icog
-
Posts
21 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by icog
-
-
Message doesn't pop up anymore, thanks... can you please explain what that was and how I might have gotten it?
-
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2913796982-2414487537-1882358387-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2913796982-2414487537-1882358387-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-2913796982-2414487537-1882358387-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
File PTYJAVA] not found.
File ptytemp] not found.
File PTYFLASH] not found.
OTL by OldTimer - Version 3.2.69.0 log created on 11152012_083251
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java 7 Update 9
Adobe Flash Player 11.5.502.110
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````
OTL logfile created on: 11/14/2012 8:47:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\guon\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.48 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 46.46% Memory free
4.95 Gb Paging File | 3.53 Gb Available in Paging File | 71.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.13 Gb Total Space | 199.01 Gb Free Space | 70.54% Space Free | Partition Type: NTFS
Computer Name: GUON-PC | User Name: guon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/11/14 08:44:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\guon\Desktop\OTL.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/19 07:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/07/19 07:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/08/11 15:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/06/27 22:25:26 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/09 21:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/26 00:09:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/24 09:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 14:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/10/20 14:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/11/12 10:44:31 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/12 10:40:58 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/08 20:04:21 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/19 07:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/19 07:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/07/11 17:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/07 15:02:16 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/05/26 01:58:22 | 009,263,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/05/25 23:28:50 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 11:29:10 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/02/03 19:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/05 01:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/12/01 16:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/30 14:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/24 07:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 12:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {04025389-B921-4619-A2CF-8C34C50B2DA1}
IE:64bit: - HKLM\..\SearchScopes\{04025389-B921-4619-A2CF-8C34C50B2DA1}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {04025389-B921-4619-A2CF-8C34C50B2DA1}
IE - HKLM\..\SearchScopes\{04025389-B921-4619-A2CF-8C34C50B2DA1}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\guon\Desktop
IE - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
IE - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\..\SearchScopes,DefaultScope = {9221FDE7-9B7E-4BB3-BA36-EC3B5AD1D904}
IE - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\..\SearchScopes\{04025389-B921-4619-A2CF-8C34C50B2DA1}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\..\SearchScopes\{9221FDE7-9B7E-4BB3-BA36-EC3B5AD1D904}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS461
IE - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120515
FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4
FF - prefs.js..extensions.enabledAddons: ALone-live@ya.ru:1.3.6
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/08 20:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/12/05 17:33:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\guon\AppData\Roaming\Mozilla\Extensions
[2012/11/13 10:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\extensions
[2012/06/01 17:17:28 | 000,000,000 | ---D | M] (WOT) -- C:\Users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/06/01 17:17:28 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\extensions\ALone-live@ya.ru
[2012/11/13 10:08:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\extensions\staged
[2012/06/28 20:52:32 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012/10/02 16:43:15 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/05/08 15:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/08 20:04:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/12 20:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/12 20:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\guon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\guon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\guon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/03/17 16:09:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2913796982-2414487537-1882358387-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88C63E5F-E7B8-4C96-95BD-56785CD0C947}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD879F8F-24AE-4F20-832C-8C29DB47BA8D}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/11/14 08:44:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\guon\Desktop\OTL.exe
[2012/11/13 14:04:03 | 000,000,000 | ---D | C] -- C:\Users\guon\Desktop\RK_Quarantine
[2012/11/13 13:57:43 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\guon\Desktop\dds.scr
[15 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/11/14 08:48:56 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/14 08:48:56 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/14 08:45:54 | 000,727,310 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/11/14 08:45:54 | 000,624,856 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/11/14 08:45:54 | 000,106,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/11/14 08:44:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\guon\Desktop\OTL.exe
[2012/11/14 08:43:01 | 000,881,833 | ---- | M] () -- C:\Users\guon\Desktop\SecurityCheck.exe
[2012/11/14 08:41:28 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/14 08:40:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/14 08:40:51 | 1993,498,624 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/13 14:02:35 | 000,673,280 | ---- | M] () -- C:\Users\guon\Desktop\RogueKiller.exe
[2012/11/13 13:57:44 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\guon\Desktop\dds.scr
[2012/11/13 10:52:20 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/11/13 10:36:06 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/13 10:36:06 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/10/19 18:49:12 | 000,000,323 | ---- | M] () -- C:\Users\guon\Documents\aionmemo_4e4bcd57.dat
[15 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/11/14 08:43:01 | 000,881,833 | ---- | C] () -- C:\Users\guon\Desktop\SecurityCheck.exe
[2012/11/13 14:02:35 | 000,673,280 | ---- | C] () -- C:\Users\guon\Desktop\RogueKiller.exe
[2012/11/13 10:27:10 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/13 10:17:27 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/05/19 19:26:32 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2012/03/23 19:10:03 | 000,000,044 | ---- | C] () -- C:\Users\guon\jagex_cl_runescape_LIVE1.dat
[2012/03/21 22:11:09 | 000,000,023 | ---- | C] () -- C:\Users\guon\jagexappletviewer.preferences
[2012/03/05 15:39:30 | 000,000,043 | ---- | C] () -- C:\Users\guon\jagex_cl_runescape_LIVE.dat
[2012/03/05 15:39:30 | 000,000,024 | ---- | C] () -- C:\Users\guon\random.dat
[2011/12/14 19:31:24 | 000,000,262 | ---- | C] () -- C:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/12/05 17:14:43 | 000,744,528 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/11/29 00:53:54 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/11/29 00:45:29 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/11/29 00:43:17 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/02/03 19:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
========== ZeroAccess Check ==========
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011/12/15 00:03:24 | 000,000,000 | ---D | M] -- C:\Users\guon\AppData\Roaming\LolClient
[2012/06/01 20:25:49 | 000,000,000 | ---D | M] -- C:\Users\guon\AppData\Roaming\LolClient2
[2012/05/08 03:32:48 | 000,000,000 | ---D | M] -- C:\Users\guon\AppData\Roaming\SoftGrid Client
[2011/12/07 00:10:12 | 000,000,000 | ---D | M] -- C:\Users\guon\AppData\Roaming\Tific
[2011/12/05 17:11:52 | 000,000,000 | ---D | M] -- C:\Users\guon\AppData\Roaming\Toshiba
[2011/12/05 17:16:50 | 000,000,000 | ---D | M] -- C:\Users\guon\AppData\Roaming\TP
[2012/06/23 14:55:28 | 000,000,000 | ---D | M] -- C:\Users\guon\AppData\Roaming\TS3Client
[2011/12/05 17:08:08 | 000,000,000 | ---D | M] -- C:\Users\guon\AppData\Roaming\WinBatch
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 11/14/2012 8:47:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\guon\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.48 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 46.46% Memory free
4.95 Gb Paging File | 3.53 Gb Available in Paging File | 71.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.13 Gb Total Space | 199.01 Gb Free Space | 70.54% Space Free | Partition Type: NTFS
Computer Name: GUON-PC | User Name: guon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2913796982-2414487537-1882358387-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F8665F-0BFC-45C0-8964-34708A48A20E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{143B6083-B871-435E-88A1-76B6A0EEDB8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{18E43BE7-E894-4276-93CE-C961703BB52B}" = rport=139 | protocol=6 | dir=out | app=system |
"{1CA3CEBB-F572-4556-87AC-A728D46A2EC6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{205DDD15-7CAA-4444-8E4C-9179D9AA8CD7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{358A94B6-C432-4452-83C3-1C5D261D2F1B}" = rport=137 | protocol=17 | dir=out | app=system |
"{440DE357-63E2-459A-8C09-97B7466BC830}" = lport=10243 | protocol=6 | dir=in | app=system |
"{46B172B4-20E1-4969-B0EF-5A8F293B17C7}" = lport=445 | protocol=6 | dir=in | app=system |
"{4C1323F5-0C01-4A34-A96B-61601B4B23AB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4CB1EC2C-BDED-4946-ADCE-F24448A7BA6C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8020553B-522B-4B15-93B0-307EFD4C20DF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{81C4FD3E-9B76-4BD4-8A1A-44B44A2C7DCF}" = lport=137 | protocol=17 | dir=in | app=system |
"{9C93BF61-EAD7-4726-8D69-F390FC8418CE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A3E9CD97-621E-4B2D-91E7-91AAEF59318E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A809AD7D-ECAA-4846-A98A-0DA47826A90D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA1E99D3-CC6E-4B1B-8294-E84017E4900D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BFD34369-18FB-4248-8617-DAFAE785C15D}" = lport=138 | protocol=17 | dir=in | app=system |
"{CC55AF6D-C3E5-4763-8CA1-AF84CB3A15E1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDBF13C8-8614-4FEE-8D04-B93D7DA379DF}" = rport=138 | protocol=17 | dir=out | app=system |
"{D25C6C2F-79E0-48EC-B029-4A3EA2F2C505}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F1878B83-F9D9-4830-85CF-9991D4F6D5E6}" = rport=445 | protocol=6 | dir=out | app=system |
"{F51E3E5F-2158-4826-9477-B25D21D8D4D2}" = lport=139 | protocol=6 | dir=in | app=system |
"{F7AC8CC4-FB02-444D-8CEB-5F25B3872E29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F625F2-FE48-4FBD-B8F6-99195EFB030B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1A9725D2-996F-40C6-B971-4A28F975D4F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1D87DA53-6FC9-4025-AA4F-C28201973B68}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{240B6738-4B14-400C-A281-6314CC93FBED}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{2834134F-D33B-4189-82DE-03BD58A8CAF8}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{2A6007DE-0B57-4BE9-97FD-C6B183AD6BAB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2B061282-9627-4407-9953-BF3820C1A324}" = protocol=17 | dir=in | app=c:\starcraft ii\starcraft ii\starcraft ii.exe |
"{321B5DB3-FB2D-4580-B837-9494F4D33704}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{32E32045-7759-4483-9B82-F80FB1D453E6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{34A110B9-D0FB-47B9-949C-7191486B0ECE}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{34F28FB7-EEE7-486B-ADC2-FED5AC59AAAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{36405737-FDDD-4690-8AD2-3819FAA1DF13}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{4FE2CB80-C1B0-4246-BA96-C740741B24C2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5072278A-285C-4C77-B56E-9F38B10DFDAB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{51A3712C-53BF-4831-8088-26A07194B8BF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5543656F-719D-49CC-98A1-09B1319AE375}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{57F5CD3C-D35A-4A7F-94AE-D571D827FB33}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5DD625D2-D18D-4420-8A80-0EFF2C092D41}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{657B5C19-F961-4B2A-A2ED-AADB2839A47E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6BA60997-4C9A-44E4-9022-D6B14331AC01}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{6D726623-9AE4-4FE8-9846-054A3D2ABDB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7022A1F3-70AE-4BFA-A92B-CE153D5FB48D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80AFBE1E-32E6-45BD-8687-FDCE330446DE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{80EE137E-2E82-44A3-AA0F-25E68666B182}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8C0D7018-9A2A-4773-BAB2-F781B855B22F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9076257F-A4B1-40A2-819B-90DF3BBCAC45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{962ECA2A-53E2-41C2-89FE-23B1D22F76B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98C68B0C-3D13-4CFE-80DB-07BC67F09F27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A683D52-4756-41C8-B424-7F27FDA2E67E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9C85E679-E5FE-4656-BE50-DD0431E7D492}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A110B7BF-17BC-40B6-9B9E-41187B4E1214}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A4E09C1B-0513-4C2A-AC49-0F3C7A2FC2AB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A6889A2D-681E-4260-B8A9-8AD522BDEF64}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B0C8D508-7E4A-4190-A3B8-EA04565B80D8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B38855BE-0A8B-46D5-98DD-1393E53FC0FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C1E8F1D9-39C4-40D9-8E52-294A9E547C50}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{C51FF805-5423-4ED5-8B54-E4EC3D058F82}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C8F0CD1D-CD59-49F0-BF7B-0D4F539DA92E}" = protocol=6 | dir=out | app=system |
"{D7B5281E-B6F5-4448-9042-781F8439D4E1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DEC7F83D-74D4-4A62-8CDC-60577586EE80}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{E3CC3EAC-9701-42D2-B019-91FDE1FFB8E0}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{E5015C13-3EF2-4EDF-A1B5-F6884B15FC28}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F050E62E-26C7-4BC7-BDD6-27B660777ABB}" = protocol=6 | dir=in | app=c:\starcraft ii\starcraft ii\starcraft ii.exe |
"{F0A3B2E7-B9F7-473B-BEA4-9EAC6A1DB6DE}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F5EC732A-FB20-4EF3-A787-D5C351F3B2EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9D401EC-1515-41C5-BBE8-529101C24236}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FF87529A-FF3D-4D1A-B0C3-E2EAB8D44FC4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{00576123-22A6-4BFA-8DB4-92BEFB55F31B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{44CB295A-420B-4695-A6DE-607586E70BFC}C:\starcraft ii\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\starcraft ii\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{4BDC2EF3-8A78-4644-B979-9967F1BB92F9}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{7B61A8DE-816E-4909-889E-3E25BBA5B0EC}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
"TCP Query User{806AB03B-A11A-40D0-994E-E92F1EA1C22A}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{8363CC02-6974-40EF-983C-52837ABEA36C}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{AA7AABDD-5B0D-4865-A677-31037A38246C}C:\users\guon\desktop\starcraft_2_na_en-us.exe" = protocol=6 | dir=in | app=c:\users\guon\desktop\starcraft_2_na_en-us.exe |
"TCP Query User{FA7E957C-9D43-4851-9294-BD8E5B628627}C:\starcraft ii\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\starcraft ii\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{47E88F07-F666-49C0-9F9A-A48F33093820}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{6D256D77-9767-4F0D-9B89-AA377D5D1E57}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{8D2B841A-7C42-4292-B531-651FEC82400E}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
"UDP Query User{98575E58-D594-4CBB-8A90-6336C55DD646}C:\starcraft ii\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\starcraft ii\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{D109F5C8-88E8-47FF-BF66-A3D3D49591D8}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{DE1ABD75-9AD4-48A9-AF4A-C050333BA10B}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{DE7CE922-A4DD-40F6-BFE1-A4EDB30A0EED}C:\starcraft ii\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\starcraft ii\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{F1517CCC-2936-4754-B998-248190FA90EB}C:\users\guon\desktop\starcraft_2_na_en-us.exe" = protocol=17 | dir=in | app=c:\users\guon\desktop\starcraft_2_na_en-us.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{34565B7E-F28D-BEEE-75BB-06E7659FC76F}" = ATI Catalyst Install Manager
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C7445-9152-3B2D-5618-117323D728E0}" = ccc-utility64
"{645C958A-F505-A126-F618-DDF4F9C3FE43}" = WMV9/VC-1 Video Playback
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0315398D-7266-AB1A-D7DB-03B5ECB4B126}" = CCC Help Portuguese
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0E66EC48-9DFD-0A60-A391-3A15D2F26696}" = CCC Help Japanese
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{113DE365-7DB5-6E66-DC10-CF8A3E5BEC74}" = CCC Help Chinese Traditional
"{12109DE2-D313-3456-4C6D-2F1283554D28}" = CCC Help Danish
"{19540CBA-3D6C-D1BB-F713-FC6B082E4D1F}" = CCC Help Greek
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B3F8894-DC2F-AE2F-548C-BC7786F199FE}" = CCC Help Czech
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FB31D8B-476B-AECB-4831-21D65E28AF7A}" = Catalyst Control Center Graphics Previews Common
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2580F3D5-CA0A-2D65-EA68-70F433B85146}" = CCC Help Thai
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36285812-1E91-CA80-B1E6-E305348621FE}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E27A271-351E-72DC-BD22-06A46243F2A5}" = CCC Help German
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5684A50E-D6B1-5593-E292-72EFFF18197F}" = CCC Help Russian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}" = Netwaiting
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7EA2ACE0-9281-137B-D513-8B64A846A401}" = CCC Help Turkish
"{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8653955E-3E81-DD1E-C159-B9042649EA09}" = CCC Help Norwegian
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92AD9101-1F8A-1A9C-B54C-49EA654FCD03}" = CCC Help Italian
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FF1D21-3C31-C7DD-5201-7F91805706C2}" = CCC Help French
"{93A6108B-997A-FFE1-E304-31204DAAAA7C}" = CCC Help Korean
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9C5551-2674-19BD-2BCE-24BF05908E03}" = CCC Help English
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A4ED0A4C-E9E1-78CF-59D8-C42BBB9ACDC5}" = CCC Help Finnish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6EDBA96-E5CF-EA2B-BEC1-005592B9358E}" = AMD VISION Engine Control Center
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3CD7848-5C54-0C58-CB65-9A9B74AA3C2A}" = CCC Help Hungarian
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6DAF6F2-2ABF-83FE-B5C0-7C07711D9AA8}" = CCC Help Polish
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DC26D0EF-06F7-9DC8-5E1F-AFEF20F8E7FC}" = CCC Help Spanish
"{DD5EF061-240A-DF5B-1B6A-A7E38733216D}" = Catalyst Control Center InstallProxy
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF10A0FC-1508-EF3B-AF9D-943B7AEDB967}" = CCC Help Swedish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F7506A7D-2FED-07D9-60A6-E0832A42A3DA}" = CCC Help Chinese Standard
"{F9D85C9A-4E99-8115-41DA-9427FD77AFD5}" = Catalyst Control Center Localization All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"StarCraft II" = StarCraft II
"Vindictus" = Vindictus
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2913796982-2414487537-1882358387-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NCsoft-Aion" = Aion
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 9/17/2012 9:54:31 PM | Computer Name = guon-PC | Source = WinMgmt | ID = 10
Description =
Error - 9/18/2012 6:49:03 PM | Computer Name = guon-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.77:5353 4 Guon-PC.local.
Addr 192.168.1.77
Error - 9/18/2012 6:49:03 PM | Computer Name = guon-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 guon-PC.local.
Addr 192.168.1.122
Error - 9/18/2012 6:49:03 PM | Computer Name = guon-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname guon-PC.local already in use; will try guon-PC-2.local
instead
Error - 9/18/2012 6:50:38 PM | Computer Name = guon-PC | Source = WinMgmt | ID = 10
Description =
Error - 9/18/2012 8:17:12 PM | Computer Name = guon-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Corel\Label@Once\CDLabel.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 9/20/2012 12:31:34 AM | Computer Name = guon-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.77:5353 4 Guon-PC.local.
Addr 192.168.1.77
Error - 9/20/2012 12:31:34 AM | Computer Name = guon-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 guon-PC.local.
Addr 192.168.1.122
Error - 9/20/2012 12:31:34 AM | Computer Name = guon-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname guon-PC.local already in use; will try guon-PC-2.local
instead
Error - 9/20/2012 12:33:06 AM | Computer Name = guon-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 11/13/2012 2:52:24 PM | Computer Name = guon-PC | Source = NetBT | ID = 4321
Description = The name "GUON-PC :20" could not be registered on the interface
with IP address 192.168.1.122. The computer with the IP address 192.168.1.77 did
not allow the name to be claimed by this computer.
Error - 11/13/2012 2:52:24 PM | Computer Name = guon-PC | Source = NetBT | ID = 4321
Description = The name "GUON-PC :0" could not be registered on the interface
with IP address 192.168.1.122. The computer with the IP address 192.168.1.77 did
not allow the name to be claimed by this computer.
Error - 11/13/2012 5:55:36 PM | Computer Name = guon-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{88C63E5F-E7B8-4C96-95BD-56785CD0C947}
because another computer on the network has the same name. The server could not
start.
Error - 11/13/2012 5:55:35 PM | Computer Name = guon-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126
Error - 11/13/2012 5:55:36 PM | Computer Name = guon-PC | Source = NetBT | ID = 4321
Description = The name "GUON-PC :0" could not be registered on the interface
with IP address 192.168.1.122. The computer with the IP address 192.168.1.77 did
not allow the name to be claimed by this computer.
Error - 11/13/2012 5:55:36 PM | Computer Name = guon-PC | Source = NetBT | ID = 4321
Description = The name "GUON-PC :20" could not be registered on the interface
with IP address 192.168.1.122. The computer with the IP address 192.168.1.77 did
not allow the name to be claimed by this computer.
Error - 11/13/2012 6:02:15 PM | Computer Name = guon-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{88C63E5F-E7B8-4C96-95BD-56785CD0C947}
because another computer on the network has the same name. The server could not
start.
Error - 11/13/2012 6:02:15 PM | Computer Name = guon-PC | Source = NetBT | ID = 4321
Description = The name "GUON-PC :0" could not be registered on the interface
with IP address 192.168.1.122. The computer with the IP address 192.168.1.77 did
not allow the name to be claimed by this computer.
Error - 11/13/2012 6:02:15 PM | Computer Name = guon-PC | Source = NetBT | ID = 4321
Description = The name "GUON-PC :20" could not be registered on the interface
with IP address 192.168.1.122. The computer with the IP address 192.168.1.77 did
not allow the name to be claimed by this computer.
Error - 11/14/2012 12:41:13 PM | Computer Name = guon-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126
< End of report >
-
DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by guon at 13:59:24 on 2012-11-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2535.1285 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mail.yahoo.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [PlayNC Launcher] <no file>
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{88C63E5F-E7B8-4C96-95BD-56785CD0C947} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{88C63E5F-E7B8-4C96-95BD-56785CD0C947}\0556475637D27657563747 : DHCPNameServer = 75.7.81.174
TCP: Interfaces\{DD879F8F-24AE-4F20-832C-8C29DB47BA8D} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-11-29 204288]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-11-29 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-11-29 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-11-29 116752]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-11-29 1109096]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-6-27 828856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-12 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-11-29 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-11-29 307304]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-11-29 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-12 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-11-12 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-12-6 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-13 18:27:07 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-13 18:27:06 9728 ----a-w- C:\windows\System32\Wdfres.dll
2012-11-13 18:27:06 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
2012-11-13 18:27:06 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys
2012-11-13 18:17:29 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys
2012-11-13 18:17:29 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys
2012-11-13 18:17:28 84992 ----a-w- C:\windows\System32\WUDFSvc.dll
2012-11-13 18:17:28 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll
2012-11-13 18:17:27 744448 ----a-w- C:\windows\System32\WUDFx.dll
2012-11-13 18:17:27 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll
2012-11-13 18:17:27 229888 ----a-w- C:\windows\System32\WUDFHost.exe
2012-11-13 18:16:46 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE032138-7635-4A54-9CC0-EF427A55D0FE}\mpengine.dll
2012-11-13 18:12:51 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-11-13 18:11:53 95744 ----a-w- C:\windows\System32\synceng.dll
2012-11-13 18:11:53 78336 ----a-w- C:\windows\SysWow64\synceng.dll
2012-11-12 18:49:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-11-12 18:49:01 2048 ----a-w- C:\windows\System32\tzres.dll
2012-11-12 18:33:39 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-09 02:15:49 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-22 01:26:58 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{59B71E7A-2186-4117-9CFB-F29560AA0243}\gapaengine.dll
.
==================== Find3M ====================
.
2012-11-12 18:44:31 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-12 18:44:31 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys
2012-09-30 03:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-09-25 08:01:14 0 ----a-w- C:\windows\SysWow64\shoABA3.tmp
2012-09-02 22:18:31 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-09-02 22:18:31 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-08-31 05:03:48 228768 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-08-31 05:03:48 128456 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:13:17 154480 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-08-24 18:09:34 458712 ----a-w- C:\windows\System32\drivers\cng.sys
2012-08-24 18:05:07 220160 ----a-w- C:\windows\System32\wintrust.dll
2012-08-24 18:05:03 340992 ----a-w- C:\windows\System32\schannel.dll
2012-08-24 18:04:18 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-08-24 18:03:09 1448448 ----a-w- C:\windows\System32\lsasrv.dll
2012-08-24 16:57:48 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-08-24 16:57:40 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2012-08-24 16:57:40 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-08-24 16:57:37 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-08-24 16:53:35 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-08-23 14:13:11 243200 ----a-w- C:\windows\System32\rdpudd.dll
2012-08-23 14:10:20 19456 ----a-w- C:\windows\System32\drivers\rdpvideominiport.sys
2012-08-23 14:08:26 30208 ----a-w- C:\windows\System32\drivers\TsUsbGD.sys
2012-08-23 14:07:35 57856 ----a-w- C:\windows\System32\drivers\TsUsbFlt.sys
2012-08-23 13:47:20 46592 ----a-w- C:\windows\SysWow64\MsRdpWebAccess.dll
2012-08-23 13:46:20 16896 ----a-w- C:\windows\SysWow64\wksprtPS.dll
2012-08-23 13:41:52 13312 ----a-w- C:\windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-08-23 13:40:56 13312 ----a-w- C:\windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-08-23 13:24:57 15360 ----a-w- C:\windows\System32\RdpGroupPolicyExtension.dll
2012-08-23 13:20:40 54272 ----a-w- C:\windows\System32\MsRdpWebAccess.dll
2012-08-23 13:18:14 37376 ----a-w- C:\windows\SysWow64\tsgqec.dll
2012-08-23 13:17:54 18432 ----a-w- C:\windows\System32\wksprtPS.dll
2012-08-23 13:06:58 43520 ----a-w- C:\windows\System32\TsUsbGDCoInstaller.dll
2012-08-23 12:52:53 44032 ----a-w- C:\windows\System32\tsgqec.dll
2012-08-23 11:20:06 62976 ----a-w- C:\windows\System32\TSWbPrxy.exe
2012-08-23 11:15:57 269312 ----a-w- C:\windows\SysWow64\aaclient.dll
2012-08-23 11:14:09 384000 ----a-w- C:\windows\System32\wksprt.exe
2012-08-23 11:12:17 192000 ----a-w- C:\windows\SysWow64\rdpendp_winip.dll
2012-08-23 10:54:24 322560 ----a-w- C:\windows\System32\aaclient.dll
2012-08-23 10:51:14 228864 ----a-w- C:\windows\System32\rdpendp_winip.dll
2012-08-23 10:39:24 1048064 ----a-w- C:\windows\SysWow64\mstsc.exe
2012-08-23 10:22:22 1123840 ----a-w- C:\windows\System32\mstsc.exe
2012-08-23 09:51:57 3174912 ----a-w- C:\windows\System32\rdpcorets.dll
2012-08-23 08:19:01 4916224 ----a-w- C:\windows\SysWow64\mstscax.dll
2012-08-23 08:13:07 5773824 ----a-w- C:\windows\System32\mstscax.dll
2012-08-22 18:12:40 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\windows\System32\OxpsConverter.exe
2012-08-21 20:01:20 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-08-21 20:01:20 125872 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-08-21 20:01:20 106928 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 14:00:39.25 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/5/2011 5:07:33 PM
System Uptime: 11/13/2012 1:54:51 PM (1 hours ago)
.
Motherboard: AMD | | Torpedo
Processor: AMD A6-3400M APU with Radeon HD Graphics | Socket FS1 | 1400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 282 GiB total, 198.976 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP118: 9/22/2012 7:33:01 PM - Windows Update
RP119: 9/24/2012 4:22:36 PM - Windows Update
RP120: 9/25/2012 3:19:14 PM - Windows Update
RP121: 10/1/2012 4:16:38 PM - Windows Update
RP122: 10/6/2012 6:51:11 PM - Windows Update
RP123: 10/14/2012 7:40:29 PM - Windows Update
RP124: 10/18/2012 9:20:47 AM - Windows Update
RP125: 10/21/2012 6:26:01 PM - Windows Update
RP126: 11/8/2012 6:12:40 PM - Windows Update
RP127: 11/8/2012 6:14:14 PM - Installed Java 7 Update 9
RP128: 11/12/2012 10:33:09 AM - Windows Update
RP129: 11/12/2012 10:49:14 AM - Windows Update
RP130: 11/13/2012 10:16:02 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Aion
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
Bandisoft MPEG-1 Decoder
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HD Audio
D3DX10
Google Chrome
Google Update Helper
iTunes
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
Label@Once 1.0
League of Legends
Malwarebytes Anti-Malware version 1.65.1.1000
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
NCsoft Launcher
Netwaiting
Nexon Game Manager
Pando Media Booster
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Realtek USB 2.0 Reader Driver
Realtek WLAN Driver
RuneScape Launcher 1.2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Skype Launcher
Skype™ 5.10
StarCraft II
Steam
SUPERAntiSpyware
Synaptics Pointing Device Driver
TeamSpeak 3 Client
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Wireless LAN Indicator
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Ventrilo Client for Windows x64
Vindictus
VLC media player 2.0.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WMV9/VC-1 Video Playback
.
==== Event Viewer Messages From Past Week ========
.
11/13/2012 1:55:36 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{88C63E5F-E7B8-4C96-95BD-56785CD0C947} because another computer on the network has the same name. The server could not start.
11/13/2012 1:55:36 PM, Error: NetBT [4321] - The name "GUON-PC :20" could not be registered on the interface with IP address 192.168.1.122. The computer with the IP address 192.168.1.77 did not allow the name to be claimed by this computer.
11/13/2012 1:55:36 PM, Error: NetBT [4321] - The name "GUON-PC :0" could not be registered on the interface with IP address 192.168.1.122. The computer with the IP address 192.168.1.77 did not allow the name to be claimed by this computer.
11/13/2012 1:55:35 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
11/12/2012 10:41:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
11/12/2012 10:41:34 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : guon [Admin rights]
Mode : Scan -- Date : 11/13/2012 14:04:14
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3275GSX ATA Device +++++
--- User ---
[MBR] 724b0be15014ad92401e52d49b4f7438
[bSP] b4797f8c06c429c65614a29cc2a09f0b : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 288900 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 594741248 | Size: 14844 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_11132012_02d1404.txt >>
RKreport[1]_S_11132012_02d1404.txt
-
According to the program list, I updated to that version on 9/2/2012, and I just started getting the message the other day.
And im still getting it right now.
Still clicking no every time.
-
Verified Java Version
Congratulations!
You have the recommended Java installed (Version 7 Update 9).
-
Every time I open a webpage I get this User Account Control thing:
Do you want to allow the following program to make changes to your computer?
Program Name: Java SE runtime environment 7 update 9
Verified Publisher: Oracle America, Inc.
File Origin: Hard drive on this computer
Program Location: "C:\PROGRA~2\java\jre7\bin\ssvagent.exe" ~new ~high
It doesn't happen on my other computer and java is up to date, so I'm not sure if this might be a virus or not, but I always click no when this happens.
I have updated and ran malwarebytes and results say that nothing has been detected.
-
Will try the things in the preventive maintenance, thanks.
And thanks again for all your help.
-
Seems to be fine, I havent had any problems yet.
Could you possibly give me some tips/advice on what programs are good for real time protection so this does not happen again?
Thanks a lot for your help
-
Malwarebytes Anti-Malware 1.60.1.1000
Database version: v2012.03.18.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
guon :: GUON-PC [administrator]
3/18/2012 4:40:08 PM
mbam-log-2012-03-18 (16-40-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194108
Time elapsed: 4 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Now I can't open any of my files/programs at all, is that normal?
I get a "Illegal operation attempted on a registry key that has been marked for deletion" message.
Never mind this, a restart got everything to work.
-
ComboFix 12-03-17.01 - guon 03/17/2012 16:56:41.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2535.1507 [GMT -7:00]
Running from: c:\users\guon\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\guon\AppData\Roaming\mIRC\logs\status.log
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-18 00:06 . 2012-03-18 00:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-17 23:19 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA4D9D03-84A5-4E71-A767-16FAC6D0B4CC}\mpengine.dll
2012-03-17 23:06 . 2012-03-17 23:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-17 22:31 . 2012-03-17 22:31 -------- d-----w- c:\users\guon\AppData\Local\Diagnostics
2012-03-17 04:17 . 2012-03-17 04:17 -------- d-----w- c:\users\guon\AppData\Local\Adobe
2012-03-14 12:15 . 2012-03-14 14:22 -------- d-----w- c:\windows\Microsoft Antimalware
2012-03-14 12:15 . 2012-03-14 12:15 -------- d-----w- c:\windows\Windows Defender Offline
2012-03-14 10:59 . 2012-03-14 10:59 -------- d-----w- C:\77dfcb876f953fe5af21558b3a67713d
2012-03-14 07:11 . 2012-03-14 08:19 -------- d-----w- c:\program files\CCleaner
2012-03-14 06:26 . 2012-03-14 06:26 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\F7D0.tmp
2012-03-14 06:26 . 2012-03-14 06:26 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\F7BF.tmp
2012-03-05 23:39 . 2012-03-05 23:39 -------- d-----w- c:\users\guon\jagexcache
2012-03-05 23:33 . 2012-03-05 23:33 -------- d-----w- c:\windows\system32\Macromed
2012-02-25 10:16 . 2012-02-25 10:16 0 ----a-w- c:\windows\SysWow64\sho45D9.tmp
2012-02-25 09:55 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-25 09:55 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-25 09:55 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-25 09:55 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-25 09:55 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-25 09:54 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-25 09:54 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-25 09:54 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-25 07:58 . 2011-12-06 01:39 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-25 07:57 . 2012-02-25 07:54 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2202123-A88F-4B6F-8E9F-0FBCD97DA295}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 23:33 . 2011-07-27 01:54 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 17:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-08 07:13 . 2011-12-07 07:05 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-20 13:10 . 2011-12-20 13:10 0 ----a-w- c:\windows\SysWow64\sho99FC.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-12-06 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-26 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-06-28 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 09:41]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 09:41]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-25 310912]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-07-01 562304]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mail.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-17 17:23:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-18 00:23
.
Pre-Run: 241,738,182,656 bytes free
Post-Run: 241,325,166,592 bytes free
.
- - End Of File - - DB69AA01DC6408B2993EB89701F99DB9
Now I can't open any of my files/programs at all, is that normal?
I get a "Illegal operation attempted on a registry key that has been marked for deletion" message.
-
16:05:03.0467 4020 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
16:05:04.0197 4020 ============================================================
16:05:04.0197 4020 Current date / time: 2012/03/17 16:05:04.0197
16:05:04.0197 4020 SystemInfo:
16:05:04.0197 4020
16:05:04.0197 4020 OS Version: 6.1.7601 ServicePack: 1.0
16:05:04.0197 4020 Product type: Workstation
16:05:04.0197 4020 ComputerName: GUON-PC
16:05:04.0197 4020 UserName: guon
16:05:04.0197 4020 Windows directory: C:\windows
16:05:04.0197 4020 System windows directory: C:\windows
16:05:04.0198 4020 Running under WOW64
16:05:04.0198 4020 Processor architecture: Intel x64
16:05:04.0198 4020 Number of processors: 4
16:05:04.0198 4020 Page size: 0x1000
16:05:04.0198 4020 Boot type: Normal boot
16:05:04.0198 4020 ============================================================
16:05:06.0073 4020 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:05:06.0078 4020 \Device\Harddisk0\DR0:
16:05:06.0078 4020 MBR used
16:05:06.0078 4020 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23442000
16:05:06.0103 4020 Initialize success
16:05:06.0103 4020 ============================================================
16:05:17.0164 5784 ============================================================
16:05:17.0164 5784 Scan started
16:05:17.0164 5784 Mode: Manual; SigCheck; TDLFS;
16:05:17.0164 5784 ============================================================
16:05:20.0932 5784 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
16:05:21.0027 5784 1394ohci - ok
16:05:21.0259 5784 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
16:05:21.0302 5784 ACPI - ok
16:05:21.0452 5784 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
16:05:21.0532 5784 AcpiPmi - ok
16:05:21.0954 5784 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
16:05:21.0992 5784 adp94xx - ok
16:05:22.0207 5784 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
16:05:22.0237 5784 adpahci - ok
16:05:22.0489 5784 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
16:05:22.0514 5784 adpu320 - ok
16:05:22.0662 5784 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
16:05:22.0734 5784 AFD - ok
16:05:22.0947 5784 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
16:05:22.0969 5784 agp440 - ok
16:05:23.0124 5784 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
16:05:23.0147 5784 aliide - ok
16:05:23.0292 5784 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
16:05:23.0312 5784 amdide - ok
16:05:23.0449 5784 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
16:05:23.0492 5784 AmdK8 - ok
16:05:23.0809 5784 amdkmdag (fad670b417adccd9c99bc3aa3d754958) C:\windows\system32\DRIVERS\atikmdag.sys
16:05:24.0189 5784 amdkmdag - ok
16:05:24.0359 5784 amdkmdap (f0b63dead17f760dbc85ccd7bf978c05) C:\windows\system32\DRIVERS\atikmpag.sys
16:05:24.0414 5784 amdkmdap - ok
16:05:24.0614 5784 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
16:05:24.0654 5784 AmdPPM - ok
16:05:24.0812 5784 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
16:05:24.0832 5784 amdsata - ok
16:05:24.0972 5784 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
16:05:24.0997 5784 amdsbs - ok
16:05:25.0200 5784 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
16:05:25.0220 5784 amdxata - ok
16:05:25.0372 5784 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
16:05:25.0595 5784 AppID - ok
16:05:25.0752 5784 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
16:05:25.0777 5784 arc - ok
16:05:26.0145 5784 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
16:05:26.0170 5784 arcsas - ok
16:05:26.0302 5784 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
16:05:26.0442 5784 AsyncMac - ok
16:05:26.0547 5784 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
16:05:26.0567 5784 atapi - ok
16:05:26.0720 5784 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\windows\system32\drivers\AtihdW76.sys
16:05:26.0762 5784 AtiHDAudioService - ok
16:05:26.0967 5784 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
16:05:27.0020 5784 b06bdrv - ok
16:05:27.0170 5784 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
16:05:27.0245 5784 b57nd60a - ok
16:05:27.0395 5784 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
16:05:27.0470 5784 Beep - ok
16:05:27.0652 5784 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
16:05:27.0705 5784 blbdrive - ok
16:05:27.0845 5784 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
16:05:27.0927 5784 bowser - ok
16:05:28.0072 5784 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
16:05:28.0127 5784 BrFiltLo - ok
16:05:28.0272 5784 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
16:05:28.0310 5784 BrFiltUp - ok
16:05:28.0462 5784 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
16:05:28.0510 5784 Brserid - ok
16:05:28.0660 5784 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
16:05:28.0690 5784 BrSerWdm - ok
16:05:28.0840 5784 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
16:05:28.0880 5784 BrUsbMdm - ok
16:05:29.0030 5784 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
16:05:29.0060 5784 BrUsbSer - ok
16:05:29.0210 5784 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
16:05:29.0250 5784 BTHMODEM - ok
16:05:29.0400 5784 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
16:05:29.0470 5784 cdfs - ok
16:05:29.0610 5784 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
16:05:29.0680 5784 cdrom - ok
16:05:29.0830 5784 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
16:05:29.0880 5784 circlass - ok
16:05:30.0030 5784 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
16:05:30.0060 5784 CLFS - ok
16:05:30.0230 5784 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
16:05:30.0270 5784 CmBatt - ok
16:05:30.0380 5784 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
16:05:30.0420 5784 cmdide - ok
16:05:30.0580 5784 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
16:05:30.0640 5784 CNG - ok
16:05:30.0820 5784 CnxtHdAudService (20506f12afad3db588d007ea9325fbbc) C:\windows\system32\drivers\CHDRT64.sys
16:05:30.0900 5784 CnxtHdAudService - ok
16:05:31.0050 5784 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
16:05:31.0070 5784 Compbatt - ok
16:05:31.0230 5784 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
16:05:31.0290 5784 CompositeBus - ok
16:05:31.0440 5784 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
16:05:31.0460 5784 crcdisk - ok
16:05:31.0640 5784 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
16:05:31.0710 5784 DfsC - ok
16:05:31.0850 5784 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
16:05:31.0930 5784 discache - ok
16:05:32.0080 5784 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
16:05:32.0120 5784 Disk - ok
16:05:32.0280 5784 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
16:05:32.0320 5784 drmkaud - ok
16:05:32.0470 5784 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
16:05:32.0530 5784 DXGKrnl - ok
16:05:32.0670 5784 EagleX64 - ok
16:05:32.0780 5784 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
16:05:32.0880 5784 ebdrv - ok
16:05:33.0060 5784 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
16:05:33.0100 5784 elxstor - ok
16:05:33.0100 5784 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
16:05:33.0150 5784 ErrDev - ok
16:05:33.0300 5784 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
16:05:33.0370 5784 exfat - ok
16:05:33.0490 5784 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
16:05:33.0550 5784 fastfat - ok
16:05:33.0690 5784 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
16:05:33.0730 5784 fdc - ok
16:05:33.0880 5784 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
16:05:33.0900 5784 FileInfo - ok
16:05:33.0930 5784 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
16:05:33.0990 5784 Filetrace - ok
16:05:34.0120 5784 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
16:05:34.0140 5784 flpydisk - ok
16:05:34.0250 5784 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
16:05:34.0310 5784 FltMgr - ok
16:05:34.0400 5784 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
16:05:34.0430 5784 FsDepends - ok
16:05:34.0510 5784 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
16:05:34.0530 5784 Fs_Rec - ok
16:05:34.0630 5784 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
16:05:34.0660 5784 fvevol - ok
16:05:34.0810 5784 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
16:05:34.0840 5784 gagp30kx - ok
16:05:34.0980 5784 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
16:05:35.0030 5784 hcw85cir - ok
16:05:35.0220 5784 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
16:05:35.0280 5784 HdAudAddService - ok
16:05:35.0450 5784 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
16:05:35.0490 5784 HDAudBus - ok
16:05:35.0610 5784 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
16:05:35.0650 5784 HidBatt - ok
16:05:35.0760 5784 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
16:05:35.0800 5784 HidBth - ok
16:05:35.0940 5784 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
16:05:35.0980 5784 HidIr - ok
16:05:36.0150 5784 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
16:05:36.0310 5784 HidUsb - ok
16:05:36.0670 5784 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
16:05:36.0700 5784 HpSAMD - ok
16:05:36.0850 5784 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
16:05:36.0950 5784 HTTP - ok
16:05:37.0070 5784 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
16:05:37.0090 5784 hwpolicy - ok
16:05:37.0150 5784 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
16:05:37.0190 5784 i8042prt - ok
16:05:37.0330 5784 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
16:05:37.0360 5784 iaStorV - ok
16:05:37.0530 5784 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
16:05:37.0550 5784 iirsp - ok
16:05:37.0560 5784 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
16:05:37.0580 5784 intelide - ok
16:05:37.0720 5784 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
16:05:37.0760 5784 intelppm - ok
16:05:37.0900 5784 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:05:37.0950 5784 IpFilterDriver - ok
16:05:38.0070 5784 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
16:05:38.0120 5784 IPMIDRV - ok
16:05:38.0180 5784 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
16:05:38.0250 5784 IPNAT - ok
16:05:38.0370 5784 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
16:05:38.0410 5784 IRENUM - ok
16:05:38.0420 5784 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
16:05:38.0440 5784 isapnp - ok
16:05:38.0460 5784 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
16:05:38.0490 5784 iScsiPrt - ok
16:05:38.0620 5784 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
16:05:38.0640 5784 kbdclass - ok
16:05:38.0770 5784 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
16:05:38.0810 5784 kbdhid - ok
16:05:38.0950 5784 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
16:05:38.0970 5784 KSecDD - ok
16:05:39.0210 5784 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
16:05:39.0260 5784 KSecPkg - ok
16:05:39.0400 5784 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
16:05:39.0490 5784 ksthunk - ok
16:05:39.0650 5784 L1C (045fb70bc993b691517ce309045ff02d) C:\windows\system32\DRIVERS\L1C62x64.sys
16:05:39.0700 5784 L1C - ok
16:05:39.0850 5784 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
16:05:39.0920 5784 lltdio - ok
16:05:40.0070 5784 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
16:05:40.0090 5784 LSI_FC - ok
16:05:40.0220 5784 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
16:05:40.0240 5784 LSI_SAS - ok
16:05:40.0330 5784 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
16:05:40.0360 5784 LSI_SAS2 - ok
16:05:40.0370 5784 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
16:05:40.0390 5784 LSI_SCSI - ok
16:05:40.0450 5784 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
16:05:40.0530 5784 luafv - ok
16:05:40.0650 5784 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
16:05:40.0670 5784 megasas - ok
16:05:40.0840 5784 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
16:05:40.0880 5784 MegaSR - ok
16:05:40.0890 5784 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
16:05:40.0950 5784 Modem - ok
16:05:41.0080 5784 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
16:05:41.0150 5784 monitor - ok
16:05:41.0250 5784 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
16:05:41.0280 5784 mouclass - ok
16:05:41.0410 5784 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
16:05:41.0460 5784 mouhid - ok
16:05:41.0630 5784 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
16:05:41.0750 5784 mountmgr - ok
16:05:41.0950 5784 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
16:05:42.0000 5784 MpFilter - ok
16:05:42.0110 5784 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
16:05:42.0140 5784 mpio - ok
16:05:42.0290 5784 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
16:05:42.0330 5784 MpNWMon - ok
16:05:42.0430 5784 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
16:05:42.0520 5784 mpsdrv - ok
16:05:42.0640 5784 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
16:05:42.0680 5784 MRxDAV - ok
16:05:42.0790 5784 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
16:05:42.0870 5784 mrxsmb - ok
16:05:42.0990 5784 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:05:43.0030 5784 mrxsmb10 - ok
16:05:43.0140 5784 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:05:43.0190 5784 mrxsmb20 - ok
16:05:43.0200 5784 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
16:05:43.0220 5784 msahci - ok
16:05:43.0250 5784 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
16:05:43.0270 5784 msdsm - ok
16:05:43.0410 5784 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
16:05:43.0480 5784 Msfs - ok
16:05:43.0600 5784 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
16:05:43.0680 5784 mshidkmdf - ok
16:05:43.0780 5784 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
16:05:43.0800 5784 msisadrv - ok
16:05:43.0960 5784 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
16:05:44.0030 5784 MSKSSRV - ok
16:05:44.0200 5784 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
16:05:44.0260 5784 MSPCLOCK - ok
16:05:44.0400 5784 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
16:05:44.0490 5784 MSPQM - ok
16:05:44.0600 5784 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
16:05:44.0640 5784 MsRPC - ok
16:05:44.0730 5784 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
16:05:44.0750 5784 mssmbios - ok
16:05:44.0790 5784 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
16:05:44.0860 5784 MSTEE - ok
16:05:44.0970 5784 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
16:05:45.0010 5784 MTConfig - ok
16:05:45.0120 5784 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
16:05:45.0160 5784 Mup - ok
16:05:45.0350 5784 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
16:05:45.0410 5784 NativeWifiP - ok
16:05:45.0570 5784 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
16:05:45.0630 5784 NDIS - ok
16:05:45.0760 5784 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
16:05:45.0840 5784 NdisCap - ok
16:05:45.0970 5784 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
16:05:46.0050 5784 NdisTapi - ok
16:05:46.0200 5784 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
16:05:46.0290 5784 Ndisuio - ok
16:05:46.0400 5784 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
16:05:46.0480 5784 NdisWan - ok
16:05:46.0590 5784 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
16:05:46.0660 5784 NDProxy - ok
16:05:46.0790 5784 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
16:05:46.0850 5784 NetBIOS - ok
16:05:47.0020 5784 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
16:05:47.0110 5784 NetBT - ok
16:05:47.0330 5784 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
16:05:47.0360 5784 nfrd960 - ok
16:05:47.0520 5784 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
16:05:47.0560 5784 NisDrv - ok
16:05:47.0720 5784 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
16:05:47.0790 5784 Npfs - ok
16:05:47.0900 5784 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
16:05:47.0980 5784 nsiproxy - ok
16:05:48.0120 5784 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
16:05:48.0190 5784 Ntfs - ok
16:05:48.0310 5784 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
16:05:48.0390 5784 Null - ok
16:05:48.0510 5784 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
16:05:48.0550 5784 nvraid - ok
16:05:48.0670 5784 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
16:05:48.0700 5784 nvstor - ok
16:05:48.0740 5784 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
16:05:48.0770 5784 nv_agp - ok
16:05:48.0860 5784 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
16:05:48.0910 5784 ohci1394 - ok
16:05:48.0940 5784 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
16:05:48.0980 5784 Parport - ok
16:05:49.0090 5784 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
16:05:49.0130 5784 partmgr - ok
16:05:49.0160 5784 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
16:05:49.0190 5784 pci - ok
16:05:49.0320 5784 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
16:05:49.0350 5784 pciide - ok
16:05:49.0460 5784 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
16:05:49.0490 5784 pcmcia - ok
16:05:49.0530 5784 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
16:05:49.0550 5784 pcw - ok
16:05:49.0650 5784 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
16:05:49.0740 5784 PEAUTH - ok
16:05:49.0890 5784 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
16:05:49.0930 5784 PGEffect - ok
16:05:50.0110 5784 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
16:05:50.0200 5784 PptpMiniport - ok
16:05:50.0310 5784 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
16:05:50.0360 5784 Processor - ok
16:05:50.0430 5784 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
16:05:50.0520 5784 Psched - ok
16:05:50.0650 5784 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
16:05:50.0680 5784 QIOMem - ok
16:05:50.0860 5784 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
16:05:50.0920 5784 ql2300 - ok
16:05:51.0040 5784 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
16:05:51.0070 5784 ql40xx - ok
16:05:51.0090 5784 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
16:05:51.0130 5784 QWAVEdrv - ok
16:05:51.0170 5784 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
16:05:51.0220 5784 RasAcd - ok
16:05:51.0380 5784 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
16:05:51.0440 5784 RasAgileVpn - ok
16:05:51.0690 5784 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
16:05:51.0780 5784 Rasl2tp - ok
16:05:51.0950 5784 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
16:05:52.0010 5784 RasPppoe - ok
16:05:52.0150 5784 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
16:05:52.0230 5784 RasSstp - ok
16:05:52.0370 5784 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
16:05:52.0450 5784 rdbss - ok
16:05:52.0550 5784 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
16:05:52.0600 5784 rdpbus - ok
16:05:52.0730 5784 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
16:05:52.0810 5784 RDPCDD - ok
16:05:52.0940 5784 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
16:05:53.0010 5784 RDPENCDD - ok
16:05:53.0140 5784 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
16:05:53.0200 5784 RDPREFMP - ok
16:05:53.0240 5784 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
16:05:53.0290 5784 RDPWD - ok
16:05:53.0400 5784 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
16:05:53.0440 5784 rdyboost - ok
16:05:53.0590 5784 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
16:05:53.0680 5784 rspndr - ok
16:05:53.0820 5784 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys
16:05:53.0860 5784 RSUSBSTOR - ok
16:05:53.0880 5784 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys
16:05:53.0910 5784 RSUSBVSTOR - ok
16:05:54.0070 5784 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
16:05:54.0130 5784 RTL8192Ce - ok
16:05:54.0200 5784 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
16:05:54.0220 5784 SASDIFSV - ok
16:05:54.0220 5784 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
16:05:54.0240 5784 SASKUTIL - ok
16:05:54.0350 5784 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
16:05:54.0380 5784 sbp2port - ok
16:05:54.0390 5784 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
16:05:54.0450 5784 scfilter - ok
16:05:54.0590 5784 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
16:05:54.0650 5784 secdrv - ok
16:05:54.0790 5784 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
16:05:54.0840 5784 Serenum - ok
16:05:54.0980 5784 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
16:05:55.0030 5784 Serial - ok
16:05:55.0190 5784 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
16:05:55.0230 5784 sermouse - ok
16:05:55.0370 5784 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
16:05:55.0420 5784 sffdisk - ok
16:05:55.0530 5784 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
16:05:55.0570 5784 sffp_mmc - ok
16:05:55.0690 5784 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
16:05:55.0730 5784 sffp_sd - ok
16:05:55.0850 5784 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
16:05:55.0900 5784 sfloppy - ok
16:05:56.0070 5784 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
16:05:56.0120 5784 Sftfs - ok
16:05:56.0240 5784 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
16:05:56.0270 5784 Sftplay - ok
16:05:56.0370 5784 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
16:05:56.0410 5784 Sftredir - ok
16:05:56.0430 5784 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
16:05:56.0450 5784 Sftvol - ok
16:05:56.0770 5784 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
16:05:56.0800 5784 SiSRaid2 - ok
16:05:56.0850 5784 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
16:05:56.0860 5784 SiSRaid4 - ok
16:05:56.0900 5784 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
16:05:56.0960 5784 Smb - ok
16:05:57.0100 5784 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
16:05:57.0130 5784 spldr - ok
16:05:57.0260 5784 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
16:05:57.0330 5784 srv - ok
16:05:57.0460 5784 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
16:05:57.0540 5784 srv2 - ok
16:05:57.0690 5784 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
16:05:57.0740 5784 SrvHsfHDA - ok
16:05:57.0880 5784 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
16:05:57.0950 5784 SrvHsfV92 - ok
16:05:58.0080 5784 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
16:05:58.0130 5784 SrvHsfWinac - ok
16:05:58.0270 5784 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
16:05:58.0330 5784 srvnet - ok
16:05:58.0480 5784 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
16:05:58.0510 5784 stexstor - ok
16:05:58.0640 5784 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
16:05:58.0680 5784 swenum - ok
16:05:58.0880 5784 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
16:05:58.0940 5784 SynTP - ok
16:05:59.0120 5784 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
16:05:59.0190 5784 Tcpip - ok
16:05:59.0380 5784 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
16:05:59.0440 5784 TCPIP6 - ok
16:05:59.0560 5784 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
16:05:59.0640 5784 tcpipreg - ok
16:05:59.0790 5784 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
16:05:59.0830 5784 tdcmdpst - ok
16:05:59.0940 5784 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
16:06:00.0020 5784 TDPIPE - ok
16:06:00.0130 5784 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
16:06:00.0210 5784 TDTCP - ok
16:06:00.0330 5784 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
16:06:00.0390 5784 tdx - ok
16:06:00.0520 5784 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
16:06:00.0550 5784 TermDD - ok
16:06:00.0720 5784 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
16:06:00.0780 5784 tssecsrv - ok
16:06:00.0930 5784 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
16:06:00.0980 5784 TsUsbFlt - ok
16:06:01.0090 5784 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
16:06:01.0150 5784 TsUsbGD - ok
16:06:01.0290 5784 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
16:06:01.0370 5784 tunnel - ok
16:06:01.0530 5784 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
16:06:01.0560 5784 TVALZ - ok
16:06:01.0670 5784 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
16:06:01.0710 5784 TVALZFL - ok
16:06:01.0840 5784 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
16:06:01.0890 5784 uagp35 - ok
16:06:01.0940 5784 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
16:06:02.0010 5784 udfs - ok
16:06:02.0150 5784 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
16:06:02.0180 5784 uliagpkx - ok
16:06:02.0270 5784 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
16:06:02.0310 5784 umbus - ok
16:06:02.0470 5784 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
16:06:02.0510 5784 UmPass - ok
16:06:02.0620 5784 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
16:06:02.0640 5784 usbccgp - ok
16:06:02.0780 5784 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
16:06:02.0830 5784 usbcir - ok
16:06:02.0940 5784 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
16:06:02.0990 5784 usbehci - ok
16:06:03.0130 5784 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
16:06:03.0200 5784 usbhub - ok
16:06:03.0310 5784 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
16:06:03.0400 5784 usbohci - ok
16:06:03.0510 5784 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
16:06:03.0560 5784 usbprint - ok
16:06:03.0680 5784 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
16:06:03.0750 5784 USBSTOR - ok
16:06:03.0870 5784 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
16:06:03.0910 5784 usbuhci - ok
16:06:04.0050 5784 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
16:06:04.0080 5784 usbvideo - ok
16:06:04.0200 5784 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
16:06:04.0230 5784 vdrvroot - ok
16:06:04.0380 5784 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
16:06:04.0420 5784 vga - ok
16:06:04.0530 5784 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
16:06:04.0590 5784 VgaSave - ok
16:06:04.0710 5784 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
16:06:04.0750 5784 vhdmp - ok
16:06:04.0860 5784 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
16:06:04.0880 5784 viaide - ok
16:06:04.0990 5784 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
16:06:05.0010 5784 volmgr - ok
16:06:05.0130 5784 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
16:06:05.0160 5784 volmgrx - ok
16:06:05.0270 5784 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
16:06:05.0300 5784 volsnap - ok
16:06:05.0430 5784 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
16:06:05.0470 5784 vsmraid - ok
16:06:05.0490 5784 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
16:06:05.0530 5784 vwifibus - ok
16:06:05.0640 5784 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
16:06:05.0710 5784 vwififlt - ok
16:06:05.0840 5784 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
16:06:05.0890 5784 WacomPen - ok
16:06:06.0020 5784 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:06:06.0120 5784 WANARP - ok
16:06:06.0140 5784 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:06:06.0190 5784 Wanarpv6 - ok
16:06:06.0320 5784 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
16:06:06.0360 5784 Wd - ok
16:06:06.0400 5784 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
16:06:06.0430 5784 Wdf01000 - ok
16:06:06.0560 5784 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
16:06:06.0620 5784 WfpLwf - ok
16:06:06.0660 5784 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
16:06:06.0670 5784 WIMMount - ok
16:06:06.0820 5784 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
16:06:06.0850 5784 WmiAcpi - ok
16:06:06.0990 5784 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
16:06:07.0050 5784 ws2ifsl - ok
16:06:07.0170 5784 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
16:06:07.0250 5784 WudfPf - ok
16:06:07.0380 5784 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
16:06:07.0470 5784 WUDFRd - ok
16:06:07.0500 5784 MBR (0x1B8) (849e52748aab5959bc8000cb4974bc13) \Device\Harddisk0\DR0
16:06:07.0540 5784 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:06:07.0540 5784 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:06:08.0260 5784 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:06:08.0260 5784 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:06:08.0300 5784 Boot (0x1200) (4124e21a58780cad6e982fcc688fbafb) \Device\Harddisk0\DR0\Partition0
16:06:08.0300 5784 \Device\Harddisk0\DR0\Partition0 - ok
16:06:08.0300 5784 ============================================================
16:06:08.0300 5784 Scan finished
16:06:08.0300 5784 ============================================================
16:06:08.0320 4036 Detected object count: 2
16:06:08.0320 4036 Actual detected object count: 2
16:06:52.0020 4036 \Device\Harddisk0\DR0\# - copied to quarantine
16:06:52.0020 4036 \Device\Harddisk0\DR0 - copied to quarantine
16:06:54.0070 4036 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
16:06:54.0320 4036 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
16:06:54.0410 4036 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
16:06:54.0600 4036 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
16:06:54.0730 4036 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
16:06:57.0680 4036 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
16:06:57.0840 4036 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
16:06:57.0890 4036 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
16:06:57.0900 4036 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
16:06:57.0900 4036 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
16:06:57.0960 4036 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
16:06:57.0970 4036 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
16:06:58.0120 4036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:06:58.0120 4036 \Device\Harddisk0\DR0 - ok
16:06:58.0610 4036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
16:06:58.0610 4036 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:06:58.0610 4036 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:07:58.0681 2320 Deinitialize success
And after the cure, microsoft security essentials detected threats from the quarantined files, should I just ignore that?
-
I do not have the windows 7 installation disk, as this laptop came with windows 7, so im not sure how I can use bootrec.exe...
Everytime I scan in Roguekiller, I get in the report:
[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
Does that mean its not working? Should I just run TDSSKiller anyways?
-
I don't know if this will help, but I remembered when microsoft security essentials detected alureon, it was something like
MBR:: Alureon
-
I unchecked the box that said MBR scan and this is what I got
RogueKiller V7.3.1 [03/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: guon [Admin rights]
Mode: Scan -- Date: 03/16/2012 23:54:45
¤¤¤ Bad processes: 1 ¤¤¤
[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 5 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
-
In case the additional information is important, here it is:
-
Hello, I have downloaded and ran Rougekiller, but everytime it gets to the part where it says "Reading MBR...", the program stops working and this is what I get:
After that it just closes, and the same thing happens everything I run it.
-
I have run many scans with malwarebytes and each time I get this:
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
So I reboot and run malwarebytes again and it finds the same thing again, I cannot seem to get rid of this
Also, my google search results go to random sites, some other butterfly search engine site, and once even a youtube vid
Microsoft Security Essentials detected some alureon thing, and prompted me to download microsoft defender offline to get rid of it, which I did, from the microsoft site, but when I ran it nothing was found.
So since malwarebytes could not resolve this problem, I have decided to post here asking for help.
Here are the logs after I followed the instructions from the pinned thread:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by guon at 14:59:54 on 2012-03-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2535.1257 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\atieclxx.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
-netsvcs
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\taskhost.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mail.yahoo.com/
uDefault_Page_URL = hxxp://start.toshiba.com
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{88C63E5F-E7B8-4C96-95BD-56785CD0C947} : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-11-29 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-11-29 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-11-29 57216]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-6-27 828856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-14 21:59:02 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF458BA6-877C-4BBE-A003-52A395005412}\offreg.dll
2012-03-14 12:15:46 -------- d-----w- C:\windows\Microsoft Antimalware
2012-03-14 12:15:41 -------- d-----w- C:\windows\Windows Defender Offline
2012-03-14 10:59:40 -------- d-----w- C:\77dfcb876f953fe5af21558b3a67713d
2012-03-14 09:48:22 20480 ----a-w- C:\windows\svchost.exe
2012-03-14 08:31:51 8643640 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF458BA6-877C-4BBE-A003-52A395005412}\mpengine.dll
2012-03-14 07:11:34 -------- d-----w- C:\Program Files\CCleaner
2012-03-14 06:26:27 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F7D0.tmp
2012-03-14 06:26:27 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F7BF.tmp
2012-03-05 23:39:30 -------- d-----w- C:\Users\guon\jagexcache
2012-02-25 10:16:51 0 ----a-w- C:\windows\SysWow64\sho45D9.tmp
2012-02-25 09:55:08 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-02-25 09:55:08 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2012-02-25 09:55:03 515584 ----a-w- C:\windows\System32\timedate.cpl
2012-02-25 09:55:02 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
2012-02-25 09:55:01 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-02-25 09:54:31 498688 ----a-w- C:\windows\System32\drivers\afd.sys
2012-02-25 09:54:29 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll
2012-02-25 09:54:29 634880 ----a-w- C:\windows\System32\msvcrt.dll
2012-02-25 07:58:08 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-25 07:57:55 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B2202123-A88F-4B6F-8E9F-0FBCD97DA295}\gapaengine.dll
.
==================== Find3M ====================
.
2012-03-05 23:33:46 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 17:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
2011-12-20 13:10:18 0 ----a-w- C:\windows\SysWow64\sho99FC.tmp
.
============= FINISH: 15:00:41.65 ===============
Attach file:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/5/2011 5:07:33 PM
System Uptime: 3/14/2012 2:54:53 PM (1 hours ago)
.
Motherboard: AMD | | Torpedo
Processor: AMD A6-3400M APU with Radeon™ HD Graphics | Socket FS1 | 1400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 282 GiB total, 226.269 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP30: 12/30/2011 12:03:44 AM - Windows Update
RP31: 12/31/2011 7:02:27 PM - Windows Update
RP32: 1/4/2012 3:38:16 AM - Windows Update
RP33: 1/17/2012 6:39:21 PM - Windows Update
RP34: 1/17/2012 6:42:56 PM - Windows Update
RP35: 2/9/2012 2:15:10 AM - Windows Update
RP36: 2/24/2012 11:53:16 PM - Windows Update
RP37: 2/25/2012 1:57:35 AM - Windows Update
RP38: 2/25/2012 1:58:48 AM - Windows Update
RP39: 3/4/2012 3:50:36 PM - Windows Update
RP40: 3/11/2012 5:33:19 PM - Windows Update
RP41: 3/13/2012 2:49:12 PM - Windows Update
RP42: 3/13/2012 11:41:51 PM - Restore Operation
RP43: 3/14/2012 1:31:30 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
AMD VISION Engine Control Center
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Bandisoft MPEG-1 Decoder
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
Google Chrome
Google Update Helper
Java Auto Updater
Java™ 6 Update 25
Junk Mail filter update
Label@Once 1.0
League of Legends
Malwarebytes Anti-Malware version 1.60.0.1800
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
mIRC
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
Netwaiting
Nexon Game Manager
Pando Media Booster
PlayReady PC Runtime x86
Realtek USB 2.0 Reader Driver
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype Launcher
StarCraft II
Steam
TOSHIBA Assist
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Vindictus
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
3/14/2012 4:05:16 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/14/2012 3:46:01 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
3/14/2012 2:55:47 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/14/2012 2:55:14 PM, Error: NetBT [4321] - The name "GUON-PC :0" could not be registered on the interface with IP address 192.168.1.71. The computer with the IP address 192.168.1.68 did not allow the name to be claimed by this computer.
3/14/2012 2:48:01 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/14/2012 2:20:31 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/14/2012 12:07:21 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/14/2012 1:24:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
3/14/2012 1:24:38 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/14/2012 1:21:17 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
3/14/2012 1:16:29 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
3/14/2012 1:10:57 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/13/2012 2:52:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1330.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/13/2012 2:52:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1330.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/13/2012 2:52:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1330.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/13/2012 11:47:19 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
3/13/2012 11:30:27 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/13/2012 11:26:41 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
3/12/2012 10:24:31 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user guon-PC\guon SID (S-1-5-21-2913796982-2414487537-1882358387-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/12/2012 1:42:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/11/2012 5:22:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================
Is there anything I can do to fix this? Thanks in advance for your help.
Do I have a virus?
in Resolved Malware Removal Logs
Posted
Ah... I see. Thanks a ton!