icog

Honorary Members

View Profile See their activity

Posts
21
Joined
March 14, 2012
Last visited
November 16, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by icog

Do I have a virus?

icog replied to icog's topic in Resolved Malware Removal Logs

Ah... I see. Thanks a ton!
- November 16, 2012
- 14 replies
Do I have a virus?

icog replied to icog's topic in Resolved Malware Removal Logs

Message doesn't pop up anymore, thanks... can you please explain what that was and how I might have gotten it?
- November 15, 2012
- 14 replies
Do I have a virus?

icog replied to icog's topic in Resolved Malware Removal Logs

All processes killed ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_USERS\S-1-5-21-2913796982-2414487537-1882358387-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_USERS\S-1-5-21-2913796982-2414487537-1882358387-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found. Registry value HKEY_USERS\S-1-5-21-2913796982-2414487537-1882358387-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully. File PTYJAVA] not found. File ptytemp] not found. File PTYFLASH] not found. OTL by OldTimer - Version 3.2.69.0 log created on 11152012_083251 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
- November 15, 2012
- 14 replies
Do I have a virus?

icog replied to icog's topic in Resolved Malware Removal Logs

Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 JavaFX 2.1.1 Java 7 Update 9 Adobe Flash Player 11.5.502.110 Mozilla Firefox 12.0 Firefox out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 10% ````````````````````End of Log`````````````````````` OTL logfile created on: 11/14/2012 8:47:42 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\guon\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.48 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 46.46% Memory free 4.95 Gb Paging File | 3.53 Gb Available in Paging File | 71.25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 282.13 Gb Total Space | 199.01 Gb Free Space | 70.54% Space Free | Partition Type: NTFS Computer Name: GUON-PC | User Name: guon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/14 08:44:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\guon\Desktop\OTL.exe PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/07/19 07:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe PRC - [2011/07/19 07:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011/08/11 15:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV:64bit: - [2011/06/27 22:25:26 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2011/06/09 21:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2011/05/26 00:09:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/05/24 09:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2011/05/17 14:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2010/10/20 14:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2012/11/12 10:44:31 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/11/12 10:40:58 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/08 20:04:21 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/07/19 07:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr) SRV - [2011/07/19 07:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2011/07/11 17:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2011/07/07 15:02:16 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011/05/26 01:58:22 | 009,263,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/05/25 23:28:50 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/09 11:29:10 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011/02/03 19:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/01/05 01:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2010/12/01 16:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/11/30 14:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/09/24 07:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009/06/15 12:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem) DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {04025389-B921-4619-A2CF-8C34C50B2DA1} IE:64bit: - HKLM\..\SearchScopes\{04025389-B921-4619-A2CF-8C34C50B2DA1}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {04025389-B921-4619-A2CF-8C34C50B2DA1} IE - HKLM\..\SearchScopes\{04025389-B921-4619-A2CF-8C34C50B2DA1}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\guon\Desktop IE - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ IE - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\..\SearchScopes,DefaultScope = {9221FDE7-9B7E-4BB3-BA36-EC3B5AD1D904} IE - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\..\SearchScopes\{04025389-B921-4619-A2CF-8C34C50B2DA1}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\..\SearchScopes\{9221FDE7-9B7E-4BB3-BA36-EC3B5AD1D904}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS461 IE - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120515 FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4 FF - prefs.js..extensions.enabledAddons: ALone-live@ya.ru:1.3.6 FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/08 20:04:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/05 17:33:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\guon\AppData\Roaming\Mozilla\Extensions [2012/11/13 10:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\extensions [2012/06/01 17:17:28 | 000,000,000 | ---D | M] (WOT) -- C:\Users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012/06/01 17:17:28 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\extensions\ALone-live@ya.ru [2012/11/13 10:08:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\extensions\staged [2012/06/28 20:52:32 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\extensions\adblockpopups@jessehakanen.net.xpi [2012/10/02 16:43:15 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/05/08 15:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/05/08 20:04:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/03/12 20:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/03/12 20:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\guon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\guon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\guon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/03/17 16:09:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000..\Run: [PlayNC Launcher] File not found O4 - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88C63E5F-E7B8-4C96-95BD-56785CD0C947}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD879F8F-24AE-4F20-832C-8C29DB47BA8D}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/14 08:44:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\guon\Desktop\OTL.exe [2012/11/13 14:04:03 | 000,000,000 | ---D | C] -- C:\Users\guon\Desktop\RK_Quarantine [2012/11/13 13:57:43 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\guon\Desktop\dds.scr [15 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/14 08:48:56 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/14 08:48:56 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/14 08:45:54 | 000,727,310 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/11/14 08:45:54 | 000,624,856 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/11/14 08:45:54 | 000,106,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/11/14 08:44:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\guon\Desktop\OTL.exe [2012/11/14 08:43:01 | 000,881,833 | ---- | M] () -- C:\Users\guon\Desktop\SecurityCheck.exe [2012/11/14 08:41:28 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/14 08:40:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/11/14 08:40:51 | 1993,498,624 | -HS- | M] () -- C:\hiberfil.sys [2012/11/13 14:02:35 | 000,673,280 | ---- | M] () -- C:\Users\guon\Desktop\RogueKiller.exe [2012/11/13 13:57:44 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\guon\Desktop\dds.scr [2012/11/13 10:52:20 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/11/13 10:36:06 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/13 10:36:06 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/10/19 18:49:12 | 000,000,323 | ---- | M] () -- C:\Users\guon\Documents\aionmemo_4e4bcd57.dat [15 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/14 08:43:01 | 000,881,833 | ---- | C] () -- C:\Users\guon\Desktop\SecurityCheck.exe [2012/11/13 14:02:35 | 000,673,280 | ---- | C] () -- C:\Users\guon\Desktop\RogueKiller.exe [2012/11/13 10:27:10 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/13 10:17:27 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/05/19 19:26:32 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat [2012/03/23 19:10:03 | 000,000,044 | ---- | C] () -- C:\Users\guon\jagex_cl_runescape_LIVE1.dat [2012/03/21 22:11:09 | 000,000,023 | ---- | C] () -- C:\Users\guon\jagexappletviewer.preferences [2012/03/05 15:39:30 | 000,000,043 | ---- | C] () -- C:\Users\guon\jagex_cl_runescape_LIVE.dat [2012/03/05 15:39:30 | 000,000,024 | ---- | C] () -- C:\Users\guon\random.dat [2011/12/14 19:31:24 | 000,000,262 | ---- | C] () -- C:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2011/12/05 17:14:43 | 000,744,528 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/11/29 00:53:54 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2011/11/29 00:45:29 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011/11/29 00:43:17 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011/02/03 19:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll ========== ZeroAccess Check ========== [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/12/15 00:03:24 | 000,000,000 | ---D | M] -- C:\Users\guon\AppData\Roaming\LolClient [2012/06/01 20:25:49 | 000,000,000 | ---D | M] -- C:\Users\guon\AppData\Roaming\LolClient2 [2012/05/08 03:32:48 | 000,000,000 | ---D | M] -- C:\Users\guon\AppData\Roaming\SoftGrid Client [2011/12/07 00:10:12 | 000,000,000 | ---D | M] -- C:\Users\guon\AppData\Roaming\Tific [2011/12/05 17:11:52 | 000,000,000 | ---D | M] -- C:\Users\guon\AppData\Roaming\Toshiba [2011/12/05 17:16:50 | 000,000,000 | ---D | M] -- C:\Users\guon\AppData\Roaming\TP [2012/06/23 14:55:28 | 000,000,000 | ---D | M] -- C:\Users\guon\AppData\Roaming\TS3Client [2011/12/05 17:08:08 | 000,000,000 | ---D | M] -- C:\Users\guon\AppData\Roaming\WinBatch ========== Purity Check ========== < End of report > OTL Extras logfile created on: 11/14/2012 8:47:42 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\guon\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.48 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 46.46% Memory free 4.95 Gb Paging File | 3.53 Gb Available in Paging File | 71.25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 282.13 Gb Total Space | 199.01 Gb Free Space | 70.54% Space Free | Partition Type: NTFS Computer Name: GUON-PC | User Name: guon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl[@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2913796982-2414487537-1882358387-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06F8665F-0BFC-45C0-8964-34708A48A20E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{143B6083-B871-435E-88A1-76B6A0EEDB8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{18E43BE7-E894-4276-93CE-C961703BB52B}" = rport=139 | protocol=6 | dir=out | app=system | "{1CA3CEBB-F572-4556-87AC-A728D46A2EC6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{205DDD15-7CAA-4444-8E4C-9179D9AA8CD7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{358A94B6-C432-4452-83C3-1C5D261D2F1B}" = rport=137 | protocol=17 | dir=out | app=system | "{440DE357-63E2-459A-8C09-97B7466BC830}" = lport=10243 | protocol=6 | dir=in | app=system | "{46B172B4-20E1-4969-B0EF-5A8F293B17C7}" = lport=445 | protocol=6 | dir=in | app=system | "{4C1323F5-0C01-4A34-A96B-61601B4B23AB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4CB1EC2C-BDED-4946-ADCE-F24448A7BA6C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8020553B-522B-4B15-93B0-307EFD4C20DF}" = rport=10243 | protocol=6 | dir=out | app=system | "{81C4FD3E-9B76-4BD4-8A1A-44B44A2C7DCF}" = lport=137 | protocol=17 | dir=in | app=system | "{9C93BF61-EAD7-4726-8D69-F390FC8418CE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A3E9CD97-621E-4B2D-91E7-91AAEF59318E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A809AD7D-ECAA-4846-A98A-0DA47826A90D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AA1E99D3-CC6E-4B1B-8294-E84017E4900D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{BFD34369-18FB-4248-8617-DAFAE785C15D}" = lport=138 | protocol=17 | dir=in | app=system | "{CC55AF6D-C3E5-4763-8CA1-AF84CB3A15E1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CDBF13C8-8614-4FEE-8D04-B93D7DA379DF}" = rport=138 | protocol=17 | dir=out | app=system | "{D25C6C2F-79E0-48EC-B029-4A3EA2F2C505}" = lport=2869 | protocol=6 | dir=in | app=system | "{F1878B83-F9D9-4830-85CF-9991D4F6D5E6}" = rport=445 | protocol=6 | dir=out | app=system | "{F51E3E5F-2158-4826-9477-B25D21D8D4D2}" = lport=139 | protocol=6 | dir=in | app=system | "{F7AC8CC4-FB02-444D-8CEB-5F25B3872E29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01F625F2-FE48-4FBD-B8F6-99195EFB030B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{1A9725D2-996F-40C6-B971-4A28F975D4F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1D87DA53-6FC9-4025-AA4F-C28201973B68}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{240B6738-4B14-400C-A281-6314CC93FBED}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe | "{2834134F-D33B-4189-82DE-03BD58A8CAF8}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{2A6007DE-0B57-4BE9-97FD-C6B183AD6BAB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2B061282-9627-4407-9953-BF3820C1A324}" = protocol=17 | dir=in | app=c:\starcraft ii\starcraft ii\starcraft ii.exe | "{321B5DB3-FB2D-4580-B837-9494F4D33704}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{32E32045-7759-4483-9B82-F80FB1D453E6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{34A110B9-D0FB-47B9-949C-7191486B0ECE}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{34F28FB7-EEE7-486B-ADC2-FED5AC59AAAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{36405737-FDDD-4690-8AD2-3819FAA1DF13}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{4FE2CB80-C1B0-4246-BA96-C740741B24C2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5072278A-285C-4C77-B56E-9F38B10DFDAB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{51A3712C-53BF-4831-8088-26A07194B8BF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5543656F-719D-49CC-98A1-09B1319AE375}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{57F5CD3C-D35A-4A7F-94AE-D571D827FB33}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5DD625D2-D18D-4420-8A80-0EFF2C092D41}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{657B5C19-F961-4B2A-A2ED-AADB2839A47E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{6BA60997-4C9A-44E4-9022-D6B14331AC01}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{6D726623-9AE4-4FE8-9846-054A3D2ABDB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7022A1F3-70AE-4BFA-A92B-CE153D5FB48D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{80AFBE1E-32E6-45BD-8687-FDCE330446DE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{80EE137E-2E82-44A3-AA0F-25E68666B182}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{8C0D7018-9A2A-4773-BAB2-F781B855B22F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{9076257F-A4B1-40A2-819B-90DF3BBCAC45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{962ECA2A-53E2-41C2-89FE-23B1D22F76B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{98C68B0C-3D13-4CFE-80DB-07BC67F09F27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9A683D52-4756-41C8-B424-7F27FDA2E67E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{9C85E679-E5FE-4656-BE50-DD0431E7D492}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A110B7BF-17BC-40B6-9B9E-41187B4E1214}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A4E09C1B-0513-4C2A-AC49-0F3C7A2FC2AB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{A6889A2D-681E-4260-B8A9-8AD522BDEF64}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B0C8D508-7E4A-4190-A3B8-EA04565B80D8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{B38855BE-0A8B-46D5-98DD-1393E53FC0FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C1E8F1D9-39C4-40D9-8E52-294A9E547C50}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{C51FF805-5423-4ED5-8B54-E4EC3D058F82}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C8F0CD1D-CD59-49F0-BF7B-0D4F539DA92E}" = protocol=6 | dir=out | app=system | "{D7B5281E-B6F5-4448-9042-781F8439D4E1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DEC7F83D-74D4-4A62-8CDC-60577586EE80}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe | "{E3CC3EAC-9701-42D2-B019-91FDE1FFB8E0}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{E5015C13-3EF2-4EDF-A1B5-F6884B15FC28}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F050E62E-26C7-4BC7-BDD6-27B660777ABB}" = protocol=6 | dir=in | app=c:\starcraft ii\starcraft ii\starcraft ii.exe | "{F0A3B2E7-B9F7-473B-BEA4-9EAC6A1DB6DE}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F5EC732A-FB20-4EF3-A787-D5C351F3B2EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F9D401EC-1515-41C5-BBE8-529101C24236}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{FF87529A-FF3D-4D1A-B0C3-E2EAB8D44FC4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{00576123-22A6-4BFA-8DB4-92BEFB55F31B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{44CB295A-420B-4695-A6DE-607586E70BFC}C:\starcraft ii\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\starcraft ii\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{4BDC2EF3-8A78-4644-B979-9967F1BB92F9}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "TCP Query User{7B61A8DE-816E-4909-889E-3E25BBA5B0EC}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe | "TCP Query User{806AB03B-A11A-40D0-994E-E92F1EA1C22A}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{8363CC02-6974-40EF-983C-52837ABEA36C}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "TCP Query User{AA7AABDD-5B0D-4865-A677-31037A38246C}C:\users\guon\desktop\starcraft_2_na_en-us.exe" = protocol=6 | dir=in | app=c:\users\guon\desktop\starcraft_2_na_en-us.exe | "TCP Query User{FA7E957C-9D43-4851-9294-BD8E5B628627}C:\starcraft ii\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\starcraft ii\starcraft ii\versions\base19679\sc2.exe | "UDP Query User{47E88F07-F666-49C0-9F9A-A48F33093820}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{6D256D77-9767-4F0D-9B89-AA377D5D1E57}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{8D2B841A-7C42-4292-B531-651FEC82400E}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe | "UDP Query User{98575E58-D594-4CBB-8A90-6336C55DD646}C:\starcraft ii\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\starcraft ii\starcraft ii\versions\base19679\sc2.exe | "UDP Query User{D109F5C8-88E8-47FF-BF66-A3D3D49591D8}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "UDP Query User{DE1ABD75-9AD4-48A9-AF4A-C050333BA10B}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "UDP Query User{DE7CE922-A4DD-40F6-BFE1-A4EDB30A0EED}C:\starcraft ii\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\starcraft ii\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{F1517CCC-2936-4754-B998-248190FA90EB}C:\users\guon\desktop\starcraft_2_na_en-us.exe" = protocol=17 | dir=in | app=c:\users\guon\desktop\starcraft_2_na_en-us.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{34565B7E-F28D-BEEE-75BB-06E7659FC76F}" = ATI Catalyst Install Manager "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{617C7445-9152-3B2D-5618-117323D728E0}" = ccc-utility64 "{645C958A-F505-A126-F618-DDF4F9C3FE43}" = WMV9/VC-1 Video Playback "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility "{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client "{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0315398D-7266-AB1A-D7DB-03B5ECB4B126}" = CCC Help Portuguese "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0 "{0E66EC48-9DFD-0A60-A391-3A15D2F26696}" = CCC Help Japanese "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{113DE365-7DB5-6E66-DC10-CF8A3E5BEC74}" = CCC Help Chinese Traditional "{12109DE2-D313-3456-4C6D-2F1283554D28}" = CCC Help Danish "{19540CBA-3D6C-D1BB-F713-FC6B082E4D1F}" = CCC Help Greek "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1B3F8894-DC2F-AE2F-548C-BC7786F199FE}" = CCC Help Czech "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FB31D8B-476B-AECB-4831-21D65E28AF7A}" = Catalyst Control Center Graphics Previews Common "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2580F3D5-CA0A-2D65-EA68-70F433B85146}" = CCC Help Thai "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{36285812-1E91-CA80-B1E6-E305348621FE}" = CCC Help Dutch "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E27A271-351E-72DC-BD22-06A46243F2A5}" = CCC Help German "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5684A50E-D6B1-5593-E292-72EFFF18197F}" = CCC Help Russian "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator "{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2 "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player "{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}" = Netwaiting "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7EA2ACE0-9281-137B-D513-8B64A846A401}" = CCC Help Turkish "{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8653955E-3E81-DD1E-C159-B9042649EA09}" = CCC Help Norwegian "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{92AD9101-1F8A-1A9C-B54C-49EA654FCD03}" = CCC Help Italian "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{92FF1D21-3C31-C7DD-5201-7F91805706C2}" = CCC Help French "{93A6108B-997A-FFE1-E304-31204DAAAA7C}" = CCC Help Korean "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E9C5551-2674-19BD-2BCE-24BF05908E03}" = CCC Help English "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A4ED0A4C-E9E1-78CF-59D8-C42BBB9ACDC5}" = CCC Help Finnish "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C6EDBA96-E5CF-EA2B-BEC1-005592B9358E}" = AMD VISION Engine Control Center "{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D3CD7848-5C54-0C58-CB65-9A9B74AA3C2A}" = CCC Help Hungarian "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6DAF6F2-2ABF-83FE-B5C0-7C07711D9AA8}" = CCC Help Polish "{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher "{DC26D0EF-06F7-9DC8-5E1F-AFEF20F8E7FC}" = CCC Help Spanish "{DD5EF061-240A-DF5B-1B6A-A7E38733216D}" = Catalyst Control Center InstallProxy "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DF10A0FC-1508-EF3B-AF9D-943B7AEDB967}" = CCC Help Swedish "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in "{F7506A7D-2FED-07D9-60A6-E0832A42A3DA}" = CCC Help Chinese Standard "{F9D85C9A-4E99-8115-41DA-9427FD77AFD5}" = Catalyst Control Center Localization All "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "BandiMPEG1" = Bandisoft MPEG-1 Decoder "Google Chrome" = Google Chrome "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup "InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NortonPCCheckup" = Toshiba Laptop Checkup "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "StarCraft II" = StarCraft II "Vindictus" = Vindictus "VLC media player" = VLC media player 2.0.2 "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2913796982-2414487537-1882358387-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "NCsoft-Aion" = Aion "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 9/17/2012 9:54:31 PM | Computer Name = guon-PC | Source = WinMgmt | ID = 10 Description = Error - 9/18/2012 6:49:03 PM | Computer Name = guon-PC | Source = Bonjour Service | ID = 100 Description = mDNSCoreReceiveResponse: Received from 192.168.1.77:5353 4 Guon-PC.local. Addr 192.168.1.77 Error - 9/18/2012 6:49:03 PM | Computer Name = guon-PC | Source = Bonjour Service | ID = 100 Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 guon-PC.local. Addr 192.168.1.122 Error - 9/18/2012 6:49:03 PM | Computer Name = guon-PC | Source = Bonjour Service | ID = 100 Description = Local Hostname guon-PC.local already in use; will try guon-PC-2.local instead Error - 9/18/2012 6:50:38 PM | Computer Name = guon-PC | Source = WinMgmt | ID = 10 Description = Error - 9/18/2012 8:17:12 PM | Computer Name = guon-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Corel\Label@Once\CDLabel.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 9/20/2012 12:31:34 AM | Computer Name = guon-PC | Source = Bonjour Service | ID = 100 Description = mDNSCoreReceiveResponse: Received from 192.168.1.77:5353 4 Guon-PC.local. Addr 192.168.1.77 Error - 9/20/2012 12:31:34 AM | Computer Name = guon-PC | Source = Bonjour Service | ID = 100 Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 guon-PC.local. Addr 192.168.1.122 Error - 9/20/2012 12:31:34 AM | Computer Name = guon-PC | Source = Bonjour Service | ID = 100 Description = Local Hostname guon-PC.local already in use; will try guon-PC-2.local instead Error - 9/20/2012 12:33:06 AM | Computer Name = guon-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 11/13/2012 2:52:24 PM | Computer Name = guon-PC | Source = NetBT | ID = 4321 Description = The name "GUON-PC :20" could not be registered on the interface with IP address 192.168.1.122. The computer with the IP address 192.168.1.77 did not allow the name to be claimed by this computer. Error - 11/13/2012 2:52:24 PM | Computer Name = guon-PC | Source = NetBT | ID = 4321 Description = The name "GUON-PC :0" could not be registered on the interface with IP address 192.168.1.122. The computer with the IP address 192.168.1.77 did not allow the name to be claimed by this computer. Error - 11/13/2012 5:55:36 PM | Computer Name = guon-PC | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{88C63E5F-E7B8-4C96-95BD-56785CD0C947} because another computer on the network has the same name. The server could not start. Error - 11/13/2012 5:55:35 PM | Computer Name = guon-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Defender service terminated with the following error: %%126 Error - 11/13/2012 5:55:36 PM | Computer Name = guon-PC | Source = NetBT | ID = 4321 Description = The name "GUON-PC :0" could not be registered on the interface with IP address 192.168.1.122. The computer with the IP address 192.168.1.77 did not allow the name to be claimed by this computer. Error - 11/13/2012 5:55:36 PM | Computer Name = guon-PC | Source = NetBT | ID = 4321 Description = The name "GUON-PC :20" could not be registered on the interface with IP address 192.168.1.122. The computer with the IP address 192.168.1.77 did not allow the name to be claimed by this computer. Error - 11/13/2012 6:02:15 PM | Computer Name = guon-PC | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{88C63E5F-E7B8-4C96-95BD-56785CD0C947} because another computer on the network has the same name. The server could not start. Error - 11/13/2012 6:02:15 PM | Computer Name = guon-PC | Source = NetBT | ID = 4321 Description = The name "GUON-PC :0" could not be registered on the interface with IP address 192.168.1.122. The computer with the IP address 192.168.1.77 did not allow the name to be claimed by this computer. Error - 11/13/2012 6:02:15 PM | Computer Name = guon-PC | Source = NetBT | ID = 4321 Description = The name "GUON-PC :20" could not be registered on the interface with IP address 192.168.1.122. The computer with the IP address 192.168.1.77 did not allow the name to be claimed by this computer. Error - 11/14/2012 12:41:13 PM | Computer Name = guon-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Defender service terminated with the following error: %%126 < End of report >
- November 14, 2012
- 14 replies
Do I have a virus?

icog replied to icog's topic in Resolved Malware Removal Logs

DDS (Ver_2012-11-07.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2 Run by guon at 13:59:24 on 2012-11-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2535.1285 [GMT -8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k GPSvcGroup C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\atieclxx.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE c:\Program Files\Microsoft Security Client\NisSrv.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\windows\system32\taskeng.exe C:\windows\Explorer.EXE C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe C:\windows\system32\sppsvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\windows\system32\taskhost.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mail.yahoo.com/ BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [PlayNC Launcher] <no file> mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: NameServer = 192.168.1.254 TCP: Interfaces\{88C63E5F-E7B8-4C96-95BD-56785CD0C947} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{88C63E5F-E7B8-4C96-95BD-56785CD0C947}\0556475637D27657563747 : DHCPNameServer = 75.7.81.174 TCP: Interfaces\{DD879F8F-24AE-4F20-832C-8C29DB47BA8D} : DHCPNameServer = 192.168.1.254 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-11-29 204288] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456] R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-11-29 123320] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-11-29 126392] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-11-29 116752] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-11-29 1109096] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-6-27 828856] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-12 19456] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-11-29 250984] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-11-29 307304] S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-11-29 57216] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-12 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-11-12 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-12-6 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-11-13 18:27:07 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-13 18:27:06 9728 ----a-w- C:\windows\System32\Wdfres.dll 2012-11-13 18:27:06 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys 2012-11-13 18:27:06 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys 2012-11-13 18:17:29 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys 2012-11-13 18:17:29 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys 2012-11-13 18:17:28 84992 ----a-w- C:\windows\System32\WUDFSvc.dll 2012-11-13 18:17:28 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll 2012-11-13 18:17:27 744448 ----a-w- C:\windows\System32\WUDFx.dll 2012-11-13 18:17:27 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll 2012-11-13 18:17:27 229888 ----a-w- C:\windows\System32\WUDFHost.exe 2012-11-13 18:16:46 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE032138-7635-4A54-9CC0-EF427A55D0FE}\mpengine.dll 2012-11-13 18:12:51 3149824 ----a-w- C:\windows\System32\win32k.sys 2012-11-13 18:11:53 95744 ----a-w- C:\windows\System32\synceng.dll 2012-11-13 18:11:53 78336 ----a-w- C:\windows\SysWow64\synceng.dll 2012-11-12 18:49:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-11-12 18:49:01 2048 ----a-w- C:\windows\System32\tzres.dll 2012-11-12 18:33:39 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-09 02:15:49 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-22 01:26:58 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{59B71E7A-2186-4117-9CFB-F29560AA0243}\gapaengine.dll . ==================== Find3M ==================== . 2012-11-12 18:44:31 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-12 18:44:31 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys 2012-09-30 03:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-09-25 08:01:14 0 ----a-w- C:\windows\SysWow64\shoABA3.tmp 2012-09-02 22:18:31 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2012-09-02 22:18:31 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys 2012-08-31 05:03:48 228768 ----a-w- C:\windows\System32\drivers\MpFilter.sys 2012-08-31 05:03:48 128456 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:13:17 154480 ----a-w- C:\windows\System32\drivers\ksecpkg.sys 2012-08-24 18:09:34 458712 ----a-w- C:\windows\System32\drivers\cng.sys 2012-08-24 18:05:07 220160 ----a-w- C:\windows\System32\wintrust.dll 2012-08-24 18:05:03 340992 ----a-w- C:\windows\System32\schannel.dll 2012-08-24 18:04:18 307200 ----a-w- C:\windows\System32\ncrypt.dll 2012-08-24 18:03:09 1448448 ----a-w- C:\windows\System32\lsasrv.dll 2012-08-24 16:57:48 172544 ----a-w- C:\windows\SysWow64\wintrust.dll 2012-08-24 16:57:40 247808 ----a-w- C:\windows\SysWow64\schannel.dll 2012-08-24 16:57:40 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2012-08-24 16:57:37 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll 2012-08-24 16:53:35 96768 ----a-w- C:\windows\SysWow64\sspicli.dll 2012-08-23 14:13:11 243200 ----a-w- C:\windows\System32\rdpudd.dll 2012-08-23 14:10:20 19456 ----a-w- C:\windows\System32\drivers\rdpvideominiport.sys 2012-08-23 14:08:26 30208 ----a-w- C:\windows\System32\drivers\TsUsbGD.sys 2012-08-23 14:07:35 57856 ----a-w- C:\windows\System32\drivers\TsUsbFlt.sys 2012-08-23 13:47:20 46592 ----a-w- C:\windows\SysWow64\MsRdpWebAccess.dll 2012-08-23 13:46:20 16896 ----a-w- C:\windows\SysWow64\wksprtPS.dll 2012-08-23 13:41:52 13312 ----a-w- C:\windows\System32\TsUsbRedirectionGroupPolicyControl.exe 2012-08-23 13:40:56 13312 ----a-w- C:\windows\System32\TsUsbRedirectionGroupPolicyExtension.dll 2012-08-23 13:24:57 15360 ----a-w- C:\windows\System32\RdpGroupPolicyExtension.dll 2012-08-23 13:20:40 54272 ----a-w- C:\windows\System32\MsRdpWebAccess.dll 2012-08-23 13:18:14 37376 ----a-w- C:\windows\SysWow64\tsgqec.dll 2012-08-23 13:17:54 18432 ----a-w- C:\windows\System32\wksprtPS.dll 2012-08-23 13:06:58 43520 ----a-w- C:\windows\System32\TsUsbGDCoInstaller.dll 2012-08-23 12:52:53 44032 ----a-w- C:\windows\System32\tsgqec.dll 2012-08-23 11:20:06 62976 ----a-w- C:\windows\System32\TSWbPrxy.exe 2012-08-23 11:15:57 269312 ----a-w- C:\windows\SysWow64\aaclient.dll 2012-08-23 11:14:09 384000 ----a-w- C:\windows\System32\wksprt.exe 2012-08-23 11:12:17 192000 ----a-w- C:\windows\SysWow64\rdpendp_winip.dll 2012-08-23 10:54:24 322560 ----a-w- C:\windows\System32\aaclient.dll 2012-08-23 10:51:14 228864 ----a-w- C:\windows\System32\rdpendp_winip.dll 2012-08-23 10:39:24 1048064 ----a-w- C:\windows\SysWow64\mstsc.exe 2012-08-23 10:22:22 1123840 ----a-w- C:\windows\System32\mstsc.exe 2012-08-23 09:51:57 3174912 ----a-w- C:\windows\System32\rdpcorets.dll 2012-08-23 08:19:01 4916224 ----a-w- C:\windows\SysWow64\mstscax.dll 2012-08-23 08:13:07 5773824 ----a-w- C:\windows\System32\mstscax.dll 2012-08-22 18:12:40 950128 ----a-w- C:\windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 21:01:00 245760 ----a-w- C:\windows\System32\OxpsConverter.exe 2012-08-21 20:01:20 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys 2012-08-21 20:01:20 125872 ----a-w- C:\windows\System32\GEARAspi64.dll 2012-08-21 20:01:20 106928 ----a-w- C:\windows\SysWow64\GEARAspi.dll 2012-08-20 18:48:44 362496 ----a-w- C:\windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 14:00:39.25 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/5/2011 5:07:33 PM System Uptime: 11/13/2012 1:54:51 PM (1 hours ago) . Motherboard: AMD | | Torpedo Processor: AMD A6-3400M APU with Radeon HD Graphics | Socket FS1 | 1400/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 282 GiB total, 198.976 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP118: 9/22/2012 7:33:01 PM - Windows Update RP119: 9/24/2012 4:22:36 PM - Windows Update RP120: 9/25/2012 3:19:14 PM - Windows Update RP121: 10/1/2012 4:16:38 PM - Windows Update RP122: 10/6/2012 6:51:11 PM - Windows Update RP123: 10/14/2012 7:40:29 PM - Windows Update RP124: 10/18/2012 9:20:47 AM - Windows Update RP125: 10/21/2012 6:26:01 PM - Windows Update RP126: 11/8/2012 6:12:40 PM - Windows Update RP127: 11/8/2012 6:14:14 PM - Installed Java 7 Update 9 RP128: 11/12/2012 10:33:09 AM - Windows Update RP129: 11/12/2012 10:49:14 AM - Windows Update RP130: 11/13/2012 10:16:02 AM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X MUI Aion AMD VISION Engine Control Center Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver ATI Catalyst Install Manager Bandisoft MPEG-1 Decoder Bonjour Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Conexant HD Audio D3DX10 Google Chrome Google Update Helper iTunes Java 7 Update 9 Java Auto Updater JavaFX 2.1.1 Junk Mail filter update Label@Once 1.0 League of Legends Malwarebytes Anti-Malware version 1.65.1.1000 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Security Client Microsoft Security Essentials Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 NCsoft Launcher Netwaiting Nexon Game Manager Pando Media Booster PlayReady PC Runtime amd64 PlayReady PC Runtime x86 Realtek USB 2.0 Reader Driver Realtek WLAN Driver RuneScape Launcher 1.2 Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Skype Launcher Skype™ 5.10 StarCraft II Steam SUPERAntiSpyware Synaptics Pointing Device Driver TeamSpeak 3 Client TOSHIBA Disc Creator TOSHIBA eco Utility TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Laptop Checkup TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA PC Health Monitor TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Sleep Utility TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Wireless LAN Indicator Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Ventrilo Client for Windows x64 Vindictus VLC media player 2.0.2 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WMV9/VC-1 Video Playback . ==== Event Viewer Messages From Past Week ======== . 11/13/2012 1:55:36 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{88C63E5F-E7B8-4C96-95BD-56785CD0C947} because another computer on the network has the same name. The server could not start. 11/13/2012 1:55:36 PM, Error: NetBT [4321] - The name "GUON-PC :20" could not be registered on the interface with IP address 192.168.1.122. The computer with the IP address 192.168.1.77 did not allow the name to be claimed by this computer. 11/13/2012 1:55:36 PM, Error: NetBT [4321] - The name "GUON-PC :0" could not be registered on the interface with IP address 192.168.1.122. The computer with the IP address 192.168.1.77 did not allow the name to be claimed by this computer. 11/13/2012 1:55:35 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 11/12/2012 10:41:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 11/12/2012 10:41:34 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== RogueKiller V8.2.3 [11/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : guon [Admin rights] Mode : Scan -- Date : 11/13/2012 14:04:14 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK3275GSX ATA Device +++++ --- User --- [MBR] 724b0be15014ad92401e52d49b4f7438 [bSP] b4797f8c06c429c65614a29cc2a09f0b : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 288900 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 594741248 | Size: 14844 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_11132012_02d1404.txt >> RKreport[1]_S_11132012_02d1404.txt
- November 13, 2012
- 14 replies
Do I have a virus?

icog replied to icog's topic in Resolved Malware Removal Logs

According to the program list, I updated to that version on 9/2/2012, and I just started getting the message the other day. And im still getting it right now. Still clicking no every time.
- November 13, 2012
- 14 replies
Do I have a virus?

icog replied to icog's topic in Resolved Malware Removal Logs

Verified Java Version Congratulations! You have the recommended Java installed (Version 7 Update 9).
- November 13, 2012
- 14 replies
Do I have a virus?

icog posted a topic in Resolved Malware Removal Logs

Every time I open a webpage I get this User Account Control thing: Do you want to allow the following program to make changes to your computer? Program Name: Java SE runtime environment 7 update 9 Verified Publisher: Oracle America, Inc. File Origin: Hard drive on this computer Program Location: "C:\PROGRA~2\java\jre7\bin\ssvagent.exe" ~new ~high It doesn't happen on my other computer and java is up to date, so I'm not sure if this might be a virus or not, but I always click no when this happens. I have updated and ran malwarebytes and results say that nothing has been detected.
- November 12, 2012
- 14 replies
Google results redirected and svchost trojan unable to be deleted

icog replied to icog's topic in Resolved Malware Removal Logs

Will try the things in the preventive maintenance, thanks. And thanks again for all your help.
- March 20, 2012
- 21 replies
Google results redirected and svchost trojan unable to be deleted

icog replied to icog's topic in Resolved Malware Removal Logs

Seems to be fine, I havent had any problems yet. Could you possibly give me some tips/advice on what programs are good for real time protection so this does not happen again? Thanks a lot for your help
- March 19, 2012
- 21 replies
Google results redirected and svchost trojan unable to be deleted

icog replied to icog's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.18.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 guon :: GUON-PC [administrator] 3/18/2012 4:40:08 PM mbam-log-2012-03-18 (16-40-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 194108 Time elapsed: 4 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- March 18, 2012
- 21 replies
Google results redirected and svchost trojan unable to be deleted

icog replied to icog's topic in Resolved Malware Removal Logs

Never mind this, a restart got everything to work.
- March 18, 2012
- 21 replies
Google results redirected and svchost trojan unable to be deleted

icog replied to icog's topic in Resolved Malware Removal Logs

ComboFix 12-03-17.01 - guon 03/17/2012 16:56:41.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2535.1507 [GMT -7:00] Running from: c:\users\guon\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\guon\AppData\Roaming\mIRC\logs\status.log c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 ))))))))))))))))))))))))))))))) . . 2012-03-18 00:06 . 2012-03-18 00:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-17 23:19 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA4D9D03-84A5-4E71-A767-16FAC6D0B4CC}\mpengine.dll 2012-03-17 23:06 . 2012-03-17 23:06 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-17 22:31 . 2012-03-17 22:31 -------- d-----w- c:\users\guon\AppData\Local\Diagnostics 2012-03-17 04:17 . 2012-03-17 04:17 -------- d-----w- c:\users\guon\AppData\Local\Adobe 2012-03-14 12:15 . 2012-03-14 14:22 -------- d-----w- c:\windows\Microsoft Antimalware 2012-03-14 12:15 . 2012-03-14 12:15 -------- d-----w- c:\windows\Windows Defender Offline 2012-03-14 10:59 . 2012-03-14 10:59 -------- d-----w- C:\77dfcb876f953fe5af21558b3a67713d 2012-03-14 07:11 . 2012-03-14 08:19 -------- d-----w- c:\program files\CCleaner 2012-03-14 06:26 . 2012-03-14 06:26 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\F7D0.tmp 2012-03-14 06:26 . 2012-03-14 06:26 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\F7BF.tmp 2012-03-05 23:39 . 2012-03-05 23:39 -------- d-----w- c:\users\guon\jagexcache 2012-03-05 23:33 . 2012-03-05 23:33 -------- d-----w- c:\windows\system32\Macromed 2012-02-25 10:16 . 2012-02-25 10:16 0 ----a-w- c:\windows\SysWow64\sho45D9.tmp 2012-02-25 09:55 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-25 09:55 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-02-25 09:55 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-02-25 09:55 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-02-25 09:55 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-25 09:54 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-25 09:54 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-25 09:54 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-02-25 07:58 . 2011-12-06 01:39 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-02-25 07:57 . 2012-02-25 07:54 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2202123-A88F-4B6F-8E9F-0FBCD97DA295}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-05 23:33 . 2011-07-27 01:54 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-23 17:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-08 07:13 . 2011-12-07 07:05 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-12-20 13:10 . 2011-12-20 13:10 0 ----a-w- c:\windows\SysWow64\sho99FC.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-12-06 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-26 336384] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-06-28 828856] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 09:41] . 2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 09:41] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-25 310912] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-07-01 562304] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://mail.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe Toolbar-Locked - (no file) HKLM-Run-(Default) - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-03-17 17:23:56 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-18 00:23 . Pre-Run: 241,738,182,656 bytes free Post-Run: 241,325,166,592 bytes free . - - End Of File - - DB69AA01DC6408B2993EB89701F99DB9 Now I can't open any of my files/programs at all, is that normal? I get a "Illegal operation attempted on a registry key that has been marked for deletion" message.
- March 18, 2012
- 21 replies
Google results redirected and svchost trojan unable to be deleted

icog replied to icog's topic in Resolved Malware Removal Logs

16:05:03.0467 4020 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43 16:05:04.0197 4020 ============================================================ 16:05:04.0197 4020 Current date / time: 2012/03/17 16:05:04.0197 16:05:04.0197 4020 SystemInfo: 16:05:04.0197 4020 16:05:04.0197 4020 OS Version: 6.1.7601 ServicePack: 1.0 16:05:04.0197 4020 Product type: Workstation 16:05:04.0197 4020 ComputerName: GUON-PC 16:05:04.0197 4020 UserName: guon 16:05:04.0197 4020 Windows directory: C:\windows 16:05:04.0197 4020 System windows directory: C:\windows 16:05:04.0198 4020 Running under WOW64 16:05:04.0198 4020 Processor architecture: Intel x64 16:05:04.0198 4020 Number of processors: 4 16:05:04.0198 4020 Page size: 0x1000 16:05:04.0198 4020 Boot type: Normal boot 16:05:04.0198 4020 ============================================================ 16:05:06.0073 4020 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:05:06.0078 4020 \Device\Harddisk0\DR0: 16:05:06.0078 4020 MBR used 16:05:06.0078 4020 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23442000 16:05:06.0103 4020 Initialize success 16:05:06.0103 4020 ============================================================ 16:05:17.0164 5784 ============================================================ 16:05:17.0164 5784 Scan started 16:05:17.0164 5784 Mode: Manual; SigCheck; TDLFS; 16:05:17.0164 5784 ============================================================ 16:05:20.0932 5784 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys 16:05:21.0027 5784 1394ohci - ok 16:05:21.0259 5784 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 16:05:21.0302 5784 ACPI - ok 16:05:21.0452 5784 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 16:05:21.0532 5784 AcpiPmi - ok 16:05:21.0954 5784 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys 16:05:21.0992 5784 adp94xx - ok 16:05:22.0207 5784 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys 16:05:22.0237 5784 adpahci - ok 16:05:22.0489 5784 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys 16:05:22.0514 5784 adpu320 - ok 16:05:22.0662 5784 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys 16:05:22.0734 5784 AFD - ok 16:05:22.0947 5784 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 16:05:22.0969 5784 agp440 - ok 16:05:23.0124 5784 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 16:05:23.0147 5784 aliide - ok 16:05:23.0292 5784 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 16:05:23.0312 5784 amdide - ok 16:05:23.0449 5784 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys 16:05:23.0492 5784 AmdK8 - ok 16:05:23.0809 5784 amdkmdag (fad670b417adccd9c99bc3aa3d754958) C:\windows\system32\DRIVERS\atikmdag.sys 16:05:24.0189 5784 amdkmdag - ok 16:05:24.0359 5784 amdkmdap (f0b63dead17f760dbc85ccd7bf978c05) C:\windows\system32\DRIVERS\atikmpag.sys 16:05:24.0414 5784 amdkmdap - ok 16:05:24.0614 5784 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys 16:05:24.0654 5784 AmdPPM - ok 16:05:24.0812 5784 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 16:05:24.0832 5784 amdsata - ok 16:05:24.0972 5784 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys 16:05:24.0997 5784 amdsbs - ok 16:05:25.0200 5784 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 16:05:25.0220 5784 amdxata - ok 16:05:25.0372 5784 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 16:05:25.0595 5784 AppID - ok 16:05:25.0752 5784 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys 16:05:25.0777 5784 arc - ok 16:05:26.0145 5784 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys 16:05:26.0170 5784 arcsas - ok 16:05:26.0302 5784 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 16:05:26.0442 5784 AsyncMac - ok 16:05:26.0547 5784 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 16:05:26.0567 5784 atapi - ok 16:05:26.0720 5784 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\windows\system32\drivers\AtihdW76.sys 16:05:26.0762 5784 AtiHDAudioService - ok 16:05:26.0967 5784 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys 16:05:27.0020 5784 b06bdrv - ok 16:05:27.0170 5784 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 16:05:27.0245 5784 b57nd60a - ok 16:05:27.0395 5784 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 16:05:27.0470 5784 Beep - ok 16:05:27.0652 5784 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 16:05:27.0705 5784 blbdrive - ok 16:05:27.0845 5784 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 16:05:27.0927 5784 bowser - ok 16:05:28.0072 5784 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys 16:05:28.0127 5784 BrFiltLo - ok 16:05:28.0272 5784 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys 16:05:28.0310 5784 BrFiltUp - ok 16:05:28.0462 5784 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 16:05:28.0510 5784 Brserid - ok 16:05:28.0660 5784 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 16:05:28.0690 5784 BrSerWdm - ok 16:05:28.0840 5784 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 16:05:28.0880 5784 BrUsbMdm - ok 16:05:29.0030 5784 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 16:05:29.0060 5784 BrUsbSer - ok 16:05:29.0210 5784 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys 16:05:29.0250 5784 BTHMODEM - ok 16:05:29.0400 5784 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 16:05:29.0470 5784 cdfs - ok 16:05:29.0610 5784 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys 16:05:29.0680 5784 cdrom - ok 16:05:29.0830 5784 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys 16:05:29.0880 5784 circlass - ok 16:05:30.0030 5784 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 16:05:30.0060 5784 CLFS - ok 16:05:30.0230 5784 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 16:05:30.0270 5784 CmBatt - ok 16:05:30.0380 5784 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 16:05:30.0420 5784 cmdide - ok 16:05:30.0580 5784 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys 16:05:30.0640 5784 CNG - ok 16:05:30.0820 5784 CnxtHdAudService (20506f12afad3db588d007ea9325fbbc) C:\windows\system32\drivers\CHDRT64.sys 16:05:30.0900 5784 CnxtHdAudService - ok 16:05:31.0050 5784 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys 16:05:31.0070 5784 Compbatt - ok 16:05:31.0230 5784 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys 16:05:31.0290 5784 CompositeBus - ok 16:05:31.0440 5784 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys 16:05:31.0460 5784 crcdisk - ok 16:05:31.0640 5784 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 16:05:31.0710 5784 DfsC - ok 16:05:31.0850 5784 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 16:05:31.0930 5784 discache - ok 16:05:32.0080 5784 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys 16:05:32.0120 5784 Disk - ok 16:05:32.0280 5784 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 16:05:32.0320 5784 drmkaud - ok 16:05:32.0470 5784 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 16:05:32.0530 5784 DXGKrnl - ok 16:05:32.0670 5784 EagleX64 - ok 16:05:32.0780 5784 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys 16:05:32.0880 5784 ebdrv - ok 16:05:33.0060 5784 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys 16:05:33.0100 5784 elxstor - ok 16:05:33.0100 5784 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys 16:05:33.0150 5784 ErrDev - ok 16:05:33.0300 5784 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 16:05:33.0370 5784 exfat - ok 16:05:33.0490 5784 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 16:05:33.0550 5784 fastfat - ok 16:05:33.0690 5784 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys 16:05:33.0730 5784 fdc - ok 16:05:33.0880 5784 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 16:05:33.0900 5784 FileInfo - ok 16:05:33.0930 5784 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 16:05:33.0990 5784 Filetrace - ok 16:05:34.0120 5784 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys 16:05:34.0140 5784 flpydisk - ok 16:05:34.0250 5784 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys 16:05:34.0310 5784 FltMgr - ok 16:05:34.0400 5784 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 16:05:34.0430 5784 FsDepends - ok 16:05:34.0510 5784 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys 16:05:34.0530 5784 Fs_Rec - ok 16:05:34.0630 5784 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys 16:05:34.0660 5784 fvevol - ok 16:05:34.0810 5784 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys 16:05:34.0840 5784 gagp30kx - ok 16:05:34.0980 5784 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 16:05:35.0030 5784 hcw85cir - ok 16:05:35.0220 5784 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys 16:05:35.0280 5784 HdAudAddService - ok 16:05:35.0450 5784 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys 16:05:35.0490 5784 HDAudBus - ok 16:05:35.0610 5784 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys 16:05:35.0650 5784 HidBatt - ok 16:05:35.0760 5784 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys 16:05:35.0800 5784 HidBth - ok 16:05:35.0940 5784 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys 16:05:35.0980 5784 HidIr - ok 16:05:36.0150 5784 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys 16:05:36.0310 5784 HidUsb - ok 16:05:36.0670 5784 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys 16:05:36.0700 5784 HpSAMD - ok 16:05:36.0850 5784 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys 16:05:36.0950 5784 HTTP - ok 16:05:37.0070 5784 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys 16:05:37.0090 5784 hwpolicy - ok 16:05:37.0150 5784 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys 16:05:37.0190 5784 i8042prt - ok 16:05:37.0330 5784 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys 16:05:37.0360 5784 iaStorV - ok 16:05:37.0530 5784 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys 16:05:37.0550 5784 iirsp - ok 16:05:37.0560 5784 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys 16:05:37.0580 5784 intelide - ok 16:05:37.0720 5784 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys 16:05:37.0760 5784 intelppm - ok 16:05:37.0900 5784 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys 16:05:37.0950 5784 IpFilterDriver - ok 16:05:38.0070 5784 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys 16:05:38.0120 5784 IPMIDRV - ok 16:05:38.0180 5784 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 16:05:38.0250 5784 IPNAT - ok 16:05:38.0370 5784 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 16:05:38.0410 5784 IRENUM - ok 16:05:38.0420 5784 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys 16:05:38.0440 5784 isapnp - ok 16:05:38.0460 5784 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys 16:05:38.0490 5784 iScsiPrt - ok 16:05:38.0620 5784 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys 16:05:38.0640 5784 kbdclass - ok 16:05:38.0770 5784 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys 16:05:38.0810 5784 kbdhid - ok 16:05:38.0950 5784 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys 16:05:38.0970 5784 KSecDD - ok 16:05:39.0210 5784 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys 16:05:39.0260 5784 KSecPkg - ok 16:05:39.0400 5784 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 16:05:39.0490 5784 ksthunk - ok 16:05:39.0650 5784 L1C (045fb70bc993b691517ce309045ff02d) C:\windows\system32\DRIVERS\L1C62x64.sys 16:05:39.0700 5784 L1C - ok 16:05:39.0850 5784 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 16:05:39.0920 5784 lltdio - ok 16:05:40.0070 5784 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys 16:05:40.0090 5784 LSI_FC - ok 16:05:40.0220 5784 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys 16:05:40.0240 5784 LSI_SAS - ok 16:05:40.0330 5784 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys 16:05:40.0360 5784 LSI_SAS2 - ok 16:05:40.0370 5784 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys 16:05:40.0390 5784 LSI_SCSI - ok 16:05:40.0450 5784 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 16:05:40.0530 5784 luafv - ok 16:05:40.0650 5784 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys 16:05:40.0670 5784 megasas - ok 16:05:40.0840 5784 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys 16:05:40.0880 5784 MegaSR - ok 16:05:40.0890 5784 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 16:05:40.0950 5784 Modem - ok 16:05:41.0080 5784 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 16:05:41.0150 5784 monitor - ok 16:05:41.0250 5784 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys 16:05:41.0280 5784 mouclass - ok 16:05:41.0410 5784 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 16:05:41.0460 5784 mouhid - ok 16:05:41.0630 5784 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys 16:05:41.0750 5784 mountmgr - ok 16:05:41.0950 5784 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys 16:05:42.0000 5784 MpFilter - ok 16:05:42.0110 5784 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys 16:05:42.0140 5784 mpio - ok 16:05:42.0290 5784 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys 16:05:42.0330 5784 MpNWMon - ok 16:05:42.0430 5784 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 16:05:42.0520 5784 mpsdrv - ok 16:05:42.0640 5784 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys 16:05:42.0680 5784 MRxDAV - ok 16:05:42.0790 5784 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys 16:05:42.0870 5784 mrxsmb - ok 16:05:42.0990 5784 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys 16:05:43.0030 5784 mrxsmb10 - ok 16:05:43.0140 5784 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys 16:05:43.0190 5784 mrxsmb20 - ok 16:05:43.0200 5784 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys 16:05:43.0220 5784 msahci - ok 16:05:43.0250 5784 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys 16:05:43.0270 5784 msdsm - ok 16:05:43.0410 5784 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 16:05:43.0480 5784 Msfs - ok 16:05:43.0600 5784 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 16:05:43.0680 5784 mshidkmdf - ok 16:05:43.0780 5784 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys 16:05:43.0800 5784 msisadrv - ok 16:05:43.0960 5784 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 16:05:44.0030 5784 MSKSSRV - ok 16:05:44.0200 5784 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 16:05:44.0260 5784 MSPCLOCK - ok 16:05:44.0400 5784 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 16:05:44.0490 5784 MSPQM - ok 16:05:44.0600 5784 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys 16:05:44.0640 5784 MsRPC - ok 16:05:44.0730 5784 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys 16:05:44.0750 5784 mssmbios - ok 16:05:44.0790 5784 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 16:05:44.0860 5784 MSTEE - ok 16:05:44.0970 5784 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys 16:05:45.0010 5784 MTConfig - ok 16:05:45.0120 5784 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 16:05:45.0160 5784 Mup - ok 16:05:45.0350 5784 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 16:05:45.0410 5784 NativeWifiP - ok 16:05:45.0570 5784 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys 16:05:45.0630 5784 NDIS - ok 16:05:45.0760 5784 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 16:05:45.0840 5784 NdisCap - ok 16:05:45.0970 5784 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 16:05:46.0050 5784 NdisTapi - ok 16:05:46.0200 5784 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys 16:05:46.0290 5784 Ndisuio - ok 16:05:46.0400 5784 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys 16:05:46.0480 5784 NdisWan - ok 16:05:46.0590 5784 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys 16:05:46.0660 5784 NDProxy - ok 16:05:46.0790 5784 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 16:05:46.0850 5784 NetBIOS - ok 16:05:47.0020 5784 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys 16:05:47.0110 5784 NetBT - ok 16:05:47.0330 5784 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys 16:05:47.0360 5784 nfrd960 - ok 16:05:47.0520 5784 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys 16:05:47.0560 5784 NisDrv - ok 16:05:47.0720 5784 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 16:05:47.0790 5784 Npfs - ok 16:05:47.0900 5784 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 16:05:47.0980 5784 nsiproxy - ok 16:05:48.0120 5784 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys 16:05:48.0190 5784 Ntfs - ok 16:05:48.0310 5784 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 16:05:48.0390 5784 Null - ok 16:05:48.0510 5784 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys 16:05:48.0550 5784 nvraid - ok 16:05:48.0670 5784 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys 16:05:48.0700 5784 nvstor - ok 16:05:48.0740 5784 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys 16:05:48.0770 5784 nv_agp - ok 16:05:48.0860 5784 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys 16:05:48.0910 5784 ohci1394 - ok 16:05:48.0940 5784 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys 16:05:48.0980 5784 Parport - ok 16:05:49.0090 5784 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys 16:05:49.0130 5784 partmgr - ok 16:05:49.0160 5784 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys 16:05:49.0190 5784 pci - ok 16:05:49.0320 5784 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys 16:05:49.0350 5784 pciide - ok 16:05:49.0460 5784 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys 16:05:49.0490 5784 pcmcia - ok 16:05:49.0530 5784 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 16:05:49.0550 5784 pcw - ok 16:05:49.0650 5784 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 16:05:49.0740 5784 PEAUTH - ok 16:05:49.0890 5784 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys 16:05:49.0930 5784 PGEffect - ok 16:05:50.0110 5784 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys 16:05:50.0200 5784 PptpMiniport - ok 16:05:50.0310 5784 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys 16:05:50.0360 5784 Processor - ok 16:05:50.0430 5784 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys 16:05:50.0520 5784 Psched - ok 16:05:50.0650 5784 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys 16:05:50.0680 5784 QIOMem - ok 16:05:50.0860 5784 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys 16:05:50.0920 5784 ql2300 - ok 16:05:51.0040 5784 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys 16:05:51.0070 5784 ql40xx - ok 16:05:51.0090 5784 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 16:05:51.0130 5784 QWAVEdrv - ok 16:05:51.0170 5784 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 16:05:51.0220 5784 RasAcd - ok 16:05:51.0380 5784 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 16:05:51.0440 5784 RasAgileVpn - ok 16:05:51.0690 5784 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys 16:05:51.0780 5784 Rasl2tp - ok 16:05:51.0950 5784 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 16:05:52.0010 5784 RasPppoe - ok 16:05:52.0150 5784 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 16:05:52.0230 5784 RasSstp - ok 16:05:52.0370 5784 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys 16:05:52.0450 5784 rdbss - ok 16:05:52.0550 5784 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys 16:05:52.0600 5784 rdpbus - ok 16:05:52.0730 5784 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 16:05:52.0810 5784 RDPCDD - ok 16:05:52.0940 5784 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 16:05:53.0010 5784 RDPENCDD - ok 16:05:53.0140 5784 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 16:05:53.0200 5784 RDPREFMP - ok 16:05:53.0240 5784 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys 16:05:53.0290 5784 RDPWD - ok 16:05:53.0400 5784 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys 16:05:53.0440 5784 rdyboost - ok 16:05:53.0590 5784 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 16:05:53.0680 5784 rspndr - ok 16:05:53.0820 5784 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys 16:05:53.0860 5784 RSUSBSTOR - ok 16:05:53.0880 5784 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys 16:05:53.0910 5784 RSUSBVSTOR - ok 16:05:54.0070 5784 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys 16:05:54.0130 5784 RTL8192Ce - ok 16:05:54.0200 5784 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 16:05:54.0220 5784 SASDIFSV - ok 16:05:54.0220 5784 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 16:05:54.0240 5784 SASKUTIL - ok 16:05:54.0350 5784 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys 16:05:54.0380 5784 sbp2port - ok 16:05:54.0390 5784 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys 16:05:54.0450 5784 scfilter - ok 16:05:54.0590 5784 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 16:05:54.0650 5784 secdrv - ok 16:05:54.0790 5784 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys 16:05:54.0840 5784 Serenum - ok 16:05:54.0980 5784 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys 16:05:55.0030 5784 Serial - ok 16:05:55.0190 5784 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys 16:05:55.0230 5784 sermouse - ok 16:05:55.0370 5784 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys 16:05:55.0420 5784 sffdisk - ok 16:05:55.0530 5784 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys 16:05:55.0570 5784 sffp_mmc - ok 16:05:55.0690 5784 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys 16:05:55.0730 5784 sffp_sd - ok 16:05:55.0850 5784 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys 16:05:55.0900 5784 sfloppy - ok 16:05:56.0070 5784 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys 16:05:56.0120 5784 Sftfs - ok 16:05:56.0240 5784 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys 16:05:56.0270 5784 Sftplay - ok 16:05:56.0370 5784 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys 16:05:56.0410 5784 Sftredir - ok 16:05:56.0430 5784 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys 16:05:56.0450 5784 Sftvol - ok 16:05:56.0770 5784 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys 16:05:56.0800 5784 SiSRaid2 - ok 16:05:56.0850 5784 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys 16:05:56.0860 5784 SiSRaid4 - ok 16:05:56.0900 5784 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 16:05:56.0960 5784 Smb - ok 16:05:57.0100 5784 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 16:05:57.0130 5784 spldr - ok 16:05:57.0260 5784 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys 16:05:57.0330 5784 srv - ok 16:05:57.0460 5784 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys 16:05:57.0540 5784 srv2 - ok 16:05:57.0690 5784 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS 16:05:57.0740 5784 SrvHsfHDA - ok 16:05:57.0880 5784 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS 16:05:57.0950 5784 SrvHsfV92 - ok 16:05:58.0080 5784 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS 16:05:58.0130 5784 SrvHsfWinac - ok 16:05:58.0270 5784 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys 16:05:58.0330 5784 srvnet - ok 16:05:58.0480 5784 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys 16:05:58.0510 5784 stexstor - ok 16:05:58.0640 5784 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys 16:05:58.0680 5784 swenum - ok 16:05:58.0880 5784 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys 16:05:58.0940 5784 SynTP - ok 16:05:59.0120 5784 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys 16:05:59.0190 5784 Tcpip - ok 16:05:59.0380 5784 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys 16:05:59.0440 5784 TCPIP6 - ok 16:05:59.0560 5784 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys 16:05:59.0640 5784 tcpipreg - ok 16:05:59.0790 5784 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys 16:05:59.0830 5784 tdcmdpst - ok 16:05:59.0940 5784 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 16:06:00.0020 5784 TDPIPE - ok 16:06:00.0130 5784 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys 16:06:00.0210 5784 TDTCP - ok 16:06:00.0330 5784 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys 16:06:00.0390 5784 tdx - ok 16:06:00.0520 5784 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys 16:06:00.0550 5784 TermDD - ok 16:06:00.0720 5784 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys 16:06:00.0780 5784 tssecsrv - ok 16:06:00.0930 5784 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys 16:06:00.0980 5784 TsUsbFlt - ok 16:06:01.0090 5784 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys 16:06:01.0150 5784 TsUsbGD - ok 16:06:01.0290 5784 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys 16:06:01.0370 5784 tunnel - ok 16:06:01.0530 5784 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS 16:06:01.0560 5784 TVALZ - ok 16:06:01.0670 5784 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys 16:06:01.0710 5784 TVALZFL - ok 16:06:01.0840 5784 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys 16:06:01.0890 5784 uagp35 - ok 16:06:01.0940 5784 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys 16:06:02.0010 5784 udfs - ok 16:06:02.0150 5784 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys 16:06:02.0180 5784 uliagpkx - ok 16:06:02.0270 5784 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys 16:06:02.0310 5784 umbus - ok 16:06:02.0470 5784 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys 16:06:02.0510 5784 UmPass - ok 16:06:02.0620 5784 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys 16:06:02.0640 5784 usbccgp - ok 16:06:02.0780 5784 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys 16:06:02.0830 5784 usbcir - ok 16:06:02.0940 5784 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys 16:06:02.0990 5784 usbehci - ok 16:06:03.0130 5784 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys 16:06:03.0200 5784 usbhub - ok 16:06:03.0310 5784 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys 16:06:03.0400 5784 usbohci - ok 16:06:03.0510 5784 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys 16:06:03.0560 5784 usbprint - ok 16:06:03.0680 5784 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS 16:06:03.0750 5784 USBSTOR - ok 16:06:03.0870 5784 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys 16:06:03.0910 5784 usbuhci - ok 16:06:04.0050 5784 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys 16:06:04.0080 5784 usbvideo - ok 16:06:04.0200 5784 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys 16:06:04.0230 5784 vdrvroot - ok 16:06:04.0380 5784 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 16:06:04.0420 5784 vga - ok 16:06:04.0530 5784 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 16:06:04.0590 5784 VgaSave - ok 16:06:04.0710 5784 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys 16:06:04.0750 5784 vhdmp - ok 16:06:04.0860 5784 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys 16:06:04.0880 5784 viaide - ok 16:06:04.0990 5784 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys 16:06:05.0010 5784 volmgr - ok 16:06:05.0130 5784 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys 16:06:05.0160 5784 volmgrx - ok 16:06:05.0270 5784 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys 16:06:05.0300 5784 volsnap - ok 16:06:05.0430 5784 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys 16:06:05.0470 5784 vsmraid - ok 16:06:05.0490 5784 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 16:06:05.0530 5784 vwifibus - ok 16:06:05.0640 5784 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys 16:06:05.0710 5784 vwififlt - ok 16:06:05.0840 5784 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys 16:06:05.0890 5784 WacomPen - ok 16:06:06.0020 5784 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 16:06:06.0120 5784 WANARP - ok 16:06:06.0140 5784 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 16:06:06.0190 5784 Wanarpv6 - ok 16:06:06.0320 5784 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys 16:06:06.0360 5784 Wd - ok 16:06:06.0400 5784 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 16:06:06.0430 5784 Wdf01000 - ok 16:06:06.0560 5784 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 16:06:06.0620 5784 WfpLwf - ok 16:06:06.0660 5784 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 16:06:06.0670 5784 WIMMount - ok 16:06:06.0820 5784 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys 16:06:06.0850 5784 WmiAcpi - ok 16:06:06.0990 5784 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 16:06:07.0050 5784 ws2ifsl - ok 16:06:07.0170 5784 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys 16:06:07.0250 5784 WudfPf - ok 16:06:07.0380 5784 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys 16:06:07.0470 5784 WUDFRd - ok 16:06:07.0500 5784 MBR (0x1B8) (849e52748aab5959bc8000cb4974bc13) \Device\Harddisk0\DR0 16:06:07.0540 5784 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 16:06:07.0540 5784 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 16:06:08.0260 5784 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 16:06:08.0260 5784 \Device\Harddisk0\DR0 - detected TDSS File System (1) 16:06:08.0300 5784 Boot (0x1200) (4124e21a58780cad6e982fcc688fbafb) \Device\Harddisk0\DR0\Partition0 16:06:08.0300 5784 \Device\Harddisk0\DR0\Partition0 - ok 16:06:08.0300 5784 ============================================================ 16:06:08.0300 5784 Scan finished 16:06:08.0300 5784 ============================================================ 16:06:08.0320 4036 Detected object count: 2 16:06:08.0320 4036 Actual detected object count: 2 16:06:52.0020 4036 \Device\Harddisk0\DR0\# - copied to quarantine 16:06:52.0020 4036 \Device\Harddisk0\DR0 - copied to quarantine 16:06:54.0070 4036 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 16:06:54.0320 4036 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 16:06:54.0410 4036 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 16:06:54.0600 4036 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 16:06:54.0730 4036 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 16:06:57.0680 4036 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 16:06:57.0840 4036 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 16:06:57.0890 4036 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 16:06:57.0900 4036 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 16:06:57.0900 4036 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 16:06:57.0960 4036 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 16:06:57.0970 4036 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 16:06:58.0120 4036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 16:06:58.0120 4036 \Device\Harddisk0\DR0 - ok 16:06:58.0610 4036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 16:06:58.0610 4036 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 16:06:58.0610 4036 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 16:07:58.0681 2320 Deinitialize success And after the cure, microsoft security essentials detected threats from the quarantined files, should I just ignore that?
- March 17, 2012
- 21 replies
Google results redirected and svchost trojan unable to be deleted

icog replied to icog's topic in Resolved Malware Removal Logs

I do not have the windows 7 installation disk, as this laptop came with windows 7, so im not sure how I can use bootrec.exe... Everytime I scan in Roguekiller, I get in the report: [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] Does that mean its not working? Should I just run TDSSKiller anyways?
- March 17, 2012
- 21 replies
Google results redirected and svchost trojan unable to be deleted

icog replied to icog's topic in Resolved Malware Removal Logs

I don't know if this will help, but I remembered when microsoft security essentials detected alureon, it was something like MBR:: Alureon
- March 17, 2012
- 21 replies
Google results redirected and svchost trojan unable to be deleted

icog replied to icog's topic in Resolved Malware Removal Logs

I unchecked the box that said MBR scan and this is what I got RogueKiller V7.3.1 [03/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: guon [Admin rights] Mode: Scan -- Date: 03/16/2012 23:54:45 ¤¤¤ Bad processes: 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 5 ¤¤¤ [HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ Finished : << RKreport[1].txt >> RKreport[1].txt
- March 17, 2012
- 21 replies
Google results redirected and svchost trojan unable to be deleted

icog replied to icog's topic in Resolved Malware Removal Logs

Same thing happens
- March 17, 2012
- 21 replies
Google results redirected and svchost trojan unable to be deleted

icog replied to icog's topic in Resolved Malware Removal Logs

In case the additional information is important, here it is:
- March 16, 2012
- 21 replies
Google results redirected and svchost trojan unable to be deleted

icog replied to icog's topic in Resolved Malware Removal Logs

Hello, I have downloaded and ran Rougekiller, but everytime it gets to the part where it says "Reading MBR...", the program stops working and this is what I get: After that it just closes, and the same thing happens everything I run it.
- March 16, 2012
- 21 replies
Google results redirected and svchost trojan unable to be deleted

icog posted a topic in Resolved Malware Removal Logs

I have run many scans with malwarebytes and each time I get this: C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. So I reboot and run malwarebytes again and it finds the same thing again, I cannot seem to get rid of this Also, my google search results go to random sites, some other butterfly search engine site, and once even a youtube vid Microsoft Security Essentials detected some alureon thing, and prompted me to download microsoft defender offline to get rid of it, which I did, from the microsoft site, but when I ran it nothing was found. So since malwarebytes could not resolve this problem, I have decided to post here asking for help. Here are the logs after I followed the instructions from the pinned thread: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by guon at 14:59:54 on 2012-03-14 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2535.1257 [GMT -7:00] . AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\atieclxx.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\taskhost.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\windows\system32\taskeng.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\TECO\Teco.exe C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe -netsvcs C:\windows\system32\conhost.exe C:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe C:\windows\system32\DllHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe C:\windows\system32\sppsvc.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\windows\system32\taskhost.exe C:\windows\servicing\TrustedInstaller.exe C:\windows\system32\wuauclt.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\SearchProtocolHost.exe c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe \\?\C:\windows\system32\wbem\WMIADAP.EXE C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mail.yahoo.com/ uDefault_Page_URL = hxxp://start.toshiba.com uInternet Settings,ProxyOverride = <local> mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{88C63E5F-E7B8-4C96-95BD-56785CD0C947} : DhcpNameServer = 192.168.1.254 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-11-29 123320] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-11-29 126392] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?] R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?] R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?] R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?] R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-11-29 57216] R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-6-27 828856] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-03-14 21:59:02 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF458BA6-877C-4BBE-A003-52A395005412}\offreg.dll 2012-03-14 12:15:46 -------- d-----w- C:\windows\Microsoft Antimalware 2012-03-14 12:15:41 -------- d-----w- C:\windows\Windows Defender Offline 2012-03-14 10:59:40 -------- d-----w- C:\77dfcb876f953fe5af21558b3a67713d 2012-03-14 09:48:22 20480 ----a-w- C:\windows\svchost.exe 2012-03-14 08:31:51 8643640 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF458BA6-877C-4BBE-A003-52A395005412}\mpengine.dll 2012-03-14 07:11:34 -------- d-----w- C:\Program Files\CCleaner 2012-03-14 06:26:27 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F7D0.tmp 2012-03-14 06:26:27 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F7BF.tmp 2012-03-05 23:39:30 -------- d-----w- C:\Users\guon\jagexcache 2012-02-25 10:16:51 0 ----a-w- C:\windows\SysWow64\sho45D9.tmp 2012-02-25 09:55:08 509952 ----a-w- C:\windows\System32\ntshrui.dll 2012-02-25 09:55:08 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll 2012-02-25 09:55:03 515584 ----a-w- C:\windows\System32\timedate.cpl 2012-02-25 09:55:02 478720 ----a-w- C:\windows\SysWow64\timedate.cpl 2012-02-25 09:55:01 3145728 ----a-w- C:\windows\System32\win32k.sys 2012-02-25 09:54:31 498688 ----a-w- C:\windows\System32\drivers\afd.sys 2012-02-25 09:54:29 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll 2012-02-25 09:54:29 634880 ----a-w- C:\windows\System32\msvcrt.dll 2012-02-25 07:58:08 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-02-25 07:57:55 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B2202123-A88F-4B6F-8E9F-0FBCD97DA295}\gapaengine.dll . ==================== Find3M ==================== . 2012-03-05 23:33:46 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-23 17:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe 2011-12-20 13:10:18 0 ----a-w- C:\windows\SysWow64\sho99FC.tmp . ============= FINISH: 15:00:41.65 =============== Attach file: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/5/2011 5:07:33 PM System Uptime: 3/14/2012 2:54:53 PM (1 hours ago) . Motherboard: AMD | | Torpedo Processor: AMD A6-3400M APU with Radeon™ HD Graphics | Socket FS1 | 1400/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 282 GiB total, 226.269 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP30: 12/30/2011 12:03:44 AM - Windows Update RP31: 12/31/2011 7:02:27 PM - Windows Update RP32: 1/4/2012 3:38:16 AM - Windows Update RP33: 1/17/2012 6:39:21 PM - Windows Update RP34: 1/17/2012 6:42:56 PM - Windows Update RP35: 2/9/2012 2:15:10 AM - Windows Update RP36: 2/24/2012 11:53:16 PM - Windows Update RP37: 2/25/2012 1:57:35 AM - Windows Update RP38: 2/25/2012 1:58:48 AM - Windows Update RP39: 3/4/2012 3:50:36 PM - Windows Update RP40: 3/11/2012 5:33:19 PM - Windows Update RP41: 3/13/2012 2:49:12 PM - Windows Update RP42: 3/13/2012 11:41:51 PM - Restore Operation RP43: 3/14/2012 1:31:30 AM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 Plugin Adobe Reader X MUI AMD VISION Engine Control Center Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Bandisoft MPEG-1 Decoder Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module D3DX10 Google Chrome Google Update Helper Java Auto Updater Java™ 6 Update 25 Junk Mail filter update Label@Once 1.0 League of Legends Malwarebytes Anti-Malware version 1.60.0.1800 Mesh Runtime Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English mIRC Mozilla Firefox 8.0.1 (x86 en-US) MSVCRT MSVCRT_amd64 Netwaiting Nexon Game Manager Pando Media Booster PlayReady PC Runtime x86 Realtek USB 2.0 Reader Driver Realtek WLAN Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Skype Launcher StarCraft II Steam TOSHIBA Assist TOSHIBA Face Recognition TOSHIBA Hardware Setup Toshiba Laptop Checkup TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Sleep Utility TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application TOSHIBA Wireless LAN Indicator Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Vindictus Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 3/14/2012 4:05:16 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 3/14/2012 3:46:01 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 3/14/2012 2:55:47 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 3/14/2012 2:55:14 PM, Error: NetBT [4321] - The name "GUON-PC :0" could not be registered on the interface with IP address 192.168.1.71. The computer with the IP address 192.168.1.68 did not allow the name to be claimed by this computer. 3/14/2012 2:48:01 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 3/14/2012 2:20:31 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 3/14/2012 12:07:21 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 3/14/2012 1:24:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 3/14/2012 1:24:38 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/14/2012 1:21:17 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0 3/14/2012 1:16:29 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 3/14/2012 1:10:57 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 3/13/2012 2:52:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1330.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/13/2012 2:52:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1330.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/13/2012 2:52:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1330.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/13/2012 11:47:19 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0 3/13/2012 11:30:27 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 3/13/2012 11:26:41 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0. 3/12/2012 10:24:31 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user guon-PC\guon SID (S-1-5-21-2913796982-2414487537-1882358387-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 3/12/2012 1:42:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 3/11/2012 5:22:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. . ==== End Of File =========================== Is there anything I can do to fix this? Thanks in advance for your help.
- March 14, 2012
- 21 replies

Events

Profiles

Forums

Everything posted by icog

Important Information