Jump to content

Kennyh88

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. The fix option was not available. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-04-05 19:11:57 ----------------------------- 19:11:57.514 OS Version: Windows x64 6.1.7600 19:11:57.514 Number of processors: 4 586 0x2502 19:11:57.514 ComputerName: KENNY-KENNYH-PC UserName: Kenny 19:11:58.980 Initialize success 19:12:03.021 AVAST engine defs: 12040501 19:12:06.141 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 19:12:06.156 Disk 0 Vendor: ST950042 0001 Size: 476940MB BusType: 3 19:12:06.187 Disk 0 MBR read successfully 19:12:06.187 Disk 0 MBR scan 19:12:06.187 Disk 0 Windows VISTA default MBR code 19:12:06.203 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048 19:12:06.203 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464558 MB offset 3074048 19:12:06.250 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10881 MB offset 954488832 19:12:06.297 Disk 0 scanning C:\windows\system32\drivers 19:12:15.313 Service scanning 19:12:31.491 Modules scanning 19:12:31.491 Scan finished successfully 19:12:43.549 Disk 0 MBR has been saved successfully to "C:\Users\Kenny\Documents\MBR.dat" 19:12:43.549 The log file has been saved successfully to "C:\Users\Kenny\Documents\mbr save.txt" 19:13:17.0307 3096 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02 19:13:17.0604 3096 ============================================================ 19:13:17.0604 3096 Current date / time: 2012/04/05 19:13:17.0604 19:13:17.0604 3096 SystemInfo: 19:13:17.0604 3096 19:13:17.0604 3096 OS Version: 6.1.7600 ServicePack: 0.0 19:13:17.0604 3096 Product type: Workstation 19:13:17.0604 3096 ComputerName: KENNY-KENNYH-PC 19:13:17.0604 3096 UserName: Kenny 19:13:17.0604 3096 Windows directory: C:\windows 19:13:17.0604 3096 System windows directory: C:\windows 19:13:17.0604 3096 Running under WOW64 19:13:17.0604 3096 Processor architecture: Intel x64 19:13:17.0604 3096 Number of processors: 4 19:13:17.0604 3096 Page size: 0x1000 19:13:17.0604 3096 Boot type: Normal boot 19:13:17.0604 3096 ============================================================ 19:13:18.0119 3096 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:13:18.0134 3096 \Device\Harddisk0\DR0: 19:13:18.0134 3096 MBR used 19:13:18.0134 3096 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38B57000 19:13:18.0165 3096 Initialize success 19:13:18.0165 3096 ============================================================ 19:13:40.0255 4844 ============================================================ 19:13:40.0255 4844 Scan started 19:13:40.0255 4844 Mode: Manual; 19:13:40.0255 4844 ============================================================ 19:13:40.0770 4844 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys 19:13:40.0785 4844 1394ohci - ok 19:13:40.0801 4844 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys 19:13:40.0817 4844 ACPI - ok 19:13:40.0848 4844 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys 19:13:40.0848 4844 acpials - ok 19:13:40.0879 4844 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys 19:13:40.0879 4844 AcpiPmi - ok 19:13:40.0973 4844 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:13:40.0973 4844 AdobeARMservice - ok 19:13:41.0004 4844 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys 19:13:41.0004 4844 adp94xx - ok 19:13:41.0035 4844 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys 19:13:41.0035 4844 adpahci - ok 19:13:41.0066 4844 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys 19:13:41.0066 4844 adpu320 - ok 19:13:41.0097 4844 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll 19:13:41.0097 4844 AeLookupSvc - ok 19:13:41.0144 4844 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys 19:13:41.0144 4844 AFD - ok 19:13:41.0160 4844 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys 19:13:41.0160 4844 agp440 - ok 19:13:41.0207 4844 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe 19:13:41.0207 4844 ALG - ok 19:13:41.0238 4844 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys 19:13:41.0238 4844 aliide - ok 19:13:41.0269 4844 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys 19:13:41.0269 4844 amdide - ok 19:13:41.0300 4844 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys 19:13:41.0300 4844 AmdK8 - ok 19:13:41.0316 4844 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys 19:13:41.0331 4844 AmdPPM - ok 19:13:41.0363 4844 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys 19:13:41.0363 4844 amdsata - ok 19:13:41.0394 4844 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys 19:13:41.0409 4844 amdsbs - ok 19:13:41.0425 4844 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys 19:13:41.0425 4844 amdxata - ok 19:13:41.0456 4844 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys 19:13:41.0456 4844 AppID - ok 19:13:41.0503 4844 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll 19:13:41.0503 4844 AppIDSvc - ok 19:13:41.0519 4844 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll 19:13:41.0519 4844 Appinfo - ok 19:13:41.0534 4844 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys 19:13:41.0534 4844 arc - ok 19:13:41.0550 4844 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys 19:13:41.0550 4844 arcsas - ok 19:13:41.0597 4844 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 19:13:41.0597 4844 AsyncMac - ok 19:13:41.0628 4844 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys 19:13:41.0628 4844 atapi - ok 19:13:41.0675 4844 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll 19:13:41.0690 4844 AudioEndpointBuilder - ok 19:13:41.0706 4844 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll 19:13:41.0722 4844 AudioSrv - ok 19:13:41.0753 4844 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll 19:13:41.0753 4844 AxInstSV - ok 19:13:41.0784 4844 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys 19:13:41.0784 4844 b06bdrv - ok 19:13:41.0815 4844 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 19:13:41.0815 4844 b57nd60a - ok 19:13:41.0846 4844 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll 19:13:41.0846 4844 BDESVC - ok 19:13:41.0878 4844 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 19:13:41.0878 4844 Beep - ok 19:13:41.0924 4844 BFE (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll 19:13:41.0940 4844 BFE - ok 19:13:41.0987 4844 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\System32\qmgr.dll 19:13:42.0018 4844 BITS - ok 19:13:42.0034 4844 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 19:13:42.0034 4844 blbdrive - ok 19:13:42.0065 4844 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys 19:13:42.0065 4844 bowser - ok 19:13:42.0096 4844 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys 19:13:42.0096 4844 BrFiltLo - ok 19:13:42.0112 4844 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys 19:13:42.0112 4844 BrFiltUp - ok 19:13:42.0143 4844 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll 19:13:42.0143 4844 Browser - ok 19:13:42.0174 4844 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 19:13:42.0174 4844 Brserid - ok 19:13:42.0205 4844 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 19:13:42.0205 4844 BrSerWdm - ok 19:13:42.0221 4844 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 19:13:42.0221 4844 BrUsbMdm - ok 19:13:42.0236 4844 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 19:13:42.0236 4844 BrUsbSer - ok 19:13:42.0268 4844 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys 19:13:42.0268 4844 BTHMODEM - ok 19:13:42.0299 4844 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll 19:13:42.0314 4844 bthserv - ok 19:13:42.0346 4844 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\windows\system32\drivers\BVRPMPR5a64.SYS 19:13:42.0346 4844 BVRPMPR5a64 - ok 19:13:42.0377 4844 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 19:13:42.0377 4844 cdfs - ok 19:13:42.0408 4844 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys 19:13:42.0408 4844 cdrom - ok 19:13:42.0455 4844 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll 19:13:42.0455 4844 CertPropSvc - ok 19:13:42.0470 4844 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys 19:13:42.0470 4844 circlass - ok 19:13:42.0502 4844 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 19:13:42.0502 4844 CLFS - ok 19:13:42.0564 4844 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:13:42.0564 4844 clr_optimization_v2.0.50727_32 - ok 19:13:42.0611 4844 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:13:42.0611 4844 clr_optimization_v2.0.50727_64 - ok 19:13:42.0658 4844 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:13:42.0658 4844 clr_optimization_v4.0.30319_32 - ok 19:13:42.0704 4844 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:13:42.0704 4844 clr_optimization_v4.0.30319_64 - ok 19:13:42.0767 4844 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 19:13:42.0767 4844 CmBatt - ok 19:13:42.0798 4844 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys 19:13:42.0798 4844 cmdide - ok 19:13:42.0829 4844 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys 19:13:42.0845 4844 CNG - ok 19:13:42.0860 4844 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys 19:13:42.0860 4844 Compbatt - ok 19:13:42.0876 4844 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys 19:13:42.0892 4844 CompositeBus - ok 19:13:42.0907 4844 COMSysApp - ok 19:13:42.0938 4844 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys 19:13:42.0938 4844 crcdisk - ok 19:13:42.0970 4844 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\windows\system32\cryptsvc.dll 19:13:42.0970 4844 CryptSvc - ok 19:13:43.0016 4844 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll 19:13:43.0016 4844 DcomLaunch - ok 19:13:43.0048 4844 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll 19:13:43.0048 4844 defragsvc - ok 19:13:43.0079 4844 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys 19:13:43.0079 4844 DfsC - ok 19:13:43.0110 4844 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll 19:13:43.0126 4844 Dhcp - ok 19:13:43.0126 4844 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 19:13:43.0141 4844 discache - ok 19:13:43.0172 4844 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys 19:13:43.0172 4844 Disk - ok 19:13:43.0219 4844 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll 19:13:43.0219 4844 Dnscache - ok 19:13:43.0266 4844 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll 19:13:43.0266 4844 dot3svc - ok 19:13:43.0313 4844 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll 19:13:43.0313 4844 DPS - ok 19:13:43.0344 4844 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 19:13:43.0344 4844 drmkaud - ok 19:13:43.0391 4844 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\windows\System32\drivers\dxgkrnl.sys 19:13:43.0406 4844 DXGKrnl - ok 19:13:43.0438 4844 EagleX64 - ok 19:13:43.0469 4844 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll 19:13:43.0469 4844 EapHost - ok 19:13:43.0547 4844 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys 19:13:43.0609 4844 ebdrv - ok 19:13:43.0656 4844 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe 19:13:43.0656 4844 EFS - ok 19:13:43.0703 4844 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe 19:13:43.0718 4844 ehRecvr - ok 19:13:43.0734 4844 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe 19:13:43.0750 4844 ehSched - ok 19:13:43.0781 4844 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys 19:13:43.0781 4844 elxstor - ok 19:13:43.0812 4844 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys 19:13:43.0812 4844 ErrDev - ok 19:13:43.0843 4844 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll 19:13:43.0859 4844 EventSystem - ok 19:13:43.0937 4844 EvtEng (7c1042cda4e7151e91f1e66a4d9118b0) C:\Program Files\Intel\WiFi\bin\EvtEng.exe 19:13:43.0952 4844 EvtEng - ok 19:13:43.0999 4844 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 19:13:43.0999 4844 exfat - ok 19:13:44.0030 4844 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 19:13:44.0030 4844 fastfat - ok 19:13:44.0093 4844 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe 19:13:44.0108 4844 Fax - ok 19:13:44.0140 4844 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys 19:13:44.0140 4844 fdc - ok 19:13:44.0171 4844 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll 19:13:44.0171 4844 fdPHost - ok 19:13:44.0186 4844 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll 19:13:44.0186 4844 FDResPub - ok 19:13:44.0202 4844 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 19:13:44.0202 4844 FileInfo - ok 19:13:44.0218 4844 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 19:13:44.0218 4844 Filetrace - ok 19:13:44.0249 4844 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys 19:13:44.0249 4844 flpydisk - ok 19:13:44.0296 4844 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys 19:13:44.0296 4844 FltMgr - ok 19:13:44.0342 4844 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll 19:13:44.0374 4844 FontCache - ok 19:13:44.0420 4844 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:13:44.0420 4844 FontCache3.0.0.0 - ok 19:13:44.0436 4844 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 19:13:44.0436 4844 FsDepends - ok 19:13:44.0452 4844 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys 19:13:44.0452 4844 Fs_Rec - ok 19:13:44.0498 4844 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys 19:13:44.0498 4844 fvevol - ok 19:13:44.0530 4844 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys 19:13:44.0530 4844 gagp30kx - ok 19:13:44.0561 4844 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll 19:13:44.0576 4844 gpsvc - ok 19:13:44.0592 4844 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 19:13:44.0592 4844 hcw85cir - ok 19:13:44.0623 4844 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys 19:13:44.0639 4844 HdAudAddService - ok 19:13:44.0670 4844 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys 19:13:44.0670 4844 HDAudBus - ok 19:13:44.0701 4844 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys 19:13:44.0701 4844 HECIx64 - ok 19:13:44.0717 4844 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys 19:13:44.0717 4844 HidBatt - ok 19:13:44.0748 4844 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys 19:13:44.0748 4844 HidBth - ok 19:13:44.0779 4844 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys 19:13:44.0779 4844 HidIr - ok 19:13:44.0795 4844 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll 19:13:44.0810 4844 hidserv - ok 19:13:44.0826 4844 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys 19:13:44.0842 4844 HidUsb - ok 19:13:44.0873 4844 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll 19:13:44.0873 4844 hkmsvc - ok 19:13:44.0904 4844 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll 19:13:44.0904 4844 HomeGroupListener - ok 19:13:44.0935 4844 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll 19:13:44.0935 4844 HomeGroupProvider - ok 19:13:44.0966 4844 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys 19:13:44.0966 4844 HpSAMD - ok 19:13:45.0013 4844 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys 19:13:45.0029 4844 HTTP - ok 19:13:45.0044 4844 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys 19:13:45.0044 4844 hwpolicy - ok 19:13:45.0076 4844 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys 19:13:45.0091 4844 i8042prt - ok 19:13:45.0138 4844 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys 19:13:45.0138 4844 iaStor - ok 19:13:45.0169 4844 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys 19:13:45.0185 4844 iaStorV - ok 19:13:45.0232 4844 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:13:45.0247 4844 idsvc - ok 19:13:45.0450 4844 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\windows\system32\DRIVERS\igdkmd64.sys 19:13:45.0622 4844 igfx - ok 19:13:45.0668 4844 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys 19:13:45.0668 4844 iirsp - ok 19:13:45.0715 4844 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll 19:13:45.0731 4844 IKEEXT - ok 19:13:45.0793 4844 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys 19:13:45.0793 4844 Impcd - ok 19:13:45.0871 4844 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\windows\system32\drivers\RTKVHD64.sys 19:13:45.0934 4844 IntcAzAudAddService - ok 19:13:45.0980 4844 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys 19:13:45.0980 4844 IntcDAud - ok 19:13:46.0012 4844 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys 19:13:46.0012 4844 intelide - ok 19:13:46.0043 4844 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys 19:13:46.0043 4844 intelppm - ok 19:13:46.0074 4844 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll 19:13:46.0074 4844 IPBusEnum - ok 19:13:46.0105 4844 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys 19:13:46.0105 4844 IpFilterDriver - ok 19:13:46.0136 4844 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll 19:13:46.0136 4844 iphlpsvc - ok 19:13:46.0168 4844 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys 19:13:46.0168 4844 IPMIDRV - ok 19:13:46.0183 4844 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 19:13:46.0183 4844 IPNAT - ok 19:13:46.0199 4844 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 19:13:46.0199 4844 IRENUM - ok 19:13:46.0214 4844 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys 19:13:46.0214 4844 isapnp - ok 19:13:46.0246 4844 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys 19:13:46.0261 4844 iScsiPrt - ok 19:13:46.0308 4844 JMCR (19496fe93696c929392f1595ed1f8bb3) C:\windows\system32\DRIVERS\jmcr.sys 19:13:46.0324 4844 JMCR - ok 19:13:46.0355 4844 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys 19:13:46.0355 4844 kbdclass - ok 19:13:46.0386 4844 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys 19:13:46.0386 4844 kbdhid - ok 19:13:46.0417 4844 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe 19:13:46.0417 4844 KeyIso - ok 19:13:46.0448 4844 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\windows\system32\DRIVERS\KMWDFILTER.sys 19:13:46.0464 4844 KMWDFILTER - ok 19:13:46.0480 4844 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys 19:13:46.0495 4844 KSecDD - ok 19:13:46.0511 4844 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys 19:13:46.0511 4844 KSecPkg - ok 19:13:46.0542 4844 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 19:13:46.0542 4844 ksthunk - ok 19:13:46.0573 4844 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll 19:13:46.0589 4844 KtmRm - ok 19:13:46.0636 4844 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\system32\srvsvc.dll 19:13:46.0636 4844 LanmanServer - ok 19:13:46.0682 4844 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll 19:13:46.0682 4844 LanmanWorkstation - ok 19:13:46.0714 4844 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 19:13:46.0714 4844 lltdio - ok 19:13:46.0745 4844 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll 19:13:46.0760 4844 lltdsvc - ok 19:13:46.0776 4844 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll 19:13:46.0776 4844 lmhosts - ok 19:13:46.0854 4844 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 19:13:46.0854 4844 LMS - ok 19:13:46.0901 4844 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys 19:13:46.0901 4844 LPCFilter - ok 19:13:46.0948 4844 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys 19:13:46.0948 4844 LSI_FC - ok 19:13:46.0963 4844 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys 19:13:46.0963 4844 LSI_SAS - ok 19:13:46.0994 4844 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys 19:13:46.0994 4844 LSI_SAS2 - ok 19:13:47.0010 4844 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys 19:13:47.0010 4844 LSI_SCSI - ok 19:13:47.0041 4844 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 19:13:47.0041 4844 luafv - ok 19:13:47.0088 4844 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys 19:13:47.0088 4844 MBAMProtector - ok 19:13:47.0166 4844 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 19:13:47.0166 4844 MBAMService - ok 19:13:47.0197 4844 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll 19:13:47.0197 4844 Mcx2Svc - ok 19:13:47.0228 4844 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys 19:13:47.0228 4844 megasas - ok 19:13:47.0260 4844 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys 19:13:47.0260 4844 MegaSR - ok 19:13:47.0291 4844 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 19:13:47.0291 4844 MMCSS - ok 19:13:47.0306 4844 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 19:13:47.0306 4844 Modem - ok 19:13:47.0338 4844 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 19:13:47.0338 4844 monitor - ok 19:13:47.0384 4844 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys 19:13:47.0384 4844 mouclass - ok 19:13:47.0400 4844 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 19:13:47.0416 4844 mouhid - ok 19:13:47.0431 4844 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys 19:13:47.0431 4844 mountmgr - ok 19:13:47.0462 4844 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys 19:13:47.0462 4844 mpio - ok 19:13:47.0478 4844 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 19:13:47.0478 4844 mpsdrv - ok 19:13:47.0509 4844 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\windows\system32\mpssvc.dll 19:13:47.0540 4844 MpsSvc - ok 19:13:47.0556 4844 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys 19:13:47.0556 4844 MRxDAV - ok 19:13:47.0587 4844 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys 19:13:47.0587 4844 mrxsmb - ok 19:13:47.0618 4844 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys 19:13:47.0618 4844 mrxsmb10 - ok 19:13:47.0650 4844 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys 19:13:47.0650 4844 mrxsmb20 - ok 19:13:47.0665 4844 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys 19:13:47.0665 4844 msahci - ok 19:13:47.0696 4844 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys 19:13:47.0696 4844 msdsm - ok 19:13:47.0728 4844 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe 19:13:47.0728 4844 MSDTC - ok 19:13:47.0774 4844 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 19:13:47.0774 4844 Msfs - ok 19:13:47.0790 4844 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 19:13:47.0790 4844 mshidkmdf - ok 19:13:47.0806 4844 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys 19:13:47.0821 4844 msisadrv - ok 19:13:47.0837 4844 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll 19:13:47.0837 4844 MSiSCSI - ok 19:13:47.0852 4844 msiserver - ok 19:13:47.0884 4844 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 19:13:47.0884 4844 MSKSSRV - ok 19:13:47.0915 4844 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 19:13:47.0915 4844 MSPCLOCK - ok 19:13:47.0930 4844 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 19:13:47.0930 4844 MSPQM - ok 19:13:47.0946 4844 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys 19:13:47.0962 4844 MsRPC - ok 19:13:47.0977 4844 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys 19:13:47.0977 4844 mssmbios - ok 19:13:48.0008 4844 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 19:13:48.0008 4844 MSTEE - ok 19:13:48.0024 4844 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys 19:13:48.0024 4844 MTConfig - ok 19:13:48.0040 4844 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 19:13:48.0040 4844 Mup - ok 19:13:48.0118 4844 MyWiFiDHCPDNS (a94eebd860ad00a0bfe91c0fd3f5feb1) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 19:13:48.0118 4844 MyWiFiDHCPDNS - ok 19:13:48.0164 4844 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll 19:13:48.0164 4844 napagent - ok 19:13:48.0227 4844 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 19:13:48.0227 4844 NativeWifiP - ok 19:13:48.0274 4844 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys 19:13:48.0289 4844 NDIS - ok 19:13:48.0305 4844 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 19:13:48.0305 4844 NdisCap - ok 19:13:48.0352 4844 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 19:13:48.0352 4844 NdisTapi - ok 19:13:48.0383 4844 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys 19:13:48.0383 4844 Ndisuio - ok 19:13:48.0398 4844 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys 19:13:48.0398 4844 NdisWan - ok 19:13:48.0430 4844 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys 19:13:48.0430 4844 NDProxy - ok 19:13:48.0461 4844 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 19:13:48.0461 4844 NetBIOS - ok 19:13:48.0476 4844 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys 19:13:48.0476 4844 NetBT - ok 19:13:48.0508 4844 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe 19:13:48.0523 4844 Netlogon - ok 19:13:48.0554 4844 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll 19:13:48.0570 4844 Netman - ok 19:13:48.0586 4844 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll 19:13:48.0586 4844 netprofm - ok 19:13:48.0632 4844 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:13:48.0632 4844 NetTcpPortSharing - ok 19:13:48.0788 4844 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\windows\system32\DRIVERS\NETw5s64.sys 19:13:48.0913 4844 NETw5s64 - ok 19:13:48.0960 4844 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys 19:13:48.0960 4844 nfrd960 - ok 19:13:48.0991 4844 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll 19:13:48.0991 4844 NlaSvc - ok 19:13:49.0022 4844 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 19:13:49.0022 4844 Npfs - ok 19:13:49.0054 4844 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll 19:13:49.0054 4844 nsi - ok 19:13:49.0069 4844 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 19:13:49.0069 4844 nsiproxy - ok 19:13:49.0132 4844 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys 19:13:49.0163 4844 Ntfs - ok 19:13:49.0194 4844 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 19:13:49.0194 4844 Null - ok 19:13:49.0225 4844 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys 19:13:49.0225 4844 nvraid - ok 19:13:49.0256 4844 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys 19:13:49.0256 4844 nvstor - ok 19:13:49.0288 4844 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys 19:13:49.0288 4844 nv_agp - ok 19:13:49.0366 4844 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 19:13:49.0366 4844 odserv - ok 19:13:49.0397 4844 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys 19:13:49.0397 4844 ohci1394 - ok 19:13:49.0428 4844 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:13:49.0428 4844 ose - ok 19:13:49.0490 4844 OverwolfUpdaterService (b786acfd9bac6c609fa03ba2597437a5) C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe 19:13:49.0490 4844 OverwolfUpdaterService - ok 19:13:49.0522 4844 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 19:13:49.0522 4844 p2pimsvc - ok 19:13:49.0553 4844 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll 19:13:49.0568 4844 p2psvc - ok 19:13:49.0584 4844 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys 19:13:49.0584 4844 Parport - ok 19:13:49.0600 4844 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys 19:13:49.0600 4844 partmgr - ok 19:13:49.0631 4844 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll 19:13:49.0631 4844 PcaSvc - ok 19:13:49.0646 4844 pci (5aab2b170536885de70a6cba8d7ce52b) C:\windows\system32\DRIVERS\pci.sys 19:13:49.0662 4844 pci - ok 19:13:49.0678 4844 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys 19:13:49.0678 4844 pciide - ok 19:13:49.0693 4844 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys 19:13:49.0709 4844 pcmcia - ok 19:13:49.0724 4844 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 19:13:49.0724 4844 pcw - ok 19:13:49.0756 4844 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 19:13:49.0771 4844 PEAUTH - ok 19:13:49.0818 4844 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe 19:13:49.0818 4844 PerfHost - ok 19:13:49.0865 4844 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys 19:13:49.0865 4844 PGEffect - ok 19:13:49.0958 4844 pgsql-8.3 (acc93675d78d1c07dad09d7837f2397a) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe 19:13:49.0958 4844 pgsql-8.3 - ok 19:13:50.0005 4844 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll 19:13:50.0036 4844 pla - ok 19:13:50.0083 4844 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll 19:13:50.0083 4844 PlugPlay - ok 19:13:50.0099 4844 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll 19:13:50.0099 4844 PNRPAutoReg - ok 19:13:50.0130 4844 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 19:13:50.0130 4844 PNRPsvc - ok 19:13:50.0161 4844 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll 19:13:50.0177 4844 PolicyAgent - ok 19:13:50.0208 4844 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll 19:13:50.0224 4844 Power - ok 19:13:50.0255 4844 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys 19:13:50.0255 4844 PptpMiniport - ok 19:13:50.0286 4844 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys 19:13:50.0286 4844 Processor - ok 19:13:50.0317 4844 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\windows\system32\profsvc.dll 19:13:50.0317 4844 ProfSvc - ok 19:13:50.0348 4844 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe 19:13:50.0348 4844 ProtectedStorage - ok 19:13:50.0364 4844 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys 19:13:50.0380 4844 Psched - ok 19:13:50.0411 4844 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys 19:13:50.0442 4844 ql2300 - ok 19:13:50.0458 4844 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys 19:13:50.0458 4844 ql40xx - ok 19:13:50.0489 4844 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll 19:13:50.0489 4844 QWAVE - ok 19:13:50.0504 4844 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 19:13:50.0504 4844 QWAVEdrv - ok 19:13:50.0520 4844 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 19:13:50.0520 4844 RasAcd - ok 19:13:50.0567 4844 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 19:13:50.0567 4844 RasAgileVpn - ok 19:13:50.0598 4844 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll 19:13:50.0598 4844 RasAuto - ok 19:13:50.0629 4844 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys 19:13:50.0629 4844 Rasl2tp - ok 19:13:50.0660 4844 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll 19:13:50.0660 4844 RasMan - ok 19:13:50.0692 4844 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 19:13:50.0692 4844 RasPppoe - ok 19:13:50.0707 4844 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 19:13:50.0723 4844 RasSstp - ok 19:13:50.0738 4844 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys 19:13:50.0738 4844 rdbss - ok 19:13:50.0770 4844 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys 19:13:50.0770 4844 rdpbus - ok 19:13:50.0785 4844 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 19:13:50.0785 4844 RDPCDD - ok 19:13:50.0801 4844 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 19:13:50.0801 4844 RDPENCDD - ok 19:13:50.0832 4844 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 19:13:50.0832 4844 RDPREFMP - ok 19:13:50.0863 4844 RDPWD (074ac702d8b8b660b0e1371555995386) C:\windows\system32\drivers\RDPWD.sys 19:13:50.0863 4844 RDPWD - ok 19:13:50.0894 4844 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys 19:13:50.0894 4844 rdyboost - ok 19:13:50.0957 4844 RegSrvc (6108654c5ebea28a606d6890b4de6de3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 19:13:50.0972 4844 RegSrvc - ok 19:13:50.0988 4844 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll 19:13:50.0988 4844 RemoteAccess - ok 19:13:51.0035 4844 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll 19:13:51.0035 4844 RemoteRegistry - ok 19:13:51.0066 4844 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll 19:13:51.0066 4844 RpcEptMapper - ok 19:13:51.0097 4844 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe 19:13:51.0097 4844 RpcLocator - ok 19:13:51.0113 4844 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll 19:13:51.0128 4844 RpcSs - ok 19:13:51.0144 4844 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 19:13:51.0144 4844 rspndr - ok 19:13:51.0206 4844 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys 19:13:51.0206 4844 RTL8167 - ok 19:13:51.0238 4844 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe 19:13:51.0238 4844 SamSs - ok 19:13:51.0269 4844 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys 19:13:51.0269 4844 sbp2port - ok 19:13:51.0284 4844 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll 19:13:51.0300 4844 SCardSvr - ok 19:13:51.0316 4844 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys 19:13:51.0316 4844 scfilter - ok 19:13:51.0347 4844 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll 19:13:51.0378 4844 Schedule - ok 19:13:51.0409 4844 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll 19:13:51.0409 4844 SCPolicySvc - ok 19:13:51.0440 4844 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\DRIVERS\sdbus.sys 19:13:51.0440 4844 sdbus - ok 19:13:51.0456 4844 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll 19:13:51.0456 4844 SDRSVC - ok 19:13:51.0487 4844 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 19:13:51.0487 4844 secdrv - ok 19:13:51.0503 4844 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll 19:13:51.0503 4844 seclogon - ok 19:13:51.0534 4844 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll 19:13:51.0534 4844 SENS - ok 19:13:51.0550 4844 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll 19:13:51.0550 4844 SensrSvc - ok 19:13:51.0581 4844 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys 19:13:51.0581 4844 Serenum - ok 19:13:51.0596 4844 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys 19:13:51.0596 4844 Serial - ok 19:13:51.0612 4844 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys 19:13:51.0612 4844 sermouse - ok 19:13:51.0674 4844 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll 19:13:51.0674 4844 SessionEnv - ok 19:13:51.0706 4844 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys 19:13:51.0706 4844 sffdisk - ok 19:13:51.0737 4844 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys 19:13:51.0737 4844 sffp_mmc - ok 19:13:51.0752 4844 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys 19:13:51.0752 4844 sffp_sd - ok 19:13:51.0768 4844 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys 19:13:51.0768 4844 sfloppy - ok 19:13:51.0799 4844 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll 19:13:51.0815 4844 SharedAccess - ok 19:13:51.0830 4844 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll 19:13:51.0830 4844 ShellHWDetection - ok 19:13:51.0862 4844 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys 19:13:51.0862 4844 SiSRaid2 - ok 19:13:51.0893 4844 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys 19:13:51.0893 4844 SiSRaid4 - ok 19:13:51.0940 4844 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 19:13:51.0940 4844 Smb - ok 19:13:51.0986 4844 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe 19:13:51.0986 4844 SNMPTRAP - ok 19:13:52.0002 4844 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 19:13:52.0002 4844 spldr - ok 19:13:52.0049 4844 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe 19:13:52.0049 4844 Spooler - ok 19:13:52.0127 4844 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe 19:13:52.0205 4844 sppsvc - ok 19:13:52.0236 4844 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll 19:13:52.0236 4844 sppuinotify - ok 19:13:52.0283 4844 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys 19:13:52.0283 4844 srv - ok 19:13:52.0314 4844 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys 19:13:52.0314 4844 srv2 - ok 19:13:52.0345 4844 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys 19:13:52.0345 4844 srvnet - ok 19:13:52.0376 4844 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll 19:13:52.0376 4844 SSDPSRV - ok 19:13:52.0392 4844 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll 19:13:52.0408 4844 SstpSvc - ok 19:13:52.0423 4844 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys 19:13:52.0439 4844 stexstor - ok 19:13:52.0470 4844 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll 19:13:52.0486 4844 stisvc - ok 19:13:52.0517 4844 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys 19:13:52.0517 4844 swenum - ok 19:13:52.0548 4844 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll 19:13:52.0564 4844 swprv - ok 19:13:52.0626 4844 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys 19:13:52.0626 4844 SynTP - ok 19:13:52.0673 4844 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll 19:13:52.0704 4844 SysMain - ok 19:13:52.0751 4844 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll 19:13:52.0751 4844 TabletInputService - ok 19:13:52.0798 4844 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll 19:13:52.0798 4844 TapiSrv - ok 19:13:52.0813 4844 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll 19:13:52.0813 4844 TBS - ok 19:13:52.0876 4844 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys 19:13:52.0907 4844 Tcpip - ok 19:13:52.0969 4844 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys 19:13:52.0969 4844 TCPIP6 - ok 19:13:53.0032 4844 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys 19:13:53.0032 4844 tcpipreg - ok 19:13:53.0063 4844 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys 19:13:53.0063 4844 tdcmdpst - ok 19:13:53.0078 4844 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 19:13:53.0078 4844 TDPIPE - ok 19:13:53.0110 4844 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys 19:13:53.0110 4844 TDTCP - ok 19:13:53.0156 4844 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys 19:13:53.0156 4844 tdx - ok 19:13:53.0172 4844 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys 19:13:53.0172 4844 TermDD - ok 19:13:53.0219 4844 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll 19:13:53.0234 4844 TermService - ok 19:13:53.0266 4844 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll 19:13:53.0266 4844 Themes - ok 19:13:53.0297 4844 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys 19:13:53.0297 4844 Thpdrv - ok 19:13:53.0328 4844 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS 19:13:53.0328 4844 Thpevm - ok 19:13:53.0375 4844 Thpsrv (f6927bba3b09aff26a53a9191f7378f9) C:\windows\system32\ThpSrv.exe 19:13:53.0390 4844 Thpsrv - ok 19:13:53.0406 4844 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 19:13:53.0406 4844 THREADORDER - ok 19:13:53.0437 4844 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe 19:13:53.0437 4844 TMachInfo - ok 19:13:53.0468 4844 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe 19:13:53.0468 4844 TODDSrv - ok 19:13:53.0531 4844 TosCoSrv (98c864481d62f86ec8af65be3419a95b) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 19:13:53.0531 4844 TosCoSrv - ok 19:13:53.0593 4844 TOSHIBA eco Utility Service (2ab7a4697462edb0c9dfafc529746ba9) C:\Program Files\TOSHIBA\TECO\TecoService.exe 19:13:53.0593 4844 TOSHIBA eco Utility Service - ok 19:13:53.0624 4844 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe 19:13:53.0624 4844 TOSHIBA HDD SSD Alert Service - ok 19:13:53.0718 4844 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys 19:13:53.0718 4844 tos_sps64 - ok 19:13:53.0765 4844 TPCHSrv (97687d094aa597da366e1194b218cc6c) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe 19:13:53.0780 4844 TPCHSrv - ok 19:13:53.0812 4844 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll 19:13:53.0812 4844 TrkWks - ok 19:13:53.0843 4844 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe 19:13:53.0843 4844 TrustedInstaller - ok 19:13:53.0874 4844 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys 19:13:53.0874 4844 tssecsrv - ok 19:13:53.0905 4844 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys 19:13:53.0905 4844 tunnel - ok 19:13:53.0952 4844 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS 19:13:53.0952 4844 TVALZ - ok 19:13:53.0983 4844 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys 19:13:53.0983 4844 TVALZFL - ok 19:13:54.0014 4844 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys 19:13:54.0014 4844 uagp35 - ok 19:13:54.0046 4844 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys 19:13:54.0046 4844 udfs - ok 19:13:54.0077 4844 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe 19:13:54.0092 4844 UI0Detect - ok 19:13:54.0108 4844 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys 19:13:54.0108 4844 uliagpkx - ok 19:13:54.0139 4844 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys 19:13:54.0139 4844 umbus - ok 19:13:54.0170 4844 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys 19:13:54.0170 4844 UmPass - ok 19:13:54.0264 4844 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 19:13:54.0280 4844 UNS - ok 19:13:54.0311 4844 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll 19:13:54.0326 4844 upnphost - ok 19:13:54.0342 4844 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys 19:13:54.0358 4844 usbccgp - ok 19:13:54.0373 4844 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys 19:13:54.0373 4844 usbcir - ok 19:13:54.0389 4844 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys 19:13:54.0389 4844 usbehci - ok 19:13:54.0404 4844 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys 19:13:54.0404 4844 usbhub - ok 19:13:54.0436 4844 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys 19:13:54.0436 4844 usbohci - ok 19:13:54.0451 4844 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys 19:13:54.0451 4844 usbprint - ok 19:13:54.0498 4844 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys 19:13:54.0498 4844 usbscan - ok 19:13:54.0545 4844 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS 19:13:54.0545 4844 USBSTOR - ok 19:13:54.0576 4844 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys 19:13:54.0576 4844 usbuhci - ok 19:13:54.0623 4844 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys 19:13:54.0623 4844 usbvideo - ok 19:13:54.0654 4844 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll 19:13:54.0654 4844 UxSms - ok 19:13:54.0685 4844 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe 19:13:54.0685 4844 VaultSvc - ok 19:13:54.0701 4844 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys 19:13:54.0701 4844 vdrvroot - ok 19:13:54.0748 4844 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe 19:13:54.0748 4844 vds - ok 19:13:54.0779 4844 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 19:13:54.0779 4844 vga - ok 19:13:54.0794 4844 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 19:13:54.0794 4844 VgaSave - ok 19:13:54.0810 4844 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys 19:13:54.0810 4844 vhdmp - ok 19:13:54.0841 4844 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys 19:13:54.0841 4844 viaide - ok 19:13:54.0857 4844 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys 19:13:54.0857 4844 volmgr - ok 19:13:54.0888 4844 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys 19:13:54.0888 4844 volmgrx - ok 19:13:54.0904 4844 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys 19:13:54.0904 4844 volsnap - ok 19:13:54.0950 4844 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys 19:13:54.0950 4844 vsmraid - ok 19:13:54.0997 4844 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe 19:13:55.0028 4844 VSS - ok 19:13:55.0044 4844 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 19:13:55.0044 4844 vwifibus - ok 19:13:55.0075 4844 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys 19:13:55.0075 4844 vwififlt - ok 19:13:55.0091 4844 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys 19:13:55.0091 4844 vwifimp - ok 19:13:55.0122 4844 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll 19:13:55.0138 4844 W32Time - ok 19:13:55.0153 4844 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys 19:13:55.0153 4844 WacomPen - ok 19:13:55.0184 4844 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys 19:13:55.0184 4844 WANARP - ok 19:13:55.0200 4844 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys 19:13:55.0200 4844 Wanarpv6 - ok 19:13:55.0262 4844 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe 19:13:55.0278 4844 WatAdminSvc - ok 19:13:55.0325 4844 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe 19:13:55.0372 4844 wbengine - ok 19:13:55.0387 4844 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll 19:13:55.0387 4844 WbioSrvc - ok 19:13:55.0418 4844 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll 19:13:55.0434 4844 wcncsvc - ok 19:13:55.0450 4844 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll 19:13:55.0450 4844 WcsPlugInService - ok 19:13:55.0465 4844 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys 19:13:55.0465 4844 Wd - ok 19:13:55.0496 4844 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 19:13:55.0496 4844 Wdf01000 - ok 19:13:55.0528 4844 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 19:13:55.0528 4844 WdiServiceHost - ok 19:13:55.0528 4844 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 19:13:55.0528 4844 WdiSystemHost - ok 19:13:55.0559 4844 wdkmd (7c2ef67b0a43c4deb7ef932ceda337d6) C:\windows\system32\DRIVERS\WDKMD.sys 19:13:55.0574 4844 wdkmd - ok 19:13:55.0606 4844 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll 19:13:55.0606 4844 WebClient - ok 19:13:55.0621 4844 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll 19:13:55.0637 4844 Wecsvc - ok 19:13:55.0652 4844 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll 19:13:55.0668 4844 wercplsupport - ok 19:13:55.0684 4844 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll 19:13:55.0699 4844 WerSvc - ok 19:13:55.0730 4844 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 19:13:55.0730 4844 WfpLwf - ok 19:13:55.0746 4844 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 19:13:55.0746 4844 WIMMount - ok 19:13:55.0777 4844 WinDefend - ok 19:13:55.0777 4844 WinHttpAutoProxySvc - ok 19:13:55.0824 4844 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll 19:13:55.0824 4844 Winmgmt - ok 19:13:55.0886 4844 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll 19:13:55.0933 4844 WinRM - ok 19:13:55.0980 4844 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll 19:13:56.0011 4844 Wlansvc - ok 19:13:56.0120 4844 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 19:13:56.0152 4844 wlidsvc - ok 19:13:56.0198 4844 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys 19:13:56.0198 4844 WmiAcpi - ok 19:13:56.0245 4844 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe 19:13:56.0245 4844 wmiApSrv - ok 19:13:56.0276 4844 WMPNetworkSvc - ok 19:13:56.0308 4844 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll 19:13:56.0308 4844 WPCSvc - ok 19:13:56.0339 4844 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll 19:13:56.0339 4844 WPDBusEnum - ok 19:13:56.0354 4844 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 19:13:56.0354 4844 ws2ifsl - ok 19:13:56.0386 4844 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\System32\wscsvc.dll 19:13:56.0386 4844 wscsvc - ok 19:13:56.0401 4844 WSearch - ok 19:13:56.0464 4844 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll 19:13:56.0526 4844 wuauserv - ok 19:13:56.0542 4844 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys 19:13:56.0557 4844 WudfPf - ok 19:13:56.0573 4844 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys 19:13:56.0573 4844 WUDFRd - ok 19:13:56.0588 4844 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll 19:13:56.0588 4844 wudfsvc - ok 19:13:56.0620 4844 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll 19:13:56.0635 4844 WwanSvc - ok 19:13:56.0651 4844 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0 19:13:56.0713 4844 \Device\Harddisk0\DR0 - ok 19:13:56.0729 4844 Boot (0x1200) (8ec2fe3fe560682812c8cc5cecb048a8) \Device\Harddisk0\DR0\Partition0 19:13:56.0729 4844 \Device\Harddisk0\DR0\Partition0 - ok 19:13:56.0729 4844 ============================================================ 19:13:56.0729 4844 Scan finished 19:13:56.0729 4844 ============================================================ 19:13:56.0744 3840 Detected object count: 0 19:13:56.0744 3840 Actual detected object count: 0
  2. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:06:01 PM, on 4/5/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16930) Boot mode: Normal Running processes: C:\Program Files (x86)\Overwolf\Overwolf.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\SysWOW64\rundll32.exe C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kenny\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Users\Kenny\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-2395527409-1931721546-4083511208-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres') O4 - HKUS\S-1-5-21-2395527409-1931721546-4083511208-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres') O4 - S-1-5-21-2395527409-1931721546-4083511208-1003 User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'postgres') O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing) O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 11429 bytes
  3. All processes killed ========== PROCESSES ========== ========== FILES ========== recycler not found in C:\ ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Google Update not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Overwolf not found. ========== COMMANDS ========== C:\windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Kenny ->Temp folder emptied: 10349180 bytes ->Temporary Internet Files folder emptied: 10377621 bytes ->Java cache emptied: 16883176 bytes ->Google Chrome cache emptied: 32362253 bytes ->Flash cache emptied: 2829524 bytes User: postgres ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 162199165 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 224.00 mb Restore point Set: OTL Restore Point [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Kenny ->Flash cache emptied: 0 bytes User: postgres User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.39.2 log created on 04052012_185453 Files\Folders moved on Reboot... C:\Users\Kenny\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.05.11 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Kenny :: KENNY-KENNYH-PC [administrator] Protection: Enabled 4/5/2012 6:59:40 PM mbam-log-2012-04-05 (18-59-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 211298 Time elapsed: 2 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. I hope that is everything you may need. If not please let me know what else I can do. This trojan just keeps popping back up and ill do anything to get rid of it.
  5. QuickScan 32-bit v0.9.9.114 --------------------------- Scan date: Thu Apr 05 16:18:00 2012 Machine ID: CC7DC51F No infection found. ------------------- Processes --------- 2007 Microsoft Office system 3464 C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE Google Chrome 488 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe Google Chrome 1540 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe Google Chrome 4008 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe Google Chrome 4336 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe Google Chrome 4964 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe Microsoft Office OneNote 3256 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE Overwolf 3236 C:\Program Files (x86)\Overwolf\Overwolf.exe Network activity ---------------- Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.45.105 Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.65.120 Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.65.120 Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.45.105 Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.45.105 Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.45.105 Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.45.105 Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.45.105 Process chrome.exe (4964) connected on port 443 (HTTP over SSL) --> 74.125.47.95 Process chrome.exe (4964) connected on port 443 (HTTP over SSL) --> 74.125.45.105 Process chrome.exe (4964) connected on port 80 (HTTP) --> 188.165.220.204 Process chrome.exe (4964) connected on port 80 (HTTP) --> 188.165.220.204 Process chrome.exe (4964) connected on port 80 (HTTP) --> 188.165.220.204 Process chrome.exe (4964) connected on port 80 (HTTP) --> 66.235.142.20 Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.65.102 Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.65.102 Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.65.102 Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.65.102 Process chrome.exe (4964) connected on port 80 (HTTP) --> 23.13.159.139 Process chrome.exe (4964) connected on port 80 (HTTP) --> 23.13.159.139 Process chrome.exe (4964) connected on port 80 (HTTP) --> 23.13.159.139 Process chrome.exe (4964) connected on port 80 (HTTP) --> 23.15.7.107 Process chrome.exe (4964) connected on port 80 (HTTP) --> 23.15.7.107 Process chrome.exe (4964) connected on port 80 (HTTP) --> 23.15.7.107 Process chrome.exe (4964) connected on port 443 (HTTP over SSL) --> 74.125.159.138 Process chrome.exe (4964) connected on port 443 (HTTP over SSL) --> 74.125.45.132 Process chrome.exe (4964) connected on port 443 (HTTP over SSL) --> 74.125.65.120 Autoruns and critical files --------------------------- HWSetup C:\Program Files\TOSHIBA\Utilities\HWSetup.exe Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe KeNotify Application C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe Microsoft Office OneNote C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE Overwolf C:\Program Files (x86)\Overwolf\Overwolf.exe SVPWUTIL Application C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe TOSHIBA Service Station C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe TOSHIBA Sleep C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe TOSHIBA Web Camera Application C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe Windows Live Messenger C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (verified) Google Update C:\Users\Kenny\AppData\Local\Google\Update\GoogleUpdate.exe (verified) Microsoft® Windows® Operating System C:\windows\system32\userinit.exe Browser plugins --------------- AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll Bitdefender QuickScan C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.114_0\npqscan.dll Google Update C:\Users\Kenny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Nexon Game Controller C:\ProgramData\NexonUS\NGM\npNxGameUS.dll Pando Web Plugin C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll TOSHIBA Media Controller Plug-in c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll Windows Live Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll (verified) Java Platform SE 6 U17 c:\program files (x86)\java\jre6\bin\jp2ssv.dll (verified) Microsoft® Windows® Operating System C:\windows\system32\mswsock.dll (verified) Microsoft® Windows® Operating System C:\windows\system32\napinsp.dll (verified) Microsoft® Windows® Operating System C:\windows\system32\NLAapi.dll (verified) Microsoft® Windows® Operating System C:\windows\system32\pnrpnsp.dll (verified) Microsoft® Windows® Operating System C:\windows\System32\winrnr.dll Scan ---- MD5: 8082f66dc9c8167ff1aa548736f58457 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll MD5: 8a3ba48b5be893e1d81bfac17a3c1b1f c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe MD5: 62b7936f9036dd6ed36e6a7efa805dc0 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe MD5: 734c259da0087d93ae56cd5cb89c7f38 C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\msxml5.dll MD5: 4c5d603a632023bfdb8edd4436882abf C:\Program Files (x86)\Common Files\Microsoft Shared\office12\1033\MSOINTL.DLL MD5: 4a68ea31ff624a927e6d3b63fb695cfd C:\Program Files (x86)\Common Files\Microsoft Shared\office12\mso.dll MD5: c7d010bd8bcef2eb3fca8f7cd3c08d9f C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSORES.DLL MD5: 8fa9a16022a664f536b616130b2ea866 C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL MD5: 785f487a64950f3cb8e9f16253ba3b7b C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE MD5: a6a67a00b0060b31119aa234067ee3ee C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL MD5: 1a8b4857f2caaed89e16b1ed1f24930d C:\Program Files (x86)\Common Files\Microsoft Shared\office12\riched20.dll MD5: c2b290ce6b81520b96377e890f4c021c C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\1033\MSGR3EN.DLL MD5: cf39a105cd553eed31e2255aff4c6742 c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll MD5: 12b79422a23814429cda9e734c58f78f C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL MD5: 23de5b62b0445a6f874be633c95b483e C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe MD5: cc3775100aba633984f73dfae1f55cae C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe MD5: 1843e81fa7acfff4344a7dd4328d7da0 C:\Program Files (x86)\Microsoft Office\Office12\1033\ONINTL.DLL MD5: bef1ead605cf791fdbb48add71075509 C:\Program Files (x86)\Microsoft Office\Office12\1033\wwintl.dll MD5: 7e28af47dd4e878271abcae01071fa07 C:\Program Files (x86)\Microsoft Office\Office12\MSOHEV.DLL MD5: da79517783552b80229705d9720b8e8d C:\Program Files (x86)\Microsoft Office\Office12\msproof6.dll MD5: 3a9fba6005bc10ef8d1e61b9fe589505 C:\Program Files (x86)\Microsoft Office\OFFICE12\NLSDATA0009.DLL MD5: 1a514ca70e5faf1cec2f51cdab1367a7 C:\Program Files (x86)\Microsoft Office\OFFICE12\NLSLEXICONS0009_SP.dll MD5: 707f023159b541ead5dd6adb2e605443 C:\Program Files (x86)\Microsoft Office\OFFICE12\NLSMODELS0009.dll MD5: d78bc832da33bb0835c95cd338bb7f2a C:\Program Files (x86)\Microsoft Office\Office12\oart.dll MD5: 2db55b5ed8e8cd26597fda3455535b4b C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE MD5: 2d614df8a91cdc00d1ae9cf65ce39d1a C:\Program Files (x86)\Microsoft Office\Office12\wwlib.dll MD5: ed327201724ea05d509b7939abe49e98 c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll MD5: b786acfd9bac6c609fa03ba2597437a5 C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe MD5: e2c404705258d427d156a492309ef72d C:\Program Files (x86)\Overwolf\BrowserWindow.dll MD5: 479896bed454cb1a0c3a881d40112a98 C:\Program Files (x86)\Overwolf\CoreAudioApi.dll MD5: 0b96d75b2b239c8b0e2fc91b0c0555e8 C:\Program Files (x86)\Overwolf\Google.GData.Client.dll MD5: 27a9276b07328044d15b539be889cef6 C:\Program Files (x86)\Overwolf\Google.GData.YouTube.dll MD5: b8a324763720f50e5c4ac7be26e43c1a C:\Program Files (x86)\Overwolf\Interop.SKYPE4COMLib.dll MD5: 1bf23162a417543352549e8c3848c45b C:\Program Files (x86)\Overwolf\Microsoft.Expression.Interactions.dll MD5: a393950861d758b4c7e50b4f80312f1d C:\Program Files (x86)\Overwolf\Newtonsoft.Json.2.dll MD5: e615801946b5e35d5dc71dc4a105f5f9 C:\Program Files (x86)\Overwolf\OverWolf.BL.Interfaces.dll MD5: ec75b5226949cb2ea5d0465d40c40250 C:\Program Files (x86)\Overwolf\OverWolf.Client.BL.dll MD5: b1f5f6002b2f2e6725996c0ba3595d5f C:\Program Files (x86)\Overwolf\OverWolf.Client.CommonUtils.dll MD5: 219dd7a07ccc1312b1836c057eb176f9 C:\Program Files (x86)\Overwolf\OverWolf.Client.Core.dll MD5: 4fb15d7a43d7057ae764b70830ded8a2 C:\Program Files (x86)\Overwolf\Overwolf.exe MD5: 306cc79219c396d962778d8ca0e75187 C:\Program Files (x86)\Overwolf\OverWolf.Kernel32.dll MD5: 7932220bd60cf5b6776ca7c6d350f18a C:\Program Files (x86)\Overwolf\OWAgent.dll MD5: ae98c146f6eff39a4dd8f9b6731dc832 C:\Program Files (x86)\Overwolf\OWExplorer-10515.dll MD5: e2e24ca3c4ad2679a19611159b9daf6a C:\Program Files (x86)\Overwolf\OWInjector.dll MD5: 7619f1421f56d2caa5ebe7cf1b048b30 C:\Program Files (x86)\Overwolf\OWLog.dll MD5: c03d33ae0f0782c0a0eb5c20da8d0d91 C:\Program Files (x86)\Overwolf\OWServer.dll MD5: e10755a9bfb92301211b6e752612a55a C:\Program Files (x86)\Overwolf\OWService.dll MD5: fb0a62dbdf98a5466105d19b199c83bf C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL MD5: 4b72356476a3515c94f5835e1cbfc5e2 C:\Program Files (x86)\Overwolf\SteamKit2.dll MD5: cbffaadd66f2c417b1a5d652fd53d7d0 C:\Program Files (x86)\Overwolf\System.Windows.Interactivity.dll MD5: 195ed09e0b4f3b09ea4a3b67a0d3f396 C:\Program Files (x86)\Overwolf\WPFToolkit.dll MD5: 4a9325c8c85f54cb32f8954542d6b85a C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll MD5: acc93675d78d1c07dad09d7837f2397a C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe MD5: 816e03e300f49ae7882990da96ab0db7 c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll MD5: 28644b0523d64eff2fc7312a2ee74b0a C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe MD5: 541b822882607023e75ffec0c8f90faf C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe MD5: cebd440b6f812a00b2391ccd71e82958 C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe MD5: f7e0783da9043bc131bb37c77edb04df C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe MD5: 15e7db66d11cc100dc96c6ee8d97f520 C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe MD5: db04e6cbfcb38a8e224239ce2185d9e6 C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe MD5: 3a8e5a6763024d6a15a85069ba82f2d1 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe MD5: 0a1ff0b674e2f268799442a434a63bb3 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll MD5: afb5b500ad69e24ed1bc15d1161641ef C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL MD5: 2bacd71123f42cea603f4e205e1ae337 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE MD5: a94eebd860ad00a0bfe91c0fd3f5feb1 C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe MD5: 98c864481d62f86ec8af65be3419a95b C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe MD5: 2ab7a4697462edb0c9dfafc529746ba9 C:\Program Files\TOSHIBA\TECO\TecoService.exe MD5: 74c2fa8c3765ee71a9c22182ec108457 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe MD5: 97687d094aa597da366e1194b218cc6c C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe MD5: 8107e3a186c034ddeb14718d71332714 C:\Program Files\TOSHIBA\Utilities\HWSetup.exe MD5: 6d657abadf217dbb17cf0a0af44a7e29 C:\ProgramData\NexonUS\NGM\npNxGameUS.dll MD5: 12773d985d4fed10502f6ab6f2642b7d C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\avcodec-53.dll MD5: 51a8f2c8fd6453bb9db47b1a71e1a28b C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\avformat-53.dll MD5: 2cfe63120c8767e5a457bb7c428958dc C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\avutil-51.dll MD5: 84472a86902852f325e7fd1d92c4dced C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\chrome.dll MD5: 7bc68e1c9119d025a33a5dd7c9f767c6 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\icudt.dll MD5: 619e1d4b9704e375c1ba8d9a382571e6 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll MD5: 2c3d919fb4fedab39ea513ef2a26523f C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll MD5: 888a8af571c0f56d5b103b0976c6603e C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe MD5: 1570f1e976e042c833f736e3cfe03d96 C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.114_0\npqscan.dll MD5: 1e6b52abdf4082374de9d43cbd2f7e08 C:\Users\Kenny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll MD5: 87deeeb4a04306c3464c409027a47306 C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll MD5: 1ac64677a107a58e7a3788919ebddb3a C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\b669ed26c27a26dbe32110e21034faa7\PresentationCFFRasterizer.ni.dll MD5: 38ef721ebbb08b03a017911d854e1bf7 C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c0508b05f5c28e37711f447a66368e75\PresentationCore.ni.dll MD5: 648402b555d54106261f31f66a4545a6 C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll MD5: 229b4d74d4b0252f330dbb34d945b09e C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8435718626a24beaeefc98d45ae77127\PresentationFramework.ni.dll MD5: 6d070b55c42a755f24862368a6f9a8b0 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll MD5: 9543240f2450cd5a810fc640d0c4c4a9 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\a25e06e527720656434230d3ee420427\System.Core.ni.dll MD5: a3095a87a2bd98a8da5e9ce98cbe140f C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll MD5: 412f741fea459914a6e3829afd4a0597 C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5ca17001998a75ca774d2b80eead5579\System.ServiceProcess.ni.dll MD5: 7ac8a068501152ea3dd89925949038c8 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll MD5: 51e30cdab30d7ef61a8507c07d68d446 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll MD5: 90cc658956b6f4b0be28ef321bbe9e32 C:\windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll MD5: 8f9bb18fd145851952e6b4fa4787038a C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll MD5: 70db11ef999dc26640839dd64ef06e48 C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a0cec0099a537e10af5be76457a27db1\WindowsFormsIntegration.ni.dll MD5: 47c071994c3f649f23d9cd075ac9304a C:\windows\ehome\ehRecvr.exe MD5: 0862495e0c825893db75ef44faea8e93 C:\windows\Explorer.exe MD5: af2d82d297609df60469bfae48645762 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll MD5: 44a38da547fbfeb2f2b3d480728805de C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll MD5: 5f3bdb02d64443efca7dd9248619c962 C:\windows\system32\api-ms-win-core-console-l1-1-0.dll MD5: 225e83f591113adec764afba0ab12593 C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll MD5: cb44e805bb7c0c9bc3b8a66a59bb300a C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll MD5: 0a58da99321d95944e796541a716cbf5 C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll MD5: ea93d50a341350321c96208f651408d0 C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll MD5: 61490bbf4d7c399bd42af6b63960fb92 C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll MD5: 267aff1ea665dbe422276601989efff3 C:\windows\system32\api-ms-win-core-file-l1-1-0.dll MD5: 792fc8e77dc71a5f095c32d3a5c78ea1 C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll MD5: 84cb9832f03a6aa1929636f5d9e7e298 C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll MD5: 3927fdfe073338428a24160e427e87a3 C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll MD5: 56b798396b5ad9fb064528b638a6008f C:\windows\system32\api-ms-win-core-io-l1-1-0.dll MD5: 77895ba5c5cdcfef66419a03b6a4cdad C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll MD5: 88955bce0a301ca342562be24415d9cc C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll MD5: 308823c5a58a4022fedd8f4db3f99a25 C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll MD5: 75959d7e5ef8fd7e7e17f40f63f3cc66 C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll MD5: 2ff5b43393e8f2c46135ac33e842b076 C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll MD5: a5750894aefe1d57cf8c460ea4065748 C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll MD5: b3758364d42bbdba18383f010fb7cfcd C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll MD5: 20f76c488929b6288733888bffe62f65 C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll MD5: 11e5a68a159bf13bcf0538bec894e0ce C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll MD5: 5cccf830959345f0b8bcc2a0dfac11b5 C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll MD5: daef44b6ff4aec4533bab3761310d4a5 C:\windows\system32\api-ms-win-core-string-l1-1-0.dll MD5: 62ad339f7420b022509edac1d9fd7ba1 C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll MD5: c13d2932297d3597fea7b6902efc117d C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll MD5: cdc1f7b46fc7b0b8c88df0cfbda2eb2c C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll MD5: 69ac43aae61eec7625726b377ccaaa13 C:\windows\system32\api-ms-win-core-util-l1-1-0.dll MD5: 5710b9bd7a3e4f716402b8119004eb48 C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll MD5: a2903ece1d115fea38bb07e01c122b5e C:\windows\system32\api-ms-win-security-base-l1-1-0.dll MD5: 7fb5696ebcb8131ad2e2defe5f19c4b5 C:\windows\system32\DavClnt.DLL MD5: 11cdf138552bfec115b60ed6dc3aceb6 C:\windows\system32\DEVRTL.dll MD5: 62390f4ace9e2b63e3ca26b7f7497897 C:\windows\system32\dnsapi.DLL MD5: 2af58d15edc06ec6fdacce1f19482bbf C:\windows\system32\explorer.exe MD5: 8898c95862d03d16b2a06db4db6bb6b2 C:\windows\system32\explorerframe.dll MD5: 45fb05f743e626d9e239e52602cea041 C:\windows\system32\msctfui.dll MD5: 32e390954b2c6b1583a969ed0e7c8a9d C:\windows\system32\MSVCP100.dll MD5: 2b92a88e329f4845d31941967a3baa90 C:\windows\system32\MSVCR100.dll MD5: 9141fe8d904ce682a3bdcfae96bb04ef C:\windows\system32\ntshrui.dll MD5: 4d59a5b6ef0af6f9fdf3d157534380af C:\windows\system32\OLEACC.dll MD5: b031b98299d52a06ecb8202ef3c79860 C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll MD5: 71402c7923f6b7f8acb48e50f35463e7 C:\windows\system32\SearchIndexer.exe MD5: b4c246937bdb3e50b24698ee811074bf C:\windows\system32\Secur32.dll MD5: 6d9b75275c3e3a5f51aef81affadb2b6 C:\windows\System32\wcncsvc.dll MD5: bb5ec38f8d4600119b4720bc5d4211f1 C:\windows\System32\webclnt.dll MD5: a86a1c5df1c662d1c75815bf4794f16d C:\windows\system32\webio.dll MD5: cc9bbcfc715fbedf7ae476106fe653e9 C:\windows\system32\winhttp.dll MD5: e702ed19c332c1f12c1403d100e2f4f3 C:\windows\syswow64\CFGMGR32.dll MD5: 6c9c05d5344b9ab80e9180fc859bc45a C:\windows\syswow64\DEVOBJ.dll MD5: 40ff3f0a670af600c340f951ce54c916 C:\Windows\SysWOW64\ieframe.dll MD5: cdbb1c179ad891b373bffa307b07c78a C:\windows\syswow64\iertutil.dll MD5: 4ea99f1644627b1ebad99d0b93cdee1c C:\windows\syswow64\kernel32.dll MD5: 2bf12696f4ac8afcfc06ead6f8d2db4c C:\windows\syswow64\KERNELBASE.dll MD5: f8a61b2e713309b4616d107919bdab6e C:\windows\syswow64\msvcrt.dll MD5: db6dd54a93522ca3572d04b56c5db890 C:\windows\SysWOW64\ntdll.dll MD5: e2c2d8c982316c8abf800c6ce3f28fab C:\windows\syswow64\ole32.dll MD5: 4d59a5b6ef0af6f9fdf3d157534380af C:\Windows\SysWOW64\OLEACC.dll MD5: 705c210efc5564be49eb026bd7aff27a C:\windows\syswow64\OLEAUT32.dll MD5: 11535b22cfcc1f4d16c8d11289682ba3 C:\windows\syswow64\SHELL32.dll MD5: 44a6fbe9877ca69bd8b3b16c0a20fe1e C:\windows\syswow64\SspiCli.dll MD5: e748da08bd88c515cf047f1ac8d1a643 C:\windows\syswow64\urlmon.dll MD5: 653109c31f7f190072c9e4df31154225 C:\windows\syswow64\wininet.dll MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll MD5: c9564cf4976e7e96b4052737aa2492b4 C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll MD5: d34a527493f39af4491b3e909dc697ca C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll MD5: cdbe9690cf2b8409facad94fac9479c9 C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll MD5: d3ead1cf16ba729a7f7c9a5d94aa7c05 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\COMCTL32.dll MD5: 4b8dd8541c0e26602005dd0137333615 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\COMCTL32.dll No file uploaded. Scan finished - communication took 1 sec Total traffic - 0.01 MB sent, 0.49 KB recvd Scanned 331 files and modules - 18 seconds ==============================================================================
  6. info.txt logfile of random's system information tool 1.09 2012-04-05 15:41:36 ======Uninstall list====== Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} -->C:\Program Files\TOSHIBA\TVAP\setup.exe -->C:\ProgramData\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D} Adobe Flash Player 11 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -maintain activex Adobe Reader X (10.1.2)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001} Best Buy Software Installer-->"C:\ProgramData\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe" REMOVE=TRUE MODIFY=FALSE BovadaPoker-->"C:\Bovada\unins000.exe" Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe" Intel PROSet Wireless-->Intel PROSet Wireless Intel® Graphics Media Accelerator Driver-->C:\Program Files (x86)\Intel\Intel® Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall Intel® PROSet/Wireless WiFi Software-->MsiExec /I{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C} Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall Intel® Wireless Display-->MsiExec.exe /X{26F41FA3-3170-446B-A3A2-83F5FA26E6CD} Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF} JMicron Flash Media Controller Driver-->"C:\Program Files (x86)\JMicron\JMCR_DIR\setup.exe" delpkg Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} Label@Once 1.0-->MsiExec.exe /I{0D795777-9D60-4692-8386-F2B3F2B5E5BF} Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" MapleStory-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -game:33563155 -locale:US Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC} Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE} Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50} Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8} MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9} MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} Nexon Game Manager-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:0 -locale:US -load_from_local Overwolf-->MsiExec.exe /I{355CAC3F-0788-4117-B401-3CC4F8367E0A} Pando Media Booster-->C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04} PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224} Realtek Ethernet Controller Driver For Windows 7-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09} Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F} Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525} Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall System Requirements Lab CYRI-->MsiExec.exe /I{0931A702-634B-4B1E-B21F-4B5797CB2BA5} System Requirements Lab-->MsiExec.exe /I{9E1BAB75-EB78-440D-94C0-A3857BE2E733} TOSHIBA Application Installer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}\setup.exe" -l0x9 -removeonly TOSHIBA Assist-->C:\Program Files (x86)\InstallShield Installation Information\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}\setup.exe -runfromtemp -l0x0009 -removeonly TOSHIBA Bulletin Board-->"C:\Program Files (x86)\InstallShield Installation Information\{C14518AF-1A0F-4D39-8011-69BAA01CD380}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Bulletin Board-->MsiExec.exe /X{C14518AF-1A0F-4D39-8011-69BAA01CD380} TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0} TOSHIBA DVD PLAYER-->C:\Program Files (x86)\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly TOSHIBA eco Utility-->C:\Program Files (x86)\InstallShield Installation Information\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}\setup.exe -runfromtemp -l0x0409 TOSHIBA eco Utility-->C:\Program Files (x86)\InstallShield Installation Information\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}\setup.exe -runfromtemp -l0x0409 TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Face Recognition-->MsiExec.exe /X{F67FA545-D8E5-4209-86B1-AEE045D1003F} TOSHIBA Flash Cards Support Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{620BBA5E-F848-4D56-8BDA-584E44584C5E}\setup.exe" -runfromtemp -l0x0409 TOSHIBA Flash Cards Support Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{620BBA5E-F848-4D56-8BDA-584E44584C5E}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Hardware Setup-->"C:\Program Files (x86)\InstallShield Installation Information\{5279374D-87FE-4879-9385-F17278EBB9D3}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Hardware Setup-->MsiExec.exe /I{5279374D-87FE-4879-9385-F17278EBB9D3} TOSHIBA HDD Protection-->MsiExec.exe /X{94A90C69-71C1-470A-88F5-AA47ECC96B40} TOSHIBA HDD/SSD Alert-->C:\Program Files (x86)\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x0409 TOSHIBA HDD/SSD Alert-->C:\Program Files (x86)\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x0409 TOSHIBA Media Controller Plug-in-->MsiExec.exe /X{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0} TOSHIBA Media Controller-->C:\Program Files (x86)\InstallShield Installation Information\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}\setup.exe -runfromtemp -l0x0009 -removeonly TOSHIBA PC Health Monitor-->MsiExec.exe /X{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4} TOSHIBA Quality Application-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E69992ED-A7F6-406C-9280-1C156417BC49}\setup.exe" -l0x9 -removeonly TOSHIBA Recovery Media Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF} TOSHIBA ReelTime-->"C:\Program Files (x86)\InstallShield Installation Information\{A0E99122-25C1-4CA4-9063-499A2A814EB6}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA ReelTime-->MsiExec.exe /X{A0E99122-25C1-4CA4-9063-499A2A814EB6} TOSHIBA Service Station-->C:\Program Files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0009 -removeonly TOSHIBA Sleep Utility-->C:\Program Files (x86)\InstallShield Installation Information\{654F7484-88C5-46DC-AB32-C66BCB0E2102}\Setup.exe -runfromtemp -l0x0009 -removeonly TOSHIBA Supervisor Password-->"C:\Program Files (x86)\InstallShield Installation Information\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}\setup.exe" -runfromtemp -l0x0409 TOSHIBA Supervisor Password-->"C:\Program Files (x86)\InstallShield Installation Information\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}\setup.exe" -runfromtemp -l0x0409 -removeonly TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe TOSHIBA Web Camera Application-->C:\Program Files (x86)\InstallShield Installation Information\{5E6F6CF3-BACC-4144-868C-E14622C658F3}\setup.exe -runfromtemp -l0x0009 -removeonly ToshibaRegistration-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5AF550B4-BB67-4E7E-82F1-2C4300279050}\setup.exe" -l0x9 -removeonly Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202} Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF} Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF} Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9} Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245} Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726} Utility Common Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}\setup.exe" -runfromtemp -l0x0409 -removeonly Utility Common Driver-->MsiExec.exe /I{12688FD7-CB92-4A5B-BEE4-5C8E0574434F} Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Language Selector-->MsiExec.exe /I{180C8888-50F1-426B-A9DC-AB83A1989C65} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923} Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24} Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11} Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59} Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1} Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E} ======System event log====== Computer Name: Kenny-KennyH-PC Event Code: 9 Message: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Record Number: 144657 Source Name: iaStor Time Written: 20111105234141.217814-000 Event Type: Error User: Computer Name: Kenny-KennyH-PC Event Code: 51 Message: An error was detected on device \Device\Harddisk0\DR0 during a paging operation. Record Number: 144656 Source Name: Disk Time Written: 20111105234141.217814-000 Event Type: Warning User: Computer Name: Kenny-KennyH-PC Event Code: 4001 Message: WLAN AutoConfig service has successfully stopped. Record Number: 144396 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20111104001358.779760-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: Kenny-KennyH-PC Event Code: 10002 Message: WLAN Extensibility Module has stopped. Module Path: C:\windows\System32\IWMSSvc.dll Record Number: 144395 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20111104001358.374159-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: Kenny-KennyH-PC Event Code: 1073 Message: The attempt by user Kenny-KennyH-PC\Kenny to restart/shutdown computer KENNY-KENNYH-PC failed Record Number: 144350 Source Name: USER32 Time Written: 20111104001211.000000-000 Event Type: Warning User: Kenny-KennyH-PC\Kenny =====Application event log===== Computer Name: Kenny-KennyH-PC Event Code: 0 Message: Skipping empty element [tsu:setup_args] Record Number: 122159 Source Name: TOSHIBA Service Station Time Written: 20110904212858.000000-000 Event Type: Warning User: Computer Name: Kenny-KennyH-PC Event Code: 0 Message: Skipping empty element [tsu:setup_args] Record Number: 122157 Source Name: TOSHIBA Service Station Time Written: 20110904212858.000000-000 Event Type: Warning User: Computer Name: Kenny-KennyH-PC Event Code: 0 Message: Skipping empty element [tsu:setup_args] Record Number: 122155 Source Name: TOSHIBA Service Station Time Written: 20110904212858.000000-000 Event Type: Warning User: Computer Name: Kenny-KennyH-PC Event Code: 0 Message: Skipping empty element [tsu:setup_args] Record Number: 122153 Source Name: TOSHIBA Service Station Time Written: 20110904212853.000000-000 Event Type: Warning User: Computer Name: Kenny-KennyH-PC Event Code: 0 Message: Skipping empty element [tsu:setup_args] Record Number: 122152 Source Name: TOSHIBA Service Station Time Written: 20110904212853.000000-000 Event Type: Warning User: =====Security event log===== Computer Name: Kenny-KennyH-PC Event Code: 5058 Message: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: Not Available. Key Name: a9cae58c-0e5a-468b-b77a-86d538ff967c Key Type: Machine key. Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\690ebc4c503883b110318da8949b1a47_caa69436-ec2d-4298-9e6c-35df3eb5688e Operation: Read persisted key from file. Return Code: 0x0 Record Number: 5152 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100916191659.397333-000 Event Type: Audit Success User: Computer Name: Kenny-KennyH-PC Event Code: 5061 Message: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: KENNY-KENNYH-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {72136A6A-A52D-45E9-925B-C4E174793BF1} Key Type: Machine key. Cryptographic Operation: Operation: Open Key. Return Code: 0x0 Record Number: 5151 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100916191658.507282-000 Event Type: Audit Success User: Computer Name: Kenny-KennyH-PC Event Code: 5058 Message: Key file operation. Subject: Security ID: S-1-5-18 Account Name: KENNY-KENNYH-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: Not Available. Key Name: {72136A6A-A52D-45E9-925B-C4E174793BF1} Key Type: Machine key. Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\6c8d27dd245d5720b8619cc42363ad7f_caa69436-ec2d-4298-9e6c-35df3eb5688e Operation: Read persisted key from file. Return Code: 0x0 Record Number: 5150 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100916191658.506282-000 Event Type: Audit Success User: Computer Name: Kenny-KennyH-PC Event Code: 5061 Message: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: KENNY-KENNYH-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {72136A6A-A52D-45E9-925B-C4E174793BF1} Key Type: Machine key. Cryptographic Operation: Operation: Open Key. Return Code: 0x0 Record Number: 5149 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100916191640.554255-000 Event Type: Audit Success User: Computer Name: Kenny-KennyH-PC Event Code: 5058 Message: Key file operation. Subject: Security ID: S-1-5-18 Account Name: KENNY-KENNYH-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: Not Available. Key Name: {72136A6A-A52D-45E9-925B-C4E174793BF1} Key Type: Machine key. Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\6c8d27dd245d5720b8619cc42363ad7f_caa69436-ec2d-4298-9e6c-35df3eb5688e Operation: Read persisted key from file. Return Code: 0x0 Record Number: 5148 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100916191640.553255-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Windows Live\Shared "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 37 Stepping 2, GenuineIntel "PROCESSOR_REVISION"=2502 -----------------EOF-----------------
  7. Logfile of random's system information tool 1.09 (written by random/random) Run by Kenny at 2012-04-05 15:41:29 Microsoft Windows 7 Home Premium System drive C: has 423 GB (91%) free of 465 GB Total RAM: 3891 MB (55% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:41:34 PM, on 4/5/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16930) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Overwolf\Overwolf.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\windows\SysWOW64\NOTEPAD.EXE C:\Program Files\trend micro\Kenny.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Users\Kenny\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-2395527409-1931721546-4083511208-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres') O4 - HKUS\S-1-5-21-2395527409-1931721546-4083511208-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres') O4 - S-1-5-21-2395527409-1931721546-4083511208-1003 User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'postgres') O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing) O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 11349 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs winlogon.exe C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe 31120176 \??\C:\windows\system32\conhost.exe "-44728860713838471611524445768-1612100081727611700816932435-125954682-1910150750 C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" "C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files (x86)\PostgreSQL\8.3\data\" "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\ThpSrv.exe C:\Windows\system32\TODDSrv.exe "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" "C:\Program Files\TOSHIBA\TECO\TecoService.exe" "C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" -D "C:/Program Files (x86)/PostgreSQL/8.3/data" \??\C:\windows\system32\conhost.exe "-1533920724-739932884-1577544759-25538338-327394077-1736215971834010843393206039 "C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forklog" "872" "868" "taskhost.exe" "C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkboot" "864" "-x3" "C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkboot" "900" "-x4" "C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkavlauncher" "864" "C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkcol" "900" "C:\windows\system32\Dwm.exe" C:\windows\Explorer.EXE "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" C:\windows\system32\SearchIndexer.exe /Embedding "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" WLIDSvcM.exe 1468 C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Windows\System32\igfxtray.exe" C:\windows\system32\igfxsrvc.exe -Embedding C:\windows\system32\wbem\unsecapp.exe -Embedding C:\windows\system32\wbem\wmiprvse.exe "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE3 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "C:\Windows\System32\ThpSrv.exe" /logon "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe" "C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe" "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" "C:\Program Files\TOSHIBA\TECO\Teco.exe" /r "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray "C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe" "C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background "C:\Program Files (x86)\Overwolf\Overwolf.exe" -silent "C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" "C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe" "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray C:\windows\system32\igfxext.exe -Embedding C:\windows\system32\wbem\unsecapp.exe -Embedding C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe "C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe" "path=C:\Program Files (x86)\Overwolf" "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe" "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" C:\windows\System32\svchost.exe -k secsvcs "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" "C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe" "C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe" "C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --extension-process --renderer-print-preview --enable-experimental-extension-apis --channel=3676.01064380.1555579994 /prefetch:3 "C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --renderer-print-preview --enable-experimental-extension-apis --channel=3676.0612D1C0.1336852541 /prefetch:3 "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" "C:\windows\notepad.exe" "C:\Users\Kenny\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2012-04-05 (15-26-25).txt" "C:\windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\ERUNT\README.TXT C:\windows\system32\sppsvc.exe "C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520 "C:\Users\Kenny\Downloads\RSITx64.exe" C:\windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2395527409-1931721546-4083511208-1000Core.job C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2395527409-1931721546-4083511208-1000UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-05-28 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}] TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19 529784] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""= [] "IgfxTray"=C:\windows\system32\igfxtray.exe [2010-04-26 161304] "HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-04-26 386584] "Persistence"=C:\windows\system32\igfxpers.exe [2010-04-26 413208] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-03-22 10134560] "RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2010-03-22 896032] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-10 2052392] "ThpSrv"=C:\windows\system32\thpsrv /logon [] "TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-11-06 505696] "HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2009-03-09 52600] "SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-07-28 508216] "00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-03-25 913720] "Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2010-04-06 1489760] "TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2010-02-23 705368] "SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-10-19 238080] "IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-01-19 1926928] "TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376] "TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2010-02-05 709976] "TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2010-03-19 595816] "TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2010-03-03 35672] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2011-05-13 4283256] "Google Update"=C:\Users\Kenny\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 136176] "Overwolf"=C:\Program Files (x86)\Overwolf\Overwolf.exe [2012-03-07 41912] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2009-12-25 34160] "HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2010-03-04 423936] "SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2010-02-22 352256] "ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-10-06 1294136] "TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-02-24 2454840] "TSleepSrv"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [2010-03-17 252728] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712] "Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872] C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\windows\system32\igfxdev.dll [2010-04-21 269824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2012-04-05 15:41:30 ----D---- C:\Program Files\trend micro 2012-04-05 15:41:29 ----D---- C:\rsit 2012-04-05 15:34:29 ----D---- C:\windows\ERDNT 2012-04-05 15:33:10 ----D---- C:\Program Files (x86)\ERUNT 2012-04-04 18:16:27 ----D---- C:\Users\Kenny\AppData\Roaming\Malwarebytes 2012-04-04 18:16:18 ----D---- C:\ProgramData\Malwarebytes 2012-04-04 18:16:17 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-04 18:16:17 ----A---- C:\windows\system32\drivers\mbam.sys 2012-03-20 16:30:21 ----D---- C:\Bovada 2012-03-16 17:40:27 ----A---- C:\windows\system32\ntoskrnl.exe 2012-03-16 17:40:26 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe 2012-03-16 17:40:24 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe 2012-03-14 17:58:51 ----A---- C:\windows\system32\win32k.sys 2012-03-14 17:58:45 ----A---- C:\windows\system32\DWrite.dll 2012-03-14 17:58:44 ----A---- C:\windows\SYSWOW64\DWrite.dll 2012-03-14 17:58:44 ----A---- C:\windows\SYSWOW64\d3d10_1core.dll 2012-03-14 17:58:44 ----A---- C:\windows\system32\d3d10warp.dll 2012-03-14 17:58:44 ----A---- C:\windows\system32\d3d10_1core.dll 2012-03-14 17:58:43 ----A---- C:\windows\SYSWOW64\d3d10warp.dll 2012-03-14 17:58:43 ----A---- C:\windows\SYSWOW64\d3d10_1.dll 2012-03-14 17:58:43 ----A---- C:\windows\SYSWOW64\d2d1.dll 2012-03-14 17:58:43 ----A---- C:\windows\system32\d3d10_1.dll 2012-03-14 17:58:43 ----A---- C:\windows\system32\d2d1.dll 2012-03-14 17:57:55 ----A---- C:\windows\system32\rdrmemptylst.exe 2012-03-14 17:57:55 ----A---- C:\windows\system32\rdpwsx.dll 2012-03-14 17:57:55 ----A---- C:\windows\system32\rdpcorekmts.dll 2012-03-14 17:57:51 ----A---- C:\windows\SYSWOW64\rdpcore.dll 2012-03-14 17:57:51 ----A---- C:\windows\system32\rdpcore.dll 2012-03-14 17:57:51 ----A---- C:\windows\system32\drivers\tdtcp.sys 2012-03-14 17:57:51 ----A---- C:\windows\system32\drivers\rdpwd.sys 2012-03-07 15:08:06 ----A---- C:\windows\SYSWOW64\msvcp100.dll 2012-03-07 15:07:56 ----A---- C:\windows\SYSWOW64\msvcr100.dll ======List of files/folders modified in the last 1 month====== 2012-04-05 15:41:33 ----D---- C:\windows\Temp 2012-04-05 15:41:30 ----RD---- C:\Program Files 2012-04-05 15:34:29 ----AD---- C:\Windows 2012-04-05 15:33:10 ----RD---- C:\Program Files (x86) 2012-04-05 14:56:02 ----D---- C:\windows\system32\config 2012-04-05 14:49:43 ----D---- C:\windows\inf 2012-04-05 14:49:43 ----AD---- C:\windows\System32 2012-04-05 14:49:43 ----A---- C:\windows\system32\PerfStringBackup.INI 2012-04-05 14:42:36 ----A---- C:\windows\SYSWOW64\log.txt 2012-04-04 20:06:40 ----D---- C:\ProgramData\AVAST Software 2012-04-04 20:05:27 ----D---- C:\windows\SysWOW64 2012-04-04 20:05:26 ----D---- C:\windows\system32\drivers 2012-04-04 20:05:22 ----SHD---- C:\System Volume Information 2012-04-04 18:16:18 ----HD---- C:\ProgramData 2012-04-04 14:54:05 ----D---- C:\windows\system32\catroot2 2012-04-02 10:04:22 ----D---- C:\Nexon 2012-03-29 16:34:23 ----D---- C:\windows\Prefetch 2012-03-20 16:30:31 ----SHD---- C:\windows\Installer 2012-03-20 16:04:33 ----D---- C:\Users\Kenny\AppData\Roaming\Casual Arts 2012-03-19 16:31:10 ----D---- C:\windows\winsxs 2012-03-16 17:40:31 ----D---- C:\windows\system32\catroot 2012-03-16 17:39:05 ----A---- C:\windows\system32\MRT.exe 2012-03-14 17:54:52 ----D---- C:\Program Files (x86)\Overwolf 2012-03-14 17:54:51 ----D---- C:\Program Files (x86)\Common Files 2012-03-06 19:15:03 ----A---- C:\windows\system32\aswBoot.exe 2012-03-06 14:06:45 ----RSD---- C:\windows\assembly 2012-03-06 14:06:45 ----D---- C:\windows\Microsoft.NET ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-01-15 538136] R0 LPCFilter;LPC Lower Filter Driver; C:\windows\system32\DRIVERS\LPCFilter.sys [2009-07-31 44912] R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-13 12352] R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-13 214096] R0 Thpdrv;TOSHIBA HDD Protection Driver; C:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver; C:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784] R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\windows\system32\DRIVERS\tos_sps64.sys [2010-05-08 482384] R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840] R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472] R3 HECIx64;Intel® Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-04-21 10326784] R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2010-03-22 2298400] R3 IntcDAud;Intel® Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872] R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2011-12-10 23152] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392] R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008] R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-03-10 316464] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920] R3 wdkmd;Intel WiDi KMD; C:\windows\system32\DRIVERS\WDKMD.sys [2009-12-17 36760] S3 acpials;ALS Sensor Filter; C:\windows\system32\DRIVERS\acpials.sys [2009-07-13 9728] S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver; \??\C:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-02-10 35840] S3 EagleX64;EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [] S3 JMCR;JMCR; C:\windows\system32\DRIVERS\jmcr.sys [2010-05-18 164464] S3 KMWDFILTER;HIDServiceDesc; C:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 30208] S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880] S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2009-10-09 109056] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-01-19 1420560] R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-03-03 268824] R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-01-19 831760] R2 Thpsrv;TOSHIBA HDD Protection; C:\windows\system32\ThpSrv.exe [2009-10-21 531520] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632] R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-06 489312] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928] R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096] R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560] R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-01-19 315664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 OverwolfUpdaterService;Overwolf Updater Service; C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe [2012-03-07 18360] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-08-18 1255736] -----------------EOF-----------------
  8. This is what I got from the malwarebytes scan. Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.04.09 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Kenny :: KENNY-KENNYH-PC [administrator] Protection: Enabled 4/4/2012 6:20:59 PM mbam-log-2012-04-04 (19-26-07).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 320415 Time elapsed: 53 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCR\.fsharproj (Trojan.BHO) -> No action taken. Registry Values Detected: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DisplayManagerTray (Trojan.SHarpro.PGen) -> Data: rundll32.exe "C:\ProgramData\DisplayManagerTray.dll",DllRegisterServer -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AppDataLow Update (Trojan.SHarpro.PGen) -> Data: rundll32 "C:\Users\Kenny\AppData\Local\{069C0AF0-15AB-43A7-AF21-CB88166EE31E}\{069C0AF0-15AB-43A7-AF21-CB88166EE31E}Update\{069C0AF0-15AB-43A7-AF21-CB88166EE31E}updt32.DLL",DllRegisterServer -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Trolltech Update (Trojan.SHarpro.PGen) -> Data: rundll32 "C:\Users\Kenny\AppData\Local\Adobe\AdobeUpdate\Adobeupdt32.DLL",DllRegisterServer -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  9. Hello everyone! I'm new to this site but I have a problem with this malware. Ill give the details of what I know that has been happening so far and any help is greatly appreciated. When in internet exploer or google chrome, I use google search and click on a link it brings me to a malicious website on the first try and when I back out and click on link again it takes me to the site. Also my msn hotmail was recently hacked and was sending out random emails with links in it, I managed to get my email account back but worried about key logging. I ran avast anti malware and I heard great things about malwarebytes, so I downloaded that but the problem still persists.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.