information\{654F7484-88C5-46DC-AB32-C66BCB0E2102}\Setup.exe -runfromtemp -removeonly TOSHIBA Supervisor Password-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{CBD6B23D-41D5-4A46-8019-6208516C9712} /l1033 TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe TOSHIBA Web Camera Application-->"C:\Program Files (x86)\InstallShield Installation Information\{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Web Camera Application-->MsiExec.exe /I{6F3C8901-EBD3-470D-87F8-AC210F6E5E02} TOSHIBA Wireless LAN Indicator-->MsiExec.exe /X{5B01BCB7-A5D3-476F-AF11-E515BA206591} TOSHIBARegistration-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5AF550B4-BB67-4E7E-82F1-2C4300279050}\setup.exe" -l0x9 -removeonly Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client Update Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe" Virtual Villagers 5 - New Believers-->"C:\Program Files (x86)\TOSHIBA Games\Virtual Villagers 5 - New Believers\uninstall\uninstaller.exe" WildTangent Games App (Toshiba Games)-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\toshiba\Uninstall.exe" WildTangent Games-->"C:\Program Files (x86)\TOSHIBA Games\Uninstall.exe" Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Language Selector-->MsiExec.exe /I{180C8888-50F1-426B-A9DC-AB83A1989C65} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923} Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441} Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649} Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48} Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24} Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11} Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59} Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5} Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B} Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760} Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E} Zuma's Revenge-->"C:\Program Files (x86)\TOSHIBA Games\Zumas Revenge\uninstall\uninstaller.exe" ======System event log====== Computer Name: StevePetruso-PC Event Code: 10002 Message: WLAN Extensibility Module has stopped. Module Path: C:\windows\system32\athihvs.dll Record Number: 91597 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310183531.403135-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: StevePetruso-PC Event Code: 4001 Message: WLAN AutoConfig service has successfully stopped. Record Number: 91417 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310174423.044669-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: StevePetruso-PC Event Code: 10002 Message: WLAN Extensibility Module has stopped. Module Path: C:\windows\system32\athihvs.dll Record Number: 91416 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310174423.042669-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: StevePetruso-PC Event Code: 4001 Message: WLAN AutoConfig service has successfully stopped. Record Number: 91238 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310164516.796027-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: StevePetruso-PC Event Code: 10002 Message: WLAN Extensibility Module has stopped. Module Path: C:\windows\system32\athihvs.dll Record Number: 91237 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310164516.786027-000 Event Type: Warning User: NT AUTHORITY\SYSTEM =====Application event log===== Computer Name: StevePetruso-PC Event Code: 4107 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Record Number: 1323 Source Name: Microsoft-Windows-CAPI2 Time Written: 20111105124526.884006-000 Event Type: Error User: Computer Name: StevePetruso-PC Event Code: 4107 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Record Number: 1322 Source Name: Microsoft-Windows-CAPI2 Time Written: 20111105124526.868406-000 Event Type: Error User: Computer Name: StevePetruso-PC Event Code: 11 Message: Possible Memory Leak. Application (C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 448) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application. Record Number: 1318 Source Name: Microsoft-Windows-RPC-Events Time Written: 20111105124522.250798-000 Event Type: Warning User: NT AUTHORITY\LOCAL SERVICE Computer Name: StevePetruso-PC Event Code: 1008 Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. Record Number: 1305 Source Name: Microsoft-Windows-Search Time Written: 20111105124435.000000-000 Event Type: Warning User: Computer Name: StevePetruso-PC Event Code: 10 Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Record Number: 1300 Source Name: Microsoft-Windows-WMI Time Written: 20111105114043.000000-000 Event Type: Error User: =====Security event log===== Computer Name: StevePetruso-PC Event Code: 4608 Message: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Record Number: 3478 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111126150204.059620-000 Event Type: Audit Success User: Computer Name: StevePetruso-PC Event Code: 1100 Message: The event logging service has shut down. Record Number: 3477 Source Name: Microsoft-Windows-Eventlog Time Written: 20111126005701.128832-000 Event Type: Audit Success User: Computer Name: StevePetruso-PC Event Code: 4672 Message: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 3476 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111126005659.693629-000 Event Type: Audit Success User: Computer Name: StevePetruso-PC Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: STEVEPETRUSO-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 3475 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111126005659.693629-000 Event Type: Audit Success User: Computer Name: StevePetruso-PC Event Code: 4647 Message: User initiated logoff: Subject: Security ID: S-1-5-21-2726610858-437048973-2726063162-1000 Account Name: Steve Petruso Account Domain: StevePetruso-PC Logon ID: 0x43ed5 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Record Number: 3474 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111126005659.366029-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=2a07 "windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log "windows_tracing_flags"=3 -----------------EOF----------------- I work second shift so I won't respond right away until tomorrow morning but I would appreciate the help Ive tried eveything I could think of to get it off.
  7. Hi, My parents called me the other day and said their computer was playing a random ad in the background. I didn't believe them so I waited until yesterday to go look at their computer. I turned it on and for ten minutes the computer seemed to be ok and then the ad started playing. They have Norton Internet Security on their computer and it doesn't pick up the virus. I put malwarebytes on the computer and scanned and it found a trojan so I chose to fix the problem. I restarted the computer and thought that would have done it but to my surprise its still on the computer. I saw another forum where they used RSIT which generated some logs so I decided I would try that. Here are the logs. Logfile of random's system information tool 1.09 (written by random/random) Run by Steve Petruso at 2012-06-25 07:52:22 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 546 GB (92%) free of 594 GB Total RAM: 6092 MB (57% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:52:38 AM, on 6/25/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\trend micro\Steve Petruso.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1#inbox R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [CarMD] C:\Program Files (x86)\CarMD\CarMD.exe O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12056 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch winlogon.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe 27346720 C:\windows\System32\spoolsv.exe \??\C:\windows\system32\conhost.exe "1620387087-589614863142652796174828742013758048691802004493-1513016729-578510830 C:\windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll" /prefetch:1 "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1 C:\windows\system32\svchost.exe -k imgsvc C:\Windows\system32\TODDSrv.exe "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSvcM.exe 2024 "C:\Program Files\TOSHIBA\TECO\TecoService.exe" C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -netsvcs \??\C:\windows\system32\conhost.exe "-740113850-1041399657113861242410953134321287194221-18998899641235486413-2094937580 "taskhost.exe" "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /c /a /s UserSession2 "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /c /a /s UserSession "C:\windows\system32\Dwm.exe" C:\windows\Explorer.EXE C:\windows\system32\SearchIndexer.exe /Embedding "C:\Windows\System32\igfxtray.exe" "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Toshiba\Power Saver\TPwrMain.exe" "C:\Program Files\Toshiba\FlashCards\TCrdMain.exe" "C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe" "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "C:\Program Files\Toshiba\TECO\Teco.exe" /r "C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe" "C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe" "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "C:\Program Files (x86)\CarMD\CarMD.exe" "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 "C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe" "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" C:\windows\System32\svchost.exe -k LocalServicePeerNet "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe" /s "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe" "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" "C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe" "C:\windows\system32\wuauclt.exe" "C:\Program Files (x86)\Internet Explorer\iexplore.exe" "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4576 CREDAT:203009 "C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe" C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -Embedding C:\windows\system32\wbem\wmiprvse.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4576 CREDAT:137478 taskeng.exe {429EF3F5-AE0F-4079-8C22-9DB2A6E31222} "C:\Users\Steve Petruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IUMSYAF\RSITx64.exe" C:\windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\windows\tasks\Adobe Flash Player Updater.job C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2726610858-437048973-2726063162-1000Core.job C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2726610858-437048973-2726063162-1000UA.job C:\windows\tasks\GoogleUpdateTaskMachineCore.job C:\windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-19 253040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}] TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12 700800] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-09 502200] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL [2012-03-29 210360] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-19 192112] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02 4296864] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-01 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}] TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-12 534400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-19 253040] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-09 502200] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-19 192112] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""= [] "IgfxTray"=C:\windows\system32\igfxtray.exe [2011-04-07 167256] "HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-04-07 391000] "Persistence"=C:\windows\system32\igfxpers.exe [2011-04-07 418136] "TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2011-05-17 590256] "HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2010-09-25 296824] "TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2011-04-27 972672] "SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2011-03-24 310912] "cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2011-06-30 562304] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-02-03 2679592] "Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2011-05-24 1544624] "TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2011-07-01 712096] "TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376] "TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2011-06-10 710560] "TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2011-07-27 597936] "TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2011-06-28 38824] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-09-24 39408] "CarMD"=C:\Program Files (x86)\CarMD\CarMD.exe [2010-04-07 796672] "Facebook Update"=C:\Users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-28 137536] "Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-06-05 17345712] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "TSleepSrv"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [2010-06-04 252792] "ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2011-07-11 1298816] "NortonOnlineBackupReminder"=C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [2011-06-22 3218864] "ToshibaAppPlace"=C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [2010-09-23 552960] "HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\windows\system32\igfxdev.dll [2011-04-04 385024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2012-06-25 07:52:22 ----D---- C:\rsit 2012-06-25 07:52:22 ----D---- C:\Program Files\trend micro 2012-06-25 07:36:29 ----N---- C:\windows\svchost.exe 2012-06-24 21:48:37 ----D---- C:\Program Files\CCleaner 2012-06-24 19:21:24 ----D---- C:\Program Files (x86)\Trend Micro 2012-06-24 16:32:49 ----D---- C:\Users\Steve Petruso\AppData\Roaming\Malwarebytes 2012-06-24 16:32:42 ----D---- C:\ProgramData\Malwarebytes 2012-06-24 16:32:41 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-24 16:32:41 ----A---- C:\windows\system32\drivers\mbam.sys 2012-06-24 16:30:00 ----D---- C:\Program Files (x86)\1ClickDownload 2012-06-24 16:22:12 ----D---- C:\ProgramData\Conexant 2012-06-24 16:21:34 ----A---- C:\Program Files (x86)\64res.dll 2012-06-24 15:47:25 ----A---- C:\windows\SYSWOW64\qdvd.dll 2012-06-24 15:47:25 ----A---- C:\windows\system32\qdvd.dll 2012-06-23 06:43:49 ----D---- C:\Users\Steve Petruso\AppData\Roaming\PCCUStubInstaller 2012-06-22 06:01:10 ----A---- C:\windows\system32\wups2.dll 2012-06-22 06:01:10 ----A---- C:\windows\system32\wucltux.dll 2012-06-22 06:01:10 ----A---- C:\windows\system32\wuaueng.dll 2012-06-22 06:01:10 ----A---- C:\windows\system32\wuauclt.exe 2012-06-22 06:00:48 ----A---- C:\windows\system32\wups.dll 2012-06-22 06:00:48 ----A---- C:\windows\system32\wudriver.dll 2012-06-22 06:00:48 ----A---- C:\windows\system32\wuapi.dll 2012-06-22 06:00:40 ----A---- C:\windows\system32\wuwebv.dll 2012-06-22 06:00:40 ----A---- C:\windows\system32\wuapp.exe 2012-06-14 14:38:16 ----A---- C:\windows\SYSWOW64\mshtmled.dll 2012-06-14 14:38:16 ----A---- C:\windows\system32\mshtmled.dll 2012-06-14 14:38:15 ----A---- C:\windows\SYSWOW64\urlmon.dll 2012-06-14 14:38:15 ----A---- C:\windows\SYSWOW64\url.dll 2012-06-14 14:38:15 ----A---- C:\windows\system32\urlmon.dll 2012-06-14 14:38:15 ----A---- C:\windows\system32\url.dll 2012-06-14 14:38:15 ----A---- C:\windows\system32\iertutil.dll 2012-06-14 14:38:14 ----A---- C:\windows\SYSWOW64\ieui.dll 2012-06-14 14:38:14 ----A---- C:\windows\SYSWOW64\iertutil.dll 2012-06-14 14:38:14 ----A---- C:\windows\system32\ieui.dll 2012-06-14 14:38:13 ----A---- C:\windows\SYSWOW64\ieUnatt.exe 2012-06-14 14:38:13 ----A---- C:\windows\system32\ieUnatt.exe 2012-06-14 14:38:12 ----A---- C:\windows\SYSWOW64\wininet.dll 2012-06-14 14:38:12 ----A---- C:\windows\system32\wininet.dll 2012-06-14 14:38:11 ----A---- C:\windows\SYSWOW64\jsproxy.dll 2012-06-14 14:38:11 ----A---- C:\windows\SYSWOW64\jscript9.dll 2012-06-14 14:38:11 ----A---- C:\windows\SYSWOW64\jscript.dll 2012-06-14 14:38:11 ----A---- C:\windows\system32\jsproxy.dll 2012-06-14 14:38:11 ----A---- C:\windows\system32\jscript9.dll 2012-06-14 14:38:11 ----A---- C:\windows\system32\jscript.dll 2012-06-14 14:38:10 ----A---- C:\windows\SYSWOW64\mshtml.dll 2012-06-14 14:38:09 ----A---- C:\windows\system32\mshtml.dll 2012-06-14 14:38:08 ----A---- C:\windows\system32\ieframe.dll 2012-06-14 14:38:06 ----A---- C:\windows\SYSWOW64\ieframe.dll 2012-06-14 06:34:44 ----A---- C:\windows\system32\rdrmemptylst.exe 2012-06-14 06:34:44 ----A---- C:\windows\system32\rdpwsx.dll 2012-06-14 06:34:44 ----A---- C:\windows\system32\rdpcorekmts.dll 2012-06-14 06:34:32 ----A---- C:\windows\system32\profsvc.dll 2012-06-14 06:34:26 ----A---- C:\windows\system32\win32k.sys 2012-06-14 06:34:20 ----A---- C:\windows\system32\drivers\rdpwd.sys 2012-06-14 06:34:19 ----A---- C:\windows\SYSWOW64\msi.dll 2012-06-14 06:34:19 ----A---- C:\windows\system32\msi.dll 2012-06-14 06:34:07 ----A---- C:\windows\system32\crypt32.dll 2012-06-14 06:34:06 ----A---- C:\windows\SYSWOW64\cryptsvc.dll 2012-06-14 06:34:06 ----A---- C:\windows\SYSWOW64\cryptnet.dll 2012-06-14 06:34:06 ----A---- C:\windows\SYSWOW64\crypt32.dll 2012-06-14 06:34:06 ----A---- C:\windows\system32\cryptsvc.dll 2012-06-14 06:34:06 ----A---- C:\windows\system32\cryptnet.dll ======List of files/folders modified in the last 1 month====== 2012-06-25 07:52:37 ----D---- C:\windows\Temp 2012-06-25 07:52:22 ----RD---- C:\Program Files 2012-06-25 07:41:46 ----AD---- C:\windows\System32 2012-06-25 07:41:45 ----D---- C:\windows\inf 2012-06-25 07:41:45 ----A---- C:\windows\system32\PerfStringBackup.INI 2012-06-25 07:39:29 ----D---- C:\windows\system32\config 2012-06-25 07:38:47 ----D---- C:\Users\Steve Petruso\AppData\Roaming\Skype 2012-06-25 07:38:17 ----A---- C:\windows\SYSWOW64\log.txt 2012-06-25 07:37:32 ----SHD---- C:\System Volume Information 2012-06-25 07:36:29 ----AD---- C:\Windows 2012-06-25 05:30:17 ----D---- C:\windows\Panther 2012-06-25 05:30:16 ----D---- C:\windows\Minidump 2012-06-25 05:30:16 ----D---- C:\windows\Logs 2012-06-25 05:30:16 ----D---- C:\windows\debug 2012-06-24 19:21:24 ----RD---- C:\Program Files (x86) 2012-06-24 16:32:42 ----HD---- C:\ProgramData 2012-06-24 16:32:41 ----D---- C:\windows\system32\drivers 2012-06-24 16:19:19 ----SHD---- C:\windows\Installer 2012-06-24 16:19:18 ----D---- C:\Program Files (x86)\Microsoft 2012-06-24 16:18:55 ----SD---- C:\ProgramData\Microsoft 2012-06-24 16:17:25 ----D---- C:\windows\SoftwareDistribution 2012-06-24 16:15:51 ----D---- C:\windows\SysWOW64 2012-06-24 16:15:51 ----D---- C:\windows\Downloaded Program Files 2012-06-24 15:48:01 ----D---- C:\windows\winsxs 2012-06-24 15:46:37 ----D---- C:\windows\system32\catroot 2012-06-24 15:30:30 ----D---- C:\windows\Microsoft.NET 2012-06-24 15:30:29 ----RSD---- C:\windows\assembly 2012-06-24 15:13:41 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe 2012-06-23 06:43:49 ----D---- C:\windows\system32\Tasks 2012-06-22 14:56:16 ----D---- C:\windows\system32\en-US 2012-06-22 06:01:01 ----D---- C:\windows\system32\catroot2 2012-06-14 14:46:51 ----D---- C:\windows\SYSWOW64\en-US 2012-06-14 14:46:50 ----D---- C:\windows\SYSWOW64\migration 2012-06-14 14:46:50 ----D---- C:\Program Files (x86)\Internet Explorer 2012-06-14 14:46:49 ----D---- C:\windows\system32\migration 2012-06-14 14:46:49 ----D---- C:\Program Files\Internet Explorer 2012-06-14 06:43:38 ----A---- C:\windows\system32\MRT.INI 2012-06-14 06:39:53 ----A---- C:\windows\system32\MRT.exe 2012-06-08 05:53:23 ----D---- C:\ProgramData\Skype 2012-06-04 05:48:38 ----D---- C:\windows\Prefetch ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-01-12 439320] R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-13 12352] R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R0 SymDS;Symantec Data Store; C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-05-16 451192] R0 SymEFA;Symantec Extended File Attributes; C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728] R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840] R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-18 1161376] R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-05-31 484512] R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120622.001\IDSvia64.sys [2012-06-18 509088] R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS [2012-03-29 37496] R1 SymIRON;Symantec Iron Driver; C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072] R1 SymNetS;Symantec Network Security WFP Driver; C:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624] R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472] R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2010-12-17 2675712] R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2011-07-07 1576576] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912] R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2011-04-04 12262624] R3 IntcDAud;Intel® Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] R3 MEIx64;Intel® Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120624.008\ENG64.SYS [2012-06-24 120440] R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120624.008\EX64.SYS [2012-06-24 2068600] R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096] R3 QIOMem;Generic IO & Memory Access; C:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800] R3 SRTSP;Symantec Real Time Storage Protection x64; C:\windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS [2012-03-29 737912] R3 StillCam;Still Serial Digital Camera Driver; C:\windows\system32\DRIVERS\serscan.sys [2009-07-13 12288] R3 SymEvent;SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [2012-03-27 175736] R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-02-03 1413680] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784] R3 tosrfec;Bluetooth ACPI; C:\windows\system32\DRIVERS\tosrfec.sys [2010-06-18 18872] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920] S3 BtFilter;Bluetooth LowerFilter Class Filter Driver; C:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RTSUVSTOR.sys [2011-07-08 307304] S3 SrvHsfHDA;SrvHsfHDA; C:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] S3 SrvHsfV92;SrvHsfV92; C:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] S3 SrvHsfWinac;SrvHsfWinac; C:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] S3 Tosrfcom;Tosrfcom; C:\windows\system32\drivers\Tosrfcom.sys [] S3 Tosrfusb;Bluetooth USB Controller; C:\windows\system32\DRIVERS\tosrfusb.sys [2011-01-27 67384] S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984] S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-12-20 325656] R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232] R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-02-15 135608] R2 PCCUJobMgr;Common Client Job Manager Service; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2010-10-20 138656] R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2011-05-17 574896] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848] R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096] R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-11 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152] R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056] S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-24 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2011-04-01 198064] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-11-05 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] -----------------EOF----------------- info.txt logfile of random's system information tool 1.09 2012-06-25 07:52:41 ======Uninstall list====== -->"C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - main\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Club Penguin\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Dark Orbit\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Seafight\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Shaiya\Uninstall.exe" -->"C:\Program Files (x86)\TOSHIBA Games\Web Link - World of Warcraft\Uninstall.exe" -->C:\Program Files\CONEXANT\cAudioFilterAgent\SETUP64.EXE -U -IcAudioFilterAgent -SM=cAudioFilterAgent64.exe,16 -->C:\Program Files\CONEXANT\cMA3Preset\SETUP64.EXE -U -IcMA3Preset ,16 -->C:\Program Files\Conexant\MaxxAudio\SETUP64.EXE -U -IMaxxAudio -->C:\Program Files\Conexant\MaxxGadget\SETUP64.EXE -U -IMaxxGadget ,16 -->C:\Program Files\Conexant\SAII\SETUP64.EXE -U -ISAII -SM=SmartAudio.EXE,1801 -->C:\Program Files\TOSHIBA\TVAP\setup.exe Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0} Adobe Flash Player 11 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe -maintain plugin Adobe Reader X (10.1.3) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001} Atheros Bluetooth Filter Driver Package-->MsiExec.exe /X{65486209-5C54-439C-8383-8AC9BBE25932} Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly Atheros Driver Installation Program-->"C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe" -runfromtemp -l0x0409 Bejeweled 3-->"C:\Program Files (x86)\TOSHIBA Games\Bejeweled 3\uninstall\uninstaller.exe" Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6} Canon Inkjet Printer Driver Add-On Module-->C:\Program Files\Common Files\Canon\IJ\InboxPrnV100\SETUP.EXE -R CarMD-->MsiExec.exe /I{251C65C0-15FF-4603-98BB-E4A61C7DA424} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Chuzzle Deluxe-->"C:\Program Files (x86)\TOSHIBA Games\Chuzzle Deluxe\uninstall\uninstaller.exe" Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU64a.exe -U -G -ITE7Pebwa.inf Coupon Printer for Windows-->"C:\Program Files (x86)\Coupons\uninstall.exe" "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml" D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} DriverTuner 3.0.1.0-->"C:\Program Files\DriverTuner\unins000.exe" Facebook Video Calling 1.2.0.159-->MsiExec.exe /X{7CAC6A44-C3DE-4153-ACA6-7524602C789E} FATE - The Traitor Soul-->"C:\Program Files (x86)\TOSHIBA Games\FATE - The Traitor Soul\uninstall\uninstaller.exe" Fishdom 2-->"C:\Program Files (x86)\TOSHIBA Games\Fishdom 2\uninstall\uninstaller.exe" Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall HP Photo Creations-->C:\Program Files (x86)\HP Photo Creations\uninst.exe HP Photosmart Plus B210 series Basic Device Software-->MsiExec.exe /I{F4330A8B-3610-4483-975E-69789B70A764} HP Photosmart Plus B210 series Help-->MsiExec.exe /I{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40} HP Photosmart Plus B210 series Product Improvement Study-->MsiExec.exe /I{7C1C9924-3755-483C-87B1-8371B7454B1A} HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE} Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall Java 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022F0} Java 6 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216025FF} Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} Label@Once 1.0-->MsiExec.exe /I{0D795777-9D60-4692-8386-F2B3F2B5E5BF} Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E} Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E} MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9} MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Netwaiting-->MsiExec.exe /I{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A} Norton Internet Security-->C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\19.7.1.5\InstStub.exe /X /ARP OpenOffice.org 3.3-->MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021} Penguins!-->"C:\Program Files (x86)\TOSHIBA Games\Penguins!\uninstall\uninstaller.exe" Plants vs. Zombies - Game of the Year-->"C:\Program Files (x86)\TOSHIBA Games\Plants vs Zombies - Game of the Year\uninstall\uninstaller.exe" PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04} PlayReady PC Runtime x86-->MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61} Polar Bowler-->"C:\Program Files (x86)\TOSHIBA Games\Polar Bowler\uninstall\uninstaller.exe" QuickTime-->C:\windows\unvise32qt.exe C:\windows\system32\QuickTime\Uninstall.log Realtek USB 2.0 Reader Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{62BBB2F0-E220-4821-A564-730807D2C34D}\setup.exe" -runfromtemp -removeonly Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120} Skype Launcher-->C:\Program Files (x86)\InstallShield Installation Information\{DA84ECBF-4B79-47F2-B34C-95C38484C058}\setup.exe -runfromtemp -l0x0009 -removeonly Skype™ 5.9-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Tom Clancy's Splinter Cell-->"C:\Program Files (x86)\TOSHIBA Games\Tom Clancys Splinter Cell\uninstall\uninstaller.exe" Toshiba App Place-->MsiExec.exe /I{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2} TOSHIBA Application Installer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}\setup.exe" -l0x9 -removeonly TOSHIBA Assist-->C:\Program Files (x86)\InstallShield Installation Information\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}\setup.exe -runfromtemp -removeonly Toshiba Book Place-->MsiExec.exe /X{A14962A7-2B7D-456E-BFCD-F54E3A88D41F} TOSHIBA Bulletin Board-->"C:\Program Files (x86)\InstallShield Installation Information\{1C8C049A-145F-4A6E-8290-B5C245EBE39D}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Bulletin Board-->MsiExec.exe /X{1C8C049A-145F-4A6E-8290-B5C245EBE39D} TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0} TOSHIBA eco Utility-->MsiExec.exe /X{C2F94B5E-201A-4754-8F2F-4395E1D90DA3} TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Face Recognition-->MsiExec.exe /X{F67FA545-D8E5-4209-86B1-AEE045D1003F} TOSHIBA Hardware Setup-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C4FFA951-9678-4D51-84B4-AFD15D3C45AD} /l1033 TOSHIBA HDD/SSD Alert-->MsiExec.exe /X{D4322448-B6AF-4316-B859-D8A0E84DCB38} Toshiba Laptop Checkup-->C:\Program Files (x86)\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.13.11\InstStub.exe /X TOSHIBA Media Controller Plug-in-->MsiExec.exe /X{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0} TOSHIBA Media Controller-->C:\Program Files (x86)\InstallShield Installation Information\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}\setup.exe -runfromtemp -removeonly Toshiba Online Backup-->MsiExec.exe /X{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1} TOSHIBA PC Health Monitor-->MsiExec.exe /X{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4} TOSHIBA Quality Application-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E69992ED-A7F6-406C-9280-1C156417BC49}\setup.exe" -l0x9 -removeonly TOSHIBA Recovery Media Creator-->C:\Program Files (x86)\InstallShield Installation Information\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}\Setup.exe -runfromtemp -removeonly TOSHIBA ReelTime-->"C:\Program Files (x86)\InstallShield Installation Information\{24811C12-F4A9-4D0F-8494-A7B8FE46123C}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA ReelTime-->MsiExec.exe /X{24811C12-F4A9-4D0F-8494-A7B8FE46123C} TOSHIBA Resolution+ Plug-in for Windows Media Player-->"C:\Program Files (x86)\InstallShield Installation Information\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Service Station-->C:\Program Files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0009 -removeonly TOSHIBA Sleep Utility-->C:\Program Files (x86)\InstallShield Installation Information\{654F7484-88C5-46DC-AB32-C66BCB0E2102}\Setup.exe -runfromtemp -removeonly TOSHIBA Supervisor Password-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{CBD6B23D-41D5-4A46-8019-6208516C9712} /l1033 TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe TOSHIBA Web Camera Application-->"C:\Program Files (x86)\InstallShield Installation Information\{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Web Camera Application-->MsiExec.exe /I{6F3C8901-EBD3-470D-87F8-AC210F6E5E02} TOSHIBA Wireless LAN Indicator-->MsiExec.exe /X{5B01BCB7-A5D3-476F-AF11-E515BA206591} TOSHIBARegistration-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5AF550B4-BB67-4E7E-82F1-2C4300279050}\setup.exe" -l0x9 -removeonly Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client Update Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe" Virtual Villagers 5 - New Believers-->"C:\Program Files (x86)\TOSHIBA Games\Virtual Villagers 5 - New Believers\uninstall\uninstaller.exe" WildTangent Games App (Toshiba Games)-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\toshiba\Uninstall.exe" WildTangent Games-->"C:\Program Files (x86)\TOSHIBA Games\Uninstall.exe" Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Language Selector-->MsiExec.exe /I{180C8888-50F1-426B-A9DC-AB83A1989C65} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923} Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441} Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649} Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48} Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24} Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11} Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59} Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5} Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B} Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760} Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E} Zuma's Revenge-->"C:\Program Files (x86)\TOSHIBA Games\Zumas Revenge\uninstall\uninstaller.exe" ======System event log====== Computer Name: StevePetruso-PC Event Code: 10002 Message: WLAN Extensibility Module has stopped. Module Path: C:\windows\system32\athihvs.dll Record Number: 91597 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310183531.403135-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: StevePetruso-PC Event Code: 4001 Message: WLAN AutoConfig service has successfully stopped. Record Number: 91417 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310174423.044669-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: StevePetruso-PC Event Code: 10002 Message: WLAN Extensibility Module has stopped. Module Path: C:\windows\system32\athihvs.dll Record Number: 91416 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310174423.042669-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: StevePetruso-PC Event Code: 4001 Message: WLAN AutoConfig service has successfully stopped. Record Number: 91238 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310164516.796027-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: StevePetruso-PC Event Code: 10002 Message: WLAN Extensibility Module has stopped. Module Path: C:\windows\system32\athihvs.dll Record Number: 91237 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120310164516.786027-000 Event Type: Warning User: NT AUTHORITY\SYSTEM =====Application event log===== Computer Name: StevePetruso-PC Event Code: 4107 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Record Number: 1323 Source Name: Microsoft-Windows-CAPI2 Time Written: 20111105124526.884006-000 Event Type: Error User: Computer Name: StevePetruso-PC Event Code: 4107 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Record Number: 1322 Source Name: Microsoft-Windows-CAPI2 Time Written: 20111105124526.868406-000 Event Type: Error User: Computer Name: StevePetruso-PC Event Code: 11 Message: Possible Memory Leak. Application (C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 448) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application. Record Number: 1318 Source Name: Microsoft-Windows-RPC-Events Time Written: 20111105124522.250798-000 Event Type: Warning User: NT AUTHORITY\LOCAL SERVICE Computer Name: StevePetruso-PC Event Code: 1008 Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. Record Number: 1305 Source Name: Microsoft-Windows-Search Time Written: 20111105124435.000000-000 Event Type: Warning User: Computer Name: StevePetruso-PC Event Code: 10 Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Record Number: 1300 Source Name: Microsoft-Windows-WMI Time Written: 20111105114043.000000-000 Event Type: Error User: =====Security event log===== Computer Name: StevePetruso-PC Event Code: 4608 Message: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Record Number: 3478 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111126150204.059620-000 Event Type: Audit Success User: Computer Name: StevePetruso-PC Event Code: 1100 Message: The event logging service has shut down. Record Number: 3477 Source Name: Microsoft-Windows-Eventlog Time Written: 20111126005701.128832-000 Event Type: Audit Success User: Computer Name: StevePetruso-PC Event Code: 4672 Message: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 3476 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111126005659.693629-000 Event Type: Audit Success User: Computer Name: StevePetruso-PC Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: STEVEPETRUSO-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 3475 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111126005659.693629-000 Event Type: Audit Success User: Computer Name: StevePetruso-PC Event Code: 4647 Message: User initiated logoff: Subject: Security ID: S-1-5-21-2726610858-437048973-2726063162-1000 Account Name: Steve Petruso Account Domain: StevePetruso-PC Logon ID: 0x43ed5 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. Record Number: 3474 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111126005659.366029-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=2a07 "windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log "windows_tracing_flags"=3 -----------------EOF----------------- I work second shift so I won't respond right away until tomorrow morning but I would appreciate the help Ive tried eveything I could think of to get it off.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.