Kennyh88

Please help with removing this malware!

13 posts in this topic

Hello everyone! I'm new to this site but I have a problem with this malware. Ill give the details of what I know that has been happening so far and any help is greatly appreciated.

When in internet exploer or google chrome, I use google search and click on a link it brings me to a malicious website on the first try and when I back out and click on link again it takes me to the site.

Also my msn hotmail was recently hacked and was sending out random emails with links in it, I managed to get my email account back but worried about key logging.

I ran avast anti malware and I heard great things about malwarebytes, so I downloaded that but the problem still persists.

Share this post


Link to post
Share on other sites

This is what I got from the malwarebytes scan.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.04.09

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Kenny :: KENNY-KENNYH-PC [administrator]

Protection: Enabled

4/4/2012 6:20:59 PM

mbam-log-2012-04-04 (19-26-07).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 320415

Time elapsed: 53 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCR\.fsharproj (Trojan.BHO) -> No action taken.

Registry Values Detected: 3

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DisplayManagerTray (Trojan.SHarpro.PGen) -> Data: rundll32.exe "C:\ProgramData\DisplayManagerTray.dll",DllRegisterServer -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AppDataLow Update (Trojan.SHarpro.PGen) -> Data: rundll32 "C:\Users\Kenny\AppData\Local\{069C0AF0-15AB-43A7-AF21-CB88166EE31E}\{069C0AF0-15AB-43A7-AF21-CB88166EE31E}Update\{069C0AF0-15AB-43A7-AF21-CB88166EE31E}updt32.DLL",DllRegisterServer -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Trolltech Update (Trojan.SHarpro.PGen) -> Data: rundll32 "C:\Users\Kenny\AppData\Local\Adobe\AdobeUpdate\Adobeupdt32.DLL",DllRegisterServer -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Hello kennyh88,

Close your browsers. Close/exit your email apps.

Start MBAM one more time. Press the Update tab then press "Check for Updates".

Press the Scanner tab.

Do a quick scan. and this time be sure you allow MBAM to quarantine or to remove all detected items.

Then, next:

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender.

Use separate replies as needed if logs do not fit into one reply box.

Share this post


Link to post
Share on other sites

Logfile of random's system information tool 1.09 (written by random/random)

Run by Kenny at 2012-04-05 15:41:29

Microsoft Windows 7 Home Premium

System drive C: has 423 GB (91%) free of 465 GB

Total RAM: 3891 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 3:41:34 PM, on 4/5/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16930)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Overwolf\Overwolf.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe

C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\windows\SysWOW64\NOTEPAD.EXE

C:\Program Files\trend micro\Kenny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\Kenny\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-2395527409-1931721546-4083511208-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')

O4 - HKUS\S-1-5-21-2395527409-1931721546-4083511208-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')

O4 - S-1-5-21-2395527409-1931721546-4083511208-1003 User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'postgres')

O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_cyri_4.1.71.0.cab

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe

O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 11349 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

winlogon.exe

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe 31120176

\??\C:\windows\system32\conhost.exe "-44728860713838471611524445768-1612100081727611700816932435-125954682-1910150750

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"

"C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files (x86)\PostgreSQL\8.3\data\"

"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\ThpSrv.exe

C:\Windows\system32\TODDSrv.exe

"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"

"C:\Program Files\TOSHIBA\TECO\TecoService.exe"

"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" -D "C:/Program Files (x86)/PostgreSQL/8.3/data"

\??\C:\windows\system32\conhost.exe "-1533920724-739932884-1577544759-25538338-327394077-1736215971834010843393206039

"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forklog" "872" "868"

"taskhost.exe"

"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkboot" "864" "-x3"

"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkboot" "900" "-x4"

"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkavlauncher" "864"

"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkcol" "900"

"C:\windows\system32\Dwm.exe"

C:\windows\Explorer.EXE

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

C:\windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"

WLIDSvcM.exe 1468

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Windows\System32\igfxtray.exe"

C:\windows\system32\igfxsrvc.exe -Embedding

C:\windows\system32\wbem\unsecapp.exe -Embedding

C:\windows\system32\wbem\wmiprvse.exe

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE3

"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

"C:\Windows\System32\ThpSrv.exe" /logon

"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe"

"C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe"

"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"

"C:\Program Files\TOSHIBA\TECO\Teco.exe" /r

"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"

"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

"C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe"

"C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe"

"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

"C:\Program Files (x86)\Overwolf\Overwolf.exe" -silent

"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr

"C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"

"C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe"

"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

C:\windows\system32\igfxext.exe -Embedding

C:\windows\system32\wbem\unsecapp.exe -Embedding

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

"C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe" "path=C:\Program Files (x86)\Overwolf"

"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"

C:\windows\System32\svchost.exe -k secsvcs

"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"

"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"

"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"

"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe"

"C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe"

"C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --extension-process --renderer-print-preview --enable-experimental-extension-apis --channel=3676.01064380.1555579994 /prefetch:3

"C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --renderer-print-preview --enable-experimental-extension-apis --channel=3676.0612D1C0.1336852541 /prefetch:3

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"

"C:\windows\notepad.exe" "C:\Users\Kenny\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2012-04-05 (15-26-25).txt"

"C:\windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\ERUNT\README.TXT

C:\windows\system32\sppsvc.exe

"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520

"C:\Users\Kenny\Downloads\RSITx64.exe"

C:\windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2395527409-1931721546-4083511208-1000Core.job

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2395527409-1931721546-4083511208-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-05-28 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]

TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19 529784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

""= []

"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-04-26 161304]

"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-04-26 386584]

"Persistence"=C:\windows\system32\igfxpers.exe [2010-04-26 413208]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-03-22 10134560]

"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2010-03-22 896032]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-10 2052392]

"ThpSrv"=C:\windows\system32\thpsrv /logon []

"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-11-06 505696]

"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2009-03-09 52600]

"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-07-28 508216]

"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-03-25 913720]

"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2010-04-06 1489760]

"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2010-02-23 705368]

"SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-10-19 238080]

"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-01-19 1926928]

"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]

"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2010-02-05 709976]

"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2010-03-19 595816]

"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2010-03-03 35672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2011-05-13 4283256]

"Google Update"=C:\Users\Kenny\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 136176]

"Overwolf"=C:\Program Files (x86)\Overwolf\Overwolf.exe [2012-03-07 41912]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2009-12-25 34160]

"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2010-03-04 423936]

"SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2010-02-22 352256]

"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-10-06 1294136]

"TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-02-24 2454840]

"TSleepSrv"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [2010-03-17 252728]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]

C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\windows\system32\igfxdev.dll [2010-04-21 269824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-04-05 15:41:30 ----D---- C:\Program Files\trend micro

2012-04-05 15:41:29 ----D---- C:\rsit

2012-04-05 15:34:29 ----D---- C:\windows\ERDNT

2012-04-05 15:33:10 ----D---- C:\Program Files (x86)\ERUNT

2012-04-04 18:16:27 ----D---- C:\Users\Kenny\AppData\Roaming\Malwarebytes

2012-04-04 18:16:18 ----D---- C:\ProgramData\Malwarebytes

2012-04-04 18:16:17 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-04 18:16:17 ----A---- C:\windows\system32\drivers\mbam.sys

2012-03-20 16:30:21 ----D---- C:\Bovada

2012-03-16 17:40:27 ----A---- C:\windows\system32\ntoskrnl.exe

2012-03-16 17:40:26 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe

2012-03-16 17:40:24 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe

2012-03-14 17:58:51 ----A---- C:\windows\system32\win32k.sys

2012-03-14 17:58:45 ----A---- C:\windows\system32\DWrite.dll

2012-03-14 17:58:44 ----A---- C:\windows\SYSWOW64\DWrite.dll

2012-03-14 17:58:44 ----A---- C:\windows\SYSWOW64\d3d10_1core.dll

2012-03-14 17:58:44 ----A---- C:\windows\system32\d3d10warp.dll

2012-03-14 17:58:44 ----A---- C:\windows\system32\d3d10_1core.dll

2012-03-14 17:58:43 ----A---- C:\windows\SYSWOW64\d3d10warp.dll

2012-03-14 17:58:43 ----A---- C:\windows\SYSWOW64\d3d10_1.dll

2012-03-14 17:58:43 ----A---- C:\windows\SYSWOW64\d2d1.dll

2012-03-14 17:58:43 ----A---- C:\windows\system32\d3d10_1.dll

2012-03-14 17:58:43 ----A---- C:\windows\system32\d2d1.dll

2012-03-14 17:57:55 ----A---- C:\windows\system32\rdrmemptylst.exe

2012-03-14 17:57:55 ----A---- C:\windows\system32\rdpwsx.dll

2012-03-14 17:57:55 ----A---- C:\windows\system32\rdpcorekmts.dll

2012-03-14 17:57:51 ----A---- C:\windows\SYSWOW64\rdpcore.dll

2012-03-14 17:57:51 ----A---- C:\windows\system32\rdpcore.dll

2012-03-14 17:57:51 ----A---- C:\windows\system32\drivers\tdtcp.sys

2012-03-14 17:57:51 ----A---- C:\windows\system32\drivers\rdpwd.sys

2012-03-07 15:08:06 ----A---- C:\windows\SYSWOW64\msvcp100.dll

2012-03-07 15:07:56 ----A---- C:\windows\SYSWOW64\msvcr100.dll

======List of files/folders modified in the last 1 month======

2012-04-05 15:41:33 ----D---- C:\windows\Temp

2012-04-05 15:41:30 ----RD---- C:\Program Files

2012-04-05 15:34:29 ----AD---- C:\Windows

2012-04-05 15:33:10 ----RD---- C:\Program Files (x86)

2012-04-05 14:56:02 ----D---- C:\windows\system32\config

2012-04-05 14:49:43 ----D---- C:\windows\inf

2012-04-05 14:49:43 ----AD---- C:\windows\System32

2012-04-05 14:49:43 ----A---- C:\windows\system32\PerfStringBackup.INI

2012-04-05 14:42:36 ----A---- C:\windows\SYSWOW64\log.txt

2012-04-04 20:06:40 ----D---- C:\ProgramData\AVAST Software

2012-04-04 20:05:27 ----D---- C:\windows\SysWOW64

2012-04-04 20:05:26 ----D---- C:\windows\system32\drivers

2012-04-04 20:05:22 ----SHD---- C:\System Volume Information

2012-04-04 18:16:18 ----HD---- C:\ProgramData

2012-04-04 14:54:05 ----D---- C:\windows\system32\catroot2

2012-04-02 10:04:22 ----D---- C:\Nexon

2012-03-29 16:34:23 ----D---- C:\windows\Prefetch

2012-03-20 16:30:31 ----SHD---- C:\windows\Installer

2012-03-20 16:04:33 ----D---- C:\Users\Kenny\AppData\Roaming\Casual Arts

2012-03-19 16:31:10 ----D---- C:\windows\winsxs

2012-03-16 17:40:31 ----D---- C:\windows\system32\catroot

2012-03-16 17:39:05 ----A---- C:\windows\system32\MRT.exe

2012-03-14 17:54:52 ----D---- C:\Program Files (x86)\Overwolf

2012-03-14 17:54:51 ----D---- C:\Program Files (x86)\Common Files

2012-03-06 19:15:03 ----A---- C:\windows\system32\aswBoot.exe

2012-03-06 14:06:45 ----RSD---- C:\windows\assembly

2012-03-06 14:06:45 ----D---- C:\windows\Microsoft.NET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-01-15 538136]

R0 LPCFilter;LPC Lower Filter Driver; C:\windows\system32\DRIVERS\LPCFilter.sys [2009-07-31 44912]

R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-13 12352]

R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-13 214096]

R0 Thpdrv;TOSHIBA HDD Protection Driver; C:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver; C:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]

R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\windows\system32\DRIVERS\tos_sps64.sys [2010-05-08 482384]

R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]

R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]

R3 HECIx64;Intel® Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-04-21 10326784]

R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2010-03-22 2298400]

R3 IntcDAud;Intel® Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]

R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2011-12-10 23152]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]

R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]

R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-03-10 316464]

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]

R3 wdkmd;Intel WiDi KMD; C:\windows\system32\DRIVERS\WDKMD.sys [2009-12-17 36760]

S3 acpials;ALS Sensor Filter; C:\windows\system32\DRIVERS\acpials.sys [2009-07-13 9728]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver; \??\C:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-02-10 35840]

S3 EagleX64;EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys []

S3 JMCR;JMCR; C:\windows\system32\DRIVERS\jmcr.sys [2010-05-18 164464]

S3 KMWDFILTER;HIDServiceDesc; C:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 30208]

S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880]

S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2009-10-09 109056]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-01-19 1420560]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-03-03 268824]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-01-19 831760]

R2 Thpsrv;TOSHIBA HDD Protection; C:\windows\system32\ThpSrv.exe [2009-10-21 531520]

R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632]

R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-06 489312]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]

R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]

R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]

R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-01-19 315664]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 OverwolfUpdaterService;Overwolf Updater Service; C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe [2012-03-07 18360]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-08-18 1255736]

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

info.txt logfile of random's system information tool 1.09 2012-04-05 15:41:36

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

-->C:\Program Files\TOSHIBA\TVAP\setup.exe

-->C:\ProgramData\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe

Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}

Adobe Flash Player 11 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -maintain activex

Adobe Reader X (10.1.2)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}

Best Buy Software Installer-->"C:\ProgramData\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe" REMOVE=TRUE MODIFY=FALSE

BovadaPoker-->"C:\Bovada\unins000.exe"

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"

Intel PROSet Wireless-->Intel PROSet Wireless

Intel® Graphics Media Accelerator Driver-->C:\Program Files (x86)\Intel\Intel® Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall

Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall

Intel® PROSet/Wireless WiFi Software-->MsiExec /I{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C}

Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall

Intel® Wireless Display-->MsiExec.exe /X{26F41FA3-3170-446B-A3A2-83F5FA26E6CD}

Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}

JMicron Flash Media Controller Driver-->"C:\Program Files (x86)\JMicron\JMCR_DIR\setup.exe" delpkg

Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

Label@Once 1.0-->MsiExec.exe /I{0D795777-9D60-4692-8386-F2B3F2B5E5BF}

Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

MapleStory-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -game:33563155 -locale:US

Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}

Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}

MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

Nexon Game Manager-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:0 -locale:US -load_from_local

Overwolf-->MsiExec.exe /I{355CAC3F-0788-4117-B401-3CC4F8367E0A}

Pando Media Booster-->C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe

PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}

PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}

Realtek Ethernet Controller Driver For Windows 7-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}

Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

System Requirements Lab CYRI-->MsiExec.exe /I{0931A702-634B-4B1E-B21F-4B5797CB2BA5}

System Requirements Lab-->MsiExec.exe /I{9E1BAB75-EB78-440D-94C0-A3857BE2E733}

TOSHIBA Application Installer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}\setup.exe" -l0x9 -removeonly

TOSHIBA Assist-->C:\Program Files (x86)\InstallShield Installation Information\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}\setup.exe -runfromtemp -l0x0009 -removeonly

TOSHIBA Bulletin Board-->"C:\Program Files (x86)\InstallShield Installation Information\{C14518AF-1A0F-4D39-8011-69BAA01CD380}\setup.exe" -runfromtemp -l0x0409 -removeonly

TOSHIBA Bulletin Board-->MsiExec.exe /X{C14518AF-1A0F-4D39-8011-69BAA01CD380}

TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}

TOSHIBA DVD PLAYER-->C:\Program Files (x86)\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly

TOSHIBA eco Utility-->C:\Program Files (x86)\InstallShield Installation Information\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}\setup.exe -runfromtemp -l0x0409

TOSHIBA eco Utility-->C:\Program Files (x86)\InstallShield Installation Information\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}\setup.exe -runfromtemp -l0x0409

TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x0409 -removeonly

TOSHIBA Face Recognition-->MsiExec.exe /X{F67FA545-D8E5-4209-86B1-AEE045D1003F}

TOSHIBA Flash Cards Support Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{620BBA5E-F848-4D56-8BDA-584E44584C5E}\setup.exe" -runfromtemp -l0x0409

TOSHIBA Flash Cards Support Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{620BBA5E-F848-4D56-8BDA-584E44584C5E}\setup.exe" -runfromtemp -l0x0409 -removeonly

TOSHIBA Hardware Setup-->"C:\Program Files (x86)\InstallShield Installation Information\{5279374D-87FE-4879-9385-F17278EBB9D3}\setup.exe" -runfromtemp -l0x0409 -removeonly

TOSHIBA Hardware Setup-->MsiExec.exe /I{5279374D-87FE-4879-9385-F17278EBB9D3}

TOSHIBA HDD Protection-->MsiExec.exe /X{94A90C69-71C1-470A-88F5-AA47ECC96B40}

TOSHIBA HDD/SSD Alert-->C:\Program Files (x86)\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x0409

TOSHIBA HDD/SSD Alert-->C:\Program Files (x86)\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x0409

TOSHIBA Media Controller Plug-in-->MsiExec.exe /X{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}

TOSHIBA Media Controller-->C:\Program Files (x86)\InstallShield Installation Information\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}\setup.exe -runfromtemp -l0x0009 -removeonly

TOSHIBA PC Health Monitor-->MsiExec.exe /X{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}

TOSHIBA Quality Application-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E69992ED-A7F6-406C-9280-1C156417BC49}\setup.exe" -l0x9 -removeonly

TOSHIBA Recovery Media Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}

TOSHIBA ReelTime-->"C:\Program Files (x86)\InstallShield Installation Information\{A0E99122-25C1-4CA4-9063-499A2A814EB6}\setup.exe" -runfromtemp -l0x0409 -removeonly

TOSHIBA ReelTime-->MsiExec.exe /X{A0E99122-25C1-4CA4-9063-499A2A814EB6}

TOSHIBA Service Station-->C:\Program Files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0009 -removeonly

TOSHIBA Sleep Utility-->C:\Program Files (x86)\InstallShield Installation Information\{654F7484-88C5-46DC-AB32-C66BCB0E2102}\Setup.exe -runfromtemp -l0x0009 -removeonly

TOSHIBA Supervisor Password-->"C:\Program Files (x86)\InstallShield Installation Information\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}\setup.exe" -runfromtemp -l0x0409

TOSHIBA Supervisor Password-->"C:\Program Files (x86)\InstallShield Installation Information\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}\setup.exe" -runfromtemp -l0x0409 -removeonly

TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe

TOSHIBA Web Camera Application-->C:\Program Files (x86)\InstallShield Installation Information\{5E6F6CF3-BACC-4144-868C-E14622C658F3}\setup.exe -runfromtemp -l0x0009 -removeonly

ToshibaRegistration-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5AF550B4-BB67-4E7E-82F1-2C4300279050}\setup.exe" -l0x9 -removeonly

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}

Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}

Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}

Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}

Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}

Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}

Utility Common Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}\setup.exe" -runfromtemp -l0x0409 -removeonly

Utility Common Driver-->MsiExec.exe /I{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Language Selector-->MsiExec.exe /I{180C8888-50F1-426B-A9DC-AB83A1989C65}

Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}

Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}

Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}

Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}

Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}

Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}

Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}

Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}

Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}

Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}

Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}

Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}

======System event log======

Computer Name: Kenny-KennyH-PC

Event Code: 9

Message: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Record Number: 144657

Source Name: iaStor

Time Written: 20111105234141.217814-000

Event Type: Error

User:

Computer Name: Kenny-KennyH-PC

Event Code: 51

Message: An error was detected on device \Device\Harddisk0\DR0 during a paging operation.

Record Number: 144656

Source Name: Disk

Time Written: 20111105234141.217814-000

Event Type: Warning

User:

Computer Name: Kenny-KennyH-PC

Event Code: 4001

Message: WLAN AutoConfig service has successfully stopped.

Record Number: 144396

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20111104001358.779760-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Kenny-KennyH-PC

Event Code: 10002

Message: WLAN Extensibility Module has stopped.

Module Path: C:\windows\System32\IWMSSvc.dll

Record Number: 144395

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20111104001358.374159-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Kenny-KennyH-PC

Event Code: 1073

Message: The attempt by user Kenny-KennyH-PC\Kenny to restart/shutdown computer KENNY-KENNYH-PC failed

Record Number: 144350

Source Name: USER32

Time Written: 20111104001211.000000-000

Event Type: Warning

User: Kenny-KennyH-PC\Kenny

=====Application event log=====

Computer Name: Kenny-KennyH-PC

Event Code: 0

Message: Skipping empty element [tsu:setup_args]

Record Number: 122159

Source Name: TOSHIBA Service Station

Time Written: 20110904212858.000000-000

Event Type: Warning

User:

Computer Name: Kenny-KennyH-PC

Event Code: 0

Message: Skipping empty element [tsu:setup_args]

Record Number: 122157

Source Name: TOSHIBA Service Station

Time Written: 20110904212858.000000-000

Event Type: Warning

User:

Computer Name: Kenny-KennyH-PC

Event Code: 0

Message: Skipping empty element [tsu:setup_args]

Record Number: 122155

Source Name: TOSHIBA Service Station

Time Written: 20110904212858.000000-000

Event Type: Warning

User:

Computer Name: Kenny-KennyH-PC

Event Code: 0

Message: Skipping empty element [tsu:setup_args]

Record Number: 122153

Source Name: TOSHIBA Service Station

Time Written: 20110904212853.000000-000

Event Type: Warning

User:

Computer Name: Kenny-KennyH-PC

Event Code: 0

Message: Skipping empty element [tsu:setup_args]

Record Number: 122152

Source Name: TOSHIBA Service Station

Time Written: 20110904212853.000000-000

Event Type: Warning

User:

=====Security event log=====

Computer Name: Kenny-KennyH-PC

Event Code: 5058

Message: Key file operation.

Subject:

Security ID: S-1-5-19

Account Name: LOCAL SERVICE

Account Domain: NT AUTHORITY

Logon ID: 0x3e5

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: Not Available.

Key Name: a9cae58c-0e5a-468b-b77a-86d538ff967c

Key Type: Machine key.

Key File Operation Information:

File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\690ebc4c503883b110318da8949b1a47_caa69436-ec2d-4298-9e6c-35df3eb5688e

Operation: Read persisted key from file.

Return Code: 0x0

Record Number: 5152

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100916191659.397333-000

Event Type: Audit Success

User:

Computer Name: Kenny-KennyH-PC

Event Code: 5061

Message: Cryptographic operation.

Subject:

Security ID: S-1-5-18

Account Name: KENNY-KENNYH-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: RSA

Key Name: {72136A6A-A52D-45E9-925B-C4E174793BF1}

Key Type: Machine key.

Cryptographic Operation:

Operation: Open Key.

Return Code: 0x0

Record Number: 5151

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100916191658.507282-000

Event Type: Audit Success

User:

Computer Name: Kenny-KennyH-PC

Event Code: 5058

Message: Key file operation.

Subject:

Security ID: S-1-5-18

Account Name: KENNY-KENNYH-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: Not Available.

Key Name: {72136A6A-A52D-45E9-925B-C4E174793BF1}

Key Type: Machine key.

Key File Operation Information:

File Path: C:\ProgramData\Microsoft\Crypto\Keys\6c8d27dd245d5720b8619cc42363ad7f_caa69436-ec2d-4298-9e6c-35df3eb5688e

Operation: Read persisted key from file.

Return Code: 0x0

Record Number: 5150

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100916191658.506282-000

Event Type: Audit Success

User:

Computer Name: Kenny-KennyH-PC

Event Code: 5061

Message: Cryptographic operation.

Subject:

Security ID: S-1-5-18

Account Name: KENNY-KENNYH-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: RSA

Key Name: {72136A6A-A52D-45E9-925B-C4E174793BF1}

Key Type: Machine key.

Cryptographic Operation:

Operation: Open Key.

Return Code: 0x0

Record Number: 5149

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100916191640.554255-000

Event Type: Audit Success

User:

Computer Name: Kenny-KennyH-PC

Event Code: 5058

Message: Key file operation.

Subject:

Security ID: S-1-5-18

Account Name: KENNY-KENNYH-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: Not Available.

Key Name: {72136A6A-A52D-45E9-925B-C4E174793BF1}

Key Type: Machine key.

Key File Operation Information:

File Path: C:\ProgramData\Microsoft\Crypto\Keys\6c8d27dd245d5720b8619cc42363ad7f_caa69436-ec2d-4298-9e6c-35df3eb5688e

Operation: Read persisted key from file.

Return Code: 0x0

Record Number: 5148

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100916191640.553255-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Windows Live\Shared

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=4

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 37 Stepping 2, GenuineIntel

"PROCESSOR_REVISION"=2502

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

QuickScan 32-bit v0.9.9.114

---------------------------

Scan date: Thu Apr 05 16:18:00 2012

Machine ID: CC7DC51F

No infection found.

-------------------

Processes

---------

2007 Microsoft Office system 3464 C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

Google Chrome 488 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe

Google Chrome 1540 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe

Google Chrome 4008 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe

Google Chrome 4336 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe

Google Chrome 4964 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe

Microsoft Office OneNote 3256 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

Overwolf 3236 C:\Program Files (x86)\Overwolf\Overwolf.exe

Network activity

----------------

Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.45.105

Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.65.120

Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.65.120

Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.45.105

Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.45.105

Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.45.105

Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.45.105

Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.45.105

Process chrome.exe (4964) connected on port 443 (HTTP over SSL) --> 74.125.47.95

Process chrome.exe (4964) connected on port 443 (HTTP over SSL) --> 74.125.45.105

Process chrome.exe (4964) connected on port 80 (HTTP) --> 188.165.220.204

Process chrome.exe (4964) connected on port 80 (HTTP) --> 188.165.220.204

Process chrome.exe (4964) connected on port 80 (HTTP) --> 188.165.220.204

Process chrome.exe (4964) connected on port 80 (HTTP) --> 66.235.142.20

Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.65.102

Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.65.102

Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.65.102

Process chrome.exe (4964) connected on port 80 (HTTP) --> 74.125.65.102

Process chrome.exe (4964) connected on port 80 (HTTP) --> 23.13.159.139

Process chrome.exe (4964) connected on port 80 (HTTP) --> 23.13.159.139

Process chrome.exe (4964) connected on port 80 (HTTP) --> 23.13.159.139

Process chrome.exe (4964) connected on port 80 (HTTP) --> 23.15.7.107

Process chrome.exe (4964) connected on port 80 (HTTP) --> 23.15.7.107

Process chrome.exe (4964) connected on port 80 (HTTP) --> 23.15.7.107

Process chrome.exe (4964) connected on port 443 (HTTP over SSL) --> 74.125.159.138

Process chrome.exe (4964) connected on port 443 (HTTP over SSL) --> 74.125.45.132

Process chrome.exe (4964) connected on port 443 (HTTP over SSL) --> 74.125.65.120

Autoruns and critical files

---------------------------

HWSetup C:\Program Files\TOSHIBA\Utilities\HWSetup.exe

Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

KeNotify Application C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

Microsoft Office OneNote C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

Overwolf C:\Program Files (x86)\Overwolf\Overwolf.exe

SVPWUTIL Application C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe

TOSHIBA Service Station C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

TOSHIBA Sleep C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

TOSHIBA Web Camera Application C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

Windows Live Messenger C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

(verified) Google Update C:\Users\Kenny\AppData\Local\Google\Update\GoogleUpdate.exe

(verified) Microsoft® Windows® Operating System C:\windows\system32\userinit.exe

Browser plugins

---------------

AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll

Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

Bitdefender QuickScan C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.114_0\npqscan.dll

Google Update C:\Users\Kenny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll

Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Nexon Game Controller C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

Pando Web Plugin C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

TOSHIBA Media Controller Plug-in c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll

Windows Live Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll

(verified) Java Platform SE 6 U17 c:\program files (x86)\java\jre6\bin\jp2ssv.dll

(verified) Microsoft® Windows® Operating System C:\windows\system32\mswsock.dll

(verified) Microsoft® Windows® Operating System C:\windows\system32\napinsp.dll

(verified) Microsoft® Windows® Operating System C:\windows\system32\NLAapi.dll

(verified) Microsoft® Windows® Operating System C:\windows\system32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\windows\System32\winrnr.dll

Scan

----

MD5: 8082f66dc9c8167ff1aa548736f58457 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

MD5: 8a3ba48b5be893e1d81bfac17a3c1b1f c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll

MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: 62b7936f9036dd6ed36e6a7efa805dc0 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

MD5: 734c259da0087d93ae56cd5cb89c7f38 C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\msxml5.dll

MD5: 4c5d603a632023bfdb8edd4436882abf C:\Program Files (x86)\Common Files\Microsoft Shared\office12\1033\MSOINTL.DLL

MD5: 4a68ea31ff624a927e6d3b63fb695cfd C:\Program Files (x86)\Common Files\Microsoft Shared\office12\mso.dll

MD5: c7d010bd8bcef2eb3fca8f7cd3c08d9f C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSORES.DLL

MD5: 8fa9a16022a664f536b616130b2ea866 C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

MD5: 785f487a64950f3cb8e9f16253ba3b7b C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

MD5: a6a67a00b0060b31119aa234067ee3ee C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL

MD5: 1a8b4857f2caaed89e16b1ed1f24930d C:\Program Files (x86)\Common Files\Microsoft Shared\office12\riched20.dll

MD5: c2b290ce6b81520b96377e890f4c021c C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\1033\MSGR3EN.DLL

MD5: cf39a105cd553eed31e2255aff4c6742 c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll

MD5: 12b79422a23814429cda9e734c58f78f C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

MD5: 23de5b62b0445a6f874be633c95b483e C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

MD5: cc3775100aba633984f73dfae1f55cae C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

MD5: 1843e81fa7acfff4344a7dd4328d7da0 C:\Program Files (x86)\Microsoft Office\Office12\1033\ONINTL.DLL

MD5: bef1ead605cf791fdbb48add71075509 C:\Program Files (x86)\Microsoft Office\Office12\1033\wwintl.dll

MD5: 7e28af47dd4e878271abcae01071fa07 C:\Program Files (x86)\Microsoft Office\Office12\MSOHEV.DLL

MD5: da79517783552b80229705d9720b8e8d C:\Program Files (x86)\Microsoft Office\Office12\msproof6.dll

MD5: 3a9fba6005bc10ef8d1e61b9fe589505 C:\Program Files (x86)\Microsoft Office\OFFICE12\NLSDATA0009.DLL

MD5: 1a514ca70e5faf1cec2f51cdab1367a7 C:\Program Files (x86)\Microsoft Office\OFFICE12\NLSLEXICONS0009_SP.dll

MD5: 707f023159b541ead5dd6adb2e605443 C:\Program Files (x86)\Microsoft Office\OFFICE12\NLSMODELS0009.dll

MD5: d78bc832da33bb0835c95cd338bb7f2a C:\Program Files (x86)\Microsoft Office\Office12\oart.dll

MD5: 2db55b5ed8e8cd26597fda3455535b4b C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

MD5: 2d614df8a91cdc00d1ae9cf65ce39d1a C:\Program Files (x86)\Microsoft Office\Office12\wwlib.dll

MD5: ed327201724ea05d509b7939abe49e98 c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

MD5: b786acfd9bac6c609fa03ba2597437a5 C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe

MD5: e2c404705258d427d156a492309ef72d C:\Program Files (x86)\Overwolf\BrowserWindow.dll

MD5: 479896bed454cb1a0c3a881d40112a98 C:\Program Files (x86)\Overwolf\CoreAudioApi.dll

MD5: 0b96d75b2b239c8b0e2fc91b0c0555e8 C:\Program Files (x86)\Overwolf\Google.GData.Client.dll

MD5: 27a9276b07328044d15b539be889cef6 C:\Program Files (x86)\Overwolf\Google.GData.YouTube.dll

MD5: b8a324763720f50e5c4ac7be26e43c1a C:\Program Files (x86)\Overwolf\Interop.SKYPE4COMLib.dll

MD5: 1bf23162a417543352549e8c3848c45b C:\Program Files (x86)\Overwolf\Microsoft.Expression.Interactions.dll

MD5: a393950861d758b4c7e50b4f80312f1d C:\Program Files (x86)\Overwolf\Newtonsoft.Json.2.dll

MD5: e615801946b5e35d5dc71dc4a105f5f9 C:\Program Files (x86)\Overwolf\OverWolf.BL.Interfaces.dll

MD5: ec75b5226949cb2ea5d0465d40c40250 C:\Program Files (x86)\Overwolf\OverWolf.Client.BL.dll

MD5: b1f5f6002b2f2e6725996c0ba3595d5f C:\Program Files (x86)\Overwolf\OverWolf.Client.CommonUtils.dll

MD5: 219dd7a07ccc1312b1836c057eb176f9 C:\Program Files (x86)\Overwolf\OverWolf.Client.Core.dll

MD5: 4fb15d7a43d7057ae764b70830ded8a2 C:\Program Files (x86)\Overwolf\Overwolf.exe

MD5: 306cc79219c396d962778d8ca0e75187 C:\Program Files (x86)\Overwolf\OverWolf.Kernel32.dll

MD5: 7932220bd60cf5b6776ca7c6d350f18a C:\Program Files (x86)\Overwolf\OWAgent.dll

MD5: ae98c146f6eff39a4dd8f9b6731dc832 C:\Program Files (x86)\Overwolf\OWExplorer-10515.dll

MD5: e2e24ca3c4ad2679a19611159b9daf6a C:\Program Files (x86)\Overwolf\OWInjector.dll

MD5: 7619f1421f56d2caa5ebe7cf1b048b30 C:\Program Files (x86)\Overwolf\OWLog.dll

MD5: c03d33ae0f0782c0a0eb5c20da8d0d91 C:\Program Files (x86)\Overwolf\OWServer.dll

MD5: e10755a9bfb92301211b6e752612a55a C:\Program Files (x86)\Overwolf\OWService.dll

MD5: fb0a62dbdf98a5466105d19b199c83bf C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL

MD5: 4b72356476a3515c94f5835e1cbfc5e2 C:\Program Files (x86)\Overwolf\SteamKit2.dll

MD5: cbffaadd66f2c417b1a5d652fd53d7d0 C:\Program Files (x86)\Overwolf\System.Windows.Interactivity.dll

MD5: 195ed09e0b4f3b09ea4a3b67a0d3f396 C:\Program Files (x86)\Overwolf\WPFToolkit.dll

MD5: 4a9325c8c85f54cb32f8954542d6b85a C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

MD5: acc93675d78d1c07dad09d7837f2397a C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe

MD5: 816e03e300f49ae7882990da96ab0db7 c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll

MD5: 28644b0523d64eff2fc7312a2ee74b0a C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

MD5: 541b822882607023e75ffec0c8f90faf C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

MD5: cebd440b6f812a00b2391ccd71e82958 C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

MD5: f7e0783da9043bc131bb37c77edb04df C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

MD5: 15e7db66d11cc100dc96c6ee8d97f520 C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

MD5: db04e6cbfcb38a8e224239ce2185d9e6 C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe

MD5: 3a8e5a6763024d6a15a85069ba82f2d1 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

MD5: 0a1ff0b674e2f268799442a434a63bb3 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

MD5: afb5b500ad69e24ed1bc15d1161641ef C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

MD5: 2bacd71123f42cea603f4e205e1ae337 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

MD5: a94eebd860ad00a0bfe91c0fd3f5feb1 C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

MD5: 98c864481d62f86ec8af65be3419a95b C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

MD5: 2ab7a4697462edb0c9dfafc529746ba9 C:\Program Files\TOSHIBA\TECO\TecoService.exe

MD5: 74c2fa8c3765ee71a9c22182ec108457 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

MD5: 97687d094aa597da366e1194b218cc6c C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

MD5: 8107e3a186c034ddeb14718d71332714 C:\Program Files\TOSHIBA\Utilities\HWSetup.exe

MD5: 6d657abadf217dbb17cf0a0af44a7e29 C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

MD5: 12773d985d4fed10502f6ab6f2642b7d C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\avcodec-53.dll

MD5: 51a8f2c8fd6453bb9db47b1a71e1a28b C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\avformat-53.dll

MD5: 2cfe63120c8767e5a457bb7c428958dc C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\avutil-51.dll

MD5: 84472a86902852f325e7fd1d92c4dced C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\chrome.dll

MD5: 7bc68e1c9119d025a33a5dd7c9f767c6 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\icudt.dll

MD5: 619e1d4b9704e375c1ba8d9a382571e6 C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll

MD5: 2c3d919fb4fedab39ea513ef2a26523f C:\Users\Kenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll

MD5: 888a8af571c0f56d5b103b0976c6603e C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe

MD5: 1570f1e976e042c833f736e3cfe03d96 C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.114_0\npqscan.dll

MD5: 1e6b52abdf4082374de9d43cbd2f7e08 C:\Users\Kenny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

MD5: 87deeeb4a04306c3464c409027a47306 C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll

MD5: 1ac64677a107a58e7a3788919ebddb3a C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\b669ed26c27a26dbe32110e21034faa7\PresentationCFFRasterizer.ni.dll

MD5: 38ef721ebbb08b03a017911d854e1bf7 C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c0508b05f5c28e37711f447a66368e75\PresentationCore.ni.dll

MD5: 648402b555d54106261f31f66a4545a6 C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll

MD5: 229b4d74d4b0252f330dbb34d945b09e C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8435718626a24beaeefc98d45ae77127\PresentationFramework.ni.dll

MD5: 6d070b55c42a755f24862368a6f9a8b0 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll

MD5: 9543240f2450cd5a810fc640d0c4c4a9 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\a25e06e527720656434230d3ee420427\System.Core.ni.dll

MD5: a3095a87a2bd98a8da5e9ce98cbe140f C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll

MD5: 412f741fea459914a6e3829afd4a0597 C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5ca17001998a75ca774d2b80eead5579\System.ServiceProcess.ni.dll

MD5: 7ac8a068501152ea3dd89925949038c8 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll

MD5: 51e30cdab30d7ef61a8507c07d68d446 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll

MD5: 90cc658956b6f4b0be28ef321bbe9e32 C:\windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll

MD5: 8f9bb18fd145851952e6b4fa4787038a C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll

MD5: 70db11ef999dc26640839dd64ef06e48 C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a0cec0099a537e10af5be76457a27db1\WindowsFormsIntegration.ni.dll

MD5: 47c071994c3f649f23d9cd075ac9304a C:\windows\ehome\ehRecvr.exe

MD5: 0862495e0c825893db75ef44faea8e93 C:\windows\Explorer.exe

MD5: af2d82d297609df60469bfae48645762 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

MD5: 44a38da547fbfeb2f2b3d480728805de C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll

MD5: 5f3bdb02d64443efca7dd9248619c962 C:\windows\system32\api-ms-win-core-console-l1-1-0.dll

MD5: 225e83f591113adec764afba0ab12593 C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

MD5: cb44e805bb7c0c9bc3b8a66a59bb300a C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

MD5: 0a58da99321d95944e796541a716cbf5 C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

MD5: ea93d50a341350321c96208f651408d0 C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

MD5: 61490bbf4d7c399bd42af6b63960fb92 C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

MD5: 267aff1ea665dbe422276601989efff3 C:\windows\system32\api-ms-win-core-file-l1-1-0.dll

MD5: 792fc8e77dc71a5f095c32d3a5c78ea1 C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

MD5: 84cb9832f03a6aa1929636f5d9e7e298 C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

MD5: 3927fdfe073338428a24160e427e87a3 C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

MD5: 56b798396b5ad9fb064528b638a6008f C:\windows\system32\api-ms-win-core-io-l1-1-0.dll

MD5: 77895ba5c5cdcfef66419a03b6a4cdad C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

MD5: 88955bce0a301ca342562be24415d9cc C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

MD5: 308823c5a58a4022fedd8f4db3f99a25 C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

MD5: 75959d7e5ef8fd7e7e17f40f63f3cc66 C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

MD5: 2ff5b43393e8f2c46135ac33e842b076 C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

MD5: a5750894aefe1d57cf8c460ea4065748 C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

MD5: b3758364d42bbdba18383f010fb7cfcd C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

MD5: 20f76c488929b6288733888bffe62f65 C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

MD5: 11e5a68a159bf13bcf0538bec894e0ce C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

MD5: 5cccf830959345f0b8bcc2a0dfac11b5 C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5: daef44b6ff4aec4533bab3761310d4a5 C:\windows\system32\api-ms-win-core-string-l1-1-0.dll

MD5: 62ad339f7420b022509edac1d9fd7ba1 C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

MD5: c13d2932297d3597fea7b6902efc117d C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

MD5: cdc1f7b46fc7b0b8c88df0cfbda2eb2c C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

MD5: 69ac43aae61eec7625726b377ccaaa13 C:\windows\system32\api-ms-win-core-util-l1-1-0.dll

MD5: 5710b9bd7a3e4f716402b8119004eb48 C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

MD5: a2903ece1d115fea38bb07e01c122b5e C:\windows\system32\api-ms-win-security-base-l1-1-0.dll

MD5: 7fb5696ebcb8131ad2e2defe5f19c4b5 C:\windows\system32\DavClnt.DLL

MD5: 11cdf138552bfec115b60ed6dc3aceb6 C:\windows\system32\DEVRTL.dll

MD5: 62390f4ace9e2b63e3ca26b7f7497897 C:\windows\system32\dnsapi.DLL

MD5: 2af58d15edc06ec6fdacce1f19482bbf C:\windows\system32\explorer.exe

MD5: 8898c95862d03d16b2a06db4db6bb6b2 C:\windows\system32\explorerframe.dll

MD5: 45fb05f743e626d9e239e52602cea041 C:\windows\system32\msctfui.dll

MD5: 32e390954b2c6b1583a969ed0e7c8a9d C:\windows\system32\MSVCP100.dll

MD5: 2b92a88e329f4845d31941967a3baa90 C:\windows\system32\MSVCR100.dll

MD5: 9141fe8d904ce682a3bdcfae96bb04ef C:\windows\system32\ntshrui.dll

MD5: 4d59a5b6ef0af6f9fdf3d157534380af C:\windows\system32\OLEACC.dll

MD5: b031b98299d52a06ecb8202ef3c79860 C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

MD5: 71402c7923f6b7f8acb48e50f35463e7 C:\windows\system32\SearchIndexer.exe

MD5: b4c246937bdb3e50b24698ee811074bf C:\windows\system32\Secur32.dll

MD5: 6d9b75275c3e3a5f51aef81affadb2b6 C:\windows\System32\wcncsvc.dll

MD5: bb5ec38f8d4600119b4720bc5d4211f1 C:\windows\System32\webclnt.dll

MD5: a86a1c5df1c662d1c75815bf4794f16d C:\windows\system32\webio.dll

MD5: cc9bbcfc715fbedf7ae476106fe653e9 C:\windows\system32\winhttp.dll

MD5: e702ed19c332c1f12c1403d100e2f4f3 C:\windows\syswow64\CFGMGR32.dll

MD5: 6c9c05d5344b9ab80e9180fc859bc45a C:\windows\syswow64\DEVOBJ.dll

MD5: 40ff3f0a670af600c340f951ce54c916 C:\Windows\SysWOW64\ieframe.dll

MD5: cdbb1c179ad891b373bffa307b07c78a C:\windows\syswow64\iertutil.dll

MD5: 4ea99f1644627b1ebad99d0b93cdee1c C:\windows\syswow64\kernel32.dll

MD5: 2bf12696f4ac8afcfc06ead6f8d2db4c C:\windows\syswow64\KERNELBASE.dll

MD5: f8a61b2e713309b4616d107919bdab6e C:\windows\syswow64\msvcrt.dll

MD5: db6dd54a93522ca3572d04b56c5db890 C:\windows\SysWOW64\ntdll.dll

MD5: e2c2d8c982316c8abf800c6ce3f28fab C:\windows\syswow64\ole32.dll

MD5: 4d59a5b6ef0af6f9fdf3d157534380af C:\Windows\SysWOW64\OLEACC.dll

MD5: 705c210efc5564be49eb026bd7aff27a C:\windows\syswow64\OLEAUT32.dll

MD5: 11535b22cfcc1f4d16c8d11289682ba3 C:\windows\syswow64\SHELL32.dll

MD5: 44a6fbe9877ca69bd8b3b16c0a20fe1e C:\windows\syswow64\SspiCli.dll

MD5: e748da08bd88c515cf047f1ac8d1a643 C:\windows\syswow64\urlmon.dll

MD5: 653109c31f7f190072c9e4df31154225 C:\windows\syswow64\wininet.dll

MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll

MD5: c9564cf4976e7e96b4052737aa2492b4 C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll

MD5: d34a527493f39af4491b3e909dc697ca C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll

MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll

MD5: cdbe9690cf2b8409facad94fac9479c9 C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll

MD5: d3ead1cf16ba729a7f7c9a5d94aa7c05 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\COMCTL32.dll

MD5: 4b8dd8541c0e26602005dd0137333615 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\COMCTL32.dll

No file uploaded.

Scan finished - communication took 1 sec

Total traffic - 0.01 MB sent, 0.49 KB recvd

Scanned 331 files and modules - 18 seconds

==============================================================================

Share this post


Link to post
Share on other sites

I hope that is everything you may need. If not please let me know what else I can do. This trojan just keeps popping back up and ill do anything to get rid of it.

Share this post


Link to post
Share on other sites

Hello Kenny,

These steps are for kennyh88 only. If you are a casual viewer, do NOT try this on your system!

If you are not kennyh88 and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

You will want to print out or copy these instructions to Notepad for Safe offline reference!

Step 1

I want to set 2 programs so that they do not auto-start with Windows each time it starts. To simplify things a little. GoogleUpdate & Overwolf.

Download OTL by OldTimer to your Desktop: http://oldtimer.geekstogo.com/OTL.exe

This next process will involve a Reboot/retsart. Allow it. Close and save any open documents you have open!

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    recycler /alldrives
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"=-
    "Overwolf"=-
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a QUICK Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

I need copy of MBAM scan log in next reply.

Step 3

Download and SAVE HijackThis

Save the HJT to your Desktop or the folder of your choice, then navigate to that folder and RIGHT-click Hijackthis.exe and select Run As Administrator to start it.

Do a "Scan and Save log".

I need a copy of the Hijackthis log in next reply.

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Download aswMBR.exe ( 511KB ) to your desktop.
RIGHT click on aswMBR.exe and select Run As Administrator to start.
change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply
Step 6
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 7

Reply with copy of the OTL MovedFiles log,

MBAM scan log

Hijackthis log

Checkup.txt

aswMBR log

TDSSKILLER log

There will be more to do later.

Share this post


Link to post
Share on other sites

All processes killed

========== PROCESSES ==========

========== FILES ==========

recycler not found in C:\

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Google Update not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Overwolf not found.

========== COMMANDS ==========

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56475 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Kenny

->Temp folder emptied: 10349180 bytes

->Temporary Internet Files folder emptied: 10377621 bytes

->Java cache emptied: 16883176 bytes

->Google Chrome cache emptied: 32362253 bytes

->Flash cache emptied: 2829524 bytes

User: postgres

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 162199165 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 224.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Kenny

->Flash cache emptied: 0 bytes

User: postgres

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 04052012_185453

Files\Folders moved on Reboot...

C:\Users\Kenny\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.05.11

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Kenny :: KENNY-KENNYH-PC [administrator]

Protection: Enabled

4/5/2012 6:59:40 PM

mbam-log-2012-04-05 (18-59-40).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 211298

Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:06:01 PM, on 4/5/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16930)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Overwolf\Overwolf.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\SysWOW64\rundll32.exe

C:\Users\Kenny\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Kenny\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: ÿþ127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\Kenny\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-2395527409-1931721546-4083511208-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')

O4 - HKUS\S-1-5-21-2395527409-1931721546-4083511208-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')

O4 - S-1-5-21-2395527409-1931721546-4083511208-1003 User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'postgres')

O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_cyri_4.1.71.0.cab

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe

O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 11429 bytes

Share this post


Link to post
Share on other sites

The fix option was not available.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-05 19:11:57

-----------------------------

19:11:57.514 OS Version: Windows x64 6.1.7600

19:11:57.514 Number of processors: 4 586 0x2502

19:11:57.514 ComputerName: KENNY-KENNYH-PC UserName: Kenny

19:11:58.980 Initialize success

19:12:03.021 AVAST engine defs: 12040501

19:12:06.141 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

19:12:06.156 Disk 0 Vendor: ST950042 0001 Size: 476940MB BusType: 3

19:12:06.187 Disk 0 MBR read successfully

19:12:06.187 Disk 0 MBR scan

19:12:06.187 Disk 0 Windows VISTA default MBR code

19:12:06.203 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048

19:12:06.203 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464558 MB offset 3074048

19:12:06.250 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10881 MB offset 954488832

19:12:06.297 Disk 0 scanning C:\windows\system32\drivers

19:12:15.313 Service scanning

19:12:31.491 Modules scanning

19:12:31.491 Scan finished successfully

19:12:43.549 Disk 0 MBR has been saved successfully to "C:\Users\Kenny\Documents\MBR.dat"

19:12:43.549 The log file has been saved successfully to "C:\Users\Kenny\Documents\mbr save.txt"

19:13:17.0307 3096 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02

19:13:17.0604 3096 ============================================================

19:13:17.0604 3096 Current date / time: 2012/04/05 19:13:17.0604

19:13:17.0604 3096 SystemInfo:

19:13:17.0604 3096

19:13:17.0604 3096 OS Version: 6.1.7600 ServicePack: 0.0

19:13:17.0604 3096 Product type: Workstation

19:13:17.0604 3096 ComputerName: KENNY-KENNYH-PC

19:13:17.0604 3096 UserName: Kenny

19:13:17.0604 3096 Windows directory: C:\windows

19:13:17.0604 3096 System windows directory: C:\windows

19:13:17.0604 3096 Running under WOW64

19:13:17.0604 3096 Processor architecture: Intel x64

19:13:17.0604 3096 Number of processors: 4

19:13:17.0604 3096 Page size: 0x1000

19:13:17.0604 3096 Boot type: Normal boot

19:13:17.0604 3096 ============================================================

19:13:18.0119 3096 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:13:18.0134 3096 \Device\Harddisk0\DR0:

19:13:18.0134 3096 MBR used

19:13:18.0134 3096 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38B57000

19:13:18.0165 3096 Initialize success

19:13:18.0165 3096 ============================================================

19:13:40.0255 4844 ============================================================

19:13:40.0255 4844 Scan started

19:13:40.0255 4844 Mode: Manual;

19:13:40.0255 4844 ============================================================

19:13:40.0770 4844 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys

19:13:40.0785 4844 1394ohci - ok

19:13:40.0801 4844 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys

19:13:40.0817 4844 ACPI - ok

19:13:40.0848 4844 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys

19:13:40.0848 4844 acpials - ok

19:13:40.0879 4844 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys

19:13:40.0879 4844 AcpiPmi - ok

19:13:40.0973 4844 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

19:13:40.0973 4844 AdobeARMservice - ok

19:13:41.0004 4844 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

19:13:41.0004 4844 adp94xx - ok

19:13:41.0035 4844 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

19:13:41.0035 4844 adpahci - ok

19:13:41.0066 4844 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

19:13:41.0066 4844 adpu320 - ok

19:13:41.0097 4844 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

19:13:41.0097 4844 AeLookupSvc - ok

19:13:41.0144 4844 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys

19:13:41.0144 4844 AFD - ok

19:13:41.0160 4844 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys

19:13:41.0160 4844 agp440 - ok

19:13:41.0207 4844 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

19:13:41.0207 4844 ALG - ok

19:13:41.0238 4844 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys

19:13:41.0238 4844 aliide - ok

19:13:41.0269 4844 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys

19:13:41.0269 4844 amdide - ok

19:13:41.0300 4844 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

19:13:41.0300 4844 AmdK8 - ok

19:13:41.0316 4844 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

19:13:41.0331 4844 AmdPPM - ok

19:13:41.0363 4844 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys

19:13:41.0363 4844 amdsata - ok

19:13:41.0394 4844 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

19:13:41.0409 4844 amdsbs - ok

19:13:41.0425 4844 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys

19:13:41.0425 4844 amdxata - ok

19:13:41.0456 4844 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys

19:13:41.0456 4844 AppID - ok

19:13:41.0503 4844 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

19:13:41.0503 4844 AppIDSvc - ok

19:13:41.0519 4844 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll

19:13:41.0519 4844 Appinfo - ok

19:13:41.0534 4844 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

19:13:41.0534 4844 arc - ok

19:13:41.0550 4844 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

19:13:41.0550 4844 arcsas - ok

19:13:41.0597 4844 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

19:13:41.0597 4844 AsyncMac - ok

19:13:41.0628 4844 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys

19:13:41.0628 4844 atapi - ok

19:13:41.0675 4844 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll

19:13:41.0690 4844 AudioEndpointBuilder - ok

19:13:41.0706 4844 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll

19:13:41.0722 4844 AudioSrv - ok

19:13:41.0753 4844 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll

19:13:41.0753 4844 AxInstSV - ok

19:13:41.0784 4844 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

19:13:41.0784 4844 b06bdrv - ok

19:13:41.0815 4844 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

19:13:41.0815 4844 b57nd60a - ok

19:13:41.0846 4844 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

19:13:41.0846 4844 BDESVC - ok

19:13:41.0878 4844 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

19:13:41.0878 4844 Beep - ok

19:13:41.0924 4844 BFE (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll

19:13:41.0940 4844 BFE - ok

19:13:41.0987 4844 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\System32\qmgr.dll

19:13:42.0018 4844 BITS - ok

19:13:42.0034 4844 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

19:13:42.0034 4844 blbdrive - ok

19:13:42.0065 4844 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys

19:13:42.0065 4844 bowser - ok

19:13:42.0096 4844 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

19:13:42.0096 4844 BrFiltLo - ok

19:13:42.0112 4844 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

19:13:42.0112 4844 BrFiltUp - ok

19:13:42.0143 4844 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll

19:13:42.0143 4844 Browser - ok

19:13:42.0174 4844 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

19:13:42.0174 4844 Brserid - ok

19:13:42.0205 4844 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

19:13:42.0205 4844 BrSerWdm - ok

19:13:42.0221 4844 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

19:13:42.0221 4844 BrUsbMdm - ok

19:13:42.0236 4844 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

19:13:42.0236 4844 BrUsbSer - ok

19:13:42.0268 4844 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

19:13:42.0268 4844 BTHMODEM - ok

19:13:42.0299 4844 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

19:13:42.0314 4844 bthserv - ok

19:13:42.0346 4844 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\windows\system32\drivers\BVRPMPR5a64.SYS

19:13:42.0346 4844 BVRPMPR5a64 - ok

19:13:42.0377 4844 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

19:13:42.0377 4844 cdfs - ok

19:13:42.0408 4844 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys

19:13:42.0408 4844 cdrom - ok

19:13:42.0455 4844 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll

19:13:42.0455 4844 CertPropSvc - ok

19:13:42.0470 4844 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

19:13:42.0470 4844 circlass - ok

19:13:42.0502 4844 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

19:13:42.0502 4844 CLFS - ok

19:13:42.0564 4844 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:13:42.0564 4844 clr_optimization_v2.0.50727_32 - ok

19:13:42.0611 4844 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:13:42.0611 4844 clr_optimization_v2.0.50727_64 - ok

19:13:42.0658 4844 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:13:42.0658 4844 clr_optimization_v4.0.30319_32 - ok

19:13:42.0704 4844 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:13:42.0704 4844 clr_optimization_v4.0.30319_64 - ok

19:13:42.0767 4844 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

19:13:42.0767 4844 CmBatt - ok

19:13:42.0798 4844 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys

19:13:42.0798 4844 cmdide - ok

19:13:42.0829 4844 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys

19:13:42.0845 4844 CNG - ok

19:13:42.0860 4844 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

19:13:42.0860 4844 Compbatt - ok

19:13:42.0876 4844 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys

19:13:42.0892 4844 CompositeBus - ok

19:13:42.0907 4844 COMSysApp - ok

19:13:42.0938 4844 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

19:13:42.0938 4844 crcdisk - ok

19:13:42.0970 4844 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\windows\system32\cryptsvc.dll

19:13:42.0970 4844 CryptSvc - ok

19:13:43.0016 4844 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll

19:13:43.0016 4844 DcomLaunch - ok

19:13:43.0048 4844 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

19:13:43.0048 4844 defragsvc - ok

19:13:43.0079 4844 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys

19:13:43.0079 4844 DfsC - ok

19:13:43.0110 4844 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll

19:13:43.0126 4844 Dhcp - ok

19:13:43.0126 4844 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

19:13:43.0141 4844 discache - ok

19:13:43.0172 4844 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

19:13:43.0172 4844 Disk - ok

19:13:43.0219 4844 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll

19:13:43.0219 4844 Dnscache - ok

19:13:43.0266 4844 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll

19:13:43.0266 4844 dot3svc - ok

19:13:43.0313 4844 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll

19:13:43.0313 4844 DPS - ok

19:13:43.0344 4844 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

19:13:43.0344 4844 drmkaud - ok

19:13:43.0391 4844 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\windows\System32\drivers\dxgkrnl.sys

19:13:43.0406 4844 DXGKrnl - ok

19:13:43.0438 4844 EagleX64 - ok

19:13:43.0469 4844 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

19:13:43.0469 4844 EapHost - ok

19:13:43.0547 4844 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

19:13:43.0609 4844 ebdrv - ok

19:13:43.0656 4844 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe

19:13:43.0656 4844 EFS - ok

19:13:43.0703 4844 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe

19:13:43.0718 4844 ehRecvr - ok

19:13:43.0734 4844 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

19:13:43.0750 4844 ehSched - ok

19:13:43.0781 4844 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

19:13:43.0781 4844 elxstor - ok

19:13:43.0812 4844 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys

19:13:43.0812 4844 ErrDev - ok

19:13:43.0843 4844 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

19:13:43.0859 4844 EventSystem - ok

19:13:43.0937 4844 EvtEng (7c1042cda4e7151e91f1e66a4d9118b0) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

19:13:43.0952 4844 EvtEng - ok

19:13:43.0999 4844 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

19:13:43.0999 4844 exfat - ok

19:13:44.0030 4844 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

19:13:44.0030 4844 fastfat - ok

19:13:44.0093 4844 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe

19:13:44.0108 4844 Fax - ok

19:13:44.0140 4844 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

19:13:44.0140 4844 fdc - ok

19:13:44.0171 4844 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

19:13:44.0171 4844 fdPHost - ok

19:13:44.0186 4844 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

19:13:44.0186 4844 FDResPub - ok

19:13:44.0202 4844 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

19:13:44.0202 4844 FileInfo - ok

19:13:44.0218 4844 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

19:13:44.0218 4844 Filetrace - ok

19:13:44.0249 4844 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

19:13:44.0249 4844 flpydisk - ok

19:13:44.0296 4844 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys

19:13:44.0296 4844 FltMgr - ok

19:13:44.0342 4844 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll

19:13:44.0374 4844 FontCache - ok

19:13:44.0420 4844 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:13:44.0420 4844 FontCache3.0.0.0 - ok

19:13:44.0436 4844 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

19:13:44.0436 4844 FsDepends - ok

19:13:44.0452 4844 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

19:13:44.0452 4844 Fs_Rec - ok

19:13:44.0498 4844 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys

19:13:44.0498 4844 fvevol - ok

19:13:44.0530 4844 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

19:13:44.0530 4844 gagp30kx - ok

19:13:44.0561 4844 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll

19:13:44.0576 4844 gpsvc - ok

19:13:44.0592 4844 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

19:13:44.0592 4844 hcw85cir - ok

19:13:44.0623 4844 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys

19:13:44.0639 4844 HdAudAddService - ok

19:13:44.0670 4844 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys

19:13:44.0670 4844 HDAudBus - ok

19:13:44.0701 4844 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys

19:13:44.0701 4844 HECIx64 - ok

19:13:44.0717 4844 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

19:13:44.0717 4844 HidBatt - ok

19:13:44.0748 4844 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

19:13:44.0748 4844 HidBth - ok

19:13:44.0779 4844 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

19:13:44.0779 4844 HidIr - ok

19:13:44.0795 4844 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll

19:13:44.0810 4844 hidserv - ok

19:13:44.0826 4844 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys

19:13:44.0842 4844 HidUsb - ok

19:13:44.0873 4844 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll

19:13:44.0873 4844 hkmsvc - ok

19:13:44.0904 4844 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll

19:13:44.0904 4844 HomeGroupListener - ok

19:13:44.0935 4844 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll

19:13:44.0935 4844 HomeGroupProvider - ok

19:13:44.0966 4844 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys

19:13:44.0966 4844 HpSAMD - ok

19:13:45.0013 4844 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys

19:13:45.0029 4844 HTTP - ok

19:13:45.0044 4844 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys

19:13:45.0044 4844 hwpolicy - ok

19:13:45.0076 4844 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

19:13:45.0091 4844 i8042prt - ok

19:13:45.0138 4844 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys

19:13:45.0138 4844 iaStor - ok

19:13:45.0169 4844 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys

19:13:45.0185 4844 iaStorV - ok

19:13:45.0232 4844 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:13:45.0247 4844 idsvc - ok

19:13:45.0450 4844 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\windows\system32\DRIVERS\igdkmd64.sys

19:13:45.0622 4844 igfx - ok

19:13:45.0668 4844 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

19:13:45.0668 4844 iirsp - ok

19:13:45.0715 4844 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll

19:13:45.0731 4844 IKEEXT - ok

19:13:45.0793 4844 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys

19:13:45.0793 4844 Impcd - ok

19:13:45.0871 4844 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\windows\system32\drivers\RTKVHD64.sys

19:13:45.0934 4844 IntcAzAudAddService - ok

19:13:45.0980 4844 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys

19:13:45.0980 4844 IntcDAud - ok

19:13:46.0012 4844 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys

19:13:46.0012 4844 intelide - ok

19:13:46.0043 4844 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

19:13:46.0043 4844 intelppm - ok

19:13:46.0074 4844 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

19:13:46.0074 4844 IPBusEnum - ok

19:13:46.0105 4844 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys

19:13:46.0105 4844 IpFilterDriver - ok

19:13:46.0136 4844 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll

19:13:46.0136 4844 iphlpsvc - ok

19:13:46.0168 4844 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys

19:13:46.0168 4844 IPMIDRV - ok

19:13:46.0183 4844 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

19:13:46.0183 4844 IPNAT - ok

19:13:46.0199 4844 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

19:13:46.0199 4844 IRENUM - ok

19:13:46.0214 4844 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys

19:13:46.0214 4844 isapnp - ok

19:13:46.0246 4844 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys

19:13:46.0261 4844 iScsiPrt - ok

19:13:46.0308 4844 JMCR (19496fe93696c929392f1595ed1f8bb3) C:\windows\system32\DRIVERS\jmcr.sys

19:13:46.0324 4844 JMCR - ok

19:13:46.0355 4844 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

19:13:46.0355 4844 kbdclass - ok

19:13:46.0386 4844 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys

19:13:46.0386 4844 kbdhid - ok

19:13:46.0417 4844 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe

19:13:46.0417 4844 KeyIso - ok

19:13:46.0448 4844 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\windows\system32\DRIVERS\KMWDFILTER.sys

19:13:46.0464 4844 KMWDFILTER - ok

19:13:46.0480 4844 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys

19:13:46.0495 4844 KSecDD - ok

19:13:46.0511 4844 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys

19:13:46.0511 4844 KSecPkg - ok

19:13:46.0542 4844 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

19:13:46.0542 4844 ksthunk - ok

19:13:46.0573 4844 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

19:13:46.0589 4844 KtmRm - ok

19:13:46.0636 4844 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\system32\srvsvc.dll

19:13:46.0636 4844 LanmanServer - ok

19:13:46.0682 4844 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll

19:13:46.0682 4844 LanmanWorkstation - ok

19:13:46.0714 4844 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

19:13:46.0714 4844 lltdio - ok

19:13:46.0745 4844 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

19:13:46.0760 4844 lltdsvc - ok

19:13:46.0776 4844 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

19:13:46.0776 4844 lmhosts - ok

19:13:46.0854 4844 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

19:13:46.0854 4844 LMS - ok

19:13:46.0901 4844 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys

19:13:46.0901 4844 LPCFilter - ok

19:13:46.0948 4844 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

19:13:46.0948 4844 LSI_FC - ok

19:13:46.0963 4844 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

19:13:46.0963 4844 LSI_SAS - ok

19:13:46.0994 4844 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

19:13:46.0994 4844 LSI_SAS2 - ok

19:13:47.0010 4844 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

19:13:47.0010 4844 LSI_SCSI - ok

19:13:47.0041 4844 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

19:13:47.0041 4844 luafv - ok

19:13:47.0088 4844 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys

19:13:47.0088 4844 MBAMProtector - ok

19:13:47.0166 4844 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

19:13:47.0166 4844 MBAMService - ok

19:13:47.0197 4844 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll

19:13:47.0197 4844 Mcx2Svc - ok

19:13:47.0228 4844 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

19:13:47.0228 4844 megasas - ok

19:13:47.0260 4844 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

19:13:47.0260 4844 MegaSR - ok

19:13:47.0291 4844 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

19:13:47.0291 4844 MMCSS - ok

19:13:47.0306 4844 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

19:13:47.0306 4844 Modem - ok

19:13:47.0338 4844 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

19:13:47.0338 4844 monitor - ok

19:13:47.0384 4844 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

19:13:47.0384 4844 mouclass - ok

19:13:47.0400 4844 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

19:13:47.0416 4844 mouhid - ok

19:13:47.0431 4844 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys

19:13:47.0431 4844 mountmgr - ok

19:13:47.0462 4844 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys

19:13:47.0462 4844 mpio - ok

19:13:47.0478 4844 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

19:13:47.0478 4844 mpsdrv - ok

19:13:47.0509 4844 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\windows\system32\mpssvc.dll

19:13:47.0540 4844 MpsSvc - ok

19:13:47.0556 4844 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys

19:13:47.0556 4844 MRxDAV - ok

19:13:47.0587 4844 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys

19:13:47.0587 4844 mrxsmb - ok

19:13:47.0618 4844 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys

19:13:47.0618 4844 mrxsmb10 - ok

19:13:47.0650 4844 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys

19:13:47.0650 4844 mrxsmb20 - ok

19:13:47.0665 4844 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys

19:13:47.0665 4844 msahci - ok

19:13:47.0696 4844 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys

19:13:47.0696 4844 msdsm - ok

19:13:47.0728 4844 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

19:13:47.0728 4844 MSDTC - ok

19:13:47.0774 4844 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

19:13:47.0774 4844 Msfs - ok

19:13:47.0790 4844 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

19:13:47.0790 4844 mshidkmdf - ok

19:13:47.0806 4844 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys

19:13:47.0821 4844 msisadrv - ok

19:13:47.0837 4844 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

19:13:47.0837 4844 MSiSCSI - ok

19:13:47.0852 4844 msiserver - ok

19:13:47.0884 4844 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

19:13:47.0884 4844 MSKSSRV - ok

19:13:47.0915 4844 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

19:13:47.0915 4844 MSPCLOCK - ok

19:13:47.0930 4844 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

19:13:47.0930 4844 MSPQM - ok

19:13:47.0946 4844 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys

19:13:47.0962 4844 MsRPC - ok

19:13:47.0977 4844 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

19:13:47.0977 4844 mssmbios - ok

19:13:48.0008 4844 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

19:13:48.0008 4844 MSTEE - ok

19:13:48.0024 4844 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

19:13:48.0024 4844 MTConfig - ok

19:13:48.0040 4844 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

19:13:48.0040 4844 Mup - ok

19:13:48.0118 4844 MyWiFiDHCPDNS (a94eebd860ad00a0bfe91c0fd3f5feb1) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

19:13:48.0118 4844 MyWiFiDHCPDNS - ok

19:13:48.0164 4844 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll

19:13:48.0164 4844 napagent - ok

19:13:48.0227 4844 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

19:13:48.0227 4844 NativeWifiP - ok

19:13:48.0274 4844 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys

19:13:48.0289 4844 NDIS - ok

19:13:48.0305 4844 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

19:13:48.0305 4844 NdisCap - ok

19:13:48.0352 4844 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

19:13:48.0352 4844 NdisTapi - ok

19:13:48.0383 4844 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys

19:13:48.0383 4844 Ndisuio - ok

19:13:48.0398 4844 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys

19:13:48.0398 4844 NdisWan - ok

19:13:48.0430 4844 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys

19:13:48.0430 4844 NDProxy - ok

19:13:48.0461 4844 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

19:13:48.0461 4844 NetBIOS - ok

19:13:48.0476 4844 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys

19:13:48.0476 4844 NetBT - ok

19:13:48.0508 4844 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe

19:13:48.0523 4844 Netlogon - ok

19:13:48.0554 4844 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

19:13:48.0570 4844 Netman - ok

19:13:48.0586 4844 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

19:13:48.0586 4844 netprofm - ok

19:13:48.0632 4844 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:13:48.0632 4844 NetTcpPortSharing - ok

19:13:48.0788 4844 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\windows\system32\DRIVERS\NETw5s64.sys

19:13:48.0913 4844 NETw5s64 - ok

19:13:48.0960 4844 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

19:13:48.0960 4844 nfrd960 - ok

19:13:48.0991 4844 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll

19:13:48.0991 4844 NlaSvc - ok

19:13:49.0022 4844 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

19:13:49.0022 4844 Npfs - ok

19:13:49.0054 4844 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

19:13:49.0054 4844 nsi - ok

19:13:49.0069 4844 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

19:13:49.0069 4844 nsiproxy - ok

19:13:49.0132 4844 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys

19:13:49.0163 4844 Ntfs - ok

19:13:49.0194 4844 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

19:13:49.0194 4844 Null - ok

19:13:49.0225 4844 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys

19:13:49.0225 4844 nvraid - ok

19:13:49.0256 4844 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys

19:13:49.0256 4844 nvstor - ok

19:13:49.0288 4844 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys

19:13:49.0288 4844 nv_agp - ok

19:13:49.0366 4844 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

19:13:49.0366 4844 odserv - ok

19:13:49.0397 4844 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys

19:13:49.0397 4844 ohci1394 - ok

19:13:49.0428 4844 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:13:49.0428 4844 ose - ok

19:13:49.0490 4844 OverwolfUpdaterService (b786acfd9bac6c609fa03ba2597437a5) C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe

19:13:49.0490 4844 OverwolfUpdaterService - ok

19:13:49.0522 4844 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

19:13:49.0522 4844 p2pimsvc - ok

19:13:49.0553 4844 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

19:13:49.0568 4844 p2psvc - ok

19:13:49.0584 4844 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

19:13:49.0584 4844 Parport - ok

19:13:49.0600 4844 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys

19:13:49.0600 4844 partmgr - ok

19:13:49.0631 4844 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

19:13:49.0631 4844 PcaSvc - ok

19:13:49.0646 4844 pci (5aab2b170536885de70a6cba8d7ce52b) C:\windows\system32\DRIVERS\pci.sys

19:13:49.0662 4844 pci - ok

19:13:49.0678 4844 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

19:13:49.0678 4844 pciide - ok

19:13:49.0693 4844 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

19:13:49.0709 4844 pcmcia - ok

19:13:49.0724 4844 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

19:13:49.0724 4844 pcw - ok

19:13:49.0756 4844 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

19:13:49.0771 4844 PEAUTH - ok

19:13:49.0818 4844 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

19:13:49.0818 4844 PerfHost - ok

19:13:49.0865 4844 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys

19:13:49.0865 4844 PGEffect - ok

19:13:49.0958 4844 pgsql-8.3 (acc93675d78d1c07dad09d7837f2397a) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe

19:13:49.0958 4844 pgsql-8.3 - ok

19:13:50.0005 4844 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll

19:13:50.0036 4844 pla - ok

19:13:50.0083 4844 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll

19:13:50.0083 4844 PlugPlay - ok

19:13:50.0099 4844 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

19:13:50.0099 4844 PNRPAutoReg - ok

19:13:50.0130 4844 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

19:13:50.0130 4844 PNRPsvc - ok

19:13:50.0161 4844 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll

19:13:50.0177 4844 PolicyAgent - ok

19:13:50.0208 4844 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

19:13:50.0224 4844 Power - ok

19:13:50.0255 4844 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys

19:13:50.0255 4844 PptpMiniport - ok

19:13:50.0286 4844 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

19:13:50.0286 4844 Processor - ok

19:13:50.0317 4844 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\windows\system32\profsvc.dll

19:13:50.0317 4844 ProfSvc - ok

19:13:50.0348 4844 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe

19:13:50.0348 4844 ProtectedStorage - ok

19:13:50.0364 4844 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys

19:13:50.0380 4844 Psched - ok

19:13:50.0411 4844 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

19:13:50.0442 4844 ql2300 - ok

19:13:50.0458 4844 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

19:13:50.0458 4844 ql40xx - ok

19:13:50.0489 4844 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

19:13:50.0489 4844 QWAVE - ok

19:13:50.0504 4844 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

19:13:50.0504 4844 QWAVEdrv - ok

19:13:50.0520 4844 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

19:13:50.0520 4844 RasAcd - ok

19:13:50.0567 4844 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

19:13:50.0567 4844 RasAgileVpn - ok

19:13:50.0598 4844 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

19:13:50.0598 4844 RasAuto - ok

19:13:50.0629 4844 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys

19:13:50.0629 4844 Rasl2tp - ok

19:13:50.0660 4844 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll

19:13:50.0660 4844 RasMan - ok

19:13:50.0692 4844 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

19:13:50.0692 4844 RasPppoe - ok

19:13:50.0707 4844 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

19:13:50.0723 4844 RasSstp - ok

19:13:50.0738 4844 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys

19:13:50.0738 4844 rdbss - ok

19:13:50.0770 4844 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

19:13:50.0770 4844 rdpbus - ok

19:13:50.0785 4844 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

19:13:50.0785 4844 RDPCDD - ok

19:13:50.0801 4844 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

19:13:50.0801 4844 RDPENCDD - ok

19:13:50.0832 4844 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

19:13:50.0832 4844 RDPREFMP - ok

19:13:50.0863 4844 RDPWD (074ac702d8b8b660b0e1371555995386) C:\windows\system32\drivers\RDPWD.sys

19:13:50.0863 4844 RDPWD - ok

19:13:50.0894 4844 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys

19:13:50.0894 4844 rdyboost - ok

19:13:50.0957 4844 RegSrvc (6108654c5ebea28a606d6890b4de6de3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

19:13:50.0972 4844 RegSrvc - ok

19:13:50.0988 4844 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

19:13:50.0988 4844 RemoteAccess - ok

19:13:51.0035 4844 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

19:13:51.0035 4844 RemoteRegistry - ok

19:13:51.0066 4844 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

19:13:51.0066 4844 RpcEptMapper - ok

19:13:51.0097 4844 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

19:13:51.0097 4844 RpcLocator - ok

19:13:51.0113 4844 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll

19:13:51.0128 4844 RpcSs - ok

19:13:51.0144 4844 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

19:13:51.0144 4844 rspndr - ok

19:13:51.0206 4844 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys

19:13:51.0206 4844 RTL8167 - ok

19:13:51.0238 4844 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe

19:13:51.0238 4844 SamSs - ok

19:13:51.0269 4844 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys

19:13:51.0269 4844 sbp2port - ok

19:13:51.0284 4844 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

19:13:51.0300 4844 SCardSvr - ok

19:13:51.0316 4844 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys

19:13:51.0316 4844 scfilter - ok

19:13:51.0347 4844 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll

19:13:51.0378 4844 Schedule - ok

19:13:51.0409 4844 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll

19:13:51.0409 4844 SCPolicySvc - ok

19:13:51.0440 4844 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\DRIVERS\sdbus.sys

19:13:51.0440 4844 sdbus - ok

19:13:51.0456 4844 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll

19:13:51.0456 4844 SDRSVC - ok

19:13:51.0487 4844 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

19:13:51.0487 4844 secdrv - ok

19:13:51.0503 4844 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll

19:13:51.0503 4844 seclogon - ok

19:13:51.0534 4844 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll

19:13:51.0534 4844 SENS - ok

19:13:51.0550 4844 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

19:13:51.0550 4844 SensrSvc - ok

19:13:51.0581 4844 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

19:13:51.0581 4844 Serenum - ok

19:13:51.0596 4844 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

19:13:51.0596 4844 Serial - ok

19:13:51.0612 4844 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

19:13:51.0612 4844 sermouse - ok

19:13:51.0674 4844 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll

19:13:51.0674 4844 SessionEnv - ok

19:13:51.0706 4844 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys

19:13:51.0706 4844 sffdisk - ok

19:13:51.0737 4844 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys

19:13:51.0737 4844 sffp_mmc - ok

19:13:51.0752 4844 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys

19:13:51.0752 4844 sffp_sd - ok

19:13:51.0768 4844 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

19:13:51.0768 4844 sfloppy - ok

19:13:51.0799 4844 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll

19:13:51.0815 4844 SharedAccess - ok

19:13:51.0830 4844 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll

19:13:51.0830 4844 ShellHWDetection - ok

19:13:51.0862 4844 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

19:13:51.0862 4844 SiSRaid2 - ok

19:13:51.0893 4844 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

19:13:51.0893 4844 SiSRaid4 - ok

19:13:51.0940 4844 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

19:13:51.0940 4844 Smb - ok

19:13:51.0986 4844 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

19:13:51.0986 4844 SNMPTRAP - ok

19:13:52.0002 4844 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

19:13:52.0002 4844 spldr - ok

19:13:52.0049 4844 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe

19:13:52.0049 4844 Spooler - ok

19:13:52.0127 4844 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe

19:13:52.0205 4844 sppsvc - ok

19:13:52.0236 4844 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

19:13:52.0236 4844 sppuinotify - ok

19:13:52.0283 4844 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys

19:13:52.0283 4844 srv - ok

19:13:52.0314 4844 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys

19:13:52.0314 4844 srv2 - ok

19:13:52.0345 4844 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys

19:13:52.0345 4844 srvnet - ok

19:13:52.0376 4844 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

19:13:52.0376 4844 SSDPSRV - ok

19:13:52.0392 4844 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

19:13:52.0408 4844 SstpSvc - ok

19:13:52.0423 4844 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

19:13:52.0439 4844 stexstor - ok

19:13:52.0470 4844 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll

19:13:52.0486 4844 stisvc - ok

19:13:52.0517 4844 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

19:13:52.0517 4844 swenum - ok

19:13:52.0548 4844 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

19:13:52.0564 4844 swprv - ok

19:13:52.0626 4844 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys

19:13:52.0626 4844 SynTP - ok

19:13:52.0673 4844 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll

19:13:52.0704 4844 SysMain - ok

19:13:52.0751 4844 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll

19:13:52.0751 4844 TabletInputService - ok

19:13:52.0798 4844 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll

19:13:52.0798 4844 TapiSrv - ok

19:13:52.0813 4844 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

19:13:52.0813 4844 TBS - ok

19:13:52.0876 4844 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys

19:13:52.0907 4844 Tcpip - ok

19:13:52.0969 4844 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys

19:13:52.0969 4844 TCPIP6 - ok

19:13:53.0032 4844 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys

19:13:53.0032 4844 tcpipreg - ok

19:13:53.0063 4844 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

19:13:53.0063 4844 tdcmdpst - ok

19:13:53.0078 4844 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

19:13:53.0078 4844 TDPIPE - ok

19:13:53.0110 4844 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys

19:13:53.0110 4844 TDTCP - ok

19:13:53.0156 4844 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys

19:13:53.0156 4844 tdx - ok

19:13:53.0172 4844 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys

19:13:53.0172 4844 TermDD - ok

19:13:53.0219 4844 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll

19:13:53.0234 4844 TermService - ok

19:13:53.0266 4844 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

19:13:53.0266 4844 Themes - ok

19:13:53.0297 4844 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys

19:13:53.0297 4844 Thpdrv - ok

19:13:53.0328 4844 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS

19:13:53.0328 4844 Thpevm - ok

19:13:53.0375 4844 Thpsrv (f6927bba3b09aff26a53a9191f7378f9) C:\windows\system32\ThpSrv.exe

19:13:53.0390 4844 Thpsrv - ok

19:13:53.0406 4844 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

19:13:53.0406 4844 THREADORDER - ok

19:13:53.0437 4844 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

19:13:53.0437 4844 TMachInfo - ok

19:13:53.0468 4844 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe

19:13:53.0468 4844 TODDSrv - ok

19:13:53.0531 4844 TosCoSrv (98c864481d62f86ec8af65be3419a95b) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

19:13:53.0531 4844 TosCoSrv - ok

19:13:53.0593 4844 TOSHIBA eco Utility Service (2ab7a4697462edb0c9dfafc529746ba9) C:\Program Files\TOSHIBA\TECO\TecoService.exe

19:13:53.0593 4844 TOSHIBA eco Utility Service - ok

19:13:53.0624 4844 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

19:13:53.0624 4844 TOSHIBA HDD SSD Alert Service - ok

19:13:53.0718 4844 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys

19:13:53.0718 4844 tos_sps64 - ok

19:13:53.0765 4844 TPCHSrv (97687d094aa597da366e1194b218cc6c) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

19:13:53.0780 4844 TPCHSrv - ok

19:13:53.0812 4844 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

19:13:53.0812 4844 TrkWks - ok

19:13:53.0843 4844 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe

19:13:53.0843 4844 TrustedInstaller - ok

19:13:53.0874 4844 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys

19:13:53.0874 4844 tssecsrv - ok

19:13:53.0905 4844 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys

19:13:53.0905 4844 tunnel - ok

19:13:53.0952 4844 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

19:13:53.0952 4844 TVALZ - ok

19:13:53.0983 4844 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys

19:13:53.0983 4844 TVALZFL - ok

19:13:54.0014 4844 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

19:13:54.0014 4844 uagp35 - ok

19:13:54.0046 4844 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys

19:13:54.0046 4844 udfs - ok

19:13:54.0077 4844 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

19:13:54.0092 4844 UI0Detect - ok

19:13:54.0108 4844 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys

19:13:54.0108 4844 uliagpkx - ok

19:13:54.0139 4844 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys

19:13:54.0139 4844 umbus - ok

19:13:54.0170 4844 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

19:13:54.0170 4844 UmPass - ok

19:13:54.0264 4844 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

19:13:54.0280 4844 UNS - ok

19:13:54.0311 4844 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

19:13:54.0326 4844 upnphost - ok

19:13:54.0342 4844 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys

19:13:54.0358 4844 usbccgp - ok

19:13:54.0373 4844 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys

19:13:54.0373 4844 usbcir - ok

19:13:54.0389 4844 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys

19:13:54.0389 4844 usbehci - ok

19:13:54.0404 4844 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys

19:13:54.0404 4844 usbhub - ok

19:13:54.0436 4844 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys

19:13:54.0436 4844 usbohci - ok

19:13:54.0451 4844 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

19:13:54.0451 4844 usbprint - ok

19:13:54.0498 4844 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys

19:13:54.0498 4844 usbscan - ok

19:13:54.0545 4844 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS

19:13:54.0545 4844 USBSTOR - ok

19:13:54.0576 4844 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys

19:13:54.0576 4844 usbuhci - ok

19:13:54.0623 4844 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys

19:13:54.0623 4844 usbvideo - ok

19:13:54.0654 4844 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

19:13:54.0654 4844 UxSms - ok

19:13:54.0685 4844 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe

19:13:54.0685 4844 VaultSvc - ok

19:13:54.0701 4844 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys

19:13:54.0701 4844 vdrvroot - ok

19:13:54.0748 4844 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe

19:13:54.0748 4844 vds - ok

19:13:54.0779 4844 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

19:13:54.0779 4844 vga - ok

19:13:54.0794 4844 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

19:13:54.0794 4844 VgaSave - ok

19:13:54.0810 4844 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys

19:13:54.0810 4844 vhdmp - ok

19:13:54.0841 4844 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys

19:13:54.0841 4844 viaide - ok

19:13:54.0857 4844 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys

19:13:54.0857 4844 volmgr - ok

19:13:54.0888 4844 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys

19:13:54.0888 4844 volmgrx - ok

19:13:54.0904 4844 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys

19:13:54.0904 4844 volsnap - ok

19:13:54.0950 4844 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

19:13:54.0950 4844 vsmraid - ok

19:13:54.0997 4844 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe

19:13:55.0028 4844 VSS - ok

19:13:55.0044 4844 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

19:13:55.0044 4844 vwifibus - ok

19:13:55.0075 4844 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

19:13:55.0075 4844 vwififlt - ok

19:13:55.0091 4844 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys

19:13:55.0091 4844 vwifimp - ok

19:13:55.0122 4844 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

19:13:55.0138 4844 W32Time - ok

19:13:55.0153 4844 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

19:13:55.0153 4844 WacomPen - ok

19:13:55.0184 4844 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys

19:13:55.0184 4844 WANARP - ok

19:13:55.0200 4844 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys

19:13:55.0200 4844 Wanarpv6 - ok

19:13:55.0262 4844 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

19:13:55.0278 4844 WatAdminSvc - ok

19:13:55.0325 4844 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe

19:13:55.0372 4844 wbengine - ok

19:13:55.0387 4844 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

19:13:55.0387 4844 WbioSrvc - ok

19:13:55.0418 4844 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll

19:13:55.0434 4844 wcncsvc - ok

19:13:55.0450 4844 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

19:13:55.0450 4844 WcsPlugInService - ok

19:13:55.0465 4844 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

19:13:55.0465 4844 Wd - ok

19:13:55.0496 4844 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

19:13:55.0496 4844 Wdf01000 - ok

19:13:55.0528 4844 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

19:13:55.0528 4844 WdiServiceHost - ok

19:13:55.0528 4844 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

19:13:55.0528 4844 WdiSystemHost - ok

19:13:55.0559 4844 wdkmd (7c2ef67b0a43c4deb7ef932ceda337d6) C:\windows\system32\DRIVERS\WDKMD.sys

19:13:55.0574 4844 wdkmd - ok

19:13:55.0606 4844 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll

19:13:55.0606 4844 WebClient - ok

19:13:55.0621 4844 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

19:13:55.0637 4844 Wecsvc - ok

19:13:55.0652 4844 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

19:13:55.0668 4844 wercplsupport - ok

19:13:55.0684 4844 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

19:13:55.0699 4844 WerSvc - ok

19:13:55.0730 4844 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

19:13:55.0730 4844 WfpLwf - ok

19:13:55.0746 4844 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

19:13:55.0746 4844 WIMMount - ok

19:13:55.0777 4844 WinDefend - ok

19:13:55.0777 4844 WinHttpAutoProxySvc - ok

19:13:55.0824 4844 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

19:13:55.0824 4844 Winmgmt - ok

19:13:55.0886 4844 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll

19:13:55.0933 4844 WinRM - ok

19:13:55.0980 4844 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

19:13:56.0011 4844 Wlansvc - ok

19:13:56.0120 4844 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

19:13:56.0152 4844 wlidsvc - ok

19:13:56.0198 4844 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

19:13:56.0198 4844 WmiAcpi - ok

19:13:56.0245 4844 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

19:13:56.0245 4844 wmiApSrv - ok

19:13:56.0276 4844 WMPNetworkSvc - ok

19:13:56.0308 4844 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

19:13:56.0308 4844 WPCSvc - ok

19:13:56.0339 4844 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll

19:13:56.0339 4844 WPDBusEnum - ok

19:13:56.0354 4844 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

19:13:56.0354 4844 ws2ifsl - ok

19:13:56.0386 4844 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\System32\wscsvc.dll

19:13:56.0386 4844 wscsvc - ok

19:13:56.0401 4844 WSearch - ok

19:13:56.0464 4844 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll

19:13:56.0526 4844 wuauserv - ok

19:13:56.0542 4844 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys

19:13:56.0557 4844 WudfPf - ok

19:13:56.0573 4844 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys

19:13:56.0573 4844 WUDFRd - ok

19:13:56.0588 4844 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll

19:13:56.0588 4844 wudfsvc - ok

19:13:56.0620 4844 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

19:13:56.0635 4844 WwanSvc - ok

19:13:56.0651 4844 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

19:13:56.0713 4844 \Device\Harddisk0\DR0 - ok

19:13:56.0729 4844 Boot (0x1200) (8ec2fe3fe560682812c8cc5cecb048a8) \Device\Harddisk0\DR0\Partition0

19:13:56.0729 4844 \Device\Harddisk0\DR0\Partition0 - ok

19:13:56.0729 4844 ============================================================

19:13:56.0729 4844 Scan finished

19:13:56.0729 4844 ============================================================

19:13:56.0744 3840 Detected object count: 0

19:13:56.0744 3840 Actual detected object count: 0

Share this post


Link to post
Share on other sites

Please continue to have patience. We are not finsihed still. and there will be more to do later.

This next process will involve a Reboot/retsart. Allow it. Close and save any open documents you have open!

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"=-
    "Overwolf"=-
    :Commands
    [CREATERESTOREPOINT]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

Turn off your antivirus program.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Leave the firewall on.

Get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm

Steps to follow for the MVP Hosts file:

1) Download and SAVE the zip file to a temporary folder

2) Unzip (extract the contents) in the same folder

3) Temporarily disable your antivirus program. Some antivirus apps will block changes to the Hosts file; so turn it off.

4) After extract is complete, run mvps.bat batch file. This copies your pre-existing Hosts file to Hosts.mvp in the folder where Windows' Hosts resides

typically, C:\WINDOWS\system32\drivers\etc

and after that copy is saved, it replaces the old Hosts with the new one.

And you should see (in the blue background command window) the following:

_________________________________________________

¦ +---+¦

¦ THE MVPS HOSTS FILE IS NOW UPDATED ¦ v ¦¦

¦ +---+¦

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Previous version saved and renamed to HOSTS.MVP

Press any key to continue . . .

Find the folder where you saved the original download. Delete hosts.zip and a file folder there named hosts

The latter is the same folder that had mvps.bat

Step 3

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop

Step 4

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Step 5

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Step 6

Re-enable your antivirus program.

Reply with a copy of the C:\Combofix.txt log

and OTL MovedFiles log

and RKReport

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.