republican-creole
site Search:
Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
    All Forums Hot Topics Gallery
 
Forums >

Broadband Tech > Security > Security Cleanup > [Malware] Google redirect infection. slowing down PC, please hel

Search Topic:
 Uniqs:
3374		 Share Topic
Posting?
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean ·Site IMs ·VundoFix ·Zlob/Smitfraud ·SCU Helpers
page: 1 · 2
AuthorAll Replies


Kazeyonoma

@sbcglobal.net

[Malware] Google redirect infection. slowing down PC, please hel

Hi there, suddenly noticed today that I began getting redirects. I remember yesterday I got a popup warning from AVG regarding rundll32.exe being blocked and I foolishly said allow it to run. I'll post the logs from your root kit detection faq below. Thanks ahead of time for helping me get rid of this if possible.
to forum · permalink · 2011-09-20 07:28:23 ·


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

Re: [Malware] Google redirect infection. slowing down PC, please

Hi, please follow all the steps for our forum carefully:

»Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance

Our FAQ will tell you what programs we need and how to attempt to get them to run .

It will also show what logs need to be attached to your post - as well as where to locate them

If you could also download and run TDSS Killer (#4), posting the log in your next reply

We'll need the entire log, even if you 'think/see' nothing detected..

»Security Cleanup FAQ »Rootkit Detection Applications

Copy/paste the following into your post (in order):

the contents of the MBAM log (Step 2)
the contents of OTL.txt (Step 3)
the contents of Extras.txt (Step 3)
the contents of checkup.txt (Step 4)
the contents of the Online AntiVirus Scan log(Step 5)
the log from TDSS Killer

....we'll be waiting

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2011-09-20 07:32:09 ·

Kazeyonoma

join:2011-10-15
Brea, CA
2 edits

Sorry it's taken so long i did a system restore and problem seemingly went away so i didn't want to waste anyone's time further but it seems to have resurfaced again. so I'm going to go through all the steps this time to make sure it is gone instead of just trying to rollback my pc.

MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7950

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10/15/2011 2:29:30 AM
mbam-log-2011-10-15 (02-29-30).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 436784
Time elapsed: 1 hour(s), 31 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL.txt
-------------

OTL logfile created on: 10/15/2011 2:33:18 AM - Run 1
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 57.83% Memory free
6.20 Gb Paging File | 4.95 Gb Available in Paging File | 79.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 729.22 Gb Total Space | 389.55 Gb Free Space | 53.42% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.98 Gb Free Space | 98.82% Space Free | Partition Type: FAT
Drive E: | 200.30 Gb Total Space | 196.35 Gb Free Space | 98.03% Space Free | Partition Type: NTFS

Computer Name: JOHN-NEWPC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011/10/15 01:12:01 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/21 19:53:12 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/13 06:32:40 | 001,227,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/12/30 18:59:56 | 000,957,840 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Naga Epic\NagaEpicSysTray.exe
PRC - [2010/09/25 17:57:53 | 002,969,496 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/09/17 22:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/03/06 12:38:28 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/03/06 12:37:30 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/09/25 17:57:53 | 002,969,496 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/17 22:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/06 12:38:28 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:02 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/12/16 10:23:14 | 000,103,424 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RzSynapse.sys -- (RzSynapse)
DRV - [2010/07/09 15:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/03/06 12:38:52 | 000,323,584 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3D 80 59 14 B3 25 82 4D 80 6D AC 6C 4C B2 87 A5 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1829
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.22.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {d722b51d-adb1-4ed0-a3d2-18ae69f26932}:1.0
FF - prefs.js..extensions.enabledItems: {8dbb41a2-a1a2-4779-9702-42f0b0dd7e85}:1.0
FF - prefs.js..extensions.enabledItems: {dae5d5c7-c375-42ad-b720-5b117a71f2e9}:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\John\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\John\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/10/13 00:28:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/28 08:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 08:30:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/26 00:30:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files\AVG\AVG2012\Thunderbird\ [2011/10/13 00:28:17 | 000,000,000 | ---D | M]

[2011/03/02 09:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2011/03/02 09:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/15 01:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\tx8aecv3.default\extensions
[2010/09/11 01:54:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\tx8aecv3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/29 08:36:05 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\tx8aecv3.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2011/04/27 08:29:24 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\tx8aecv3.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}(72)
[2011/10/11 19:41:08 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\tx8aecv3.default\extensions\{8dbb41a2-a1a2-4779-9702-42f0b0dd7e85}
[2011/09/20 04:33:56 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\tx8aecv3.default\extensions\{d722b51d-adb1-4ed0-a3d2-18ae69f26932}
[2011/10/15 00:39:46 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\tx8aecv3.default\extensions\{dae5d5c7-c375-42ad-b720-5b117a71f2e9}
[2011/10/15 02:12:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/07 23:05:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/10/20 08:30:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/10/13 00:28:17 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2010/10/20 08:30:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\John\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1829_0\
CHR - Extension: Skype Extension = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\

O1 HOSTS File: ([2011/09/20 05:17:07 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files\Razer\Naga Epic\NagaEpicSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus CX4800 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{248C0332-2C2E-4F58-AE76-018863005377}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/10/28 20:10:54 | 000,001,046 | ---- | M] () - D:\AUTOEXEC.UP -- [ FAT ]
O32 - AutoRun File - [2008/01/03 12:44:24 | 000,001,046 | ---- | M] () - D:\autoexec.bat -- [ FAT ]
O33 - MountPoints2\{9cbb9388-bc9f-11df-b97e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9cbb9388-bc9f-11df-b97e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Installer.exe
O33 - MountPoints2\{b334386c-1b50-11e0-9930-001aa0e43832}\Shell\AutoRun\command - "" = J:\Setup_FlipShare.exe
O33 - MountPoints2\{b334386c-1b50-11e0-9930-001aa0e43832}\Shell\Setup FlipShare\command - "" = J:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/10/15 01:26:59 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\scan results
[2011/10/15 01:11:59 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2011/10/15 01:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/10/15 01:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/10/15 01:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/10/15 00:57:09 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2011/10/15 00:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/15 00:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/15 00:56:54 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/15 00:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/15 00:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/10/15 00:50:29 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\TFC.exe
[2011/10/12 09:14:59 | 000,000,000 | ---D | C] -- C:\A7FD0A197DD46BE9EF88DB43D8D8F5CD
[2011/10/12 09:10:09 | 000,000,000 | ---D | C] -- C:\588EED39D62B3C9AE6
[2011/10/11 19:05:03 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Mumble
[2011/09/27 23:34:28 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Diablo III
[2011/09/27 18:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta
[2011/09/27 18:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo III Beta
[2011/09/27 18:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2011/09/27 18:54:24 | 029,903,576 | ---- | C] (Blizzard Entertainment) -- C:\Users\John\Diablo-III-Beta-enUS-Setup.exe
[2011/09/27 08:59:08 | 000,000,000 | ---D | C] -- C:\Users\John\riotsGamesLogs
[2011/09/25 01:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/09/25 01:11:51 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\AVG2012
[2011/09/25 01:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/20 09:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2011/09/20 09:09:26 | 002,678,868 | ---- | C] (Blizzard Entertainment) -- C:\Users\John\Downloader_Diablo2_Lord_of_Destruction_enUS.exe
[2011/09/20 09:04:59 | 002,764,855 | ---- | C] (Blizzard Entertainment) -- C:\Users\John\Downloader_Diablo2_enUS.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/10/15 02:35:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2317141556-767997521-738446607-1000UA.job
[2011/10/15 01:37:08 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/10/15 01:12:34 | 000,879,028 | ---- | M] () -- C:\Users\John\Desktop\SecurityCheck.exe
[2011/10/15 01:12:01 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2011/10/15 01:09:16 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/10/15 00:56:57 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/15 00:54:21 | 000,055,637 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/15 00:54:20 | 000,055,637 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/15 00:54:05 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/15 00:54:05 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/15 00:54:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/15 00:53:58 | 3218,448,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/15 00:50:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\TFC.exe
[2011/10/15 00:35:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2317141556-767997521-738446607-1000Core.job
[2011/10/14 22:06:19 | 106,577,993 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/10/13 00:42:42 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/10/12 08:36:48 | 000,007,916 | ---- | M] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2011/09/27 19:56:31 | 000,000,789 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/09/27 18:56:12 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2011/09/27 18:54:54 | 029,903,576 | ---- | M] (Blizzard Entertainment) -- C:\Users\John\Diablo-III-Beta-enUS-Setup.exe
[2011/09/27 18:52:46 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/26 22:40:50 | 000,355,025 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/09/21 08:29:01 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/20 19:35:47 | 000,002,037 | ---- | M] () -- C:\Users\John\Desktop\Google Chrome.lnk
[2011/09/20 19:35:47 | 000,001,999 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/20 09:26:14 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
[2011/09/20 09:09:27 | 002,678,868 | ---- | M] (Blizzard Entertainment) -- C:\Users\John\Downloader_Diablo2_Lord_of_Destruction_enUS.exe
[2011/09/20 09:05:02 | 002,764,855 | ---- | M] (Blizzard Entertainment) -- C:\Users\John\Downloader_Diablo2_enUS.exe

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/10/15 01:12:30 | 000,879,028 | ---- | C] () -- C:\Users\John\Desktop\SecurityCheck.exe
[2011/10/15 01:09:16 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/10/15 01:09:16 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/10/15 00:56:57 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/27 18:56:03 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2011/09/25 01:12:53 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/09/20 09:22:31 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
[2010/12/19 09:33:15 | 000,002,048 | ---- | C] () -- C:\Users\John\AppData\Roaming\A&I Book Creator Prefs
[2010/11/25 02:24:16 | 000,168,600 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/11/03 01:44:13 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/10/11 10:45:48 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/10/11 10:45:48 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/10/11 10:45:48 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/10/11 10:45:48 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/10/11 10:45:48 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/10/11 10:45:48 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/10/11 10:45:48 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/10/11 10:45:48 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/10/11 10:45:48 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/10/11 10:45:48 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/10/11 10:45:48 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/10/11 10:45:48 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/10/11 10:45:48 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/10/11 10:45:48 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/10/11 10:45:48 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/10/11 10:45:48 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/09/11 02:24:34 | 000,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll
[2010/09/10 19:09:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/09/10 19:09:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/10 04:36:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/09/10 03:25:45 | 000,055,637 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/09/10 03:12:49 | 000,055,637 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/09/09 23:22:00 | 000,014,848 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/09 23:17:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/09/09 23:01:45 | 000,007,916 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2009/07/08 18:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,383,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,607,168 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,104,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[color=#E56717]========== LOP Check ==========[/color]

[2011/10/13 00:28:24 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\.BitTornado
[2010/12/19 09:28:56 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\A&I Book Creator
[2011/08/16 00:12:52 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Audacity
[2011/09/25 01:11:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG2012
[2011/09/19 22:31:10 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Dropbox
[2011/06/17 17:51:02 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\EPSON
[2010/09/11 02:04:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Helios
[2010/09/29 02:39:31 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\LolClient
[2011/10/12 04:21:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mumble
[2011/08/23 22:32:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Octoshape
[2011/05/14 04:03:34 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\RIFT
[2011/10/13 08:52:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Spotify
[2011/03/02 09:26:44 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Thunderbird
[2011/02/15 00:15:21 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Wizards of the Coast
[2011/10/15 00:52:50 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

to forum · permalink · 2011-10-15 04:01:25 ·

Kazeyonoma

join:2011-10-15
Brea, CA

reply to Kazeyonoma

Re: [Malware] Google redirect infection. slowing down PC, please

Extras.txt
-------------------------
OTL Extras logfile created on: 10/15/2011 2:33:18 AM - Run 1
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 57.83% Memory free
6.20 Gb Paging File | 4.95 Gb Available in Paging File | 79.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 729.22 Gb Total Space | 389.55 Gb Free Space | 53.42% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.98 Gb Free Space | 98.82% Space Free | Partition Type: FAT
Drive E: | 200.30 Gb Total Space | 196.35 Gb Free Space | 98.03% Space Free | Partition Type: NTFS

Computer Name: JOHN-NEWPC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2317141556-767997521-738446607-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BD0CC91-3566-4CFA-BC4D-761C059A470B}" = lport=6966 | protocol=17 | dir=in | name=league of legends launcher |
"{0EFAE534-7066-4575-924E-D8895519BA57}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{13084B80-1974-4D9C-908F-AC9347859D32}" = lport=139 | protocol=6 | dir=in | app=system |
"{1AAC7E9C-3A83-4A57-938F-9B17180AD527}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{2B2E925A-D467-477F-A36B-8DF96208BE72}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{2DFB4AA5-1EF6-427C-AAD6-39F21CE009E2}" = rport=139 | protocol=6 | dir=out | app=system |
"{395E743E-8937-4B79-B36E-D11259CA53B3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{3B0B92B2-8210-4FC8-A14B-20F1A3CA3CD1}" = lport=6960 | protocol=6 | dir=in | name=league of legends launcher |
"{417CB7BB-A046-4D29-9ECF-25321188F9EC}" = rport=137 | protocol=17 | dir=out | app=system |
"{57DDB86A-A7BF-4ADF-844E-5E5B81A48C21}" = lport=445 | protocol=6 | dir=in | app=system |
"{5843E953-9A25-49A4-ACFA-55A37459CEE3}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{5A5B7939-6CFD-4FD4-B951-EF9D8FCDEE0A}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{60848CD7-FBCA-487F-A527-DEFB7122ACD3}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher |
"{668ECC17-D7C2-4D5A-845F-C5B40D3C40BF}" = rport=445 | protocol=6 | dir=out | app=system |
"{6C618FD6-9FF5-4751-878D-5590307A1945}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{752AF3E0-C3C8-488C-8CC7-75D7AB715047}" = lport=6959 | protocol=17 | dir=in | name=league of legends launcher |
"{7A1EFC06-1B47-4DFF-80A5-5CE249839121}" = lport=6959 | protocol=6 | dir=in | name=league of legends launcher |
"{8487691F-8C97-4638-9539-9BFB0CAC4111}" = lport=137 | protocol=17 | dir=in | app=system |
"{8802BCE9-D228-411A-B105-253F0687C8E3}" = lport=6960 | protocol=17 | dir=in | name=league of legends launcher |
"{8ED7FFFC-1FCF-44D3-9195-12186E667CE9}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher |
"{92CFDB0D-3904-4983-B5DF-2DFC820041D4}" = rport=138 | protocol=17 | dir=out | app=system |
"{988913DD-6C6F-4CAA-8E15-14A8FC768A8C}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{9F74AEBB-DA4E-4735-83AA-7CD56D5117D2}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{B02A6AB5-4478-4E4C-9DCC-F534C1C6FA0B}" = lport=138 | protocol=17 | dir=in | app=system |
"{BFBAF7F1-6E0C-47BF-9AD9-06EA933756CF}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{BFC7DA57-06BC-45DC-987C-A9737B698D13}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
"{C1F68C49-CFEE-4F95-B554-B9AD69C8EC2A}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{C66FB0A0-74F5-4C67-96A5-47A1BAD0FADD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D232B54E-AC08-4EC6-A63F-9A1B02393333}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{D89540C4-C915-4EAB-91EA-7749B2EB6BF1}" = lport=6966 | protocol=6 | dir=in | name=league of legends launcher |
"{E943A189-AB7E-4DC9-8F76-100B73AAFD7B}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{F3D67FBA-090D-4A61-AE14-A4289B1BFEE4}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{F529E160-9685-44FE-A76E-8BD94B95A708}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0766244F-3D82-4590-8FF5-8E65C6054DFE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{08333F0A-1424-40D4-8BBF-29F31069D6E7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.439\agent.exe |
"{0888E584-AD77-4777-9DFE-014D8A84CC08}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{0F6142FF-6009-4A90-B907-CA51EE300306}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{129D708F-D68B-40D9-80C5-AC063FA1C08F}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{1D341F0D-348E-4E40-AEA6-BA2A9D15026F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{1F20DDB8-A2BD-42BB-A9B7-B2EF59924C5B}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{22D3D4A4-834B-407A-B088-56740CA14F19}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\forsaken world\patcher.exe |
"{25FA7366-9237-4014-8679-285C2E67F7F4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2C9A146B-868E-4B41-973B-511577F36622}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"{2D583234-20C2-435B-912B-EE5DC4AC9458}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{3182F8B6-EA2A-4C07-B021-F8583A8963E4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{31F79798-230B-4F7C-97E6-BFC3283FE434}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{35880BB7-4E40-4C07-A04B-B8012D69EC74}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{38C77914-9D22-4BD2-8903-FE7F6B01EF37}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{3B8F1FFE-CC43-4D43-9B65-81CBA8023E73}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{3BC8C92A-DEF4-4638-839F-55D3C22DD4C9}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{40A91CE4-1CC0-4E02-9378-9C7CB6F82A69}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{40C657C9-D803-421E-B674-FC1DFCED2A0D}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{4795A0A6-000A-4F0D-A772-B2142560B081}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{4D33B8CC-4CCB-4C46-8FEC-421C86325F2D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4D5E1E72-61D1-49B1-A595-85BA6EBF0731}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{51A4EAC6-297E-40E4-A161-B4E19116C5AC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{52644130-3A41-454B-A672-73E3B6BD366B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{54BA5259-56F8-44B6-8498-994D2C152811}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |
"{563901A2-B8F8-4B36-A2A7-0E597DDC5543}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{57BF77E4-4C8F-424A-8362-4064DA0ACBA9}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{5EDC508E-4964-422F-BD41-32DC609DA188}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dead island\deadislandgame.exe |
"{65637C75-ED7D-43C3-82E7-238925996FFA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6616D81C-8E42-48F1-84CB-2728C65BA0FC}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{668F4776-4F79-4544-A626-0D0633BF2164}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{6781DCD7-3CB2-4534-912F-50614909A879}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{6CC02E71-8005-4D31-8D41-44ACCFA22A22}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{6FA44BC6-D83D-4577-9588-3335657ABEDD}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{6FB01C7C-84BC-4F91-B7BB-8A90835355B5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{76363FDC-B33D-4838-BFD7-BB74A4FE3239}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7660978E-F9BC-4A4F-8DB3-DBF060CE4564}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7B1CCA1C-36EE-452F-AA33-60A06FC58697}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{7B2796E8-74F6-45F6-BE8A-6C8B370086CE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\forsaken world\patcher.exe |
"{7DA87D71-D598-44F8-9E5D-A90C0BBA861B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{7F3BE961-3C12-468D-9EA7-3BDB4037D74D}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{7FBB4C4F-3977-458C-A120-3839406DAF86}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{872E3635-3E70-4FB5-9B2F-304C41C2097F}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{8AAFB535-1BAD-452D-BE50-8020736EE5EC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{8C0FBEC8-6EDC-45BA-AA17-7E8B4394E290}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{932B7C8C-354A-491E-9925-4382567A22EC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{944CAB50-D821-46FB-AA59-945A7392AD4F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{946517BF-7063-435B-8700-E3413908BE93}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9741B24C-CFCE-4F6A-BA9B-2F1E6D239F9C}" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\dropbox\bin\dropbox.exe |
"{98D2510A-8AEA-4173-B610-A958012F207B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9AE4307D-AEFD-4BC4-A973-6EF04930801C}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{9DB51054-B69A-46A7-8180-E780FBF91163}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{A1DBD77F-2CC4-4FFC-B266-93009C8101FF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{A1DC833E-A3A0-4D2F-8A26-04AE2936C959}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A24E834E-CF4B-4479-B6E2-9C8624F60E15}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dead island\deadislandgame.exe |
"{A2504CAC-3037-4B29-978D-FD5E45BAF0D2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{A60F3EA6-954F-47C1-98C6-0215BEF9A1C9}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{A6765407-BFF4-4ADC-96C3-D218B04B584A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AA61313F-BFA3-4875-A396-EB0807F5DACC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.439\agent.exe |
"{AB7595C7-EA30-44E2-8334-EE6BB32606C7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{AD16815B-CAD1-4289-9809-F9411CCFA3BA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.440\agent.exe |
"{AFFE68DF-017F-4BF1-8A68-98E7CA5F3DEB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{B044C00B-5C35-4FE6-BB66-FD0B584F63F2}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |
"{B2B3F27E-4B06-4C89-AA97-D34823B71FA1}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.patch.exe |
"{B3A73EF7-888D-4BE2-99C1-1EC08B2C28FD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{B9B82CB0-AD73-49D2-9DC6-0410AD9956AF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C0B862EE-DB68-4297-AF98-ACF836090D3E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C1560B60-285D-47AB-9E63-5485DA2885C2}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{C4418CC1-B5DF-48EA-A5A1-291395AF0CF5}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{C5FA68EC-C5B2-467D-933C-2E3C1F06D201}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C6C4DC9C-636F-4910-B953-34C884A9737C}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{C9EFE59A-0DFC-4D4C-9FD2-E1F70212A872}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{D53CB6DC-39D9-4A4C-AAC8-EBAC88B46D11}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{D7768A8C-3ADF-47C0-9DDF-6A1D878463A9}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{D9B2DDF3-FFA6-45A8-A00C-6723C3144783}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"{DDF8948D-2AF1-41B7-A13E-809FF839A30C}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{DFCF7637-64F2-4510-81B9-29FD18FDEEA6}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.patch.exe |
"{DFD0D31C-3222-4EAE-B26F-9A73AF786FEC}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{E8AA1137-1452-4863-8948-D702485F81E2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{F0D47777-DD47-4397-AD5F-4FC0CC882E6F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.440\agent.exe |
"{F2303FB6-CB5B-4D2A-9759-AB97D812305E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{F401EFDA-9046-4433-BD4E-77968A0AFADE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{F54B258B-0902-4D85-B526-7398940C2408}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{FC5AE233-A7A6-4990-AC15-6CD3306F8F50}" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\dropbox\bin\dropbox.exe |
"{FCB5BC21-3023-416C-AD0B-F79C1FD77A3B}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{247B85A1-064A-4186-AC5E-42479C1AEFD2}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"TCP Query User{28C69E9E-FA33-4F61-852A-D817E4ED5599}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{6E752397-147D-455D-97BA-16AA4F257A40}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"TCP Query User{90FBBDEF-68AA-422A-8591-666F4D90B327}C:\program files\diablo iii beta\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"TCP Query User{9AF2C012-24A3-4A3F-9326-1F0D62C8B8D6}C:\users\public\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\public\games\warcraft iii\war3.exe |
"TCP Query User{AEB8EFF1-190E-49AC-8135-158210C896C2}C:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"TCP Query User{CF2705E6-B3A4-4ACF-B0A7-22767963501B}C:\program files\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files\the witcher 2\bin\witcher2.exe |
"UDP Query User{331E252F-6582-4FDE-AC87-968CA7DE96C3}C:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"UDP Query User{339C997A-05DE-4294-8B6B-17CB62A82A30}C:\users\public\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\public\games\warcraft iii\war3.exe |
"UDP Query User{66EBEB1D-C4F7-4852-B8EB-E0E37A895CB0}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{670CC671-7348-4DE0-B907-7F23D18D1060}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{A8A3D8DC-E892-43A3-B657-B8093562F0DA}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{B211D912-51D4-4E99-AE1B-ABEA14094B3F}C:\program files\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files\the witcher 2\bin\witcher2.exe |
"UDP Query User{F945CEA2-5E3E-4C51-975F-CF33F353E81D}C:\program files\diablo iii beta\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{32A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{662CFD19-EA80-4EFE-A0D8-EE10EFEB3C83}" = Livestream Procaster
"{67D15B01-9A6B-0397-002A-D2A015212748}" = FlipShare
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DA0B8BE-3735-4287-AF4D-B8DE088D0AA7}" = AVG 2012
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{E06C6D71-ACAB-4290-8547-917C7FB1FD4E}" = AVG 2012
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AVG" = AVG 2012
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitTornado" = BitTornado 0.3.17
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Diablo II" = Diablo II
"Diablo III Beta" = Diablo III Beta
"DragonNest" = DragonNest
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"HitmanPro35" = Hitman Pro 3.5
"hon" = Heroes of Newerth
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"Mozilla Thunderbird (3.1.8)" = Mozilla Thunderbird (3.1.8)
"Mumble" = Mumble and Murmur
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Spotify" = Spotify
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 91310" = Dead Island
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"A&I Book Creator" = A&I Book Creator
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 9/9/2011 4:32:13 AM | Computer Name = John-newPC | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.220.4, time stamp 0x4c908d15,
faulting module java.dll, version 6.0.220.4, time stamp 0x4c90c109, exception code
0xc0000005, fault offset 0x00004e20, process id 0xcac, application start time 0x01cc6ecaf873822d.

Error - 9/10/2011 3:17:04 AM | Computer Name = John-newPC | Source = Application Hang | ID = 1002
Description = The program DeadIslandGame.exe version 1.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 174c Start Time: 01cc6f88341d8f14 Termination Time: 365

Error - 9/10/2011 4:35:30 AM | Computer Name = John-newPC | Source = Application Error | ID = 1000
Description = Faulting application DeadIslandGame.exe, version 1.0.0.0, time stamp
0x4e68cb69, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x00039747, process id 0x143c, application
start time 0x01cc6f9437931054.

Error - 9/19/2011 5:03:31 AM | Computer Name = John-newPC | Source = Application Error | ID = 1000
Description = Faulting application DeadIslandGame.exe, version 1.0.0.0, time stamp
0x4e68cb69, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x00039747, process id 0xc00, application
start time 0x01cc769dad0b6ba8.

Error - 9/20/2011 5:13:19 AM | Computer Name = John-newPC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.4262, time stamp 0x4e615d51,
faulting module kernel32.dll, version 6.0.6002.18005, time stamp 0x49e037dd, exception
code 0xe06d7363, fault offset 0x0003fbae, process id 0x1344, application start time
0x01cc7752d26d538f.

Error - 9/20/2011 5:32:48 AM | Computer Name = John-newPC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4262, time
stamp 0x4e615d14, faulting module ntdll.dll, version 6.0.6002.18005, time stamp
0x49e03821, exception code 0xc0000005, fault offset 0x00048b02, process id 0x1728,
application start time 0x01cc7752dee32d1f.

Error - 9/20/2011 7:22:33 AM | Computer Name = John-newPC | Source = Application Error | ID = 1000
Description = Faulting application nuhzr03m.exe, version 1.0.15.15641, time stamp
0x4e21f2b1, faulting module nuhzr03m.exe, version 1.0.15.15641, time stamp 0x4e21f2b1,
exception code 0xc0000005, fault offset 0x0000c676, process id 0x12c4, application
start time 0x01cc77866caa8def.

Error - 10/11/2011 5:37:44 AM | Computer Name = John-newPC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.4280 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 7b0 Start Time: 01cc87de3872b10c Termination Time: 131

Error - 10/13/2011 3:33:04 AM | Computer Name = John-newPC | Source = ESENT | ID = 455
Description = Catalog Database (1696) Catalog Database: Error -1811 occurred while
opening logfile C:\Windows\system32\CatRoot2\edb0012C.log.

Error - 10/13/2011 3:33:04 AM | Computer Name = John-newPC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

[ System Events ]
Error - 10/12/2011 12:44:25 PM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7009
Description =

Error - 10/12/2011 12:44:25 PM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2011 10:07:33 PM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/13/2011 3:11:29 AM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/13/2011 3:32:04 AM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/13/2011 11:37:26 AM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/14/2011 2:38:39 AM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/14/2011 11:30:47 AM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/15/2011 1:02:46 AM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/15/2011 3:54:19 AM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7026
Description =
to forum · permalink · 2011-10-15 05:38:29 ·

Kazeyonoma

join:2011-10-15
Brea, CA

checkup.txt
----------------
Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 [color=red](UAC is disabled!)[/color]
Internet Explorer 7 [color=red]Out of date![/color]
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
Windows Firewall Enabled!
AVG 2012
McAfee Security Scan Plus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
Malwarebytes' Anti-Malware
Java DB 10.5.3.0
Java(TM) 6 Update 22
Java(TM) SE Development Kit 6 Update 22
Adobe Flash Player 10.3.183.10
Adobe Reader 9.4.6
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.23)
Mozilla Thunderbird (3.1.8)
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

to forum · permalink · 2011-10-15 05:42:02 ·

Kazeyonoma

join:2011-10-15
Brea, CA

Re: [Malware] Google redirect infection. slowing down PC, please

Online scan:

QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Scan date: Sat Oct 15 02:43:38 2011
Machine ID: F06BC006

No infection found.
-------------------

Processes
---------
AVG Internet Security 516 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
AVG Internet Security 2672 C:\Program Files\AVG\AVG2012\avgemcx.exe
AVG Internet Security 3084 C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
AVG Internet Security 2660 C:\Program Files\AVG\AVG2012\avgnsx.exe
AVG Internet Security 2152 C:\Program Files\AVG\AVG2012\avgtray.exe
AVG Internet Security 2284 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
AVG Internet Security 484 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C-Major Audio 2548 C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
C-Major Audio 2100 C:\Windows\sttray.exe
Cyberlink PowerCinema 2088 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
Firefox 5292 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 5220 C:\Program Files\Mozilla Firefox\plugin-container.exe
FlipShare 2316 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
Google Chrome 5724 C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5376 C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 4916 C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 4452 C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5796 C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 2936 C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 1484 C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 2148 C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
Intuit Update Service 1384 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
Java(TM) Platform SE Auto Updater 2 0 4028 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
Java(TM) Platform SE Auto Updater 2 0 2136 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Malwarebytes' Anti-Malware 4408 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
McAfee Security Scanner 2340 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
Microsoft IntelliType Pro 2176 C:\Program Files\Microsoft IntelliType Pro\itype.exe
Microsoft® Windows® Operating System 1724 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 752 C:\Windows\System32\csrss.exe
Microsoft® Windows® Operating System 820 C:\Windows\System32\csrss.exe
Microsoft® Windows® Operating System 860 C:\Windows\System32\services.exe
Microsoft® Windows® Operating System 1468 C:\Windows\System32\SLsvc.exe
Microsoft® Windows® Operating System 452 C:\Windows\System32\smss.exe
Microsoft® Windows® Operating System 3428 C:\Windows\System32\wbem\unsecapp.exe
Microsoft® Windows® Operating System 3612 C:\Windows\System32\wbem\WmiPrvSE.exe
Microsoft® Windows® Operating System 808 C:\Windows\System32\wininit.exe
Microsoft® Windows® Operating System 884 C:\Windows\System32\winlogon.exe
NVIDIA Driver Helper Service, Version 2 1600 C:\Windows\System32\nvvsvc.exe
NVIDIA Driver Helper Service, Version 2 1120 C:\Windows\System32\nvvsvc.exe
Pando Media Booster 2212 C:\Program Files\Pando Networks\Media Booster\PMB.exe
Razer Naga Epic Systray 2160 C:\Program Files\Razer\Naga Epic\NagaEpicSysTray.exe
Stereo Vision Control Panel API Server 2888 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
Virtual CloneDrive 2184 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
Windows® Search 728 C:\Windows\System32\SearchFilterHost.exe
Windows® Search 4424 C:\Windows\System32\SearchProtocolHost.exe
(verified) Microsoft® Windows® Operating System 1248 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 908 C:\Windows\System32\lsass.exe
(verified) Microsoft® Windows® Operating System 920 C:\Windows\System32\lsm.exe
(verified) Microsoft® Windows® Operating System 1908 C:\Windows\System32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 1932 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1504 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2500 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1336 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1316 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1268 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2912 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2948 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1148 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 3376 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1076 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1712 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 3160 C:\Windows\System32\taskeng.exe
(verified) Microsoft® Windows® Operating System 824 C:\Windows\System32\taskeng.exe
(verified) Microsoft® Windows® Operating System 4076 C:\Windows\System32\wuauclt.exe
(verified) Windows® Search 3000 C:\Windows\System32\SearchIndexer.exe

Network activity
----------------
Process firefox.exe (5292) connected on port 80 (HTTP) --> 74.125.224.229
Process firefox.exe (5292) connected on port 443 (HTTP over SSL) --> 107.20.105.198
Process firefox.exe (5292) connected on port 80 (HTTP) --> 74.125.127.100
Process firefox.exe (5292) connected on port 80 (HTTP) --> 74.125.224.162
Process firefox.exe (5292) connected on port 80 (HTTP) --> 209.123.109.175
Process chrome.exe (5796) connected on port 80 (HTTP) --> 91.199.104.31
Process chrome.exe (5796) connected on port 80 (HTTP) --> 91.199.104.31
Process chrome.exe (5796) connected on port 80 (HTTP) --> 91.199.104.31
Process chrome.exe (5796) connected on port 80 (HTTP) --> 63.238.2.248
Process chrome.exe (5796) connected on port 80 (HTTP) --> 63.238.2.248
Process chrome.exe (5796) connected on port 80 (HTTP) --> 63.238.2.217
Process chrome.exe (5796) connected on port 80 (HTTP) --> 63.238.2.217
Process chrome.exe (5796) connected on port 80 (HTTP) --> 63.238.2.217
Process chrome.exe (5796) connected on port 80 (HTTP) --> 74.125.224.161
Process chrome.exe (5796) connected on port 80 (HTTP) --> 74.125.224.161
Process chrome.exe (5796) connected on port 80 (HTTP) --> 74.125.224.161
Process chrome.exe (5796) connected on port 80 (HTTP) --> 74.125.224.161
Process chrome.exe (5796) connected on port 80 (HTTP) --> 69.171.229.16
Process chrome.exe (5796) connected on port 80 (HTTP) --> 69.171.229.16
Process chrome.exe (5796) connected on port 80 (HTTP) --> 69.171.229.16
Process chrome.exe (5796) connected on port 443 (HTTP over SSL) --> 74.125.224.171
Process chrome.exe (5796) connected on port 443 (HTTP over SSL) --> 74.125.53.132
Process chrome.exe (5796) connected on port 443 (HTTP over SSL) --> 74.125.224.49
Process chrome.exe (5796) connected on port 80 (HTTP) --> 66.235.143.121

Process wininit.exe (808) listens on ports: 49152 (RPC)
Process services.exe (860) listens on ports: 49156 (RPC)
Process lsass.exe (908) listens on ports: 49155 (RPC)
Process svchost.exe (1148) listens on ports: 135 (RPC)
Process svchost.exe (1268) listens on ports: 49153 (RPC)
Process svchost.exe (1336) listens on ports: 49154 (RPC)
Process PMB.exe (2212) listens on ports: 443 (HTTP over SSL), 563 (NNTP over SSL), 56629

Autoruns and critical files
---------------------------
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
AVG Internet Security C:\Program Files\AVG\AVG2012\avgtray.exe
C-Major Audio C:\Windows\sttray.exe
Cyberlink PowerCinema C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
EPSON Status Monitor 3 C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Microsoft IntelliType Pro C:\Program Files\Microsoft IntelliType Pro\itype.exe
Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\BCSSync.exe
Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Microsoft® Windows® Operating System C:\Windows\system32\BROWSEUI.dll
Pando Media Booster C:\Program Files\Pando Networks\Media Booster\PMB.exe
QuickTime C:\Program Files\QuickTime\QTTask.exe
Razer Naga Epic Systray C:\Program Files\Razer\Naga Epic\NagaEpicSysTray.exe
Steam C:\Program Files\Steam\steam.exe
Virtual CloneDrive C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
Windows® Internet Explorer C:\Windows\system32\webcheck.dll
(verified) Google Update C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Windows Defender C:\Program Files\Windows Defender\MSASCui.exe

Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
AVG Internet Security c:\program files\avg\avg2012\avgssie.dll
BitDefender QuickScan C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.99_0\npqscan.dll
Google Update C:\Users\John\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
Java Deployment Toolkit 6.0.220.4 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java(TM) Platform SE 6 U22 c:\program files\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U22 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL
Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL
Microsoft Office 2010 c:\program files\microsoft office\office14\urlredir.dll
Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
Nexon Game Controller C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
NVIDIA 3D Vision C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
NVIDIA 3D VISION C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
Pando Web Plugin C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
Skype Toolbars c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Skype Toolbars C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\Windows\system32\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

Scan
----
MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
MD5: 826ddbbca98f2e6cd1dfe33cef33994c C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MD5: cf109aa996155b94980bec67896e4d6c C:\Program Files\AVG\AVG2012\avgcclix.dll
MD5: 5e6f508618023f398097c080a413d681 C:\Program Files\AVG\AVG2012\avgcertx.dll
MD5: 405beb1c212af187e5cf9d72bb9e415f C:\Program Files\AVG\AVG2012\avgcfgx.dll
MD5: 6dd1938711903d46ac3a82d4aa12bbec C:\Program Files\AVG\AVG2012\avgchclx.dll
MD5: f37ec91e5d8c51c86dc0337cb84a15b8 C:\Program Files\AVG\AVG2012\avgchjwx.dll
MD5: 2d0387d5f322bb669e083eaab0c4adfc C:\Program Files\AVG\AVG2012\avgclitx.dll
MD5: 37e1daee2ba4ef31a370b50ea5952d0b C:\Program Files\AVG\AVG2012\avgcorex.dll
MD5: 7713613deef6cb1185c5ece19cb3651a C:\Program Files\AVG\AVG2012\avgcsrvx.exe
MD5: 26e8abaa35996770420fe9b173cf0cca C:\Program Files\AVG\AVG2012\avgemcx.exe
MD5: 2ce502e8d61d5775fab9913ce73ee88d C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
MD5: c444d6c4368ba349a34a2b8465e6de94 C:\Program Files\AVG\AVG2012\avglogx.dll
MD5: 4dedbbb29d5c2bb16e13d75c1f039e52 C:\Program Files\AVG\AVG2012\avgnsx.exe
MD5: c03d3cb0c87ffdf6b7202cd1d8d2cefe C:\Program Files\AVG\AVG2012\avgntopensslx.dll
MD5: 153090d45d9589dce97362b4faa94bc0 C:\Program Files\AVG\AVG2012\avgopensslx.dll
MD5: 5f6135229bea89cf61fdff0ea506a00d C:\Program Files\AVG\AVG2012\avgrsx.exe
MD5: a9262a652353f644753b90265bed1478 C:\Program Files\AVG\AVG2012\avgse.dll
MD5: 00ca45724bdb9b0c71b09f13c89d64fe c:\program files\avg\avg2012\avgssie.dll
MD5: 6e46c80687d3a194732ac424b7f9782f C:\Program Files\AVG\AVG2012\avgsysx.dll
MD5: 7775fb85b907e75bd7c17a52fc561dd4 C:\Program Files\AVG\AVG2012\avgtray.exe
MD5: 6699ece24fe4b3f752a66c66a602ee86 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
MD5: 1927f2a103cddf803286730d21e9e952 C:\Program Files\AVG\AVG2012\avgxpl.dll
MD5: 22bc725380124a9035de9a77bfbe8615 C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff7.dll
MD5: 203a74767eb81f96a5166b1933db46d0 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: 47c1de0a890613ffcff1d67648eedf90 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 3dc635b66dd7412e1c9c3a77b8d78f25 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
MD5: db1a23ee7dd2e5e04e7de071a6bef699 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
MD5: 2ee628fdbfafc37d06c2c8974312df1d C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MD5: bf0cfc7156e22d24184cc53bc5a8a50a C:\Program Files\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll
MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\CyberLink\PowerDVD DX\MFC71.DLL
MD5: bf67a8f7cc0e83d226fed8b4e27f8c33 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
MD5: 2a21fe60a9bc5247bd8c57409a2b97f8 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
MD5: 7feb1788a6855c5efc55fc4500b345b4 C:\Program Files\Flip Video\FlipShare\Core.dll
MD5: 072e7fe333bb59ace1bd7cb9c93fc5d9 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MD5: 4a35afcc8f8f30bd1eb5dae95b42560e C:\Program Files\Flip Video\FlipShare\qca2.dll
MD5: ce9ed72784ccb29ad745eb7651bf7b54 C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MD5: e0873594c5a39e3ee21c89a620cfeb6d C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MD5: 569efb7717dd8f935990853427752a77 C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
MD5: 7652ff8a01f263b9e012fc6e286823a3 C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MD5: 32147b7d865525319420046a789128f3 C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 3f59ede1444c14cfbaa15c7ebbfe6196 c:\program files\java\jre6\bin\jp2ssv.dll
MD5: 3ed8e561044723c6039a8a20a3ae60cc C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: d8d95f3867c2c93d012660e59e80db20 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
MD5: 4cbe2bd48a10404a7cb9fa9d45fd77a3 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
MD5: 04660e948297d07d0a878b20956fb099 C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
MD5: 844c363b47960cafcd81e5285269f280 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
MD5: 026423673b8563e9975bda97ed6273c7 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
MD5: 0af0c0c737ee9ba80a1c0b72fe9022c8 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
MD5: 91ea28804ec3a71126841554199e28bc C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
MD5: baa4de42156350754976dd563d02cde4 C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
MD5: d40d8a258c3a991bcf9d9648429c2a39 C:\Program Files\Microsoft IntelliType Pro\Components\Commands\dpghnt\dpghnt.dll
MD5: 0cac8674eb7d5959769ee5a38fed11a4 C:\Program Files\Microsoft IntelliType Pro\dpgcmd.dll
MD5: c49b09e7b1a0daec440ebc8ab7239a41 C:\Program Files\Microsoft IntelliType Pro\dpgmkb.dll
MD5: a0791035304f50d814c5b226a2799928 C:\Program Files\Microsoft IntelliType Pro\itype.exe
MD5: cfce4f180146214bf288fa8bf7a384f4 C:\Program Files\Microsoft IntelliType Pro\srres.dll
MD5: cbbfd706dcf9e517dd156ead8d7daf69 C:\Program Files\Microsoft Office\Office14\MAPIPH.DLL
MD5: f9cca77443df0a9f79fc585c8d705d54 C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
MD5: 27fd37a85511a50e913e9b3fb8249c41 C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
MD5: 7f45b20a1d921f5246ac9b62c96ebb26 C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
MD5: c76e77685b1bd8445bbbb6599b815a47 C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
MD5: b6fdddab3a8c94cc5b47b6f6c596f9fc C:\Program Files\Mozilla Firefox\firefox.exe
MD5: 444965ea23187b113161e0df3b8a7cff C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: 0a093adfc938a4dc1fbe4f33e821aeba C:\Program Files\Mozilla Firefox\js3250.dll
MD5: d52a48b57d1499594e5cc214aa672bf1 C:\Program Files\Mozilla Firefox\MOZCPP19.dll
MD5: 1b983b717f924648fd13be572356963a C:\Program Files\Mozilla Firefox\MOZCRT19.dll
MD5: 41f6ce355d59011672e924c7d6843a49 C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: 313943a1eb6b49be59200778686b36f3 C:\Program Files\Mozilla Firefox\nss3.dll
MD5: 5f52f4ab0c24feff8417beb9d09feaf1 C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: b531b6933e64af2f5062105811313db3 C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: 3621cf0e150a0b4e5d4be9da810d5c70 C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: 3c9ed583ba25c2c4c3ac5f86f6ae1505 C:\Program Files\Mozilla Firefox\plc4.dll
MD5: 77ad486ab85913e5282911f4cf039f11 C:\Program Files\Mozilla Firefox\plds4.dll
MD5: 4e8a14eb0f88199f8b8d5d55b3a17b5e C:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: 99f97c9fe748c37528c338a423577fcb C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
MD5: c953747215143628d3724340faf73bd4 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
MD5: 724614b3363c3377ceac6dc8a1986c14 C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: 39119c89449fc3764498f4ed78426bd3 C:\Program Files\Mozilla Firefox\smime3.dll
MD5: ddcb1183aa86739ad66c6f24b9f4f04e C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: a16f5ea841760336b62ea64ae9291198 C:\Program Files\Mozilla Firefox\sqlite3.dll
MD5: a374c695629aa8002364e418d24496ab C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: 2b8b81d15fa69ba228bd9c970c6a5c88 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: 85f7e8f9e031edd951c9fce6d325008d C:\Program Files\Mozilla Firefox\xul.dll
MD5: a2cc385d7bd26001af002e8bd98e05ae C:\Program Files\Pando Networks\Media Booster\BugSplat.dll
MD5: 91f90cf9da4c3f5b634bb72511ff2614 C:\Program Files\Pando Networks\Media Booster\freebl3.dll
MD5: fed935f9471c4f28cdfbca604d08bd65 C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
MD5: a85bf26968e112eaa04fdd2e9585b297 C:\Program Files\Pando Networks\Media Booster\nspr4.dll
MD5: 5fdb273ec4a139cc7f58a4f9ff4a08f7 C:\Program Files\Pando Networks\Media Booster\nss3.dll
MD5: 984cfea6cbc8e5edd9498cd7afcd18ec C:\Program Files\Pando Networks\Media Booster\plc4.dll
MD5: f24dc728a5284121b87b7c4314582a75 C:\Program Files\Pando Networks\Media Booster\plds4.dll
MD5: 37c23556fa5ed4066e9328a2281eb76f C:\Program Files\Pando Networks\Media Booster\PMB.exe
MD5: fd6218d4831f7a9d59313606f28fdca8 C:\Program Files\Pando Networks\Media Booster\smime3.dll
MD5: 68ec8ab5e5e4d3e29589c8d2fb6dc96d C:\Program Files\Pando Networks\Media Booster\softokn3.dll
MD5: a924d39668f9618f3843d2fa6669378f C:\Program Files\Pando Networks\Media Booster\ssl3.dll
MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\QTTask.exe
MD5: a964122e63d911f51866707681274abb C:\Program Files\Razer\Naga Epic\NagaEpicSysTray.exe
MD5: d294949451d2dbb3ff22ba352978d99d C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
MD5: b976c3cadd6e97436cb28bf9e1c75e85 c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
MD5: 50f97e500548de3125af531070750c69 C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll
MD5: 67384147dd005e54d2c0a20408e28579 C:\Program Files\Steam\steam.exe
MD5: 6bbba96cc993ac38e67c1a326cc552f8 C:\Program Files\TextPad 5\System\shellext32.dll
MD5: b7dc98f6f4e7611a9c0849945fb28fb9 C:\Program Files\Windows Defender\MpOav.dll
MD5: 30a23a61e651c7487407cf74176c6ab1 C:\Program Files\WinRAR\rarext.dll
MD5: 6d657abadf217dbb17cf0a0af44a7e29 C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
MD5: 5f6135229bea89cf61fdff0ea506a00d C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
MD5: d0e5074c2e40496228063a4275ad2f23 C:\Users\John\AppData\Local\Google\Chrome\Application\14.0.835.186\avcodec-53.dll
MD5: a6c049f0c3008cfa33264970eaa649a3 C:\Users\John\AppData\Local\Google\Chrome\Application\14.0.835.186\avformat-53.dll
MD5: 73b8cb9d199df6998cdb3a22585e7480 C:\Users\John\AppData\Local\Google\Chrome\Application\14.0.835.186\avutil-51.dll
MD5: 80c98793d77b95f64341e0988fe13a4c C:\Users\John\AppData\Local\Google\Chrome\Application\14.0.835.186\chrome.dll
MD5: 16d6fa64c9386c8d09bd613ad24e2964 C:\Users\John\AppData\Local\Google\Chrome\Application\14.0.835.186\icudt.dll
MD5: bc130d8193c57fa9b993c9e9b9772e1f C:\Users\John\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
MD5: 71aeb12202e459557f74406b03f0f438 C:\Users\John\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
MD5: ec23fdf23952a1942e2578ae8649b31a C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
MD5: ec5f1b4482b01afb20c111973f9a920d C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
MD5: f4a569f89a90205a095965ae628625e1 C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.99_0\npqscan.dll
MD5: 0d54bde041a1b094adb33648dce3fcfa C:\Users\John\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
MD5: 6d74290856347cf8682277a54b433d4b C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
MD5: 8607a3ae9c287a8e3cdf6e410a1426a7 C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MD5: 937fbd23997a91af923d5e89286126bd C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MD5: 70891f0ed183ac39be4c5e43666a35c7 C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MD5: b74bb4fa1cb68892caf2e3a586a55e23 C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MD5: 0c06a80dffa51e0eb9c5ce3df703bc46 C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MD5: 12500e86fafeb5cb22c0aba370cfffbd C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MD5: a71a91c57d2832c5d6d3f1917830bee8 C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MD5: 26d2b399e87f2df5dbce2dac24d94cff C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MD5: ce652d887de875b24be66901c8c05f62 C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MD5: c0770e006d0556d359f586ed86ead004 C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MD5: 68a84e7d86995088127f30e5d118c4e2 C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MD5: fe88e72f1b01ef8334e47ec44117559f C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MD5: e43c3d10e560dbeacfbc12bf888703a7 C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MD5: f71a731e236fb55e3585dc5391d286d3 C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MD5: 54b21273aaf8a0ba1c06494ffb21bb29 C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MD5: 515d0e89532fa76488be97427de4207f C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MD5: d6f5d2245d53b5f5d3939137a7ec97ec C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MD5: e5210eb71e2017951050550067c30093 C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MD5: 712fa98f6794152b349fd74a702f40f7 C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MD5: b37a7c2b855fa1523a6840246c250fb2 C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MD5: 333244713f41c02de8502061c0a11622 C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MD5: 1d114e646e5cc8b6d18238eba210f9ae C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MD5: b334fca2f0878c2af77826211dbe55bb C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MD5: bc204ce4cd9d08d6b178dfc77095b850 C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MD5: b89cb7f3f1a1e2807e708f5435deb13d C:\Windows\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MD5: 6f5955495a088a64699f79c1e22ceef5 C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\df51961ed496f46601dd0bb255a31161\CustomMarshalers.ni.dll
MD5: dd48695d9b86dc5970c3f54c84dbbd4f C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\98bbdd8c400493ad228b8283665cc9da\mscorlib.ni.dll
MD5: 0f28cbcea7618b625a5d8a18a77d0853 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\33891c1f2a8120a3b7bb463cc6f97438\System.ServiceProcess.ni.dll
MD5: bbe4a86378ebf12e1e605ffb6113eb3c C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ed6ae2749d12c4729ee43ff339de4bb8\System.ni.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 12b4d77d74f189623cf1b1100c98dc69 C:\Windows\sttray.exe
MD5: e9b9c1b98c8d6d48407e1c1203eac659 C:\Windows\System32\adsldpc.dll
MD5: c77f71aa825263541965846edd9e8729 C:\Windows\system32\advpack.dll
MD5: f31eebc1a1c81fd04005489cc3dcdfe7 C:\Windows\system32\basesrv.dll
MD5: f21f255b91ca4f04e4250decd2067cbb c:\windows\system32\bitsperf.dll
MD5: d333058925ce305e39de8d5ad2b52a46 C:\Windows\system32\CLUSAPI.DLL
MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe
MD5: 7f15b4953378c8b5161d65c26d5fed4d C:\Windows\system32\cngaudit.dll
MD5: 93e317d7ad783d8eaee2e3500bfe889d C:\Windows\System32\credui.dll
MD5: 7f55c714567e2e55c79b7fd33433c93d C:\Windows\system32\CSRSRV.dll
MD5: abca209eba02cb59233614db83b4f50d C:\Windows\System32\csrss.exe
MD5: 3a99cb23a2d326fd532618705d6e3048 C:\Windows\system32\drivers\aliide.sys
MD5: 4333c133dbd71c7d7fe4fb1b83f9ee3e C:\Windows\system32\drivers\amdide.sys
MD5: 4cbb56fbc9c0cbc517e6e3a6889ebddc C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
MD5: 459bce188232e2fe6152423efef65d76 C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
MD5: 91d9abe7e88eac7c167cba4ed4d983bf C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
MD5: 54d710b7d2e30e1ddc8ce2c6e685576b C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
MD5: f4dbbc8d3c5338693da23c59a50f8abc C:\Windows\system32\DRIVERS\avgldx86.sys
MD5: 1c77ef67f196466adc9924cb288afe87 C:\Windows\system32\DRIVERS\avgmfx86.sys
MD5: f2038ed7284b79dcef581468121192a9 C:\Windows\system32\DRIVERS\avgrkx86.sys
MD5: a6d562b612216d8d02a35ebeb92366bd C:\Windows\system32\DRIVERS\avgtdix.sys
MD5: 502f1c30bd50b32d00ce4dcaecc3d3c7 C:\Windows\system32\DRIVERS\b57nd60x.sys
MD5: dfb94a6fc3a26972b0461ab5f1d8272b C:\Windows\system32\drivers\cmdide.sys
MD5: 82b8c91d327cfecf76cb58716f7d4997 C:\Windows\system32\drivers\compbatt.sys
MD5: d71233d7ccc2e64f8715a20428d5a33b C:\Windows\System32\Drivers\ElbyCDIO.sys
MD5: 1c60617d54bc9f035671a44b75d9f7cc C:\Windows\system32\drivers\intelide.sys
MD5: f0ec3a4e0693a34b148723b4da31668c C:\Windows\system32\drivers\msahci.sys
MD5: 6f785db62a6d8f3fafd3e5695277e849 C:\Windows\system32\drivers\nvraid.sys
MD5: 4a5fcab82d9bf6af8a023a66802fe9e9 C:\Windows\system32\drivers\nvstor.sys
MD5: f2d7ccd75132f19119108e07a4fd0a12 C:\Windows\system32\DRIVERS\nvstor32.sys
MD5: 1636d43f10416aeb483bc6001097b26c C:\Windows\system32\drivers\pciide.sys
MD5: 2e2f0d988f6d46e5e5e84d9fcad39081 C:\Windows\system32\DRIVERS\RzSynapse.sys
MD5: 103b79418da647736ee95645f305f68a C:\Windows\system32\drivers\sffdisk.sys
MD5: 9cfa05fcfcb7124e69cfc812b72f9614 C:\Windows\system32\drivers\sffp_sd.sys
MD5: 3cfea727795243364bb6a7f9a091faa3 C:\Windows\system32\drivers\stwrt.sys
MD5: 325dbbacb8a36af9988ccf40eac228cc C:\Windows\system32\DRIVERS\usbuhci.sys
MD5: fce98c43b5c5db8e0da8ea0e2b45e044 C:\Windows\system32\DRIVERS\VClone.sys
MD5: 58c8d5ac5c3eef40e7e704a5ced7987d C:\Windows\system32\drivers\viaide.sys
MD5: a4ec6b9766e2a7faa77283697bc5c307 C:\Windows\System32\E_FLBADA.DLL
MD5: 735f6d1d9eb8a6c76efd55e7182de272 C:\Windows\system32\ElbyCDIO.dll
MD5: 0d7d58f63a079ce865915cf64458851c C:\Windows\system32\ElbyVCD.dll
MD5: b8a21907fe2f1a113f3487d9ab60bef9 C:\Windows\system32\en-us\tQuery.dll.mui
MD5: 67bb7141f7f5f37411f796943b3418b6 C:\Windows\system32\framedynos.dll
MD5: b4b59ac042ee3733a862f26cbc0b17fc C:\Windows\system32\hidphone.tsp
MD5: 0c84b6affa7486422235584110d7176f c:\windows\system32\ICAAPI.dll
MD5: dca3fa9f9dd103dc39c24c85ef073db1 C:\Windows\system32\ICMP.DLL
MD5: 953193a9dea40348c1086d171f6440ae C:\Windows\system32\kmddsp.tsp
MD5: ca0b849566776a17f35f0339be17dfd9 c:\windows\system32\ktmw32.dll
MD5: 35d40113e4a5b961b6ce5c5857702518 c:\windows\system32\lmhsvc.dll
MD5: 5ad4e19d583fa285f4b5ccb7784a28c2 C:\Windows\system32\Macromed\Flash\NPSWF32.dll
MD5: b4f5de3dad8e6b97272f45db97674878 C:\Windows\System32\mgmtapi.dll
MD5: 56e315acfb08a177b4d01e42b9044db5 C:\Windows\System32\MPRAPI.dll
MD5: aab5feaabf4cb6f76d794203831c8d94 C:\Windows\system32\Msidle.dll
MD5: 5e41139ec6efbcaffd96d46925e544ab c:\windows\system32\mspatcha.dll
MD5: abe9eea1eabea0711610a637a7b1c25d C:\Windows\system32\msprivs.dll
MD5: 8d43735c8b4519ccc473d68e25f24c1d C:\Windows\system32\MSVBVM60.DLL
MD5: 2fa16465f64db54b1f7f511395eb4fd7 C:\Windows\system32\NCObjAPI.DLL
MD5: f4d9ed6bd74ad7cc0bec83c43a1cb76b c:\windows\system32\ncsi.dll
MD5: 2f6776acefe41ee889c464ea407918f2 C:\Windows\system32\ndptsp.tsp
MD5: 6bc5fcef351e4cb5a269c1e84b5a06da C:\Windows\system32\netcfgx.dll
MD5: 95daecf0fb120a7b5da679cc54e37dde C:\Windows\system32\netlogon.dll
MD5: 4bf053944e973c073339be841c9ecf28 C:\Windows\System32\NETRAP.dll
MD5: 8bb86f0c7eea2bded6fe095d0b4ca9bd c:\windows\system32\nsisvc.dll
MD5: 9edadd79e8a3b078b2ef5e31e9301c1e C:\Windows\system32\nvshext.dll
MD5: 8d25336a9a2d28b325f60d7d8402eb05 C:\Windows\system32\NVSVC.DLL
MD5: f0062778f50838145ac46b384ffb4fa3 C:\Windows\system32\pcadm.dll
MD5: ba7c3e9dd6b1a632124c8659e8014028 C:\Windows\system32\Perfctrs.dll
MD5: e340845c8e96d107c36420065d7a5733 C:\Windows\system32\printcom.dll
MD5: 801f1e963f7eeffda3f9ef89db3ef133 C:\Windows\system32\radardt.dll
MD5: 3464dae0e801f5a81a23c571d86f30b2 C:\Windows\system32\rascfg.dll
MD5: 2dd6af8e97f59c9d39329bbc2a81f13f C:\Windows\System32\RASDLG.dll
MD5: 88225070dd2f7b0b2ed51e7935078641 C:\Windows\system32\RASQEC.DLL
MD5: b9f3ff52b84fd9e3cafb29b8ee385e5b C:\Windows\system32\RESUTILS.DLL
MD5: 8543edece2013b537a62bd234a132e44 C:\Windows\system32\RzMwApi.dll
MD5: 4c320a5cd3bde64f316c1af32c32d885 C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
MD5: bf7e4d6f60a6d9e866432855c6f8c262 c:\windows\system32\sqmapi.dll
MD5: 452341e471d2d961229dfe0842957272 C:\Windows\system32\SSCORE.DLL
MD5: 167497e3e1b02b627d3b4a30ca2d5b78 C:\Windows\system32\stapi32.dll
MD5: 1d6cfca50ef579368c884ac0944ef516 C:\Windows\system32\STLang.dll
MD5: 71f5a7104fdf16c0ac5283a6ce666553 C:\Windows\system32\SYSNTFY.dll
MD5: e4060cfe50f87c72316cb0fdb20e4913 C:\Windows\system32\tcpipcfg.dll
MD5: 5091452dc719281cf1dd69367e13b494 C:\Windows\System32\tcpmib.dll
MD5: f8873d15018f411588bec02c1725bada C:\Windows\system32\tspkg.dll
MD5: dfbaadf1b624dc71e88d34d86b3595be C:\Windows\system32\uniplat.dll
MD5: 0bf0bb276f17b6ad61a8694d2551ec28 C:\Windows\System32\usbmon.dll
MD5: dc3ae9f1554dcd97f90983ddbdacd83d C:\Windows\system32\vsstrace.dll
MD5: f723422a11cd6fa13036746272200993 C:\Windows\system32\wbem\cimwin32.dll
MD5: 2c3b09e586bda2cc49a292be7badc589 C:\Windows\system32\wbem\wmiutils.dll
MD5: e7d0f91e44d9d3b2116fa549bdcdb756 c:\windows\system32\WDSCORE.dll
MD5: 0745d6ead386710110817fbec03f5161 C:\Windows\system32\wfapigp.dll
MD5: 73fe2e5fa55088a241aa2732f5d387d6 C:\Windows\system32\wiarpc.dll
MD5: 101ba3ea053480bb5d957ef37c06b5ed C:\Windows\System32\wininit.exe
MD5: 3fcb7347d2de38488c85a31ea7838a3c C:\Windows\system32\WinSATAPI.dll
MD5: 92283d9e33ec5f41ecc0b430b7459241 C:\Windows\system32\wls0wndh.dll
MD5: f0321da5203f1e71917f3b7a13dc4912 C:\Windows\system32\WMsgAPI.dll
MD5: 399bb52ad0668472717498e97cf28341 c:\windows\system32\WUDFPlatform.dll

No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.02 MB sent, 1.25 KB recvd
Scanned 871 files and modules - 30 seconds

==============================================================================
to forum · permalink · 2011-10-15 07:04:21 ·

Kazeyonoma

join:2011-10-15
Brea, CA

reply to Anon
and TDSSKiller log:

02:48:26.0851 3420 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
02:48:27.0228 3420 ============================================================
02:48:27.0228 3420 Current date / time: 2011/10/15 02:48:27.0228
02:48:27.0228 3420 SystemInfo:
02:48:27.0228 3420
02:48:27.0228 3420 OS Version: 6.0.6002 ServicePack: 2.0
02:48:27.0228 3420 Product type: Workstation
02:48:27.0228 3420 ComputerName: JOHN-NEWPC
02:48:27.0228 3420 UserName: John
02:48:27.0228 3420 Windows directory: C:\Windows
02:48:27.0228 3420 System windows directory: C:\Windows
02:48:27.0228 3420 Processor architecture: Intel x86
02:48:27.0228 3420 Number of processors: 2
02:48:27.0228 3420 Page size: 0x1000
02:48:27.0228 3420 Boot type: Normal boot
02:48:27.0228 3420 ============================================================
02:48:27.0781 3420 Initialize success
02:48:31.0979 5184 ============================================================
02:48:31.0979 5184 Scan started
02:48:31.0979 5184 Mode: Manual;
02:48:31.0979 5184 ============================================================
02:48:32.0395 5184 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
02:48:32.0397 5184 ACPI - ok
02:48:32.0442 5184 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
02:48:32.0445 5184 adp94xx - ok
02:48:32.0477 5184 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
02:48:32.0479 5184 adpahci - ok
02:48:32.0498 5184 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
02:48:32.0499 5184 adpu160m - ok
02:48:32.0519 5184 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
02:48:32.0520 5184 adpu320 - ok
02:48:32.0594 5184 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
02:48:32.0596 5184 AFD - ok
02:48:32.0618 5184 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
02:48:32.0619 5184 agp440 - ok
02:48:32.0666 5184 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
02:48:32.0667 5184 aic78xx - ok
02:48:32.0728 5184 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
02:48:32.0729 5184 aliide - ok
02:48:32.0767 5184 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
02:48:32.0768 5184 amdagp - ok
02:48:32.0797 5184 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
02:48:32.0798 5184 amdide - ok
02:48:32.0819 5184 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
02:48:32.0819 5184 AmdK7 - ok
02:48:32.0838 5184 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
02:48:32.0838 5184 AmdK8 - ok
02:48:32.0882 5184 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
02:48:32.0883 5184 arc - ok
02:48:32.0896 5184 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
02:48:32.0896 5184 arcsas - ok
02:48:32.0939 5184 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
02:48:32.0940 5184 AsyncMac - ok
02:48:32.0972 5184 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
02:48:32.0972 5184 atapi - ok
02:48:33.0019 5184 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
02:48:33.0021 5184 AVGIDSDriver - ok
02:48:33.0049 5184 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
02:48:33.0050 5184 AVGIDSEH - ok
02:48:33.0071 5184 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
02:48:33.0073 5184 AVGIDSFilter - ok
02:48:33.0147 5184 AVGIDSShim (54d710b7d2e30e1ddc8ce2c6e685576b) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
02:48:33.0149 5184 AVGIDSShim - ok
02:48:33.0170 5184 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\Windows\system32\DRIVERS\avgldx86.sys
02:48:33.0171 5184 Avgldx86 - ok
02:48:33.0180 5184 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
02:48:33.0180 5184 Avgmfx86 - ok
02:48:33.0203 5184 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
02:48:33.0204 5184 Avgrkx86 - ok
02:48:33.0248 5184 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
02:48:33.0251 5184 Avgtdix - ok
02:48:33.0320 5184 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
02:48:33.0322 5184 b57nd60x - ok
02:48:33.0363 5184 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
02:48:33.0364 5184 Beep - ok
02:48:33.0379 5184 blbdrive - ok
02:48:33.0391 5184 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
02:48:33.0392 5184 bowser - ok
02:48:33.0428 5184 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
02:48:33.0428 5184 BrFiltLo - ok
02:48:33.0456 5184 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
02:48:33.0456 5184 BrFiltUp - ok
02:48:33.0487 5184 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
02:48:33.0488 5184 Brserid - ok
02:48:33.0510 5184 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
02:48:33.0511 5184 BrSerWdm - ok
02:48:33.0525 5184 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
02:48:33.0526 5184 BrUsbMdm - ok
02:48:33.0542 5184 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
02:48:33.0543 5184 BrUsbSer - ok
02:48:33.0571 5184 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
02:48:33.0572 5184 BTHMODEM - ok
02:48:33.0596 5184 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
02:48:33.0596 5184 cdfs - ok
02:48:33.0625 5184 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
02:48:33.0626 5184 cdrom - ok
02:48:33.0656 5184 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
02:48:33.0657 5184 circlass - ok
02:48:33.0692 5184 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
02:48:33.0694 5184 CLFS - ok
02:48:33.0732 5184 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
02:48:33.0734 5184 cmdide - ok
02:48:33.0764 5184 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
02:48:33.0765 5184 Compbatt - ok
02:48:33.0775 5184 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
02:48:33.0776 5184 crcdisk - ok
02:48:33.0824 5184 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
02:48:33.0824 5184 Crusoe - ok
02:48:33.0882 5184 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
02:48:33.0883 5184 DfsC - ok
02:48:33.0900 5184 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
02:48:33.0901 5184 disk - ok
02:48:33.0949 5184 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
02:48:33.0949 5184 drmkaud - ok
02:48:33.0979 5184 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
02:48:33.0983 5184 DXGKrnl - ok
02:48:34.0021 5184 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
02:48:34.0022 5184 E1G60 - ok
02:48:34.0066 5184 EagleNT - ok
02:48:34.0098 5184 EagleXNt - ok
02:48:34.0119 5184 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
02:48:34.0120 5184 Ecache - ok
02:48:34.0186 5184 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
02:48:34.0188 5184 ElbyCDIO - ok
02:48:34.0234 5184 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
02:48:34.0237 5184 elxstor - ok
02:48:34.0273 5184 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
02:48:34.0275 5184 exfat - ok
02:48:34.0299 5184 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
02:48:34.0301 5184 fastfat - ok
02:48:34.0356 5184 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
02:48:34.0356 5184 fdc - ok
02:48:34.0421 5184 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
02:48:34.0421 5184 FileInfo - ok
02:48:34.0463 5184 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
02:48:34.0463 5184 Filetrace - ok
02:48:34.0503 5184 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
02:48:34.0504 5184 flpydisk - ok
02:48:34.0546 5184 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
02:48:34.0548 5184 FltMgr - ok
02:48:34.0592 5184 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
02:48:34.0593 5184 Fs_Rec - ok
02:48:34.0612 5184 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
02:48:34.0613 5184 gagp30kx - ok
02:48:34.0656 5184 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
02:48:34.0657 5184 hamachi - ok
02:48:34.0716 5184 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
02:48:34.0718 5184 HdAudAddService - ok
02:48:34.0752 5184 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:48:34.0754 5184 HDAudBus - ok
02:48:34.0777 5184 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
02:48:34.0777 5184 HidBth - ok
02:48:34.0792 5184 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
02:48:34.0793 5184 HidIr - ok
02:48:34.0827 5184 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
02:48:34.0827 5184 HidUsb - ok
02:48:34.0848 5184 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
02:48:34.0849 5184 HpCISSs - ok
02:48:34.0892 5184 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
02:48:34.0896 5184 HTTP - ok
02:48:34.0917 5184 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
02:48:34.0918 5184 i2omp - ok
02:48:34.0969 5184 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
02:48:34.0969 5184 i8042prt - ok
02:48:35.0013 5184 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
02:48:35.0015 5184 iaStorV - ok
02:48:35.0037 5184 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
02:48:35.0038 5184 iirsp - ok
02:48:35.0092 5184 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
02:48:35.0093 5184 intelide - ok
02:48:35.0134 5184 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
02:48:35.0134 5184 intelppm - ok
02:48:35.0192 5184 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:48:35.0193 5184 IpFilterDriver - ok
02:48:35.0203 5184 IpInIp - ok
02:48:35.0237 5184 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
02:48:35.0239 5184 IPMIDRV - ok
02:48:35.0282 5184 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
02:48:35.0283 5184 IPNAT - ok
02:48:35.0322 5184 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
02:48:35.0323 5184 IRENUM - ok
02:48:35.0343 5184 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
02:48:35.0343 5184 isapnp - ok
02:48:35.0385 5184 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
02:48:35.0387 5184 iScsiPrt - ok
02:48:35.0407 5184 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
02:48:35.0407 5184 iteatapi - ok
02:48:35.0434 5184 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
02:48:35.0434 5184 iteraid - ok
02:48:35.0503 5184 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
02:48:35.0503 5184 kbdclass - ok
02:48:35.0547 5184 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
02:48:35.0547 5184 kbdhid - ok
02:48:35.0606 5184 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
02:48:35.0610 5184 KSecDD - ok
02:48:35.0654 5184 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
02:48:35.0654 5184 lltdio - ok
02:48:35.0678 5184 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
02:48:35.0678 5184 LSI_FC - ok
02:48:35.0704 5184 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
02:48:35.0705 5184 LSI_SAS - ok
02:48:35.0744 5184 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
02:48:35.0745 5184 LSI_SCSI - ok
02:48:35.0770 5184 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
02:48:35.0771 5184 luafv - ok
02:48:35.0807 5184 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
02:48:35.0808 5184 megasas - ok
02:48:35.0878 5184 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
02:48:35.0878 5184 Modem - ok
02:48:35.0915 5184 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
02:48:35.0915 5184 monitor - ok
02:48:35.0967 5184 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
02:48:35.0968 5184 mouclass - ok
02:48:35.0976 5184 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
02:48:35.0977 5184 mouhid - ok
02:48:36.0000 5184 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
02:48:36.0001 5184 MountMgr - ok
02:48:36.0038 5184 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
02:48:36.0039 5184 mpio - ok
02:48:36.0085 5184 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
02:48:36.0085 5184 mpsdrv - ok
02:48:36.0119 5184 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
02:48:36.0119 5184 Mraid35x - ok
02:48:36.0154 5184 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
02:48:36.0155 5184 MRxDAV - ok
02:48:36.0202 5184 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:48:36.0202 5184 mrxsmb - ok
02:48:36.0212 5184 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:48:36.0214 5184 mrxsmb10 - ok
02:48:36.0274 5184 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:48:36.0274 5184 mrxsmb20 - ok
02:48:36.0327 5184 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
02:48:36.0328 5184 msahci - ok
02:48:36.0343 5184 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
02:48:36.0344 5184 msdsm - ok
02:48:36.0380 5184 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
02:48:36.0381 5184 Msfs - ok
02:48:36.0434 5184 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
02:48:36.0434 5184 msisadrv - ok
02:48:36.0474 5184 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
02:48:36.0474 5184 MSKSSRV - ok
02:48:36.0490 5184 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
02:48:36.0490 5184 MSPCLOCK - ok
02:48:36.0543 5184 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
02:48:36.0543 5184 MSPQM - ok
02:48:36.0590 5184 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
02:48:36.0592 5184 MsRPC - ok
02:48:36.0606 5184 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
02:48:36.0607 5184 mssmbios - ok
02:48:36.0629 5184 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
02:48:36.0629 5184 MSTEE - ok
02:48:36.0655 5184 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
02:48:36.0656 5184 Mup - ok
02:48:36.0685 5184 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
02:48:36.0687 5184 NativeWifiP - ok
02:48:36.0712 5184 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
02:48:36.0715 5184 NDIS - ok
02:48:36.0768 5184 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
02:48:36.0768 5184 NdisTapi - ok
02:48:36.0823 5184 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
02:48:36.0824 5184 Ndisuio - ok
02:48:36.0848 5184 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
02:48:36.0849 5184 NdisWan - ok
02:48:36.0894 5184 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
02:48:36.0895 5184 NDProxy - ok
02:48:36.0940 5184 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
02:48:36.0940 5184 NetBIOS - ok
02:48:36.0964 5184 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
02:48:36.0965 5184 netbt - ok
02:48:36.0994 5184 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
02:48:36.0994 5184 nfrd960 - ok
02:48:37.0025 5184 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
02:48:37.0026 5184 Npfs - ok
02:48:37.0051 5184 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
02:48:37.0052 5184 nsiproxy - ok
02:48:37.0125 5184 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
02:48:37.0141 5184 Ntfs - ok
02:48:37.0159 5184 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
02:48:37.0159 5184 ntrigdigi - ok
02:48:37.0208 5184 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
02:48:37.0210 5184 Null - ok
02:48:37.0399 5184 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:48:37.0570 5184 nvlddmkm - ok
02:48:37.0600 5184 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
02:48:37.0601 5184 nvraid - ok
02:48:37.0625 5184 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
02:48:37.0626 5184 nvstor - ok
02:48:37.0644 5184 nvstor32 (f2d7ccd75132f19119108e07a4fd0a12) C:\Windows\system32\DRIVERS\nvstor32.sys
02:48:37.0645 5184 nvstor32 - ok
02:48:37.0675 5184 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
02:48:37.0675 5184 nv_agp - ok
02:48:37.0683 5184 NwlnkFlt - ok
02:48:37.0693 5184 NwlnkFwd - ok
02:48:37.0743 5184 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
02:48:37.0744 5184 ohci1394 - ok
02:48:37.0791 5184 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
02:48:37.0792 5184 Parport - ok
02:48:37.0818 5184 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
02:48:37.0818 5184 partmgr - ok
02:48:37.0843 5184 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
02:48:37.0843 5184 Parvdm - ok
02:48:37.0876 5184 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
02:48:37.0877 5184 pci - ok
02:48:37.0905 5184 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
02:48:37.0905 5184 pciide - ok
02:48:37.0937 5184 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
02:48:37.0938 5184 pcmcia - ok
02:48:37.0978 5184 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
02:48:37.0987 5184 PEAUTH - ok
02:48:38.0050 5184 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
02:48:38.0051 5184 PptpMiniport - ok
02:48:38.0060 5184 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
02:48:38.0061 5184 Processor - ok
02:48:38.0116 5184 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
02:48:38.0116 5184 PSched - ok
02:48:38.0163 5184 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
02:48:38.0172 5184 ql2300 - ok
02:48:38.0187 5184 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
02:48:38.0187 5184 ql40xx - ok
02:48:38.0254 5184 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
02:48:38.0255 5184 QWAVEdrv - ok
02:48:38.0284 5184 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
02:48:38.0285 5184 RasAcd - ok
02:48:38.0320 5184 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:48:38.0321 5184 Rasl2tp - ok
02:48:38.0362 5184 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
02:48:38.0363 5184 RasPppoe - ok
02:48:38.0380 5184 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
02:48:38.0380 5184 RasSstp - ok
02:48:38.0406 5184 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
02:48:38.0408 5184 rdbss - ok
02:48:38.0424 5184 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:48:38.0425 5184 RDPCDD - ok
02:48:38.0487 5184 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
02:48:38.0489 5184 rdpdr - ok
02:48:38.0498 5184 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
02:48:38.0498 5184 RDPENCDD - ok
02:48:38.0553 5184 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
02:48:38.0555 5184 RDPWD - ok
02:48:38.0596 5184 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
02:48:38.0597 5184 rspndr - ok
02:48:38.0660 5184 RzSynapse (2e2f0d988f6d46e5e5e84d9fcad39081) C:\Windows\system32\DRIVERS\RzSynapse.sys
02:48:38.0663 5184 RzSynapse - ok
02:48:38.0692 5184 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
02:48:38.0693 5184 sbp2port - ok
02:48:38.0708 5184 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:48:38.0711 5184 secdrv - ok
02:48:38.0746 5184 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
02:48:38.0747 5184 Serenum - ok
02:48:38.0772 5184 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
02:48:38.0772 5184 Serial - ok
02:48:38.0804 5184 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
02:48:38.0804 5184 sermouse - ok
02:48:38.0831 5184 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
02:48:38.0832 5184 sffdisk - ok
02:48:38.0861 5184 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
02:48:38.0862 5184 sffp_mmc - ok
02:48:38.0890 5184 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
02:48:38.0891 5184 sffp_sd - ok
02:48:38.0914 5184 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
02:48:38.0915 5184 sfloppy - ok
02:48:38.0941 5184 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
02:48:38.0942 5184 sisagp - ok
02:48:38.0974 5184 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
02:48:38.0974 5184 SiSRaid2 - ok
02:48:38.0997 5184 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
02:48:38.0998 5184 SiSRaid4 - ok
02:48:39.0046 5184 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
02:48:39.0046 5184 Smb - ok
02:48:39.0120 5184 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
02:48:39.0121 5184 spldr - ok
02:48:39.0147 5184 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
02:48:39.0151 5184 srv - ok
02:48:39.0163 5184 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
02:48:39.0165 5184 srv2 - ok
02:48:39.0175 5184 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
02:48:39.0176 5184 srvnet - ok
02:48:39.0233 5184 STHDA (3cfea727795243364bb6a7f9a091faa3) C:\Windows\system32\drivers\stwrt.sys
02:48:39.0238 5184 STHDA - ok
02:48:39.0295 5184 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
02:48:39.0295 5184 swenum - ok
02:48:39.0322 5184 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
02:48:39.0323 5184 Symc8xx - ok
02:48:39.0356 5184 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
02:48:39.0356 5184 Sym_hi - ok
02:48:39.0379 5184 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
02:48:39.0380 5184 Sym_u3 - ok
02:48:39.0429 5184 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
02:48:39.0438 5184 Tcpip - ok
02:48:39.0470 5184 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
02:48:39.0475 5184 Tcpip6 - ok
02:48:39.0517 5184 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
02:48:39.0517 5184 tcpipreg - ok
02:48:39.0550 5184 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
02:48:39.0550 5184 TDPIPE - ok
02:48:39.0604 5184 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
02:48:39.0605 5184 TDTCP - ok
02:48:39.0635 5184 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
02:48:39.0635 5184 tdx - ok
02:48:39.0656 5184 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
02:48:39.0657 5184 TermDD - ok
02:48:39.0735 5184 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:48:39.0736 5184 tssecsrv - ok
02:48:39.0778 5184 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
02:48:39.0779 5184 tunmp - ok
02:48:39.0789 5184 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
02:48:39.0790 5184 tunnel - ok
02:48:39.0840 5184 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
02:48:39.0841 5184 uagp35 - ok
02:48:39.0879 5184 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
02:48:39.0881 5184 udfs - ok
02:48:39.0903 5184 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
02:48:39.0904 5184 uliagpkx - ok
02:48:39.0940 5184 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
02:48:39.0942 5184 uliahci - ok
02:48:39.0976 5184 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
02:48:39.0977 5184 UlSata - ok
02:48:39.0995 5184 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
02:48:39.0996 5184 ulsata2 - ok
02:48:40.0049 5184 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
02:48:40.0050 5184 umbus - ok
02:48:40.0100 5184 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
02:48:40.0101 5184 usbccgp - ok
02:48:40.0129 5184 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
02:48:40.0129 5184 usbcir - ok
02:48:40.0157 5184 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
02:48:40.0158 5184 usbehci - ok
02:48:40.0190 5184 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
02:48:40.0191 5184 usbhub - ok
02:48:40.0212 5184 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
02:48:40.0213 5184 usbohci - ok
02:48:40.0239 5184 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
02:48:40.0240 5184 usbprint - ok
02:48:40.0270 5184 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
02:48:40.0270 5184 usbscan - ok
02:48:40.0324 5184 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
02:48:40.0325 5184 usbser - ok
02:48:40.0351 5184 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:48:40.0352 5184 USBSTOR - ok
02:48:40.0392 5184 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
02:48:40.0393 5184 usbuhci - ok
02:48:40.0461 5184 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
02:48:40.0463 5184 VClone - ok
02:48:40.0499 5184 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
02:48:40.0499 5184 vga - ok
02:48:40.0546 5184 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
02:48:40.0547 5184 VgaSave - ok
02:48:40.0579 5184 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
02:48:40.0580 5184 viaagp - ok
02:48:40.0607 5184 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
02:48:40.0607 5184 ViaC7 - ok
02:48:40.0645 5184 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
02:48:40.0646 5184 viaide - ok
02:48:40.0683 5184 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
02:48:40.0684 5184 volmgr - ok
02:48:40.0720 5184 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
02:48:40.0722 5184 volmgrx - ok
02:48:40.0743 5184 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
02:48:40.0745 5184 volsnap - ok
02:48:40.0792 5184 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
02:48:40.0793 5184 vsmraid - ok
02:48:40.0835 5184 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
02:48:40.0835 5184 WacomPen - ok
02:48:40.0858 5184 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:48:40.0858 5184 Wanarp - ok
02:48:40.0862 5184 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:48:40.0863 5184 Wanarpv6 - ok
02:48:40.0892 5184 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
02:48:40.0893 5184 Wd - ok
02:48:40.0948 5184 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
02:48:40.0953 5184 Wdf01000 - ok
02:48:41.0002 5184 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
02:48:41.0003 5184 WmiAcpi - ok
02:48:41.0052 5184 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
02:48:41.0053 5184 WpdUsb - ok
02:48:41.0106 5184 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
02:48:41.0106 5184 ws2ifsl - ok
02:48:41.0165 5184 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:48:41.0165 5184 WUDFRd - ok
02:48:41.0190 5184 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
02:48:41.0194 5184 \Device\Harddisk0\DR0 - ok
02:48:41.0196 5184 Boot (0x1200) (973964de8ef194467a53f18b36e24c8a) \Device\Harddisk0\DR0\Partition0
02:48:41.0197 5184 \Device\Harddisk0\DR0\Partition0 - ok
02:48:41.0204 5184 Boot (0x1200) (1127806aede8f1fe83b3b3fce26205db) \Device\Harddisk0\DR0\Partition1
02:48:41.0205 5184 \Device\Harddisk0\DR0\Partition1 - ok
02:48:41.0218 5184 Boot (0x1200) (8544fa542b50b42eff204362a3b6858e) \Device\Harddisk0\DR0\Partition2
02:48:41.0220 5184 \Device\Harddisk0\DR0\Partition2 - ok
02:48:41.0220 5184 ============================================================
02:48:41.0220 5184 Scan finished
02:48:41.0220 5184 ============================================================
02:48:41.0228 5176 Detected object count: 0
02:48:41.0228 5176 Actual detected object count: 0

to forum · permalink · 2011-10-15 09:32:28 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23
Reviews:
·Comcast

reply to Kazeyonoma
Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2011-10-15 11:21:44 ·

Kazeyonoma

join:2011-10-15
Brea, CA


Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 10/15/2011 at 2:51:44 AM
User "John" on computer "JOHN-NEWPC"
Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Program Files\Warcraft III\save\Profile1\Blizzard\campaign kaze purchased \OrcX01.w3z
Hidden: file C:\Program Files\Warcraft III\save\Profile1\Blizzard\campaign kaze purchased \OrcX01_02.w3z
Hidden: file C:\Program Files\Warcraft III\save\Profile1\Blizzard\campaign kaze purchased \OrcX01_03.w3z
Hidden: file C:\Program Files\Warcraft III\save\Profile1\Blizzard\campaign kaze purchased \OrcX01_05.w3z
Info: Starting disk scan of D: (FAT).
Info: Starting disk scan of E: (NTFS).
Stopped logging on 10/15/2011 at 3:59:53 AM

to forum · permalink · 2011-10-17 02:19:22 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23
Reviews:
·Comcast

reply to Kazeyonoma
The logs are clean and I can find no indication of a malicious redirection. Some legitmatep orgrams can also cause redirection.

Do all browser redirect? All the time or just occasionally? To the same sites or random?

You may want to consider removing Pando Media Booster. Information is not positive and it may be possible redirect source.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2011-10-17 10:32:53 ·

Kazeyonoma

join:2011-10-15
Brea, CA

just tested again using yahoo instead of google and the same thing is happening but results on the first page are starting to redirect again. Bah. my AVG flagged a tracking cookie but i wasn't able to delete it. I'm not 100% sure what to do now =(

to forum · permalink · 2011-10-17 11:47:09 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23

reply to Kazeyonoma
Do a full scan with your AV, and post back with the results.

to forum · permalink · 2011-10-17 12:18:28 ·

Kazeyonoma

join:2011-10-15
Brea, CA

reply to LoPhatPhuud
so far only firefox does it, after running all of these scans i thought i had gotten rid of it because test searches were going to the appropriate links, but just now i tried again, and first page of results was working fine, but trying page 6 of "breakfast sandwich" was redirecting me again, instead of my intended www.boston.com link.

Is there anything else I can try? I'm more concerned about my file safety since this seems pretty intrusive and I use this PC for bill paying.

to forum · permalink · 2011-10-17 12:53:05 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23

reply to Kazeyonoma
Did you remove Pando?

If not, then disable the Pando plugin in Firefox from the Addons menu. Restart Firefox and see if the redirect still exists.

to forum · permalink · 2011-10-17 14:35:15 ·

Kazeyonoma

join:2011-10-15
Brea, CA

running AVG Anti-virus scan right now will post results when it's done.

Pando is disabled yes, as is all other plugins that I haven't already verified one at a time as legitimate plugins.

to forum · permalink · 2011-10-18 01:17:32 ·
Forums > Broadband Tech > Security > Security Cleanup
page: 1 · 2

Sunday, 03-Jun 18:05:19 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics