KarenLee
Beta member
- Messages
- 5
- Location
- Louisiana, USA
I just recently had a major virus cleaned from my laptop and would truly appreciate it if someone can analyze this Hijack log for me. Also, I understand that all "04" lines are start up programs. If that is true, can you tell me which ones that I are safe to disable from starting up? Thank you
Log created by WinPatrol PLUS version 32.0.2014.5:32.0.2014.5
Scan saved at 6:05:49 PM, on 9/20/2014
Platform: Windows 8.1 Home Edition
Windows x64 Version 6.3 Build 9600 2
MSIE: Internet Explorer (11.00.9600.16384)
Boot mode: Normal
Running processes:
C:\PROGRAM FILES (X86)\MALWAREBYTES ANTI-MALWARE\mbam.exe
C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\Engine\21.5.0.19\nis.exe
C:\PROGRAM FILES (X86)\Toshiba\SYSTEM SETTING\TssSrv.exe
C:\PROGRAM FILES (X86)\Ruiware\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES (X86)\Ruiware\WINPATROL\WINPATROLEX.EXE
C:\PROGRAM FILES (X86)\INTERNET EXPLORER\iexplore.exe
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\firefox.exe
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE
C:\Windows\SysWOW64\Macromed\Flash\FLASHPLAYERPLUGIN_15_0_0_152.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by TOSHIBA
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by TOSHIBA
O4 - HKLM\..\Run: [IgfxTray]C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence]C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TSSSrv]C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
O4 - HKLM\..\Run: [TecoResident]C:\Program Files\TOSHIBA\Teco\TecoResident.exe
O4 - HKLM\..\Run: [TCrdMain]C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
O4 - HKLM\..\Run: [ThpSrv]C:\Windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [Logitech Download Assistant]C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKCU\..\Run: [SUPERAntiSpyware]C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WinPatrol PLUS]C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
O4 - HKU\..\Run: [AmIcoSinglun64]C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O4 - HKU\..\Run: [1.TPUReg]C:\Program Files (x86)\Toshiba\PasswordUtility\readLM.exe
O4 - HKU\..\Run: [TSVU]c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe
O4 - HKU\..\Run: [ToshibaAppPlace]C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe
O11 - Options group: [Accelerated graphics] Accelerated graphics - C:\Windows\System32
O11 - Options group: [] -
O23 - Service: SAS Core Service - SUPERAntiSpyware.com - C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service - Adobe Systems Incorporated - C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\PROGRAM FILES (X86)\BLUETOOTH SUITE\ADMINSERVICE.EXE
O23 - Service: Intel(R) Content Protection HECI Service - Intel Corporation - C:\Windows\SysWOW64\INTELCPHECISVC.EXE
O23 - Service: DTS APO Service - DTS, Inc - C:\PROGRAM FILES (X86)\DTS, Inc\DTS STUDIO SOUND\DTS_APO_SERVICE.EXE
O23 - Service: GFNEX Service - Toshiba - C:\PROGRAM FILES (X86)\Toshiba\PASSWORDUTILITY\GFNEXSrv.exe
O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\PROGRAM FILES (X86)\Google\Update\GOOGLEUPDATE.EXE
O23 - Service: Google Update Service (gupdatem) - Google Inc. - C:\PROGRAM FILES (X86)\Google\Update\GOOGLEUPDATE.EXE
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\PROGRAM FILES\Intel\ICLS CLIENT\HECISERVER.EXE
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\PROGRAM FILES\Intel\ICLS CLIENT\SOCKETHECISERVER.EXE
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\PROGRAM FILES (X86)\Intel\INTEL(R) MANAGEMENT ENGINE COMPONENTS\FWSERVICE\INTELMEFWSERVICE.EXE
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service - Intel Corporation - C:\PROGRAM FILES (X86)\Intel\INTEL(R) MANAGEMENT ENGINE COMPONENTS\DAL\JHI_SERVICE.EXE
O23 - Service: Intel(R) Management and Security Application Local Management Service - Intel Corporation - C:\PROGRAM FILES (X86)\Intel\INTEL(R) MANAGEMENT ENGINE COMPONENTS\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\PROGRAM FILES (X86)\MALWAREBYTES ANTI-MALWARE\MBAMSCHEDULER.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\PROGRAM FILES (X86)\MALWAREBYTES ANTI-MALWARE\MBAMSERVICE.EXE
O23 - Service: Mozilla Maintenance Service - Mozilla Foundation - C:\PROGRAM FILES (X86)\MOZILLA MAINTENANCE SERVICE\MAINTENANCESERVICE.EXE
O23 - Service: Norton Internet Security - Symantec Corporation - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\Engine\21.5.0.19\nis.exe
O23 - Service: Audio Service - IDT, Inc. - C:\PROGRAM FILES\IDT\WDM\stacsv64.exe
O23 - Service: taisregispinger - Toshiba America Information Systems. - C:\PROGRAM FILES (X86)\Toshiba\TOSHIBAREGISTRATION\TAISREGISTPINGER.EXE
O23 - Service: TOSHIBA HDD Protection - TOSHIBA Corporation - C:\WINDOWS\SYSTEM32\THPSRV.EXE
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\PROGRAM FILES\TOSHIBA\TOSHIBA SERVICE STATION\TMACHINFO.EXE
O23 - Service: TOSHIBA Optical Disc Drive Service - TOSHIBA Corporation - C:\WINDOWS\SYSTEM32\TODDSRV.EXE
O23 - Service: TOSHIBA eco Utility Service - Toshiba Corporation - C:\PROGRAM FILES\TOSHIBA\Teco\TECOSERVICE.EXE
--- Additional WinPatrol Info ---
Default Browser: TOSHIBA eco Utility - TOSHIBA eco Utility Service version 2.0.0.17
MSIE: Internet Explorer (11.00.9600.16384)
Firefox 32.0.2 installed in C:\Program Files (x86)\Mozilla Firefox.
5 IE Cookies in Folder: C:\Users\Karen\AppData\Local\Microsoft\Windows\INetCookies\
244 Mozilla Cookies in Folder: C:\Users\Karen\AppData\Roaming\Mozilla\FireFox\Profiles\ulwtiw2j.default
WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = C:\Windows\system32\cmd.exe
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://
WP31 - Scheduled Tasks: [SUPERAntiSpyware Scheduled Task 4e51cd87-8ff0-4647-8d48-ed050d20c683.job]C:\Program Files\SUPERAntiSpyware\SASTask.exe 09/21/2014 6:24 AM
WP31 - Scheduled Tasks: [SUPERAntiSpyware Scheduled Task 0caebfbb-3493-4e4d-87b7-1dfc8bfe091a.job]C:\Program Files\SUPERAntiSpyware\SASTask.exe Never
WP31 - Scheduled Tasks: [GoogleUpdateTaskMachineUA.job]C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09/20/2014 6:02 PM
WP31 - Scheduled Tasks: [GoogleUpdateTaskMachineCore.job]C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09/20/2014 6:02 PM
WP16 - ActiveX: {25336920-03F9-11CF-8FD0-00AA00686F13} [HTML Document] C:\Windows\SysWOW64\mshtml.dll 11.00.9600.16410
WP16 - ActiveX: {2933BF90-7B36-11D2-B20E-00C04F983E60} [XML DOM Document] C:\Windows\System32\msxml3.dll 8.110.9600.16384
WP16 - ActiveX: {55136805-B2DE-11D1-B9F2-00A0C98BC547} [Shell Name Space] C:\Windows\SysWOW64\ieframe.dll 11.00.9600.16412
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\Windows\System32\Macromed\Flash\Flash.ocx 11,8,800,133
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\Windows\System32\wmpdxm.dll 12.0.9600.16384
WP16 - ActiveX: {2272AE7A-0C30-48E1-91DF-F9E666276C0C} [msouplug] C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\Engine64\21.5.0.19\msouplug.dll 21.5
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\Windows\System32\hhctrl.ocx 6.3.9600.16384
WP16 - ActiveX: {54CE37E0-9834-41ae-9896-4DAB69DC022B} [Microsoft RDP Client Control (redistributable) - version 5a] C:\Windows\System32\mstscax.dll 6.3.9600.16384
WP16 - ActiveX: {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} [IEContextMenu Class] C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\Engine64\21.5.0.19\navshext.dll 21.5
WP32 - Hidden File: C:\bootmgr
WP32 - Hidden File: C:\BOOTNXT
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\swapfile.sys
WP32 - Hidden File: C:\Windows\WindowsShell.Manifest
WP32 - Hidden File: C:\Windows\System32\api-ms-win-appmodel-identity-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-appmodel-runtime-internal-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-1.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-appmodel-state-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-appmodel-state-l1-1-1.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-base-bootconfig-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-base-util-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-apiquery-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-appcompat-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-appcompat-l1-1-1.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-appinit-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-atoms-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-bem-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-bicltapi-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-bicltapi-l1-1-1.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-biplmapi-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-biplmapi-l1-1-1.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-biptcltapi-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-biptcltapi-l1-1-1.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-calendar-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-com-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-com-l1-1-1.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-com-private-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-comm-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-console-l2-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-crt-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-crt-l2-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-datetime-l1-1-1.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-debug-l1-1-1.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-delayload-l1-1-1.dll
WP33 - File Type .AVI: [Video Clip]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [Windows Batch File]%1 %*
WP33 - File Type .CAB: [Cabinet File]C:\Windows\Explorer.exe /idlist,%I,%L
WP33 - File Type .CAT: [Security Catalog]C:\Windows\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\Windows\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Office]C:\PROGRA~2\MICROS~2\Office15\FIRSTRUN.EXE /OEM %1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JavaScript File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\Windows\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Microsoft Office]C:\PROGRA~2\MICROS~2\Office15\FIRSTRUN.EXE /OEM %1
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Document]C:\Program Files (x86)\OpenOffice 4\program\\swriter.exe -o %1
WP33 - File Type .SCR: [Screen saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Windows host process (Rundll32)]C:\Windows\System32\rundll32.exe C:\Windows\System32\ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Office]C:\PROGRA~2\MICROS~2\Office15\FIRSTRUN.EXE /OEM %1
Memory currently in use: 35%
Physical Memory Free: 4,194,303 KB
Paging File Free: 4,194,303 KB
Virtual Memory Free: 1,981,344 KB
Log created by WinPatrol PLUS version 32.0.2014.5:32.0.2014.5
Scan saved at 6:05:49 PM, on 9/20/2014
Platform: Windows 8.1 Home Edition
Windows x64 Version 6.3 Build 9600 2
MSIE: Internet Explorer (11.00.9600.16384)
Boot mode: Normal
Running processes:
C:\PROGRAM FILES (X86)\MALWAREBYTES ANTI-MALWARE\mbam.exe
C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\Engine\21.5.0.19\nis.exe
C:\PROGRAM FILES (X86)\Toshiba\SYSTEM SETTING\TssSrv.exe
C:\PROGRAM FILES (X86)\Ruiware\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES (X86)\Ruiware\WINPATROL\WINPATROLEX.EXE
C:\PROGRAM FILES (X86)\INTERNET EXPLORER\iexplore.exe
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\firefox.exe
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE
C:\Windows\SysWOW64\Macromed\Flash\FLASHPLAYERPLUGIN_15_0_0_152.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by TOSHIBA
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by TOSHIBA
O4 - HKLM\..\Run: [IgfxTray]C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence]C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TSSSrv]C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
O4 - HKLM\..\Run: [TecoResident]C:\Program Files\TOSHIBA\Teco\TecoResident.exe
O4 - HKLM\..\Run: [TCrdMain]C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
O4 - HKLM\..\Run: [ThpSrv]C:\Windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [Logitech Download Assistant]C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKCU\..\Run: [SUPERAntiSpyware]C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WinPatrol PLUS]C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
O4 - HKU\..\Run: [AmIcoSinglun64]C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O4 - HKU\..\Run: [1.TPUReg]C:\Program Files (x86)\Toshiba\PasswordUtility\readLM.exe
O4 - HKU\..\Run: [TSVU]c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe
O4 - HKU\..\Run: [ToshibaAppPlace]C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe
O11 - Options group: [Accelerated graphics] Accelerated graphics - C:\Windows\System32
O11 - Options group: [] -
O23 - Service: SAS Core Service - SUPERAntiSpyware.com - C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service - Adobe Systems Incorporated - C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\PROGRAM FILES (X86)\BLUETOOTH SUITE\ADMINSERVICE.EXE
O23 - Service: Intel(R) Content Protection HECI Service - Intel Corporation - C:\Windows\SysWOW64\INTELCPHECISVC.EXE
O23 - Service: DTS APO Service - DTS, Inc - C:\PROGRAM FILES (X86)\DTS, Inc\DTS STUDIO SOUND\DTS_APO_SERVICE.EXE
O23 - Service: GFNEX Service - Toshiba - C:\PROGRAM FILES (X86)\Toshiba\PASSWORDUTILITY\GFNEXSrv.exe
O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\PROGRAM FILES (X86)\Google\Update\GOOGLEUPDATE.EXE
O23 - Service: Google Update Service (gupdatem) - Google Inc. - C:\PROGRAM FILES (X86)\Google\Update\GOOGLEUPDATE.EXE
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\PROGRAM FILES\Intel\ICLS CLIENT\HECISERVER.EXE
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\PROGRAM FILES\Intel\ICLS CLIENT\SOCKETHECISERVER.EXE
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\PROGRAM FILES (X86)\Intel\INTEL(R) MANAGEMENT ENGINE COMPONENTS\FWSERVICE\INTELMEFWSERVICE.EXE
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service - Intel Corporation - C:\PROGRAM FILES (X86)\Intel\INTEL(R) MANAGEMENT ENGINE COMPONENTS\DAL\JHI_SERVICE.EXE
O23 - Service: Intel(R) Management and Security Application Local Management Service - Intel Corporation - C:\PROGRAM FILES (X86)\Intel\INTEL(R) MANAGEMENT ENGINE COMPONENTS\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\PROGRAM FILES (X86)\MALWAREBYTES ANTI-MALWARE\MBAMSCHEDULER.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\PROGRAM FILES (X86)\MALWAREBYTES ANTI-MALWARE\MBAMSERVICE.EXE
O23 - Service: Mozilla Maintenance Service - Mozilla Foundation - C:\PROGRAM FILES (X86)\MOZILLA MAINTENANCE SERVICE\MAINTENANCESERVICE.EXE
O23 - Service: Norton Internet Security - Symantec Corporation - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\Engine\21.5.0.19\nis.exe
O23 - Service: Audio Service - IDT, Inc. - C:\PROGRAM FILES\IDT\WDM\stacsv64.exe
O23 - Service: taisregispinger - Toshiba America Information Systems. - C:\PROGRAM FILES (X86)\Toshiba\TOSHIBAREGISTRATION\TAISREGISTPINGER.EXE
O23 - Service: TOSHIBA HDD Protection - TOSHIBA Corporation - C:\WINDOWS\SYSTEM32\THPSRV.EXE
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\PROGRAM FILES\TOSHIBA\TOSHIBA SERVICE STATION\TMACHINFO.EXE
O23 - Service: TOSHIBA Optical Disc Drive Service - TOSHIBA Corporation - C:\WINDOWS\SYSTEM32\TODDSRV.EXE
O23 - Service: TOSHIBA eco Utility Service - Toshiba Corporation - C:\PROGRAM FILES\TOSHIBA\Teco\TECOSERVICE.EXE
--- Additional WinPatrol Info ---
Default Browser: TOSHIBA eco Utility - TOSHIBA eco Utility Service version 2.0.0.17
MSIE: Internet Explorer (11.00.9600.16384)
Firefox 32.0.2 installed in C:\Program Files (x86)\Mozilla Firefox.
5 IE Cookies in Folder: C:\Users\Karen\AppData\Local\Microsoft\Windows\INetCookies\
244 Mozilla Cookies in Folder: C:\Users\Karen\AppData\Roaming\Mozilla\FireFox\Profiles\ulwtiw2j.default
WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = C:\Windows\system32\cmd.exe
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://
WP31 - Scheduled Tasks: [SUPERAntiSpyware Scheduled Task 4e51cd87-8ff0-4647-8d48-ed050d20c683.job]C:\Program Files\SUPERAntiSpyware\SASTask.exe 09/21/2014 6:24 AM
WP31 - Scheduled Tasks: [SUPERAntiSpyware Scheduled Task 0caebfbb-3493-4e4d-87b7-1dfc8bfe091a.job]C:\Program Files\SUPERAntiSpyware\SASTask.exe Never
WP31 - Scheduled Tasks: [GoogleUpdateTaskMachineUA.job]C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09/20/2014 6:02 PM
WP31 - Scheduled Tasks: [GoogleUpdateTaskMachineCore.job]C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09/20/2014 6:02 PM
WP16 - ActiveX: {25336920-03F9-11CF-8FD0-00AA00686F13} [HTML Document] C:\Windows\SysWOW64\mshtml.dll 11.00.9600.16410
WP16 - ActiveX: {2933BF90-7B36-11D2-B20E-00C04F983E60} [XML DOM Document] C:\Windows\System32\msxml3.dll 8.110.9600.16384
WP16 - ActiveX: {55136805-B2DE-11D1-B9F2-00A0C98BC547} [Shell Name Space] C:\Windows\SysWOW64\ieframe.dll 11.00.9600.16412
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\Windows\System32\Macromed\Flash\Flash.ocx 11,8,800,133
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\Windows\System32\wmpdxm.dll 12.0.9600.16384
WP16 - ActiveX: {2272AE7A-0C30-48E1-91DF-F9E666276C0C} [msouplug] C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\Engine64\21.5.0.19\msouplug.dll 21.5
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\Windows\System32\hhctrl.ocx 6.3.9600.16384
WP16 - ActiveX: {54CE37E0-9834-41ae-9896-4DAB69DC022B} [Microsoft RDP Client Control (redistributable) - version 5a] C:\Windows\System32\mstscax.dll 6.3.9600.16384
WP16 - ActiveX: {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} [IEContextMenu Class] C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\Engine64\21.5.0.19\navshext.dll 21.5
WP32 - Hidden File: C:\bootmgr
WP32 - Hidden File: C:\BOOTNXT
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\swapfile.sys
WP32 - Hidden File: C:\Windows\WindowsShell.Manifest
WP32 - Hidden File: C:\Windows\System32\api-ms-win-appmodel-identity-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-appmodel-runtime-internal-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-1.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-appmodel-state-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-appmodel-state-l1-1-1.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-base-bootconfig-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-base-util-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-apiquery-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-appcompat-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-appcompat-l1-1-1.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-appinit-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-atoms-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-bem-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-bicltapi-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-bicltapi-l1-1-1.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-biplmapi-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-biplmapi-l1-1-1.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-biptcltapi-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-biptcltapi-l1-1-1.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-calendar-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-com-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-com-l1-1-1.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-com-private-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-comm-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-console-l2-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-crt-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-crt-l2-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-datetime-l1-1-1.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-debug-l1-1-1.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-delayload-l1-1-1.dll
WP33 - File Type .AVI: [Video Clip]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [Windows Batch File]%1 %*
WP33 - File Type .CAB: [Cabinet File]C:\Windows\Explorer.exe /idlist,%I,%L
WP33 - File Type .CAT: [Security Catalog]C:\Windows\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\Windows\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Office]C:\PROGRA~2\MICROS~2\Office15\FIRSTRUN.EXE /OEM %1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JavaScript File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\Windows\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Microsoft Office]C:\PROGRA~2\MICROS~2\Office15\FIRSTRUN.EXE /OEM %1
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Document]C:\Program Files (x86)\OpenOffice 4\program\\swriter.exe -o %1
WP33 - File Type .SCR: [Screen saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Windows host process (Rundll32)]C:\Windows\System32\rundll32.exe C:\Windows\System32\ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Office]C:\PROGRA~2\MICROS~2\Office15\FIRSTRUN.EXE /OEM %1
Memory currently in use: 35%
Physical Memory Free: 4,194,303 KB
Paging File Free: 4,194,303 KB
Virtual Memory Free: 1,981,344 KB