Jump to content


Photo
- - - - -

Please help with removing this malware!

Help

  • This topic is locked This topic is locked
12 replies to this topic

#1 Kennyh88

Kennyh88

    New Member

  • Members
  • Pip
  • 9 posts

Posted 04 April 2012 - 05:39 PM

Hello everyone! I'm new to this site but I have a problem with this malware. Ill give the details of what I know that has been happening so far and any help is greatly appreciated.

When in internet exploer or google chrome, I use google search and click on a link it brings me to a malicious website on the first try and when I back out and click on link again it takes me to the site.

Also my msn hotmail was recently hacked and was sending out random emails with links in it, I managed to get my email account back but worried about key logging.

I ran avast anti malware and I heard great things about malwarebytes, so I downloaded that but the problem still persists.

#2 Kennyh88

Kennyh88

    New Member

  • Members
  • Pip
  • 9 posts

Posted 04 April 2012 - 06:28 PM

This is what I got from the malwarebytes scan.


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.04.09

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Kenny :: KENNY-KENNYH-PC [administrator]

Protection: Enabled

4/4/2012 6:20:59 PM
mbam-log-2012-04-04 (19-26-07).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 320415
Time elapsed: 53 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\.fsharproj (Trojan.BHO) -> No action taken.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DisplayManagerTray (Trojan.SHarpro.PGen) -> Data: rundll32.exe "C:\ProgramData\DisplayManagerTray.dll",DllRegisterServer -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AppDataLow Update (Trojan.SHarpro.PGen) -> Data: rundll32 "C:\Users\Kenny\AppData\Local\{069C0AF0-15AB-43A7-AF21-CB88166EE31E}\{069C0AF0-15AB-43A7-AF21-CB88166EE31E}Update\{069C0AF0-15AB-43A7-AF21-CB88166EE31E}updt32.DLL",DllRegisterServer -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Trolltech Update (Trojan.SHarpro.PGen) -> Data: rundll32 "C:\Users\Kenny\AppData\Local\Adobe\AdobeUpdate\Adobeupdt32.DLL",DllRegisterServer -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#3 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 05 April 2012 - 09:34 AM

Hello kennyh88,

Close your browsers. Close/exit your email apps.

Start MBAM one more time. Press the Update tab then press "Check for Updates".
Press the Scanner tab.

Do a quick scan. and this time be sure you allow MBAM to quarantine or to remove all detected items.

Then, next:
Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
To show all files:
  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.
Step 3
Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com

and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.

Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender.
Use separate replies as needed if logs do not fit into one reply box.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#4 Kennyh88

Kennyh88

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 April 2012 - 02:44 PM

Logfile of random's system information tool 1.09 (written by random/random)
Run by Kenny at 2012-04-05 15:41:29
Microsoft Windows 7 Home Premium
System drive C: has 423 GB (91%) free of 465 GB
Total RAM: 3891 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:41:34 PM, on 4/5/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16930)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Overwolf\Overwolf.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\trend micro\Kenny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kenny\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2395527409-1931721546-4083511208-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-2395527409-1931721546-4083511208-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - S-1-5-21-2395527409-1931721546-4083511208-1003 User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'postgres')
O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://d1ylr6sba64qi...ri_4.1.71.0.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.syste...yri_4.3.1.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11349 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
winlogon.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe 31120176
\??\C:\windows\system32\conhost.exe "-44728860713838471611524445768-1612100081727611700816932435-125954682-1910150750
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files (x86)\PostgreSQL\8.3\data\"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
"C:\Program Files\TOSHIBA\TECO\TecoService.exe"
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" -D "C:/Program Files (x86)/PostgreSQL/8.3/data"
\??\C:\windows\system32\conhost.exe "-1533920724-739932884-1577544759-25538338-327394077-1736215971834010843393206039
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forklog" "872" "868"
"taskhost.exe"
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkboot" "864" "-x3"
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkboot" "900" "-x4"
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkavlauncher" "864"
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkcol" "900"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
WLIDSvcM.exe 1468
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\igfxtray.exe"
C:\windows\system32\igfxsrvc.exe -Embedding
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE3
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\System32\ThpSrv.exe" /logon
"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe"
"C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe"
"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
"C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
"C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe"
"C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe"
"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
"C:\Program Files (x86)\Overwolf\Overwolf.exe" -silent
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
"C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe"
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
C:\windows\system32\igfxext.exe -Embedding
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe" "path=C:\Program Files (x86)\Overwolf"
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
C:\windows\System32\svchost.exe -k secsvcs
"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe"
"C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --extension-process --renderer-print-preview --enable-experimental-extension-apis --channel=3676.01064380.1555579994 /prefetch:3
"C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --renderer-print-preview --enable-experimental-extension-apis --channel=3676.0612D1C0.1336852541 /prefetch:3
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"C:\windows\notepad.exe" "C:\Users\Kenny\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2012-04-05 (15-26-25).txt"
"C:\windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\ERUNT\README.TXT
C:\windows\system32\sppsvc.exe
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Kenny\Downloads\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2395527409-1931721546-4083511208-1000Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2395527409-1931721546-4083511208-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-05-28 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19 529784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-04-26 161304]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-04-26 386584]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-04-26 413208]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-03-22 10134560]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2010-03-22 896032]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-10 2052392]
"ThpSrv"=C:\windows\system32\thpsrv /logon []
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-11-06 505696]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2009-03-09 52600]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-07-28 508216]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-03-25 913720]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2010-04-06 1489760]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2010-02-23 705368]
"SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-10-19 238080]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-01-19 1926928]
"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2010-02-05 709976]
"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2010-03-19 595816]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2010-03-03 35672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2011-05-13 4283256]
"Google Update"=C:\Users\Kenny\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 136176]
"Overwolf"=C:\Program Files (x86)\Overwolf\Overwolf.exe [2012-03-07 41912]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2009-12-25 34160]
"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2010-03-04 423936]
"SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2010-02-22 352256]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-10-06 1294136]
"TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-02-24 2454840]
"TSleepSrv"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [2010-03-17 252728]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]

C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-04-21 269824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-04-05 15:41:30 ----D---- C:\Program Files\trend micro
2012-04-05 15:41:29 ----D---- C:\rsit
2012-04-05 15:34:29 ----D---- C:\windows\ERDNT
2012-04-05 15:33:10 ----D---- C:\Program Files (x86)\ERUNT
2012-04-04 18:16:27 ----D---- C:\Users\Kenny\AppData\Roaming\Malwarebytes
2012-04-04 18:16:18 ----D---- C:\ProgramData\Malwarebytes
2012-04-04 18:16:17 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-04 18:16:17 ----A---- C:\windows\system32\drivers\mbam.sys
2012-03-20 16:30:21 ----D---- C:\Bovada
2012-03-16 17:40:27 ----A---- C:\windows\system32\ntoskrnl.exe
2012-03-16 17:40:26 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2012-03-16 17:40:24 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2012-03-14 17:58:51 ----A---- C:\windows\system32\win32k.sys
2012-03-14 17:58:45 ----A---- C:\windows\system32\DWrite.dll
2012-03-14 17:58:44 ----A---- C:\windows\SYSWOW64\DWrite.dll
2012-03-14 17:58:44 ----A---- C:\windows\SYSWOW64\d3d10_1core.dll
2012-03-14 17:58:44 ----A---- C:\windows\system32\d3d10warp.dll
2012-03-14 17:58:44 ----A---- C:\windows\system32\d3d10_1core.dll
2012-03-14 17:58:43 ----A---- C:\windows\SYSWOW64\d3d10warp.dll
2012-03-14 17:58:43 ----A---- C:\windows\SYSWOW64\d3d10_1.dll
2012-03-14 17:58:43 ----A---- C:\windows\SYSWOW64\d2d1.dll
2012-03-14 17:58:43 ----A---- C:\windows\system32\d3d10_1.dll
2012-03-14 17:58:43 ----A---- C:\windows\system32\d2d1.dll
2012-03-14 17:57:55 ----A---- C:\windows\system32\rdrmemptylst.exe
2012-03-14 17:57:55 ----A---- C:\windows\system32\rdpwsx.dll
2012-03-14 17:57:55 ----A---- C:\windows\system32\rdpcorekmts.dll
2012-03-14 17:57:51 ----A---- C:\windows\SYSWOW64\rdpcore.dll
2012-03-14 17:57:51 ----A---- C:\windows\system32\rdpcore.dll
2012-03-14 17:57:51 ----A---- C:\windows\system32\drivers\tdtcp.sys
2012-03-14 17:57:51 ----A---- C:\windows\system32\drivers\rdpwd.sys
2012-03-07 15:08:06 ----A---- C:\windows\SYSWOW64\msvcp100.dll
2012-03-07 15:07:56 ----A---- C:\windows\SYSWOW64\msvcr100.dll

======List of files/folders modified in the last 1 month======

2012-04-05 15:41:33 ----D---- C:\windows\Temp
2012-04-05 15:41:30 ----RD---- C:\Program Files
2012-04-05 15:34:29 ----AD---- C:\Windows
2012-04-05 15:33:10 ----RD---- C:\Program Files (x86)
2012-04-05 14:56:02 ----D---- C:\windows\system32\config
2012-04-05 14:49:43 ----D---- C:\windows\inf
2012-04-05 14:49:43 ----AD---- C:\windows\System32
2012-04-05 14:49:43 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-04-05 14:42:36 ----A---- C:\windows\SYSWOW64\log.txt
2012-04-04 20:06:40 ----D---- C:\ProgramData\AVAST Software
2012-04-04 20:05:27 ----D---- C:\windows\SysWOW64
2012-04-04 20:05:26 ----D---- C:\windows\system32\drivers
2012-04-04 20:05:22 ----SHD---- C:\System Volume Information
2012-04-04 18:16:18 ----HD---- C:\ProgramData
2012-04-04 14:54:05 ----D---- C:\windows\system32\catroot2
2012-04-02 10:04:22 ----D---- C:\Nexon
2012-03-29 16:34:23 ----D---- C:\windows\Prefetch
2012-03-20 16:30:31 ----SHD---- C:\windows\Installer
2012-03-20 16:04:33 ----D---- C:\Users\Kenny\AppData\Roaming\Casual Arts
2012-03-19 16:31:10 ----D---- C:\windows\winsxs
2012-03-16 17:40:31 ----D---- C:\windows\system32\catroot
2012-03-16 17:39:05 ----A---- C:\windows\system32\MRT.exe
2012-03-14 17:54:52 ----D---- C:\Program Files (x86)\Overwolf
2012-03-14 17:54:51 ----D---- C:\Program Files (x86)\Common Files
2012-03-06 19:15:03 ----A---- C:\windows\system32\aswBoot.exe
2012-03-06 14:06:45 ----RSD---- C:\windows\assembly
2012-03-06 14:06:45 ----D---- C:\windows\Microsoft.NET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-01-15 538136]
R0 LPCFilter;LPC Lower Filter Driver; C:\windows\system32\DRIVERS\LPCFilter.sys [2009-07-31 44912]
R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-13 12352]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-13 214096]
R0 Thpdrv;TOSHIBA HDD Protection Driver; C:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver; C:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\windows\system32\DRIVERS\tos_sps64.sys [2010-05-08 482384]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
R3 HECIx64;Intel® Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-04-21 10326784]
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2010-03-22 2298400]
R3 IntcDAud;Intel® Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2011-12-10 23152]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-03-10 316464]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]
R3 wdkmd;Intel WiDi KMD; C:\windows\system32\DRIVERS\WDKMD.sys [2009-12-17 36760]
S3 acpials;ALS Sensor Filter; C:\windows\system32\DRIVERS\acpials.sys [2009-07-13 9728]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver; \??\C:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-02-10 35840]
S3 EagleX64;EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys []
S3 JMCR;JMCR; C:\windows\system32\DRIVERS\jmcr.sys [2010-05-18 164464]
S3 KMWDFILTER;HIDServiceDesc; C:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 30208]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2009-10-09 109056]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-01-19 1420560]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-03-03 268824]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-01-19 831760]
R2 Thpsrv;TOSHIBA HDD Protection; C:\windows\system32\ThpSrv.exe [2009-10-21 531520]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-06 489312]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-01-19 315664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 OverwolfUpdaterService;Overwolf Updater Service; C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe [2012-03-07 18360]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-08-18 1255736]

-----------------EOF-----------------

#5 Kennyh88

Kennyh88

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 April 2012 - 02:47 PM

info.txt logfile of random's system information tool 1.09 2012-04-05 15:41:36

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->C:\Program Files\TOSHIBA\TVAP\setup.exe
-->C:\ProgramData\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}
Adobe Flash Player 11 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -maintain activex
Adobe Reader X (10.1.2)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Best Buy Software Installer-->"C:\ProgramData\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe" REMOVE=TRUE MODIFY=FALSE
BovadaPoker-->"C:\Bovada\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"
Intel PROSet Wireless-->Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver-->C:\Program Files (x86)\Intel\Intel® Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall
Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall
Intel® PROSet/Wireless WiFi Software-->MsiExec /I{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C}
Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall
Intel® Wireless Display-->MsiExec.exe /X{26F41FA3-3170-446B-A3A2-83F5FA26E6CD}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
JMicron Flash Media Controller Driver-->"C:\Program Files (x86)\JMicron\JMCR_DIR\setup.exe" delpkg
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Label@Once 1.0-->MsiExec.exe /I{0D795777-9D60-4692-8386-F2B3F2B5E5BF}
Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -game:33563155 -locale:US
Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}
Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
Nexon Game Manager-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:0 -locale:US -load_from_local
Overwolf-->MsiExec.exe /I{355CAC3F-0788-4117-B401-3CC4F8367E0A}
Pando Media Booster-->C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe
PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}
PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
Realtek Ethernet Controller Driver For Windows 7-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab CYRI-->MsiExec.exe /I{0931A702-634B-4B1E-B21F-4B5797CB2BA5}
System Requirements Lab-->MsiExec.exe /I{9E1BAB75-EB78-440D-94C0-A3857BE2E733}
TOSHIBA Application Installer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}\setup.exe" -l0x9 -removeonly
TOSHIBA Assist-->C:\Program Files (x86)\InstallShield Installation Information\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA Bulletin Board-->"C:\Program Files (x86)\InstallShield Installation Information\{C14518AF-1A0F-4D39-8011-69BAA01CD380}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA Bulletin Board-->MsiExec.exe /X{C14518AF-1A0F-4D39-8011-69BAA01CD380}
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files (x86)\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
TOSHIBA eco Utility-->C:\Program Files (x86)\InstallShield Installation Information\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}\setup.exe -runfromtemp -l0x0409
TOSHIBA eco Utility-->C:\Program Files (x86)\InstallShield Installation Information\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}\setup.exe -runfromtemp -l0x0409
TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA Face Recognition-->MsiExec.exe /X{F67FA545-D8E5-4209-86B1-AEE045D1003F}
TOSHIBA Flash Cards Support Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{620BBA5E-F848-4D56-8BDA-584E44584C5E}\setup.exe" -runfromtemp -l0x0409
TOSHIBA Flash Cards Support Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{620BBA5E-F848-4D56-8BDA-584E44584C5E}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA Hardware Setup-->"C:\Program Files (x86)\InstallShield Installation Information\{5279374D-87FE-4879-9385-F17278EBB9D3}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA Hardware Setup-->MsiExec.exe /I{5279374D-87FE-4879-9385-F17278EBB9D3}
TOSHIBA HDD Protection-->MsiExec.exe /X{94A90C69-71C1-470A-88F5-AA47ECC96B40}
TOSHIBA HDD/SSD Alert-->C:\Program Files (x86)\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x0409
TOSHIBA HDD/SSD Alert-->C:\Program Files (x86)\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x0409
TOSHIBA Media Controller Plug-in-->MsiExec.exe /X{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}
TOSHIBA Media Controller-->C:\Program Files (x86)\InstallShield Installation Information\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA PC Health Monitor-->MsiExec.exe /X{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}
TOSHIBA Quality Application-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E69992ED-A7F6-406C-9280-1C156417BC49}\setup.exe" -l0x9 -removeonly
TOSHIBA Recovery Media Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
TOSHIBA ReelTime-->"C:\Program Files (x86)\InstallShield Installation Information\{A0E99122-25C1-4CA4-9063-499A2A814EB6}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA ReelTime-->MsiExec.exe /X{A0E99122-25C1-4CA4-9063-499A2A814EB6}
TOSHIBA Service Station-->C:\Program Files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA Sleep Utility-->C:\Program Files (x86)\InstallShield Installation Information\{654F7484-88C5-46DC-AB32-C66BCB0E2102}\Setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA Supervisor Password-->"C:\Program Files (x86)\InstallShield Installation Information\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}\setup.exe" -runfromtemp -l0x0409
TOSHIBA Supervisor Password-->"C:\Program Files (x86)\InstallShield Installation Information\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe
TOSHIBA Web Camera Application-->C:\Program Files (x86)\InstallShield Installation Information\{5E6F6CF3-BACC-4144-868C-E14622C658F3}\setup.exe -runfromtemp -l0x0009 -removeonly
ToshibaRegistration-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5AF550B4-BB67-4E7E-82F1-2C4300279050}\setup.exe" -l0x9 -removeonly
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Utility Common Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}\setup.exe" -runfromtemp -l0x0409 -removeonly
Utility Common Driver-->MsiExec.exe /I{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{180C8888-50F1-426B-A9DC-AB83A1989C65}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}

======System event log======

Computer Name: Kenny-KennyH-PC
Event Code: 9
Message: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
Record Number: 144657
Source Name: iaStor
Time Written: 20111105234141.217814-000
Event Type: Error
User:

Computer Name: Kenny-KennyH-PC
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\DR0 during a paging operation.
Record Number: 144656
Source Name: Disk
Time Written: 20111105234141.217814-000
Event Type: Warning
User:

Computer Name: Kenny-KennyH-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 144396
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20111104001358.779760-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Kenny-KennyH-PC
Event Code: 10002
Message: WLAN Extensibility Module has stopped.

Module Path: C:\windows\System32\IWMSSvc.dll

Record Number: 144395
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20111104001358.374159-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Kenny-KennyH-PC
Event Code: 1073
Message: The attempt by user Kenny-KennyH-PC\Kenny to restart/shutdown computer KENNY-KENNYH-PC failed
Record Number: 144350
Source Name: USER32
Time Written: 20111104001211.000000-000
Event Type: Warning
User: Kenny-KennyH-PC\Kenny

=====Application event log=====

Computer Name: Kenny-KennyH-PC
Event Code: 0
Message: Skipping empty element [tsu:setup_args]
Record Number: 122159
Source Name: TOSHIBA Service Station
Time Written: 20110904212858.000000-000
Event Type: Warning
User:

Computer Name: Kenny-KennyH-PC
Event Code: 0
Message: Skipping empty element [tsu:setup_args]
Record Number: 122157
Source Name: TOSHIBA Service Station
Time Written: 20110904212858.000000-000
Event Type: Warning
User:

Computer Name: Kenny-KennyH-PC
Event Code: 0
Message: Skipping empty element [tsu:setup_args]
Record Number: 122155
Source Name: TOSHIBA Service Station
Time Written: 20110904212858.000000-000
Event Type: Warning
User:

Computer Name: Kenny-KennyH-PC
Event Code: 0
Message: Skipping empty element [tsu:setup_args]
Record Number: 122153
Source Name: TOSHIBA Service Station
Time Written: 20110904212853.000000-000
Event Type: Warning
User:

Computer Name: Kenny-KennyH-PC
Event Code: 0
Message: Skipping empty element [tsu:setup_args]
Record Number: 122152
Source Name: TOSHIBA Service Station
Time Written: 20110904212853.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: Kenny-KennyH-PC
Event Code: 5058
Message: Key file operation.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: Not Available.
Key Name: a9cae58c-0e5a-468b-b77a-86d538ff967c
Key Type: Machine key.

Key File Operation Information:
File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\690ebc4c503883b110318da8949b1a47_caa69436-ec2d-4298-9e6c-35df3eb5688e
Operation: Read persisted key from file.
Return Code: 0x0
Record Number: 5152
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100916191659.397333-000
Event Type: Audit Success
User:

Computer Name: Kenny-KennyH-PC
Event Code: 5061
Message: Cryptographic operation.

Subject:
Security ID: S-1-5-18
Account Name: KENNY-KENNYH-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: {72136A6A-A52D-45E9-925B-C4E174793BF1}
Key Type: Machine key.

Cryptographic Operation:
Operation: Open Key.
Return Code: 0x0
Record Number: 5151
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100916191658.507282-000
Event Type: Audit Success
User:

Computer Name: Kenny-KennyH-PC
Event Code: 5058
Message: Key file operation.

Subject:
Security ID: S-1-5-18
Account Name: KENNY-KENNYH-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: Not Available.
Key Name: {72136A6A-A52D-45E9-925B-C4E174793BF1}
Key Type: Machine key.

Key File Operation Information:
File Path: C:\ProgramData\Microsoft\Crypto\Keys\6c8d27dd245d5720b8619cc42363ad7f_caa69436-ec2d-4298-9e6c-35df3eb5688e
Operation: Read persisted key from file.
Return Code: 0x0
Record Number: 5150
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100916191658.506282-000
Event Type: Audit Success
User:

Computer Name: Kenny-KennyH-PC
Event Code: 5061
Message: Cryptographic operation.

Subject:
Security ID: S-1-5-18
Account Name: KENNY-KENNYH-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: {72136A6A-A52D-45E9-925B-C4E174793BF1}
Key Type: Machine key.

Cryptographic Operation:
Operation: Open Key.
Return Code: 0x0
Record Number: 5149
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100916191640.554255-000
Event Type: Audit Success
User:

Computer Name: Kenny-KennyH-PC
Event Code: 5058
Message: Key file operation.

Subject:
Security ID: S-1-5-18
Account Name: KENNY-KENNYH-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: Not Available.
Key Name: {72136A6A-A52D-45E9-925B-C4E174793BF1}
Key Type: Machine key.

Key File Operation Information:
File Path: C:\ProgramData\Microsoft\Crypto\Keys\6c8d27dd245d5720b8619cc42363ad7f_caa69436-ec2d-4298-9e6c-35df3eb5688e
Operation: Read persisted key from file.
Return Code: 0x0
Record Number: 5148
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100916191640.553255-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=2502

-----------------EOF-----------------

#6 Kennyh88

Kennyh88

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 April 2012 - 03:20 PM

QuickScan 32-bit v0.9.9.114
---------------------------
Scan date: Thu Apr 05 16:18:00 2012
Machine ID: CC7DC51F



No infection found.
-------------------



Processes
---------
2007 Microsoft Office system 3464 C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
Google Chrome 488 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 1540 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 4008 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 4336 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 4964 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
Microsoft Office OneNote 3256 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
Overwolf 3236 C:\Program Files (x86)\Overwolf\Overwolf.exe


Network activity
----------------
Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.45.105
Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.65.120
Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.65.120
Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.45.105
Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.45.105
Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.45.105
Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.45.105
Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.45.105
Process chrome.exe (4964) connected on port 443 (HTTP over SSL) --> 74.125.47.95
Process chrome.exe (4964) connected on port 443 (HTTP over SSL) --> 74.125.45.105
Process chrome.exe (4964) connected on port 80 (HTTP) --> 188.165.220.204
Process chrome.exe (4964) connected on port 80 (HTTP) --> 188.165.220.204
Process chrome.exe (4964) connected on port 80 (HTTP) --> 188.165.220.204
Process chrome.exe (4964) connected on port 80 (HTTP) --> 66.235.142.20
Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.65.102
Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.65.102
Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.65.102
Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.65.102
Process chrome.exe (4964) connected on port 80 (HTTP) --> 23.13.159.139
Process chrome.exe (4964) connected on port 80 (HTTP) --> 23.13.159.139
Process chrome.exe (4964) connected on port 80 (HTTP) --> 23.13.159.139
Process chrome.exe (4964) connected on port 80 (HTTP) --> 23.15.7.107
Process chrome.exe (4964) connected on port 80 (HTTP) --> 23.15.7.107
Process chrome.exe (4964) connected on port 80 (HTTP) --> 23.15.7.107
Process chrome.exe (4964) connected on port 443 (HTTP over SSL) --> 74.125.159.138
Process chrome.exe (4964) connected on port 443 (HTTP over SSL) --> 74.125.45.132
Process chrome.exe (4964) connected on port 443 (HTTP over SSL) --> 74.125.65.120



Autoruns and critical files
---------------------------
HWSetup C:\Program Files\TOSHIBA\Utilities\HWSetup.exe
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
KeNotify Application C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
Microsoft Office OneNote C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
Overwolf C:\Program Files (x86)\Overwolf\Overwolf.exe
SVPWUTIL Application C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe
TOSHIBA Service Station C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
TOSHIBA Sleep C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
TOSHIBA Web Camera Application C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
Windows Live Messenger C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(verified) Google Update C:\Users\Kenny\AppData\Local\Google\Update\GoogleUpdate.exe
(verified) Microsoft® Windows® Operating System C:\windows\system32\userinit.exe


Browser plugins
---------------
AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Bitdefender QuickScan C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.114_0\npqscan.dll
Google Update C:\Users\Kenny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Nexon Game Controller C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
Pando Web Plugin C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
TOSHIBA Media Controller Plug-in c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll
Windows Live™ Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll
(verified) Java™ Platform SE 6 U17 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
(verified) Microsoft® Windows® Operating System C:\windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\windows\System32\winrnr.dll


Scan
----
MD5: 8082f66dc9c8167ff1aa548736f58457 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: 8a3ba48b5be893e1d81bfac17a3c1b1f c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 62b7936f9036dd6ed36e6a7efa805dc0 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
MD5: 734c259da0087d93ae56cd5cb89c7f38 C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
MD5: 4c5d603a632023bfdb8edd4436882abf C:\Program Files (x86)\Common Files\Microsoft Shared\office12\1033\MSOINTL.DLL
MD5: 4a68ea31ff624a927e6d3b63fb695cfd C:\Program Files (x86)\Common Files\Microsoft Shared\office12\mso.dll
MD5: c7d010bd8bcef2eb3fca8f7cd3c08d9f C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSORES.DLL
MD5: 8fa9a16022a664f536b616130b2ea866 C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MD5: 785f487a64950f3cb8e9f16253ba3b7b C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
MD5: a6a67a00b0060b31119aa234067ee3ee C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
MD5: 1a8b4857f2caaed89e16b1ed1f24930d C:\Program Files (x86)\Common Files\Microsoft Shared\office12\riched20.dll
MD5: c2b290ce6b81520b96377e890f4c021c C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\1033\MSGR3EN.DLL
MD5: cf39a105cd553eed31e2255aff4c6742 c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
MD5: 12b79422a23814429cda9e734c58f78f C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 23de5b62b0445a6f874be633c95b483e C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
MD5: cc3775100aba633984f73dfae1f55cae C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
MD5: 1843e81fa7acfff4344a7dd4328d7da0 C:\Program Files (x86)\Microsoft Office\Office12\1033\ONINTL.DLL
MD5: bef1ead605cf791fdbb48add71075509 C:\Program Files (x86)\Microsoft Office\Office12\1033\wwintl.dll
MD5: 7e28af47dd4e878271abcae01071fa07 C:\Program Files (x86)\Microsoft Office\Office12\MSOHEV.DLL
MD5: da79517783552b80229705d9720b8e8d C:\Program Files (x86)\Microsoft Office\Office12\msproof6.dll
MD5: 3a9fba6005bc10ef8d1e61b9fe589505 C:\Program Files (x86)\Microsoft Office\OFFICE12\NLSDATA0009.DLL
MD5: 1a514ca70e5faf1cec2f51cdab1367a7 C:\Program Files (x86)\Microsoft Office\OFFICE12\NLSLEXICONS0009_SP.dll
MD5: 707f023159b541ead5dd6adb2e605443 C:\Program Files (x86)\Microsoft Office\OFFICE12\NLSMODELS0009.dll
MD5: d78bc832da33bb0835c95cd338bb7f2a C:\Program Files (x86)\Microsoft Office\Office12\oart.dll
MD5: 2db55b5ed8e8cd26597fda3455535b4b C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
MD5: 2d614df8a91cdc00d1ae9cf65ce39d1a C:\Program Files (x86)\Microsoft Office\Office12\wwlib.dll
MD5: ed327201724ea05d509b7939abe49e98 c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
MD5: b786acfd9bac6c609fa03ba2597437a5 C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe
MD5: e2c404705258d427d156a492309ef72d C:\Program Files (x86)\Overwolf\BrowserWindow.dll
MD5: 479896bed454cb1a0c3a881d40112a98 C:\Program Files (x86)\Overwolf\CoreAudioApi.dll
MD5: 0b96d75b2b239c8b0e2fc91b0c0555e8 C:\Program Files (x86)\Overwolf\Google.GData.Client.dll
MD5: 27a9276b07328044d15b539be889cef6 C:\Program Files (x86)\Overwolf\Google.GData.YouTube.dll
MD5: b8a324763720f50e5c4ac7be26e43c1a C:\Program Files (x86)\Overwolf\Interop.SKYPE4COMLib.dll
MD5: 1bf23162a417543352549e8c3848c45b C:\Program Files (x86)\Overwolf\Microsoft.Expression.Interactions.dll
MD5: a393950861d758b4c7e50b4f80312f1d C:\Program Files (x86)\Overwolf\Newtonsoft.Json.2.dll
MD5: e615801946b5e35d5dc71dc4a105f5f9 C:\Program Files (x86)\Overwolf\OverWolf.BL.Interfaces.dll
MD5: ec75b5226949cb2ea5d0465d40c40250 C:\Program Files (x86)\Overwolf\OverWolf.Client.BL.dll
MD5: b1f5f6002b2f2e6725996c0ba3595d5f C:\Program Files (x86)\Overwolf\OverWolf.Client.CommonUtils.dll
MD5: 219dd7a07ccc1312b1836c057eb176f9 C:\Program Files (x86)\Overwolf\OverWolf.Client.Core.dll
MD5: 4fb15d7a43d7057ae764b70830ded8a2 C:\Program Files (x86)\Overwolf\Overwolf.exe
MD5: 306cc79219c396d962778d8ca0e75187 C:\Program Files (x86)\Overwolf\OverWolf.Kernel32.dll
MD5: 7932220bd60cf5b6776ca7c6d350f18a C:\Program Files (x86)\Overwolf\OWAgent.dll
MD5: ae98c146f6eff39a4dd8f9b6731dc832 C:\Program Files (x86)\Overwolf\OWExplorer-10515.dll
MD5: e2e24ca3c4ad2679a19611159b9daf6a C:\Program Files (x86)\Overwolf\OWInjector.dll
MD5: 7619f1421f56d2caa5ebe7cf1b048b30 C:\Program Files (x86)\Overwolf\OWLog.dll
MD5: c03d33ae0f0782c0a0eb5c20da8d0d91 C:\Program Files (x86)\Overwolf\OWServer.dll
MD5: e10755a9bfb92301211b6e752612a55a C:\Program Files (x86)\Overwolf\OWService.dll
MD5: fb0a62dbdf98a5466105d19b199c83bf C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL
MD5: 4b72356476a3515c94f5835e1cbfc5e2 C:\Program Files (x86)\Overwolf\SteamKit2.dll
MD5: cbffaadd66f2c417b1a5d652fd53d7d0 C:\Program Files (x86)\Overwolf\System.Windows.Interactivity.dll
MD5: 195ed09e0b4f3b09ea4a3b67a0d3f396 C:\Program Files (x86)\Overwolf\WPFToolkit.dll
MD5: 4a9325c8c85f54cb32f8954542d6b85a C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
MD5: acc93675d78d1c07dad09d7837f2397a C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
MD5: 816e03e300f49ae7882990da96ab0db7 c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll
MD5: 28644b0523d64eff2fc7312a2ee74b0a C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
MD5: 541b822882607023e75ffec0c8f90faf C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
MD5: cebd440b6f812a00b2391ccd71e82958 C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
MD5: f7e0783da9043bc131bb37c77edb04df C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
MD5: 15e7db66d11cc100dc96c6ee8d97f520 C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
MD5: db04e6cbfcb38a8e224239ce2185d9e6 C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe
MD5: 3a8e5a6763024d6a15a85069ba82f2d1 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
MD5: 0a1ff0b674e2f268799442a434a63bb3 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
MD5: afb5b500ad69e24ed1bc15d1161641ef C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 2bacd71123f42cea603f4e205e1ae337 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
MD5: a94eebd860ad00a0bfe91c0fd3f5feb1 C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
MD5: 98c864481d62f86ec8af65be3419a95b C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
MD5: 2ab7a4697462edb0c9dfafc529746ba9 C:\Program Files\TOSHIBA\TECO\TecoService.exe
MD5: 74c2fa8c3765ee71a9c22182ec108457 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
MD5: 97687d094aa597da366e1194b218cc6c C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
MD5: 8107e3a186c034ddeb14718d71332714 C:\Program Files\TOSHIBA\Utilities\HWSetup.exe
MD5: 6d657abadf217dbb17cf0a0af44a7e29 C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
MD5: 12773d985d4fed10502f6ab6f2642b7d C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\avcodec-53.dll
MD5: 51a8f2c8fd6453bb9db47b1a71e1a28b C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\avformat-53.dll
MD5: 2cfe63120c8767e5a457bb7c428958dc C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\avutil-51.dll
MD5: 84472a86902852f325e7fd1d92c4dced C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\chrome.dll
MD5: 7bc68e1c9119d025a33a5dd7c9f767c6 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\icudt.dll
MD5: 619e1d4b9704e375c1ba8d9a382571e6 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
MD5: 2c3d919fb4fedab39ea513ef2a26523f C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
MD5: 888a8af571c0f56d5b103b0976c6603e C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
MD5: 1570f1e976e042c833f736e3cfe03d96 C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.114_0\npqscan.dll
MD5: 1e6b52abdf4082374de9d43cbd2f7e08 C:\Users\Kenny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
MD5: 87deeeb4a04306c3464c409027a47306 C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MD5: 1ac64677a107a58e7a3788919ebddb3a C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\b669ed26c27a26dbe32110e21034faa7\PresentationCFFRasterizer.ni.dll
MD5: 38ef721ebbb08b03a017911d854e1bf7 C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c0508b05f5c28e37711f447a66368e75\PresentationCore.ni.dll
MD5: 648402b555d54106261f31f66a4545a6 C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll
MD5: 229b4d74d4b0252f330dbb34d945b09e C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8435718626a24beaeefc98d45ae77127\PresentationFramework.ni.dll
MD5: 6d070b55c42a755f24862368a6f9a8b0 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MD5: 9543240f2450cd5a810fc640d0c4c4a9 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\a25e06e527720656434230d3ee420427\System.Core.ni.dll
MD5: a3095a87a2bd98a8da5e9ce98cbe140f C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
MD5: 412f741fea459914a6e3829afd4a0597 C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5ca17001998a75ca774d2b80eead5579\System.ServiceProcess.ni.dll
MD5: 7ac8a068501152ea3dd89925949038c8 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
MD5: 51e30cdab30d7ef61a8507c07d68d446 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MD5: 90cc658956b6f4b0be28ef321bbe9e32 C:\windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MD5: 8f9bb18fd145851952e6b4fa4787038a C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
MD5: 70db11ef999dc26640839dd64ef06e48 C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a0cec0099a537e10af5be76457a27db1\WindowsFormsIntegration.ni.dll
MD5: 47c071994c3f649f23d9cd075ac9304a C:\windows\ehome\ehRecvr.exe
MD5: 0862495e0c825893db75ef44faea8e93 C:\windows\Explorer.exe
MD5: af2d82d297609df60469bfae48645762 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: 44a38da547fbfeb2f2b3d480728805de C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: 5f3bdb02d64443efca7dd9248619c962 C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 225e83f591113adec764afba0ab12593 C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: cb44e805bb7c0c9bc3b8a66a59bb300a C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: 0a58da99321d95944e796541a716cbf5 C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: ea93d50a341350321c96208f651408d0 C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: 61490bbf4d7c399bd42af6b63960fb92 C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 267aff1ea665dbe422276601989efff3 C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 792fc8e77dc71a5f095c32d3a5c78ea1 C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: 84cb9832f03a6aa1929636f5d9e7e298 C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3927fdfe073338428a24160e427e87a3 C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 56b798396b5ad9fb064528b638a6008f C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: 77895ba5c5cdcfef66419a03b6a4cdad C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: 88955bce0a301ca342562be24415d9cc C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 308823c5a58a4022fedd8f4db3f99a25 C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 75959d7e5ef8fd7e7e17f40f63f3cc66 C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 2ff5b43393e8f2c46135ac33e842b076 C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: a5750894aefe1d57cf8c460ea4065748 C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: b3758364d42bbdba18383f010fb7cfcd C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 20f76c488929b6288733888bffe62f65 C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: 11e5a68a159bf13bcf0538bec894e0ce C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 5cccf830959345f0b8bcc2a0dfac11b5 C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: daef44b6ff4aec4533bab3761310d4a5 C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 62ad339f7420b022509edac1d9fd7ba1 C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: c13d2932297d3597fea7b6902efc117d C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: cdc1f7b46fc7b0b8c88df0cfbda2eb2c C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: 69ac43aae61eec7625726b377ccaaa13 C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: 5710b9bd7a3e4f716402b8119004eb48 C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: a2903ece1d115fea38bb07e01c122b5e C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 7fb5696ebcb8131ad2e2defe5f19c4b5 C:\windows\system32\DavClnt.DLL
MD5: 11cdf138552bfec115b60ed6dc3aceb6 C:\windows\system32\DEVRTL.dll
MD5: 62390f4ace9e2b63e3ca26b7f7497897 C:\windows\system32\dnsapi.DLL
MD5: 2af58d15edc06ec6fdacce1f19482bbf C:\windows\system32\explorer.exe
MD5: 8898c95862d03d16b2a06db4db6bb6b2 C:\windows\system32\explorerframe.dll
MD5: 45fb05f743e626d9e239e52602cea041 C:\windows\system32\msctfui.dll
MD5: 32e390954b2c6b1583a969ed0e7c8a9d C:\windows\system32\MSVCP100.dll
MD5: 2b92a88e329f4845d31941967a3baa90 C:\windows\system32\MSVCR100.dll
MD5: 9141fe8d904ce682a3bdcfae96bb04ef C:\windows\system32\ntshrui.dll
MD5: 4d59a5b6ef0af6f9fdf3d157534380af C:\windows\system32\OLEACC.dll
MD5: b031b98299d52a06ecb8202ef3c79860 C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
MD5: 71402c7923f6b7f8acb48e50f35463e7 C:\windows\system32\SearchIndexer.exe
MD5: b4c246937bdb3e50b24698ee811074bf C:\windows\system32\Secur32.dll
MD5: 6d9b75275c3e3a5f51aef81affadb2b6 C:\windows\System32\wcncsvc.dll
MD5: bb5ec38f8d4600119b4720bc5d4211f1 C:\windows\System32\webclnt.dll
MD5: a86a1c5df1c662d1c75815bf4794f16d C:\windows\system32\webio.dll
MD5: cc9bbcfc715fbedf7ae476106fe653e9 C:\windows\system32\winhttp.dll
MD5: e702ed19c332c1f12c1403d100e2f4f3 C:\windows\syswow64\CFGMGR32.dll
MD5: 6c9c05d5344b9ab80e9180fc859bc45a C:\windows\syswow64\DEVOBJ.dll
MD5: 40ff3f0a670af600c340f951ce54c916 C:\Windows\SysWOW64\ieframe.dll
MD5: cdbb1c179ad891b373bffa307b07c78a C:\windows\syswow64\iertutil.dll
MD5: 4ea99f1644627b1ebad99d0b93cdee1c C:\windows\syswow64\kernel32.dll
MD5: 2bf12696f4ac8afcfc06ead6f8d2db4c C:\windows\syswow64\KERNELBASE.dll
MD5: f8a61b2e713309b4616d107919bdab6e C:\windows\syswow64\msvcrt.dll
MD5: db6dd54a93522ca3572d04b56c5db890 C:\windows\SysWOW64\ntdll.dll
MD5: e2c2d8c982316c8abf800c6ce3f28fab C:\windows\syswow64\ole32.dll
MD5: 4d59a5b6ef0af6f9fdf3d157534380af C:\Windows\SysWOW64\OLEACC.dll
MD5: 705c210efc5564be49eb026bd7aff27a C:\windows\syswow64\OLEAUT32.dll
MD5: 11535b22cfcc1f4d16c8d11289682ba3 C:\windows\syswow64\SHELL32.dll
MD5: 44a6fbe9877ca69bd8b3b16c0a20fe1e C:\windows\syswow64\SspiCli.dll
MD5: e748da08bd88c515cf047f1ac8d1a643 C:\windows\syswow64\urlmon.dll
MD5: 653109c31f7f190072c9e4df31154225 C:\windows\syswow64\wininet.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: d34a527493f39af4491b3e909dc697ca C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: d3ead1cf16ba729a7f7c9a5d94aa7c05 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\COMCTL32.dll
MD5: 4b8dd8541c0e26602005dd0137333615 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\COMCTL32.dll


No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.01 MB sent, 0.49 KB recvd
Scanned 331 files and modules - 18 seconds

==============================================================================

#7 Kennyh88

Kennyh88

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 April 2012 - 03:22 PM

I hope that is everything you may need. If not please let me know what else I can do. This trojan just keeps popping back up and ill do anything to get rid of it.

#8 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 05 April 2012 - 05:23 PM

Hello Kenny,

These steps are for kennyh88 only. If you are a casual viewer, do NOT try this on your system!
If you are not kennyh88 and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!


You will want to print out or copy these instructions to Notepad for Safe offline reference!

Step 1
I want to set 2 programs so that they do not auto-start with Windows each time it starts. To simplify things a little. GoogleUpdate & Overwolf.

Download OTL by OldTimer to your Desktop: http://oldtimer.geekstogo.com/OTL.exe


This next process will involve a Reboot/retsart. Allow it. Close and save any open documents you have open!

  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    *****************************************************************
    :processes
    killallprocesses

    :files
    recycler /alldrives

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"=-
    "Overwolf"=-

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]

    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2
Save and close any work documents, close any apps that you started.
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a QUICK Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.


I need copy of MBAM scan log in next reply.

Step 3
Download and SAVE HijackThis

Save the HJT to your Desktop or the folder of your choice, then navigate to that folder and RIGHT-click Hijackthis.exe and select Run As Administrator to start it.
Do a "Scan and Save log".
I need a copy of the Hijackthis log in next reply.

Step 4
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Download aswMBR.exe ( 511KB ) to your desktop.
RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls


Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 6
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 7
Reply with copy of the OTL MovedFiles log,
MBAM scan log
Hijackthis log
Checkup.txt
aswMBR log
TDSSKILLER log

There will be more to do later.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#9 Kennyh88

Kennyh88

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 April 2012 - 06:03 PM

All processes killed
========== PROCESSES ==========
========== FILES ==========
recycler not found in C:\
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Google Update not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Overwolf not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kenny
->Temp folder emptied: 10349180 bytes
->Temporary Internet Files folder emptied: 10377621 bytes
->Java cache emptied: 16883176 bytes
->Google Chrome cache emptied: 32362253 bytes
->Flash cache emptied: 2829524 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 162199165 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 224.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kenny
->Flash cache emptied: 0 bytes

User: postgres

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04052012_185453

Files\Folders moved on Reboot...
C:\Users\Kenny\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...




Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.05.11

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Kenny :: KENNY-KENNYH-PC [administrator]

Protection: Enabled

4/5/2012 6:59:40 PM
mbam-log-2012-04-05 (18-59-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211298
Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 Kennyh88

Kennyh88

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 April 2012 - 06:06 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:06:01 PM, on 4/5/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16930)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Overwolf\Overwolf.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenny\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kenny\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2395527409-1931721546-4083511208-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-2395527409-1931721546-4083511208-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - S-1-5-21-2395527409-1931721546-4083511208-1003 User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'postgres')
O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://d1ylr6sba64qi...ri_4.1.71.0.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.syste...yri_4.3.1.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11429 bytes

#11 Kennyh88

Kennyh88

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 April 2012 - 06:16 PM

The fix option was not available.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-05 19:11:57
-----------------------------
19:11:57.514 OS Version: Windows x64 6.1.7600
19:11:57.514 Number of processors: 4 586 0x2502
19:11:57.514 ComputerName: KENNY-KENNYH-PC UserName: Kenny
19:11:58.980 Initialize success
19:12:03.021 AVAST engine defs: 12040501
19:12:06.141 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:12:06.156 Disk 0 Vendor: ST950042 0001 Size: 476940MB BusType: 3
19:12:06.187 Disk 0 MBR read successfully
19:12:06.187 Disk 0 MBR scan
19:12:06.187 Disk 0 Windows VISTA default MBR code
19:12:06.203 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:12:06.203 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464558 MB offset 3074048
19:12:06.250 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10881 MB offset 954488832
19:12:06.297 Disk 0 scanning C:\windows\system32\drivers
19:12:15.313 Service scanning
19:12:31.491 Modules scanning
19:12:31.491 Scan finished successfully
19:12:43.549 Disk 0 MBR has been saved successfully to "C:\Users\Kenny\Documents\MBR.dat"
19:12:43.549 The log file has been saved successfully to "C:\Users\Kenny\Documents\mbr save.txt"





19:13:17.0307 3096 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
19:13:17.0604 3096 ============================================================
19:13:17.0604 3096 Current date / time: 2012/04/05 19:13:17.0604
19:13:17.0604 3096 SystemInfo:
19:13:17.0604 3096
19:13:17.0604 3096 OS Version: 6.1.7600 ServicePack: 0.0
19:13:17.0604 3096 Product type: Workstation
19:13:17.0604 3096 ComputerName: KENNY-KENNYH-PC
19:13:17.0604 3096 UserName: Kenny
19:13:17.0604 3096 Windows directory: C:\windows
19:13:17.0604 3096 System windows directory: C:\windows
19:13:17.0604 3096 Running under WOW64
19:13:17.0604 3096 Processor architecture: Intel x64
19:13:17.0604 3096 Number of processors: 4
19:13:17.0604 3096 Page size: 0x1000
19:13:17.0604 3096 Boot type: Normal boot
19:13:17.0604 3096 ============================================================
19:13:18.0119 3096 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:13:18.0134 3096 \Device\Harddisk0\DR0:
19:13:18.0134 3096 MBR used
19:13:18.0134 3096 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38B57000
19:13:18.0165 3096 Initialize success
19:13:18.0165 3096 ============================================================
19:13:40.0255 4844 ============================================================
19:13:40.0255 4844 Scan started
19:13:40.0255 4844 Mode: Manual;
19:13:40.0255 4844 ============================================================
19:13:40.0770 4844 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
19:13:40.0785 4844 1394ohci - ok
19:13:40.0801 4844 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
19:13:40.0817 4844 ACPI - ok
19:13:40.0848 4844 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys
19:13:40.0848 4844 acpials - ok
19:13:40.0879 4844 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
19:13:40.0879 4844 AcpiPmi - ok
19:13:40.0973 4844 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:13:40.0973 4844 AdobeARMservice - ok
19:13:41.0004 4844 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
19:13:41.0004 4844 adp94xx - ok
19:13:41.0035 4844 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
19:13:41.0035 4844 adpahci - ok
19:13:41.0066 4844 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
19:13:41.0066 4844 adpu320 - ok
19:13:41.0097 4844 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
19:13:41.0097 4844 AeLookupSvc - ok
19:13:41.0144 4844 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
19:13:41.0144 4844 AFD - ok
19:13:41.0160 4844 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
19:13:41.0160 4844 agp440 - ok
19:13:41.0207 4844 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
19:13:41.0207 4844 ALG - ok
19:13:41.0238 4844 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
19:13:41.0238 4844 aliide - ok
19:13:41.0269 4844 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
19:13:41.0269 4844 amdide - ok
19:13:41.0300 4844 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
19:13:41.0300 4844 AmdK8 - ok
19:13:41.0316 4844 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
19:13:41.0331 4844 AmdPPM - ok
19:13:41.0363 4844 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
19:13:41.0363 4844 amdsata - ok
19:13:41.0394 4844 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
19:13:41.0409 4844 amdsbs - ok
19:13:41.0425 4844 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
19:13:41.0425 4844 amdxata - ok
19:13:41.0456 4844 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
19:13:41.0456 4844 AppID - ok
19:13:41.0503 4844 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
19:13:41.0503 4844 AppIDSvc - ok
19:13:41.0519 4844 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
19:13:41.0519 4844 Appinfo - ok
19:13:41.0534 4844 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
19:13:41.0534 4844 arc - ok
19:13:41.0550 4844 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
19:13:41.0550 4844 arcsas - ok
19:13:41.0597 4844 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:13:41.0597 4844 AsyncMac - ok
19:13:41.0628 4844 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
19:13:41.0628 4844 atapi - ok
19:13:41.0675 4844 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
19:13:41.0690 4844 AudioEndpointBuilder - ok
19:13:41.0706 4844 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
19:13:41.0722 4844 AudioSrv - ok
19:13:41.0753 4844 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
19:13:41.0753 4844 AxInstSV - ok
19:13:41.0784 4844 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
19:13:41.0784 4844 b06bdrv - ok
19:13:41.0815 4844 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:13:41.0815 4844 b57nd60a - ok
19:13:41.0846 4844 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
19:13:41.0846 4844 BDESVC - ok
19:13:41.0878 4844 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:13:41.0878 4844 Beep - ok
19:13:41.0924 4844 BFE (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll
19:13:41.0940 4844 BFE - ok
19:13:41.0987 4844 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\System32\qmgr.dll
19:13:42.0018 4844 BITS - ok
19:13:42.0034 4844 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:13:42.0034 4844 blbdrive - ok
19:13:42.0065 4844 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
19:13:42.0065 4844 bowser - ok
19:13:42.0096 4844 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:13:42.0096 4844 BrFiltLo - ok
19:13:42.0112 4844 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:13:42.0112 4844 BrFiltUp - ok
19:13:42.0143 4844 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
19:13:42.0143 4844 Browser - ok
19:13:42.0174 4844 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:13:42.0174 4844 Brserid - ok
19:13:42.0205 4844 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:13:42.0205 4844 BrSerWdm - ok
19:13:42.0221 4844 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:13:42.0221 4844 BrUsbMdm - ok
19:13:42.0236 4844 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:13:42.0236 4844 BrUsbSer - ok
19:13:42.0268 4844 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
19:13:42.0268 4844 BTHMODEM - ok
19:13:42.0299 4844 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
19:13:42.0314 4844 bthserv - ok
19:13:42.0346 4844 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\windows\system32\drivers\BVRPMPR5a64.SYS
19:13:42.0346 4844 BVRPMPR5a64 - ok
19:13:42.0377 4844 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:13:42.0377 4844 cdfs - ok
19:13:42.0408 4844 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
19:13:42.0408 4844 cdrom - ok
19:13:42.0455 4844 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
19:13:42.0455 4844 CertPropSvc - ok
19:13:42.0470 4844 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
19:13:42.0470 4844 circlass - ok
19:13:42.0502 4844 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:13:42.0502 4844 CLFS - ok
19:13:42.0564 4844 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:13:42.0564 4844 clr_optimization_v2.0.50727_32 - ok
19:13:42.0611 4844 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:13:42.0611 4844 clr_optimization_v2.0.50727_64 - ok
19:13:42.0658 4844 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:13:42.0658 4844 clr_optimization_v4.0.30319_32 - ok
19:13:42.0704 4844 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:13:42.0704 4844 clr_optimization_v4.0.30319_64 - ok
19:13:42.0767 4844 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:13:42.0767 4844 CmBatt - ok
19:13:42.0798 4844 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
19:13:42.0798 4844 cmdide - ok
19:13:42.0829 4844 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
19:13:42.0845 4844 CNG - ok
19:13:42.0860 4844 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
19:13:42.0860 4844 Compbatt - ok
19:13:42.0876 4844 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
19:13:42.0892 4844 CompositeBus - ok
19:13:42.0907 4844 COMSysApp - ok
19:13:42.0938 4844 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
19:13:42.0938 4844 crcdisk - ok
19:13:42.0970 4844 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\windows\system32\cryptsvc.dll
19:13:42.0970 4844 CryptSvc - ok
19:13:43.0016 4844 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
19:13:43.0016 4844 DcomLaunch - ok
19:13:43.0048 4844 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
19:13:43.0048 4844 defragsvc - ok
19:13:43.0079 4844 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
19:13:43.0079 4844 DfsC - ok
19:13:43.0110 4844 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
19:13:43.0126 4844 Dhcp - ok
19:13:43.0126 4844 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:13:43.0141 4844 discache - ok
19:13:43.0172 4844 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
19:13:43.0172 4844 Disk - ok
19:13:43.0219 4844 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
19:13:43.0219 4844 Dnscache - ok
19:13:43.0266 4844 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
19:13:43.0266 4844 dot3svc - ok
19:13:43.0313 4844 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
19:13:43.0313 4844 DPS - ok
19:13:43.0344 4844 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:13:43.0344 4844 drmkaud - ok
19:13:43.0391 4844 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\windows\System32\drivers\dxgkrnl.sys
19:13:43.0406 4844 DXGKrnl - ok
19:13:43.0438 4844 EagleX64 - ok
19:13:43.0469 4844 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
19:13:43.0469 4844 EapHost - ok
19:13:43.0547 4844 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
19:13:43.0609 4844 ebdrv - ok
19:13:43.0656 4844 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe
19:13:43.0656 4844 EFS - ok
19:13:43.0703 4844 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
19:13:43.0718 4844 ehRecvr - ok
19:13:43.0734 4844 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
19:13:43.0750 4844 ehSched - ok
19:13:43.0781 4844 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
19:13:43.0781 4844 elxstor - ok
19:13:43.0812 4844 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
19:13:43.0812 4844 ErrDev - ok
19:13:43.0843 4844 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
19:13:43.0859 4844 EventSystem - ok
19:13:43.0937 4844 EvtEng (7c1042cda4e7151e91f1e66a4d9118b0) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:13:43.0952 4844 EvtEng - ok
19:13:43.0999 4844 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:13:43.0999 4844 exfat - ok
19:13:44.0030 4844 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:13:44.0030 4844 fastfat - ok
19:13:44.0093 4844 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
19:13:44.0108 4844 Fax - ok
19:13:44.0140 4844 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
19:13:44.0140 4844 fdc - ok
19:13:44.0171 4844 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
19:13:44.0171 4844 fdPHost - ok
19:13:44.0186 4844 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
19:13:44.0186 4844 FDResPub - ok
19:13:44.0202 4844 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:13:44.0202 4844 FileInfo - ok
19:13:44.0218 4844 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:13:44.0218 4844 Filetrace - ok
19:13:44.0249 4844 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
19:13:44.0249 4844 flpydisk - ok
19:13:44.0296 4844 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
19:13:44.0296 4844 FltMgr - ok
19:13:44.0342 4844 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll
19:13:44.0374 4844 FontCache - ok
19:13:44.0420 4844 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:13:44.0420 4844 FontCache3.0.0.0 - ok
19:13:44.0436 4844 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:13:44.0436 4844 FsDepends - ok
19:13:44.0452 4844 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
19:13:44.0452 4844 Fs_Rec - ok
19:13:44.0498 4844 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
19:13:44.0498 4844 fvevol - ok
19:13:44.0530 4844 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
19:13:44.0530 4844 gagp30kx - ok
19:13:44.0561 4844 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
19:13:44.0576 4844 gpsvc - ok
19:13:44.0592 4844 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:13:44.0592 4844 hcw85cir - ok
19:13:44.0623 4844 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
19:13:44.0639 4844 HdAudAddService - ok
19:13:44.0670 4844 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
19:13:44.0670 4844 HDAudBus - ok
19:13:44.0701 4844 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
19:13:44.0701 4844 HECIx64 - ok
19:13:44.0717 4844 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
19:13:44.0717 4844 HidBatt - ok
19:13:44.0748 4844 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
19:13:44.0748 4844 HidBth - ok
19:13:44.0779 4844 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
19:13:44.0779 4844 HidIr - ok
19:13:44.0795 4844 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
19:13:44.0810 4844 hidserv - ok
19:13:44.0826 4844 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
19:13:44.0842 4844 HidUsb - ok
19:13:44.0873 4844 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
19:13:44.0873 4844 hkmsvc - ok
19:13:44.0904 4844 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
19:13:44.0904 4844 HomeGroupListener - ok
19:13:44.0935 4844 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
19:13:44.0935 4844 HomeGroupProvider - ok
19:13:44.0966 4844 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
19:13:44.0966 4844 HpSAMD - ok
19:13:45.0013 4844 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
19:13:45.0029 4844 HTTP - ok
19:13:45.0044 4844 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
19:13:45.0044 4844 hwpolicy - ok
19:13:45.0076 4844 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
19:13:45.0091 4844 i8042prt - ok
19:13:45.0138 4844 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys
19:13:45.0138 4844 iaStor - ok
19:13:45.0169 4844 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
19:13:45.0185 4844 iaStorV - ok
19:13:45.0232 4844 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:13:45.0247 4844 idsvc - ok
19:13:45.0450 4844 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\windows\system32\DRIVERS\igdkmd64.sys
19:13:45.0622 4844 igfx - ok
19:13:45.0668 4844 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
19:13:45.0668 4844 iirsp - ok
19:13:45.0715 4844 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
19:13:45.0731 4844 IKEEXT - ok
19:13:45.0793 4844 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
19:13:45.0793 4844 Impcd - ok
19:13:45.0871 4844 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\windows\system32\drivers\RTKVHD64.sys
19:13:45.0934 4844 IntcAzAudAddService - ok
19:13:45.0980 4844 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys
19:13:45.0980 4844 IntcDAud - ok
19:13:46.0012 4844 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
19:13:46.0012 4844 intelide - ok
19:13:46.0043 4844 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:13:46.0043 4844 intelppm - ok
19:13:46.0074 4844 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
19:13:46.0074 4844 IPBusEnum - ok
19:13:46.0105 4844 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:13:46.0105 4844 IpFilterDriver - ok
19:13:46.0136 4844 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
19:13:46.0136 4844 iphlpsvc - ok
19:13:46.0168 4844 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
19:13:46.0168 4844 IPMIDRV - ok
19:13:46.0183 4844 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:13:46.0183 4844 IPNAT - ok
19:13:46.0199 4844 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:13:46.0199 4844 IRENUM - ok
19:13:46.0214 4844 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
19:13:46.0214 4844 isapnp - ok
19:13:46.0246 4844 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
19:13:46.0261 4844 iScsiPrt - ok
19:13:46.0308 4844 JMCR (19496fe93696c929392f1595ed1f8bb3) C:\windows\system32\DRIVERS\jmcr.sys
19:13:46.0324 4844 JMCR - ok
19:13:46.0355 4844 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
19:13:46.0355 4844 kbdclass - ok
19:13:46.0386 4844 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
19:13:46.0386 4844 kbdhid - ok
19:13:46.0417 4844 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
19:13:46.0417 4844 KeyIso - ok
19:13:46.0448 4844 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\windows\system32\DRIVERS\KMWDFILTER.sys
19:13:46.0464 4844 KMWDFILTER - ok
19:13:46.0480 4844 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
19:13:46.0495 4844 KSecDD - ok
19:13:46.0511 4844 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
19:13:46.0511 4844 KSecPkg - ok
19:13:46.0542 4844 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:13:46.0542 4844 ksthunk - ok
19:13:46.0573 4844 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
19:13:46.0589 4844 KtmRm - ok
19:13:46.0636 4844 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\system32\srvsvc.dll
19:13:46.0636 4844 LanmanServer - ok
19:13:46.0682 4844 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
19:13:46.0682 4844 LanmanWorkstation - ok
19:13:46.0714 4844 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:13:46.0714 4844 lltdio - ok
19:13:46.0745 4844 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
19:13:46.0760 4844 lltdsvc - ok
19:13:46.0776 4844 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
19:13:46.0776 4844 lmhosts - ok
19:13:46.0854 4844 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:13:46.0854 4844 LMS - ok
19:13:46.0901 4844 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys
19:13:46.0901 4844 LPCFilter - ok
19:13:46.0948 4844 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
19:13:46.0948 4844 LSI_FC - ok
19:13:46.0963 4844 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
19:13:46.0963 4844 LSI_SAS - ok
19:13:46.0994 4844 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:13:46.0994 4844 LSI_SAS2 - ok
19:13:47.0010 4844 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:13:47.0010 4844 LSI_SCSI - ok
19:13:47.0041 4844 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:13:47.0041 4844 luafv - ok
19:13:47.0088 4844 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
19:13:47.0088 4844 MBAMProtector - ok
19:13:47.0166 4844 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:13:47.0166 4844 MBAMService - ok
19:13:47.0197 4844 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
19:13:47.0197 4844 Mcx2Svc - ok
19:13:47.0228 4844 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
19:13:47.0228 4844 megasas - ok
19:13:47.0260 4844 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
19:13:47.0260 4844 MegaSR - ok
19:13:47.0291 4844 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:13:47.0291 4844 MMCSS - ok
19:13:47.0306 4844 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:13:47.0306 4844 Modem - ok
19:13:47.0338 4844 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:13:47.0338 4844 monitor - ok
19:13:47.0384 4844 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:13:47.0384 4844 mouclass - ok
19:13:47.0400 4844 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:13:47.0416 4844 mouhid - ok
19:13:47.0431 4844 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
19:13:47.0431 4844 mountmgr - ok
19:13:47.0462 4844 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
19:13:47.0462 4844 mpio - ok
19:13:47.0478 4844 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:13:47.0478 4844 mpsdrv - ok
19:13:47.0509 4844 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\windows\system32\mpssvc.dll
19:13:47.0540 4844 MpsSvc - ok
19:13:47.0556 4844 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
19:13:47.0556 4844 MRxDAV - ok
19:13:47.0587 4844 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
19:13:47.0587 4844 mrxsmb - ok
19:13:47.0618 4844 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:13:47.0618 4844 mrxsmb10 - ok
19:13:47.0650 4844 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:13:47.0650 4844 mrxsmb20 - ok
19:13:47.0665 4844 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
19:13:47.0665 4844 msahci - ok
19:13:47.0696 4844 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
19:13:47.0696 4844 msdsm - ok
19:13:47.0728 4844 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
19:13:47.0728 4844 MSDTC - ok
19:13:47.0774 4844 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:13:47.0774 4844 Msfs - ok
19:13:47.0790 4844 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:13:47.0790 4844 mshidkmdf - ok
19:13:47.0806 4844 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
19:13:47.0821 4844 msisadrv - ok
19:13:47.0837 4844 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
19:13:47.0837 4844 MSiSCSI - ok
19:13:47.0852 4844 msiserver - ok
19:13:47.0884 4844 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:13:47.0884 4844 MSKSSRV - ok
19:13:47.0915 4844 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:13:47.0915 4844 MSPCLOCK - ok
19:13:47.0930 4844 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:13:47.0930 4844 MSPQM - ok
19:13:47.0946 4844 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
19:13:47.0962 4844 MsRPC - ok
19:13:47.0977 4844 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
19:13:47.0977 4844 mssmbios - ok
19:13:48.0008 4844 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:13:48.0008 4844 MSTEE - ok
19:13:48.0024 4844 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
19:13:48.0024 4844 MTConfig - ok
19:13:48.0040 4844 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:13:48.0040 4844 Mup - ok
19:13:48.0118 4844 MyWiFiDHCPDNS (a94eebd860ad00a0bfe91c0fd3f5feb1) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:13:48.0118 4844 MyWiFiDHCPDNS - ok
19:13:48.0164 4844 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
19:13:48.0164 4844 napagent - ok
19:13:48.0227 4844 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:13:48.0227 4844 NativeWifiP - ok
19:13:48.0274 4844 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
19:13:48.0289 4844 NDIS - ok
19:13:48.0305 4844 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:13:48.0305 4844 NdisCap - ok
19:13:48.0352 4844 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:13:48.0352 4844 NdisTapi - ok
19:13:48.0383 4844 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
19:13:48.0383 4844 Ndisuio - ok
19:13:48.0398 4844 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
19:13:48.0398 4844 NdisWan - ok
19:13:48.0430 4844 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
19:13:48.0430 4844 NDProxy - ok
19:13:48.0461 4844 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:13:48.0461 4844 NetBIOS - ok
19:13:48.0476 4844 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
19:13:48.0476 4844 NetBT - ok
19:13:48.0508 4844 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
19:13:48.0523 4844 Netlogon - ok
19:13:48.0554 4844 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
19:13:48.0570 4844 Netman - ok
19:13:48.0586 4844 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
19:13:48.0586 4844 netprofm - ok
19:13:48.0632 4844 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:13:48.0632 4844 NetTcpPortSharing - ok
19:13:48.0788 4844 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\windows\system32\DRIVERS\NETw5s64.sys
19:13:48.0913 4844 NETw5s64 - ok
19:13:48.0960 4844 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
19:13:48.0960 4844 nfrd960 - ok
19:13:48.0991 4844 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
19:13:48.0991 4844 NlaSvc - ok
19:13:49.0022 4844 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:13:49.0022 4844 Npfs - ok
19:13:49.0054 4844 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
19:13:49.0054 4844 nsi - ok
19:13:49.0069 4844 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:13:49.0069 4844 nsiproxy - ok
19:13:49.0132 4844 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
19:13:49.0163 4844 Ntfs - ok
19:13:49.0194 4844 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:13:49.0194 4844 Null - ok
19:13:49.0225 4844 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
19:13:49.0225 4844 nvraid - ok
19:13:49.0256 4844 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
19:13:49.0256 4844 nvstor - ok
19:13:49.0288 4844 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
19:13:49.0288 4844 nv_agp - ok
19:13:49.0366 4844 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:13:49.0366 4844 odserv - ok
19:13:49.0397 4844 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
19:13:49.0397 4844 ohci1394 - ok
19:13:49.0428 4844 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:13:49.0428 4844 ose - ok
19:13:49.0490 4844 OverwolfUpdaterService (b786acfd9bac6c609fa03ba2597437a5) C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe
19:13:49.0490 4844 OverwolfUpdaterService - ok
19:13:49.0522 4844 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:13:49.0522 4844 p2pimsvc - ok
19:13:49.0553 4844 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
19:13:49.0568 4844 p2psvc - ok
19:13:49.0584 4844 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
19:13:49.0584 4844 Parport - ok
19:13:49.0600 4844 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
19:13:49.0600 4844 partmgr - ok
19:13:49.0631 4844 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
19:13:49.0631 4844 PcaSvc - ok
19:13:49.0646 4844 pci (5aab2b170536885de70a6cba8d7ce52b) C:\windows\system32\DRIVERS\pci.sys
19:13:49.0662 4844 pci - ok
19:13:49.0678 4844 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
19:13:49.0678 4844 pciide - ok
19:13:49.0693 4844 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
19:13:49.0709 4844 pcmcia - ok
19:13:49.0724 4844 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:13:49.0724 4844 pcw - ok
19:13:49.0756 4844 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:13:49.0771 4844 PEAUTH - ok
19:13:49.0818 4844 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
19:13:49.0818 4844 PerfHost - ok
19:13:49.0865 4844 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
19:13:49.0865 4844 PGEffect - ok
19:13:49.0958 4844 pgsql-8.3 (acc93675d78d1c07dad09d7837f2397a) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
19:13:49.0958 4844 pgsql-8.3 - ok
19:13:50.0005 4844 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
19:13:50.0036 4844 pla - ok
19:13:50.0083 4844 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
19:13:50.0083 4844 PlugPlay - ok
19:13:50.0099 4844 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
19:13:50.0099 4844 PNRPAutoReg - ok
19:13:50.0130 4844 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:13:50.0130 4844 PNRPsvc - ok
19:13:50.0161 4844 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
19:13:50.0177 4844 PolicyAgent - ok
19:13:50.0208 4844 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
19:13:50.0224 4844 Power - ok
19:13:50.0255 4844 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
19:13:50.0255 4844 PptpMiniport - ok
19:13:50.0286 4844 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
19:13:50.0286 4844 Processor - ok
19:13:50.0317 4844 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\windows\system32\profsvc.dll
19:13:50.0317 4844 ProfSvc - ok
19:13:50.0348 4844 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
19:13:50.0348 4844 ProtectedStorage - ok
19:13:50.0364 4844 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
19:13:50.0380 4844 Psched - ok
19:13:50.0411 4844 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
19:13:50.0442 4844 ql2300 - ok
19:13:50.0458 4844 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
19:13:50.0458 4844 ql40xx - ok
19:13:50.0489 4844 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
19:13:50.0489 4844 QWAVE - ok
19:13:50.0504 4844 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:13:50.0504 4844 QWAVEdrv - ok
19:13:50.0520 4844 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:13:50.0520 4844 RasAcd - ok
19:13:50.0567 4844 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:13:50.0567 4844 RasAgileVpn - ok
19:13:50.0598 4844 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
19:13:50.0598 4844 RasAuto - ok
19:13:50.0629 4844 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
19:13:50.0629 4844 Rasl2tp - ok
19:13:50.0660 4844 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
19:13:50.0660 4844 RasMan - ok
19:13:50.0692 4844 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:13:50.0692 4844 RasPppoe - ok
19:13:50.0707 4844 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:13:50.0723 4844 RasSstp - ok
19:13:50.0738 4844 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
19:13:50.0738 4844 rdbss - ok
19:13:50.0770 4844 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
19:13:50.0770 4844 rdpbus - ok
19:13:50.0785 4844 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:13:50.0785 4844 RDPCDD - ok
19:13:50.0801 4844 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:13:50.0801 4844 RDPENCDD - ok
19:13:50.0832 4844 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:13:50.0832 4844 RDPREFMP - ok
19:13:50.0863 4844 RDPWD (074ac702d8b8b660b0e1371555995386) C:\windows\system32\drivers\RDPWD.sys
19:13:50.0863 4844 RDPWD - ok
19:13:50.0894 4844 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
19:13:50.0894 4844 rdyboost - ok
19:13:50.0957 4844 RegSrvc (6108654c5ebea28a606d6890b4de6de3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:13:50.0972 4844 RegSrvc - ok
19:13:50.0988 4844 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
19:13:50.0988 4844 RemoteAccess - ok
19:13:51.0035 4844 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
19:13:51.0035 4844 RemoteRegistry - ok
19:13:51.0066 4844 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
19:13:51.0066 4844 RpcEptMapper - ok
19:13:51.0097 4844 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
19:13:51.0097 4844 RpcLocator - ok
19:13:51.0113 4844 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
19:13:51.0128 4844 RpcSs - ok
19:13:51.0144 4844 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:13:51.0144 4844 rspndr - ok
19:13:51.0206 4844 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys
19:13:51.0206 4844 RTL8167 - ok
19:13:51.0238 4844 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
19:13:51.0238 4844 SamSs - ok
19:13:51.0269 4844 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
19:13:51.0269 4844 sbp2port - ok
19:13:51.0284 4844 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
19:13:51.0300 4844 SCardSvr - ok
19:13:51.0316 4844 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
19:13:51.0316 4844 scfilter - ok
19:13:51.0347 4844 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
19:13:51.0378 4844 Schedule - ok
19:13:51.0409 4844 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
19:13:51.0409 4844 SCPolicySvc - ok
19:13:51.0440 4844 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\DRIVERS\sdbus.sys
19:13:51.0440 4844 sdbus - ok
19:13:51.0456 4844 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
19:13:51.0456 4844 SDRSVC - ok
19:13:51.0487 4844 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:13:51.0487 4844 secdrv - ok
19:13:51.0503 4844 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
19:13:51.0503 4844 seclogon - ok
19:13:51.0534 4844 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
19:13:51.0534 4844 SENS - ok
19:13:51.0550 4844 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
19:13:51.0550 4844 SensrSvc - ok
19:13:51.0581 4844 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
19:13:51.0581 4844 Serenum - ok
19:13:51.0596 4844 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
19:13:51.0596 4844 Serial - ok
19:13:51.0612 4844 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
19:13:51.0612 4844 sermouse - ok
19:13:51.0674 4844 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
19:13:51.0674 4844 SessionEnv - ok
19:13:51.0706 4844 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
19:13:51.0706 4844 sffdisk - ok
19:13:51.0737 4844 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
19:13:51.0737 4844 sffp_mmc - ok
19:13:51.0752 4844 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
19:13:51.0752 4844 sffp_sd - ok
19:13:51.0768 4844 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
19:13:51.0768 4844 sfloppy - ok
19:13:51.0799 4844 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
19:13:51.0815 4844 SharedAccess - ok
19:13:51.0830 4844 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
19:13:51.0830 4844 ShellHWDetection - ok
19:13:51.0862 4844 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:13:51.0862 4844 SiSRaid2 - ok
19:13:51.0893 4844 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
19:13:51.0893 4844 SiSRaid4 - ok
19:13:51.0940 4844 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:13:51.0940 4844 Smb - ok
19:13:51.0986 4844 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
19:13:51.0986 4844 SNMPTRAP - ok
19:13:52.0002 4844 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:13:52.0002 4844 spldr - ok
19:13:52.0049 4844 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
19:13:52.0049 4844 Spooler - ok
19:13:52.0127 4844 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
19:13:52.0205 4844 sppsvc - ok
19:13:52.0236 4844 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
19:13:52.0236 4844 sppuinotify - ok
19:13:52.0283 4844 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
19:13:52.0283 4844 srv - ok
19:13:52.0314 4844 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
19:13:52.0314 4844 srv2 - ok
19:13:52.0345 4844 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
19:13:52.0345 4844 srvnet - ok
19:13:52.0376 4844 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
19:13:52.0376 4844 SSDPSRV - ok
19:13:52.0392 4844 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
19:13:52.0408 4844 SstpSvc - ok
19:13:52.0423 4844 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
19:13:52.0439 4844 stexstor - ok
19:13:52.0470 4844 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
19:13:52.0486 4844 stisvc - ok
19:13:52.0517 4844 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
19:13:52.0517 4844 swenum - ok
19:13:52.0548 4844 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
19:13:52.0564 4844 swprv - ok
19:13:52.0626 4844 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
19:13:52.0626 4844 SynTP - ok
19:13:52.0673 4844 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
19:13:52.0704 4844 SysMain - ok
19:13:52.0751 4844 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
19:13:52.0751 4844 TabletInputService - ok
19:13:52.0798 4844 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
19:13:52.0798 4844 TapiSrv - ok
19:13:52.0813 4844 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
19:13:52.0813 4844 TBS - ok
19:13:52.0876 4844 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
19:13:52.0907 4844 Tcpip - ok
19:13:52.0969 4844 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
19:13:52.0969 4844 TCPIP6 - ok
19:13:53.0032 4844 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
19:13:53.0032 4844 tcpipreg - ok
19:13:53.0063 4844 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
19:13:53.0063 4844 tdcmdpst - ok
19:13:53.0078 4844 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:13:53.0078 4844 TDPIPE - ok
19:13:53.0110 4844 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys
19:13:53.0110 4844 TDTCP - ok
19:13:53.0156 4844 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
19:13:53.0156 4844 tdx - ok
19:13:53.0172 4844 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
19:13:53.0172 4844 TermDD - ok
19:13:53.0219 4844 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
19:13:53.0234 4844 TermService - ok
19:13:53.0266 4844 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
19:13:53.0266 4844 Themes - ok
19:13:53.0297 4844 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
19:13:53.0297 4844 Thpdrv - ok
19:13:53.0328 4844 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
19:13:53.0328 4844 Thpevm - ok
19:13:53.0375 4844 Thpsrv (f6927bba3b09aff26a53a9191f7378f9) C:\windows\system32\ThpSrv.exe
19:13:53.0390 4844 Thpsrv - ok
19:13:53.0406 4844 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:13:53.0406 4844 THREADORDER - ok
19:13:53.0437 4844 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:13:53.0437 4844 TMachInfo - ok
19:13:53.0468 4844 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
19:13:53.0468 4844 TODDSrv - ok
19:13:53.0531 4844 TosCoSrv (98c864481d62f86ec8af65be3419a95b) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:13:53.0531 4844 TosCoSrv - ok
19:13:53.0593 4844 TOSHIBA eco Utility Service (2ab7a4697462edb0c9dfafc529746ba9) C:\Program Files\TOSHIBA\TECO\TecoService.exe
19:13:53.0593 4844 TOSHIBA eco Utility Service - ok
19:13:53.0624 4844 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:13:53.0624 4844 TOSHIBA HDD SSD Alert Service - ok
19:13:53.0718 4844 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
19:13:53.0718 4844 tos_sps64 - ok
19:13:53.0765 4844 TPCHSrv (97687d094aa597da366e1194b218cc6c) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
19:13:53.0780 4844 TPCHSrv - ok
19:13:53.0812 4844 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
19:13:53.0812 4844 TrkWks - ok
19:13:53.0843 4844 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
19:13:53.0843 4844 TrustedInstaller - ok
19:13:53.0874 4844 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
19:13:53.0874 4844 tssecsrv - ok
19:13:53.0905 4844 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
19:13:53.0905 4844 tunnel - ok
19:13:53.0952 4844 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:13:53.0952 4844 TVALZ - ok
19:13:53.0983 4844 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
19:13:53.0983 4844 TVALZFL - ok
19:13:54.0014 4844 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
19:13:54.0014 4844 uagp35 - ok
19:13:54.0046 4844 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
19:13:54.0046 4844 udfs - ok
19:13:54.0077 4844 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
19:13:54.0092 4844 UI0Detect - ok
19:13:54.0108 4844 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
19:13:54.0108 4844 uliagpkx - ok
19:13:54.0139 4844 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
19:13:54.0139 4844 umbus - ok
19:13:54.0170 4844 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
19:13:54.0170 4844 UmPass - ok
19:13:54.0264 4844 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:13:54.0280 4844 UNS - ok
19:13:54.0311 4844 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
19:13:54.0326 4844 upnphost - ok
19:13:54.0342 4844 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
19:13:54.0358 4844 usbccgp - ok
19:13:54.0373 4844 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
19:13:54.0373 4844 usbcir - ok
19:13:54.0389 4844 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys
19:13:54.0389 4844 usbehci - ok
19:13:54.0404 4844 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
19:13:54.0404 4844 usbhub - ok
19:13:54.0436 4844 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
19:13:54.0436 4844 usbohci - ok
19:13:54.0451 4844 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
19:13:54.0451 4844 usbprint - ok
19:13:54.0498 4844 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
19:13:54.0498 4844 usbscan - ok
19:13:54.0545 4844 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:13:54.0545 4844 USBSTOR - ok
19:13:54.0576 4844 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
19:13:54.0576 4844 usbuhci - ok
19:13:54.0623 4844 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
19:13:54.0623 4844 usbvideo - ok
19:13:54.0654 4844 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
19:13:54.0654 4844 UxSms - ok
19:13:54.0685 4844 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
19:13:54.0685 4844 VaultSvc - ok
19:13:54.0701 4844 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
19:13:54.0701 4844 vdrvroot - ok
19:13:54.0748 4844 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
19:13:54.0748 4844 vds - ok
19:13:54.0779 4844 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:13:54.0779 4844 vga - ok
19:13:54.0794 4844 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:13:54.0794 4844 VgaSave - ok
19:13:54.0810 4844 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
19:13:54.0810 4844 vhdmp - ok
19:13:54.0841 4844 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
19:13:54.0841 4844 viaide - ok
19:13:54.0857 4844 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
19:13:54.0857 4844 volmgr - ok
19:13:54.0888 4844 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
19:13:54.0888 4844 volmgrx - ok
19:13:54.0904 4844 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
19:13:54.0904 4844 volsnap - ok
19:13:54.0950 4844 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
19:13:54.0950 4844 vsmraid - ok
19:13:54.0997 4844 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
19:13:55.0028 4844 VSS - ok
19:13:55.0044 4844 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:13:55.0044 4844 vwifibus - ok
19:13:55.0075 4844 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:13:55.0075 4844 vwififlt - ok
19:13:55.0091 4844 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
19:13:55.0091 4844 vwifimp - ok
19:13:55.0122 4844 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
19:13:55.0138 4844 W32Time - ok
19:13:55.0153 4844 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
19:13:55.0153 4844 WacomPen - ok
19:13:55.0184 4844 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
19:13:55.0184 4844 WANARP - ok
19:13:55.0200 4844 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
19:13:55.0200 4844 Wanarpv6 - ok
19:13:55.0262 4844 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
19:13:55.0278 4844 WatAdminSvc - ok
19:13:55.0325 4844 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
19:13:55.0372 4844 wbengine - ok
19:13:55.0387 4844 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
19:13:55.0387 4844 WbioSrvc - ok
19:13:55.0418 4844 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll
19:13:55.0434 4844 wcncsvc - ok
19:13:55.0450 4844 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
19:13:55.0450 4844 WcsPlugInService - ok
19:13:55.0465 4844 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
19:13:55.0465 4844 Wd - ok
19:13:55.0496 4844 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:13:55.0496 4844 Wdf01000 - ok
19:13:55.0528 4844 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:13:55.0528 4844 WdiServiceHost - ok
19:13:55.0528 4844 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:13:55.0528 4844 WdiSystemHost - ok
19:13:55.0559 4844 wdkmd (7c2ef67b0a43c4deb7ef932ceda337d6) C:\windows\system32\DRIVERS\WDKMD.sys
19:13:55.0574 4844 wdkmd - ok
19:13:55.0606 4844 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll
19:13:55.0606 4844 WebClient - ok
19:13:55.0621 4844 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
19:13:55.0637 4844 Wecsvc - ok
19:13:55.0652 4844 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
19:13:55.0668 4844 wercplsupport - ok
19:13:55.0684 4844 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
19:13:55.0699 4844 WerSvc - ok
19:13:55.0730 4844 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:13:55.0730 4844 WfpLwf - ok
19:13:55.0746 4844 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:13:55.0746 4844 WIMMount - ok
19:13:55.0777 4844 WinDefend - ok
19:13:55.0777 4844 WinHttpAutoProxySvc - ok
19:13:55.0824 4844 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
19:13:55.0824 4844 Winmgmt - ok
19:13:55.0886 4844 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
19:13:55.0933 4844 WinRM - ok
19:13:55.0980 4844 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
19:13:56.0011 4844 Wlansvc - ok
19:13:56.0120 4844 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:13:56.0152 4844 wlidsvc - ok
19:13:56.0198 4844 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
19:13:56.0198 4844 WmiAcpi - ok
19:13:56.0245 4844 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
19:13:56.0245 4844 wmiApSrv - ok
19:13:56.0276 4844 WMPNetworkSvc - ok
19:13:56.0308 4844 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
19:13:56.0308 4844 WPCSvc - ok
19:13:56.0339 4844 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
19:13:56.0339 4844 WPDBusEnum - ok
19:13:56.0354 4844 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:13:56.0354 4844 ws2ifsl - ok
19:13:56.0386 4844 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\System32\wscsvc.dll
19:13:56.0386 4844 wscsvc - ok
19:13:56.0401 4844 WSearch - ok
19:13:56.0464 4844 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll
19:13:56.0526 4844 wuauserv - ok
19:13:56.0542 4844 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
19:13:56.0557 4844 WudfPf - ok
19:13:56.0573 4844 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
19:13:56.0573 4844 WUDFRd - ok
19:13:56.0588 4844 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
19:13:56.0588 4844 wudfsvc - ok
19:13:56.0620 4844 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
19:13:56.0635 4844 WwanSvc - ok
19:13:56.0651 4844 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
19:13:56.0713 4844 \Device\Harddisk0\DR0 - ok
19:13:56.0729 4844 Boot (0x1200) (8ec2fe3fe560682812c8cc5cecb048a8) \Device\Harddisk0\DR0\Partition0
19:13:56.0729 4844 \Device\Harddisk0\DR0\Partition0 - ok
19:13:56.0729 4844 ============================================================
19:13:56.0729 4844 Scan finished
19:13:56.0729 4844 ============================================================
19:13:56.0744 3840 Detected object count: 0
19:13:56.0744 3840 Actual detected object count: 0

#12 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 05 April 2012 - 09:14 PM

Please continue to have patience. We are not finsihed still. and there will be more to do later.

This next process will involve a Reboot/retsart. Allow it. Close and save any open documents you have open!
  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    *****************************************************************
    :processes
    killallprocesses

    :reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"=-
    "Overwolf"=-

    :Commands
    [CREATERESTOREPOINT]
    [Reboot]

    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2
Turn off your antivirus program.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Leave the firewall on.

Get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm

Steps to follow for the MVP Hosts file:
1) Download and SAVE the zip file to a temporary folder
2) Unzip (extract the contents) in the same folder
3) Temporarily disable your antivirus program. Some antivirus apps will block changes to the Hosts file; so turn it off.
4) After extract is complete, run mvps.bat batch file. This copies your pre-existing Hosts file to Hosts.mvp in the folder where Windows' Hosts resides
typically, C:\WINDOWS\system32\drivers\etc

and after that copy is saved, it replaces the old Hosts with the new one.

And you should see (in the blue background command window) the following:

_________________________________________________
¦ +---+¦
¦ THE MVPS HOSTS FILE IS NOW UPDATED ¦ v ¦¦
¦ +---+¦
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Previous version saved and renamed to HOSTS.MVP
Press any key to continue . . .


Find the folder where you saved the original download. Delete hosts.zip and a file folder there named hosts
The latter is the same folder that had mvps.bat

Step 3
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop

Step 4
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.
  • Link 2
    Link 3
    Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL
IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Step 5
If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)


Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Right- click on Combo-Fix.exe on your Desktop Posted Image and select "Run as Administrator".
  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.

    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.
Note:
Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.

Step 6
Re-enable your antivirus program.

Reply with a copy of the C:\Combofix.txt log
and OTL MovedFiles log
and RKReport

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#13 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 13 April 2012 - 02:34 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users