republican-creole
site Search:
Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
    All Forums Hot Topics Gallery
 
Forums >

Broadband Tech > Security > Security Cleanup > [Malware] Google redirect infection. slowing down PC, please hel

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean ·Site IMs ·VundoFix ·Zlob/Smitfraud ·SCU Helpers
AuthorAll Replies

Kazeyonoma

join:2011-10-15
Brea, CA

reply to Kazeyonoma

Re: [Malware] Google redirect infection. slowing down PC, please

Extras.txt
-------------------------
OTL Extras logfile created on: 10/15/2011 2:33:18 AM - Run 1
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 57.83% Memory free
6.20 Gb Paging File | 4.95 Gb Available in Paging File | 79.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 729.22 Gb Total Space | 389.55 Gb Free Space | 53.42% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.98 Gb Free Space | 98.82% Space Free | Partition Type: FAT
Drive E: | 200.30 Gb Total Space | 196.35 Gb Free Space | 98.03% Space Free | Partition Type: NTFS

Computer Name: JOHN-NEWPC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2317141556-767997521-738446607-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BD0CC91-3566-4CFA-BC4D-761C059A470B}" = lport=6966 | protocol=17 | dir=in | name=league of legends launcher |
"{0EFAE534-7066-4575-924E-D8895519BA57}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{13084B80-1974-4D9C-908F-AC9347859D32}" = lport=139 | protocol=6 | dir=in | app=system |
"{1AAC7E9C-3A83-4A57-938F-9B17180AD527}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{2B2E925A-D467-477F-A36B-8DF96208BE72}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{2DFB4AA5-1EF6-427C-AAD6-39F21CE009E2}" = rport=139 | protocol=6 | dir=out | app=system |
"{395E743E-8937-4B79-B36E-D11259CA53B3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{3B0B92B2-8210-4FC8-A14B-20F1A3CA3CD1}" = lport=6960 | protocol=6 | dir=in | name=league of legends launcher |
"{417CB7BB-A046-4D29-9ECF-25321188F9EC}" = rport=137 | protocol=17 | dir=out | app=system |
"{57DDB86A-A7BF-4ADF-844E-5E5B81A48C21}" = lport=445 | protocol=6 | dir=in | app=system |
"{5843E953-9A25-49A4-ACFA-55A37459CEE3}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{5A5B7939-6CFD-4FD4-B951-EF9D8FCDEE0A}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{60848CD7-FBCA-487F-A527-DEFB7122ACD3}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher |
"{668ECC17-D7C2-4D5A-845F-C5B40D3C40BF}" = rport=445 | protocol=6 | dir=out | app=system |
"{6C618FD6-9FF5-4751-878D-5590307A1945}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{752AF3E0-C3C8-488C-8CC7-75D7AB715047}" = lport=6959 | protocol=17 | dir=in | name=league of legends launcher |
"{7A1EFC06-1B47-4DFF-80A5-5CE249839121}" = lport=6959 | protocol=6 | dir=in | name=league of legends launcher |
"{8487691F-8C97-4638-9539-9BFB0CAC4111}" = lport=137 | protocol=17 | dir=in | app=system |
"{8802BCE9-D228-411A-B105-253F0687C8E3}" = lport=6960 | protocol=17 | dir=in | name=league of legends launcher |
"{8ED7FFFC-1FCF-44D3-9195-12186E667CE9}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher |
"{92CFDB0D-3904-4983-B5DF-2DFC820041D4}" = rport=138 | protocol=17 | dir=out | app=system |
"{988913DD-6C6F-4CAA-8E15-14A8FC768A8C}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{9F74AEBB-DA4E-4735-83AA-7CD56D5117D2}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{B02A6AB5-4478-4E4C-9DCC-F534C1C6FA0B}" = lport=138 | protocol=17 | dir=in | app=system |
"{BFBAF7F1-6E0C-47BF-9AD9-06EA933756CF}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{BFC7DA57-06BC-45DC-987C-A9737B698D13}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
"{C1F68C49-CFEE-4F95-B554-B9AD69C8EC2A}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{C66FB0A0-74F5-4C67-96A5-47A1BAD0FADD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D232B54E-AC08-4EC6-A63F-9A1B02393333}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{D89540C4-C915-4EAB-91EA-7749B2EB6BF1}" = lport=6966 | protocol=6 | dir=in | name=league of legends launcher |
"{E943A189-AB7E-4DC9-8F76-100B73AAFD7B}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{F3D67FBA-090D-4A61-AE14-A4289B1BFEE4}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{F529E160-9685-44FE-A76E-8BD94B95A708}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0766244F-3D82-4590-8FF5-8E65C6054DFE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{08333F0A-1424-40D4-8BBF-29F31069D6E7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.439\agent.exe |
"{0888E584-AD77-4777-9DFE-014D8A84CC08}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{0F6142FF-6009-4A90-B907-CA51EE300306}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{129D708F-D68B-40D9-80C5-AC063FA1C08F}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{1D341F0D-348E-4E40-AEA6-BA2A9D15026F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{1F20DDB8-A2BD-42BB-A9B7-B2EF59924C5B}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{22D3D4A4-834B-407A-B088-56740CA14F19}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\forsaken world\patcher.exe |
"{25FA7366-9237-4014-8679-285C2E67F7F4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2C9A146B-868E-4B41-973B-511577F36622}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"{2D583234-20C2-435B-912B-EE5DC4AC9458}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{3182F8B6-EA2A-4C07-B021-F8583A8963E4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{31F79798-230B-4F7C-97E6-BFC3283FE434}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{35880BB7-4E40-4C07-A04B-B8012D69EC74}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{38C77914-9D22-4BD2-8903-FE7F6B01EF37}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{3B8F1FFE-CC43-4D43-9B65-81CBA8023E73}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{3BC8C92A-DEF4-4638-839F-55D3C22DD4C9}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{40A91CE4-1CC0-4E02-9378-9C7CB6F82A69}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{40C657C9-D803-421E-B674-FC1DFCED2A0D}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{4795A0A6-000A-4F0D-A772-B2142560B081}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{4D33B8CC-4CCB-4C46-8FEC-421C86325F2D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4D5E1E72-61D1-49B1-A595-85BA6EBF0731}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{51A4EAC6-297E-40E4-A161-B4E19116C5AC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{52644130-3A41-454B-A672-73E3B6BD366B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{54BA5259-56F8-44B6-8498-994D2C152811}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |
"{563901A2-B8F8-4B36-A2A7-0E597DDC5543}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{57BF77E4-4C8F-424A-8362-4064DA0ACBA9}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{5EDC508E-4964-422F-BD41-32DC609DA188}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dead island\deadislandgame.exe |
"{65637C75-ED7D-43C3-82E7-238925996FFA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6616D81C-8E42-48F1-84CB-2728C65BA0FC}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{668F4776-4F79-4544-A626-0D0633BF2164}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{6781DCD7-3CB2-4534-912F-50614909A879}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{6CC02E71-8005-4D31-8D41-44ACCFA22A22}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{6FA44BC6-D83D-4577-9588-3335657ABEDD}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{6FB01C7C-84BC-4F91-B7BB-8A90835355B5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{76363FDC-B33D-4838-BFD7-BB74A4FE3239}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7660978E-F9BC-4A4F-8DB3-DBF060CE4564}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7B1CCA1C-36EE-452F-AA33-60A06FC58697}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{7B2796E8-74F6-45F6-BE8A-6C8B370086CE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\forsaken world\patcher.exe |
"{7DA87D71-D598-44F8-9E5D-A90C0BBA861B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{7F3BE961-3C12-468D-9EA7-3BDB4037D74D}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{7FBB4C4F-3977-458C-A120-3839406DAF86}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{872E3635-3E70-4FB5-9B2F-304C41C2097F}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{8AAFB535-1BAD-452D-BE50-8020736EE5EC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{8C0FBEC8-6EDC-45BA-AA17-7E8B4394E290}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{932B7C8C-354A-491E-9925-4382567A22EC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{944CAB50-D821-46FB-AA59-945A7392AD4F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{946517BF-7063-435B-8700-E3413908BE93}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9741B24C-CFCE-4F6A-BA9B-2F1E6D239F9C}" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\dropbox\bin\dropbox.exe |
"{98D2510A-8AEA-4173-B610-A958012F207B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9AE4307D-AEFD-4BC4-A973-6EF04930801C}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{9DB51054-B69A-46A7-8180-E780FBF91163}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{A1DBD77F-2CC4-4FFC-B266-93009C8101FF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{A1DC833E-A3A0-4D2F-8A26-04AE2936C959}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A24E834E-CF4B-4479-B6E2-9C8624F60E15}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dead island\deadislandgame.exe |
"{A2504CAC-3037-4B29-978D-FD5E45BAF0D2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{A60F3EA6-954F-47C1-98C6-0215BEF9A1C9}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{A6765407-BFF4-4ADC-96C3-D218B04B584A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AA61313F-BFA3-4875-A396-EB0807F5DACC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.439\agent.exe |
"{AB7595C7-EA30-44E2-8334-EE6BB32606C7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{AD16815B-CAD1-4289-9809-F9411CCFA3BA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.440\agent.exe |
"{AFFE68DF-017F-4BF1-8A68-98E7CA5F3DEB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{B044C00B-5C35-4FE6-BB66-FD0B584F63F2}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |
"{B2B3F27E-4B06-4C89-AA97-D34823B71FA1}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.patch.exe |
"{B3A73EF7-888D-4BE2-99C1-1EC08B2C28FD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{B9B82CB0-AD73-49D2-9DC6-0410AD9956AF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C0B862EE-DB68-4297-AF98-ACF836090D3E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C1560B60-285D-47AB-9E63-5485DA2885C2}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{C4418CC1-B5DF-48EA-A5A1-291395AF0CF5}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{C5FA68EC-C5B2-467D-933C-2E3C1F06D201}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C6C4DC9C-636F-4910-B953-34C884A9737C}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{C9EFE59A-0DFC-4D4C-9FD2-E1F70212A872}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{D53CB6DC-39D9-4A4C-AAC8-EBAC88B46D11}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{D7768A8C-3ADF-47C0-9DDF-6A1D878463A9}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{D9B2DDF3-FFA6-45A8-A00C-6723C3144783}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"{DDF8948D-2AF1-41B7-A13E-809FF839A30C}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{DFCF7637-64F2-4510-81B9-29FD18FDEEA6}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.patch.exe |
"{DFD0D31C-3222-4EAE-B26F-9A73AF786FEC}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{E8AA1137-1452-4863-8948-D702485F81E2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{F0D47777-DD47-4397-AD5F-4FC0CC882E6F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.440\agent.exe |
"{F2303FB6-CB5B-4D2A-9759-AB97D812305E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{F401EFDA-9046-4433-BD4E-77968A0AFADE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{F54B258B-0902-4D85-B526-7398940C2408}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{FC5AE233-A7A6-4990-AC15-6CD3306F8F50}" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\dropbox\bin\dropbox.exe |
"{FCB5BC21-3023-416C-AD0B-F79C1FD77A3B}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{247B85A1-064A-4186-AC5E-42479C1AEFD2}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"TCP Query User{28C69E9E-FA33-4F61-852A-D817E4ED5599}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{6E752397-147D-455D-97BA-16AA4F257A40}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"TCP Query User{90FBBDEF-68AA-422A-8591-666F4D90B327}C:\program files\diablo iii beta\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"TCP Query User{9AF2C012-24A3-4A3F-9326-1F0D62C8B8D6}C:\users\public\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\public\games\warcraft iii\war3.exe |
"TCP Query User{AEB8EFF1-190E-49AC-8135-158210C896C2}C:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"TCP Query User{CF2705E6-B3A4-4ACF-B0A7-22767963501B}C:\program files\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files\the witcher 2\bin\witcher2.exe |
"UDP Query User{331E252F-6582-4FDE-AC87-968CA7DE96C3}C:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"UDP Query User{339C997A-05DE-4294-8B6B-17CB62A82A30}C:\users\public\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\public\games\warcraft iii\war3.exe |
"UDP Query User{66EBEB1D-C4F7-4852-B8EB-E0E37A895CB0}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{670CC671-7348-4DE0-B907-7F23D18D1060}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{A8A3D8DC-E892-43A3-B657-B8093562F0DA}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{B211D912-51D4-4E99-AE1B-ABEA14094B3F}C:\program files\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files\the witcher 2\bin\witcher2.exe |
"UDP Query User{F945CEA2-5E3E-4C51-975F-CF33F353E81D}C:\program files\diablo iii beta\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{32A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{662CFD19-EA80-4EFE-A0D8-EE10EFEB3C83}" = Livestream Procaster
"{67D15B01-9A6B-0397-002A-D2A015212748}" = FlipShare
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DA0B8BE-3735-4287-AF4D-B8DE088D0AA7}" = AVG 2012
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{E06C6D71-ACAB-4290-8547-917C7FB1FD4E}" = AVG 2012
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AVG" = AVG 2012
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitTornado" = BitTornado 0.3.17
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Diablo II" = Diablo II
"Diablo III Beta" = Diablo III Beta
"DragonNest" = DragonNest
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"HitmanPro35" = Hitman Pro 3.5
"hon" = Heroes of Newerth
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"Mozilla Thunderbird (3.1.8)" = Mozilla Thunderbird (3.1.8)
"Mumble" = Mumble and Murmur
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Spotify" = Spotify
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 91310" = Dead Island
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"A&I Book Creator" = A&I Book Creator
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 9/9/2011 4:32:13 AM | Computer Name = John-newPC | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.220.4, time stamp 0x4c908d15,
faulting module java.dll, version 6.0.220.4, time stamp 0x4c90c109, exception code
0xc0000005, fault offset 0x00004e20, process id 0xcac, application start time 0x01cc6ecaf873822d.

Error - 9/10/2011 3:17:04 AM | Computer Name = John-newPC | Source = Application Hang | ID = 1002
Description = The program DeadIslandGame.exe version 1.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 174c Start Time: 01cc6f88341d8f14 Termination Time: 365

Error - 9/10/2011 4:35:30 AM | Computer Name = John-newPC | Source = Application Error | ID = 1000
Description = Faulting application DeadIslandGame.exe, version 1.0.0.0, time stamp
0x4e68cb69, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x00039747, process id 0x143c, application
start time 0x01cc6f9437931054.

Error - 9/19/2011 5:03:31 AM | Computer Name = John-newPC | Source = Application Error | ID = 1000
Description = Faulting application DeadIslandGame.exe, version 1.0.0.0, time stamp
0x4e68cb69, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x00039747, process id 0xc00, application
start time 0x01cc769dad0b6ba8.

Error - 9/20/2011 5:13:19 AM | Computer Name = John-newPC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.4262, time stamp 0x4e615d51,
faulting module kernel32.dll, version 6.0.6002.18005, time stamp 0x49e037dd, exception
code 0xe06d7363, fault offset 0x0003fbae, process id 0x1344, application start time
0x01cc7752d26d538f.

Error - 9/20/2011 5:32:48 AM | Computer Name = John-newPC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4262, time
stamp 0x4e615d14, faulting module ntdll.dll, version 6.0.6002.18005, time stamp
0x49e03821, exception code 0xc0000005, fault offset 0x00048b02, process id 0x1728,
application start time 0x01cc7752dee32d1f.

Error - 9/20/2011 7:22:33 AM | Computer Name = John-newPC | Source = Application Error | ID = 1000
Description = Faulting application nuhzr03m.exe, version 1.0.15.15641, time stamp
0x4e21f2b1, faulting module nuhzr03m.exe, version 1.0.15.15641, time stamp 0x4e21f2b1,
exception code 0xc0000005, fault offset 0x0000c676, process id 0x12c4, application
start time 0x01cc77866caa8def.

Error - 10/11/2011 5:37:44 AM | Computer Name = John-newPC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.4280 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 7b0 Start Time: 01cc87de3872b10c Termination Time: 131

Error - 10/13/2011 3:33:04 AM | Computer Name = John-newPC | Source = ESENT | ID = 455
Description = Catalog Database (1696) Catalog Database: Error -1811 occurred while
opening logfile C:\Windows\system32\CatRoot2\edb0012C.log.

Error - 10/13/2011 3:33:04 AM | Computer Name = John-newPC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

[ System Events ]
Error - 10/12/2011 12:44:25 PM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7009
Description =

Error - 10/12/2011 12:44:25 PM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2011 10:07:33 PM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/13/2011 3:11:29 AM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/13/2011 3:32:04 AM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/13/2011 11:37:26 AM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/14/2011 2:38:39 AM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/14/2011 11:30:47 AM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/15/2011 1:02:46 AM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/15/2011 3:54:19 AM | Computer Name = John-newPC | Source = Service Control Manager | ID = 7026
Description =
to forum · permalink · 2011-10-15 05:38:29 ·

Kazeyonoma

join:2011-10-15
Brea, CA

checkup.txt
----------------
Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 [color=red](UAC is disabled!)[/color]
Internet Explorer 7 [color=red]Out of date![/color]
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
Windows Firewall Enabled!
AVG 2012
McAfee Security Scan Plus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
Malwarebytes' Anti-Malware
Java DB 10.5.3.0
Java(TM) 6 Update 22
Java(TM) SE Development Kit 6 Update 22
Adobe Flash Player 10.3.183.10
Adobe Reader 9.4.6
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.23)
Mozilla Thunderbird (3.1.8)
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

to forum · permalink · 2011-10-15 05:42:02 ·
Forums > Broadband Tech > Security > Security Cleanup

Thursday, 20-Jun 01:43:58 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics